This site will leak your password to everyone unless you donate Bitcoin

This is pretty nasty. Someone has built a malicious copycat of the popular breach database Have I Been Pwned that will reveal your password in plaintext – unless you pay up a cryptocurrency ransom in Bitcoin, Ethereum, Bitcoin Cash, or Litecoin.

Just like Have I Been Pwned , the malicious copycat will let you check whether your associated email address has been breached in the past. The disturbing part is that it will also display leaked passwords of such compromised accounts. The website then asks users for a one-off $10 donation in cryptocurrency to hide the passwords.

According to the instructions on the website, leaked passwords will only be removed after users have successfully provided proof of payment. It is worth nothing that – depending on how widely you used your passphrase – it might be faster to update your old password than to pay up the ransom.

We have been able to confirm that the sketchy website does indeed have a database with legitimate passwords. The good thing is that it appears the platform does not store plaintext passwords for all compromised accounts found in its database.

It is unclear precisely how extensive the data is, but the website insists it contains 1.4 billion compromised accounts with their associated passwords. Another thing to point out is that some of the leaked passwords are at least several years old from what we can tell. Journalist Daniël Verlaan has said the website uses the same database as popular breach look up service Gotcha .

We have decided not to publish a direct link to the website for security reasons, but it appears that the platform is hardly getting any traction as of now. Indeed, a quick lookup of the associated wallet addresses indicates that nobody has paid the requested ransom fee as of the time of writing.

So in case it has been a while since the last time you updated your password, there is no better time to do that than now – especially if your account was compromised recently.

Update: Shortly after our coverage, the website’s search functionality stopped working. As pointed out by Verlaan , the site is now surreptitiously running a crypto-miner in the background to hijack your computer power.

Update: It appears that the database might have been lifted from a public torrent, according to a tip from readers and corroborated by Verlaan. In any case, there are certainly overlaps between the two data troves.

[H/T Daniël Verlaan ]

Meet the street artist who made $1,000 by adding a Bitcoin QR code to his murals

We have come a long way since the times artists depended on the patronage of kings and queens for their financial stability. But while galleries and art dealers have mostly replaced this ancient system, a new breed of crowdfunded services like Patreon and Ulule are now lending even more fiscal independence to cash-strapped artists.

Despite this liberating disruption in the artist-patron dynamic, such services pose the same risk to the financial security of creatives as the old patronage system, the revised art dealership model capitalism brought, and the crowdsourced funding alternative facilitated by the recent technological boom. Namely, that the artists are in a chronic threat of having their streams of income severed – at the drop of a hat.

But thanks to blockchain tech and cryptocurrencies, creatives might have a new viable option to make ends meet without leaving their fiscal stability in the hands of profit-oriented dealers and corporations. Meet French street artist Pascal ‘PBOY’ Boyart .

Boyart recently attracted the attention of the cryptocurrency community after one of his pieces made its way to the top of the Bitcoin discussion board on Reddit .

Indeed, numerous Redditors flocked to salute him for his witty use of QR codes as a way of funding his work with Bitcoin donations from inspired passers-by.

Influenced by the the vision of Satoshi Nakamoto and Bitcoin, Boyart has made cryptocurrencies and decentralization a central theme in his work. In his paintings, Bitcoin becomes not only an integral part of the piece itself, but also the very method by which Boyart can profit from his creation.

The QR codes are both his statement against the dangers of central censorship and his weapon of liberation.

In this sense, his artistic fascination with the technology is two-fold: it explores how cryptocurrencies are gradually challenging the status quo of central authorities and simultaneously puts this playful exploration to the test.

This, precisely, is the conundrum Boyart addresses in his mural of esteemed Dutch painter Rembrandt (whose life was marked by severe financial hardships despite his undeniable talent).

But while it was the Rembrandt piece that brought the recognition of Reddit to Boyart, it wasn’t the first time the artist had experimented with incorporating Bitcoin donation addresses in his work.

“I first included a Bitcoin QR code in my work in November 2017,” Boyart told Hard Fork. “I painted a street art piece of a child asking his father ‘Dad, what is money?’ and I placed a QR code at the side of my signature.”

“I wasn’t sure if someone had done this already, but I wanted to see if people could support street artists with donations,” the artists added. “I did it as an homage to Andreas Antonopoulos’ book The Internet of Money .”

Since then, Boyart has received over $1,000 (approximately 0.11 BTC) in donations so far, according to stats from the Bitcoin blockchain explorer.

Boyart first got acquainted with Bitcoin in early 2014, but it took him four years to grasp the promise the technology behind it.

“ I didn’t understand it,” the artist told Hard Fork. “I thought it was a new PayPal.”

“It was last May when I became really passionate about this new paradigm of money… I was thinking about all the best use cases artists can do with it,” Boyart continued. “It can free us from institutions and galleries.”

“ The most interesting aspect is decentralization – a peer-to-peer horizontal system,” he added. “Art and creation need that, I believe.”

“My street art costs me a lot of money in materials and painting,” Boyart said. “But instead of funding alternatives like [crowdfunding platform] Ulule, I wanted a solution that offers direct financial relation with the people.”

“Bitcoin is perfect for this,” he added.

Anyone keen on supporting Boyart and his art can find his donation address at his personal website here : in addition to Bitcoin, he also welcomes donations in Litecoin and Ethereum.

Curious to see more of his pieces? Go check out his work on Instagram here .

Bitcoin developer warns Lightning Network is flawed and likely vulnerable to DoS attacks

Bitcoin maximalists have long counted on the Lightning Network and its off-chain transaction solution to fix the network’s increasing scaling issues and exorbitant transfer costs – but it seems this dream might not be as close to reality as the blockchain community wishes.

Bitcoin Core developer Peter Todd has taken to Twitter to share his first impressions from playing around with the Lightning testnet and the results are not particularly encouraging, to say the least.

Among other things, Todd reported that C-lightning – the Lightning Network implementation written in C – runs into segmentation faults pretty frequently and “when it’s not crashing payments fail more often than not.”

For those unfamiliar, so-called ‘segfaults’ occur when poorly written programs falsely attempt to access memory locations that are otherwise out of scope – or have been modified to be accessed in a forbidden way, like writing to a read-only property.

One of the reasons for such hurdles is that Lightning was written in C – a programming language Todd argues might not have been the best fit for the task at hand. By contrast, he suggested Rust fits the intended function of the network much closer.

The developer further noted that the current iteration of the Android-based Eclair wallet for Lightning is also flawed and could lead to a loss of funds.

More worryingly though, Todd went on to predict the Lightning protocol could very well “prove to be vulnerable to DoS [denial of service] attacks in its current incarnation.” According to the cryptographer, this poses danger to both the peer-to-peer as well as the blockchain level of the project.

Instead, Todd contended, Lightning should have opted for a more centralized approach to setting up its payment channels.

Responding to criticism that Lightning is already centralized, Todd said that it “ is obviously a decentralized protocol” in its current form. However, he critiqued their approach for “biting off more than they can chew by going for the moon shot of a fully decentralized protocol first.”

One thing to mention is that Lightning is still a work in progress. In fact, the company has repeatedly warned non-technical users against toying around with its solution until it is more commercially-ready.

Co-founded by Joseph Poon and Thaddeus Dryja, Lightning was conceived as an additional layer to the Bitcoin blockchain that leverages a network of many small nodes to facilitate cheap, fast, and private transactions – a much-needed off-chain alternative to Bitcoin’s congested network.

Meanwhile, Bitcoin continues to struggle with high transaction fees and slow transactions – though the network is admittedly much more stable now than it was a couple of months back.

Indeed, Bitcoinrg (not to be mistaken with the Bitcoin Cash-associated Bitcoinom) recently updated its website to reflect this reality.

Correction: This piece wrongly named Lightning Labs co-founders, Elizabeth Stark and Olaoluwa Osuntokun, as the creators of the Lightning Network. We’ve corrected this inaccuracy and apologize for the mistake.