Security and Risk

30 Sep - Wintermule hack replicated

Crypto firm Ample Group did up a Proof of Concept of Wintermule hack. They shared that used a Macbook M1 with 16GB RAM to precompute a dataset in less than 10 hours — this dataset only needs to be computed once for exploiting different addresses. The actual process, not counting the precomputation, took about 40 minutes for one address with seven leading zeros. We finished the implementation and were able to crack the private key of an vanity address in less than 48 hours. [more]

28 Sep - Trading bot hacked

A crypto trading bot gained massive profits worth $1 million by seizing an arbitrage opportunity. However, it was exploited by an attacker into authorizing a malicious transaction using a function to drain the funds due to lack of verification. [more] [more-analysis]

27 Sep - Ethereum client bug fixed

Ethereum proof-of-stake client bug was discovered and patched without incident. If the bug was not found, any chain with high participation from the Besu client could have experienced a smart contract “infinite loop” whereby the contract would “truly execute forever.” [more]

26 Sep - Vanity addresses exploitation continues

A week after the Wintermute hit, $950,000 worth of Ether was stolen from a crypto wallet using the vanity address exploit again. [more]

Other crypto picks

1. ‘Ethereum Killer’ Solana suffers its 4th major outage this year due to a misconfigured node causing the Solana network to stop processing transactions and go offline. [more]

   • “A validator was running a duplicate validator instance. Meaning when it was their turn to produce a block, they produced one from each instance, for the same slot, so some validators saw the one block, some the others, then couldn't agree which one was correct.”

2. All U.S. Facebook and Instagram users and those in 100 other countries can now share and crosspost NFTs for zero fees. Users can unlock the feature by connecting a supported digital asset wallet to their social media accounts. [more]

3. United States Federal Reserve chairman Jerome Powell indicated that as DeFi expands and starts to touch more retail customers, appropriate regulation needs to be in place. [more]

4. United States senators aim to amend cybersecurity bill to include crypto. The Cryptocurrency Cybersecurity Information Sharing Act, which would amend the Cybersecurity Information Sharing Act of 2015 to include cryptocurrency firms. The bill is endorsed by the Electronic Transactions Association. [more]

5. Terraform Labs spokesman indicated that the case has become “highly politicized” and that South Korean prosecutors are displaying “unfairness and a failure to uphold basic rights.” Terraform Labs also declined to provide Do Kwon’s location due to physical security risks. [more]

6. EquiLend, the major securities finance platform owned by the industry and currently processes $2.8 trillion in trades monthly, is planning to launch a blockchain-based platform, 1Source. It aims to improve transparency, accuracy and speedy (T1) settlement. [more]

7. Michael Saylor-led MicroStrategy is looking to expand its Bitcoin Lightning Dev team by hiring a new software engineer. MicroStrategy’s R&D team has been working to develop a suite of Lightning solutions, including Lightning wallet, enterprise servers, and enterprise authentication. [more]

8. First blockchain-powered reinsurer, Re, gets a $14M funding boost. The protocol is built on the Avalanche blockchain, Re said. Backing insurance policies (i.e., allowing companies to offload part of their risk to a larger pool of capital) is nothing new to finance, but bringing it on chain adds a new level of transparency, speed and security, the team said. [more]

9. T-Mobile’s sister company, T-Systems MMS, partners with the StakeWise staking pool to expand its footprint in the Ethereum ecosystem. The partnership will combine staked ETH into validator nodes to allow participants with less than 32 ETH to reap staking rewards. [more]

10. Africa has the most advanced crypto ecosystems with 95% of its transactions belonging to retail transfers. [more]