Cryptocurrencies

Tempers flare as Moon Technologies saga continues

The Moon Technologies saga continues to rumble on with an email surfacing on Reddit allegedly from Moon CEO Kenneth Kruger to Moon account holders.

Coin Rivet reported yesterday that co-founder and former CTO of Moon Technologies Alexander Ang has left the company due to disagreements over user privacy and allegedly contentious terms and conditions.

Since leaving, Ang has made several accusations on Reddit, which have all been vehemently denied by Kruger.

Coin Rivet has reached out to Mr Kruger for a statement. We are yet to confirm whether the email was actually sent by Kruger.

The alleged email

The alleged email reads: “Hi, I’m Ken, the founder and CEO of Moon. I am reaching out to let you know that your Moon account may be affected by recent events.

“A former employee had access to Coinbase credentials stored on our servers. We have no indication that this data has been breached, but we are reaching out to encourage you to revoke your Coinbase API key as a precautionary measure.

“All Coinbase credentials on Moon are currently encrypted. Again, we have no indication that a breach has occurred, but encourage you to revoke the API key that was associated with our system as a precautionary measure.”

Alexander Ang responds

Coin Rivet spoke to Mr Ang, who referred us to a Reddit post of his official statement.

“Kenneth has been sending out emails calling me out for having access trying to put the blame on me,” he writes.

“The truth is I did have access to them. However, I was prevented from creating a system that would have blocked out access to the keys from any of our internal staff.”

He notes how this could be achieved through recursively locking IAM (identity and access management) policies that ensure only users have access to their own keys. From there, “the logic that sent the cryptocurrency from users to Moon would be all on the front end.”

Ang details how this could then have been uploaded to GitHub for the world to see and critique.

“This is the way to get critique for your security infrastructure in the industry – something Kenneth actively rejected,” he adds.

Ang states: “There is absolutely no way in the universe for you to encrypt and then retrieve the same data without any kind of key.

“It was one of the solutions I pondered when I was thinking through how to protect users – by asking them to enter their own password for the API key.”

However, Ang writes he connected his Coinbase account with Moon but was not asked for his key.

He alleges that because of this, “any kind of ‘encryption’ that is being done has to be done with a key owned by the management team. If you have not revoked your keys, your keys are still at risk.

“Even if you secure it with any kind of password, Moon, running the decryption algorithm, still has complete access to the API keys after decryption.”

You can read Ang’s full comment on Reddit.

Coin Rivet will continue providing updates as the story develops.

 

Jordan Heal

Jordan is an English Literature graduate fresh out of Lancaster University with a keen passion for writing. Whilst not having a wealth of background into the world of cryptocurrency, he’s extremely motivated to learn the ropes and become apart of the movement. In general, he’s a huge fan of narratives, whether it be books, t.v., films or games.

Disqus Comments Loading...

Recent Posts

Here is why Bitcoin is still a lucrative investment in 2024

Those who enter the market at this time may be surprised to hear that Bitcoin…

1 month ago

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

1 month ago

The surge of Bitcoin NFTs: Everything you should know about Bitcoin ordinals

From digital art to real-estate assets, NFTs have become a significant attraction for investors who…

2 months ago

MEXC Partners with Aptos to Launch Events Featuring a 1.5 Million USDT Prize Pool

Singapore, Singapore, 21st October 2024, Chainwire

2 months ago