Security and Risk

20 Oct - BitBTC bridge near miss

The BitBTC bridge reportedly had a bug that would essentially allow an attacker to mint fake tokens on one side of the bridge and swap them for real ones on the other. [more]

• Tech lead of Arbitrum noted the vulnerability and tweeted that the BitBTC bridge had a bug that would allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other.

• A subsequent update around 10 hours later that the bug had since been patched after he managed to get in contact with the BitBTC team.

19 Oct - Moola Market’s price manipulation

Moola Market was exploited by an attacker via price manipulation resulted in the loss of $8.4M. [more][more-moola]

• This attack was similar to last week’s Mango Markets case, the exploit was carried out via price manipulation of a collateral asset.

• The Moola team appealed to the attacker to return funds in exchange for a bounty after the incident announcement.

• Fortunately, just six hours later, over 90% of the funds were returned to the Moola multisig, with the exploiter keeping ~$500k as a bounty, of which $37k was donated to charity.

17 Oct - BitKeep exploited

Decentralized multichain wallet BitKeep lost $1 million to a hacker who exploited its swap features on the BNB chain. [more][more-bitkeep]

• To minimize the damages, Bitkeep temporarily halted its swap services to prevent a recurrence of such exploitation. The Bitkeep team also worked with security agencies to capture the attacker.

• After informing of the hack, the team launched a Safety Assurance feature that allows users to check if their wallet is at a security risk caused by the Swap transaction.

• In addition, BitKeep setup a claim portal to faciliate the compensation of the hacked victims. [more]

17 Oct - Decipher Mango Markets Plot

A group claiming responsibility for draining millions from Mango Markets last week called it a “highly profitable trading strategy” [more]

• In a statement on Twitter, Avraham Eisenberg said the group used the protocol “as designed,” believing their actions to be legal. The development team failed to anticipate the consequences of the protocol’s parameters, he said.

Other Crypto Picks

1. INTERPOL - INTERPOL unveiled the first ever Metaverse specifically designed for law enforcement worldwide. In a follow-up panel discussion, INTERPOL also announced the creation of an Expert Group on the Metaverse to represent the concerns of law enforcement on the global stage – ensuring this new virtual world is secure by design. [more][more-Interpol]

2. Japan - Crypto companies in Japan asked to defend against possible hacks from North Korea’s Lazarus group. Local police, Japan’s financial regulator and the National Center of Incident Readiness and Strategy warned local crypto businesses in a recent advisory statement about further hacking attempts. They also laid out preventive measures to monitor breaches. [more]

3. Hong Kong - Hong Kong is now contemplating changing its crypto trading requirements for retail participation, away from China on the all-out crypto ban approach. [more]

4. United States - Acting FDIC Chairman Martin Gruenberg regards payment stablecoins as those used for mainstream real–time payments as opposed to the existing stablecoins, which are primarily used within the crypto ecosystem. At a Brookings Institute event today, he said payment stablecoins should be issued on permissioned blockchains only. [more]

5. South Africa - The Financial Sector Conduct Authority (FSCA) issued its general notice, defining crypto as financial instruments under the country’s financial services act, which brings the asset class in line with other regulated financial products. [more]

   • Its definition widens the possibility for greater adoption of crypto in South Africa, which had already allowed citizens to freely hold and trade them.

   • Specifically, the FSCA’s declaration defines crypto as a distributed ledger technology-based asset not issued by a central bank and employing cryptographic techniques.

6. Bitcoin - Bitcoin took 85 minutes to produce a block. The long block interval left more than 13,000 transactions stuck in a pending state on Monday (17 Oct) after Bitcoin mining difficulty increased.

7. Kimberly Grauer, director of research at Chainalysis, indicated in an interview that the crypto industry needs to overcome its issues with bridge security. [more]

   • Grauer noted that “Bridge security is an unresolved technical challenge in the industry,” Grauer said. In the crypto world, bridges is software that allows users to transfer assets between different blockchains. This type of software has been one of the most targeted parts of decentralized-finance (DeFi) platforms, Grauer added.

8. Do Kwon, the Co-founder and CEO of Terraform Labs, left Singapore last month for Dubai, South Korean prosecutors and police have claimed. But Kwon they say he has since left the United Arab Emirates – and is now in a “third” country. [more]

9. PKO Bank Polski, a bank in Central and Eastern Europe, wants to be the regional leader in the area of banking in metaverse. It has just moved one of the most recognisable buildings in the capital of Poland into the metaworld, where it has set up its virtual branch on the Decentraland platform. [more]

10. Celestia Foundation raised $55 million in a funding round led by Bain Capital Crypto, Polychain Capital, Placeholder, Galaxy, Delphi Digital, Blockchain Capital, NFX, Protocol Labs, Figment, Maven 11, Spartan Group, FTX Ventures and Jump Crypto, as well as angel investors Balaji Srinivasan, Eric Wall and Jutta Steiner.

    • Celestia is building a modular blockchain architecture that will make it easy for anyone with the technical know-how to deploy their own blockchain at minimal expense. That will enable scalability, shared security and sovereignty issues, making it easier for developers to freely choose their own execution environments, such as EVM, Solana VM and more.