Cryptospace Spotlight

1. 18 Mar - Operators of Bitcoin ATM manufactured by General Bytes lost $1.5 million in Bitcoin after ATMs were exploited through zero day vulnerability. General Bytes indicated that it had multiple security audits since 2021, and none of them identified this vulnerability. [more][more-GeneralBytes]

   1. The ATM attack: The attacker identified a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to the server. After identifying the IP addresses and ports through scanning, the attacker uploaded the exploit code to the application server. The exploit code execution provided the attacker with access to the database and access to API keys for accessing funds in hot wallets and exchanges.

2. 21 Mar - Euler Finance seems to have enter talks with attacker over the return of the near $200M stolen tokens after the attacker claims “no intention of keeping what is not ours” and wants to “come to an agreement” with Euler Finance. [more]

3. 22 Mar - Circle CEO Jeremy Allaire noted that the Twitter account of the company chief strategy officer and head of global policy, Dante Disparte, was hacked. The hacked Twitter account was publishing information about USDC airdrop for USDC users. [more]

4. Cryptocurrency exchange Binance suspended trading on its spot markets for two hours because of a computer bug related to the trailing stop loss feature. [more]

5. Do Kwon, founder of the now collapsed Terraform Labs, has been arrested in Montenegro at the Podgorica airport. [more]

6. The web3 wallet provider, MetaMask, has implemented the EIP-4361 standard, which aims to provide a more standardized way for Ethereum account holders to authenticate themselves on off-chain services. This feature was noted to be "Sign In with Ethereum" that enables people to securely use its crypto wallet to authenticate web services. The wallet project partnered with digital identity and data provider Spruce on this integration. [more]

   1. With EIP-4361 implementation, users of wallet projects like MetaMask can sign a standard message format to log in to websites. Supported websites will present users with a pop-up to review details, including the website name, session details and security mechanisms — such as a nonce — and verify the correct domain name to protect against unauthorized access from malicious sites. This offers a self-custodial alternative to centralized identity providers such as email or phone numbers.

Techrisk Select

1. OpenAI Bug: OpenAI took ChatGPT offline for emergency maintenance after noted that users were able to exploit a bug in the system to recall the titles from other users' chat histories. [more][more-OpenAI]

2. Trojanised ChatGPT: A security researcher noted a trojanised version of the Chrome extension, "ChatGPT for Google", has accumulated over 9,000 downloads on the Chrome Web Store. The malicious Chrome extension had additional code that will steal Facebook session cookies while offers ChatGPT integration on search results. [more]

3. Post-Quantum Cryptography: Chief Technology Officer at CIS talked about Post-quantum cryptography FUD and what’s practical for organisations. [more]

4. Cloud Security: CISA released “Untitled Goose” tool to aids hunt and incident response in Azure, Azure Active Directory, and Microsoft 365 Environments. [more]

5. Hacking Forum Takedown: US Justice Department announced that the now-arrested alleged administrator of the infamous hacking forum BreachForums facilitated the sale and purchase of private information that belonged to “millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies.” [more]

6. Generative AI tool: CodiumAI wanted to use generative AI to help developers in verifying code logic. Its co-founder and CEO Itamar Friedman noted that “we have plenty of tools to check code vulnerabilities, making sure it’s secured. We have some tools to check performance, but we have barely [any] tools that actually verify code logic, like a tool that checks down to the level of lines of code and checks that it works. And this is really frustrating and a lot of developers spend 25% to 50% of their time on writing tests and checking code logic”. [more]

TRG Learn

• About NFTS and the Metaverse by University of Nicosia [more]