Safeheron Weekly Dispatch | JUN 17 '22

Security Incidents

Fswap Was Hacked

The hacker borrowed from BISWAP to FSWAP for transaction attack.

MetaMask, Phantom and Other Browser Wallets Patch Security Vulnerability

MetaMask and Phantom informed at least 10 other browser-based hot wallets that they contained the same vulnerability. The vulnerability resulted from a quirk in the javascript programming language that sometimes led to a user’s secret recovery phrase being stored in a user’s hard disk for some period of time. There’s no evidence of it ever having been exploited by hackers and MetaMask and Phantom have patched it.

Treasure Swap Was Hacked And The Hacker Drained 3,945 BNB

The Swap function of the attacked contracts lacks verification on value K. So far, the hacker attacked two contracts and gained 3,945 BNB.

Inverse Finance Drained For $1.2 Million In A Flash Loan Attack

The hacker sold them through Maiar DEX, resulting in a 92% drop. the official has suspended DEX and related APIs.

Ed25519 Signature Algorithm Use Risks

In brief, due to some library designs being ill-considered and misuse of libraries' APIs, the attackers may extract the private key with two different signatures for the same message.

More in Analysis On Ed25519 Use Risks: Your Wallet Private Key Can Be Stolen

Industry Updates

Safeheron

Safeheron Has Supported Fantom And Polygon Secure Access

Safeheron customers can do asset allocation/transferring on Fantom and Polygon as per your needs via Safeheron without jeopardizing security or efficiency.

More in Secure Access For Fantom And Polygon

Hex Trust

Hex Trust Adds Support For Polygon (MATIC)

Hex Trust integrated Polygon into its custody platform so that its institutional clients to trade, lend, and stake Polygon tokens.

Upvest

Crypto Brokerage And Custody Financial Institution Upvest Raises $42 Million in Series B

Upvest has all BaFin licenses for securities and crypto brokerage, and custody. It is designed as a simple gateway API to allow fintech to offer their end customers capital market investment products including everything from ETFs and stocks to crypto assets.

WalletConnect Is Building a Messaging Protocol for Web3

WalletConnect is building a new messaging protocol. The first step is connecting all the different wallets and apps in the fast-growing web3 ecosystem.And the next step is enabling the users of these wallets to chat with one another, all the while using different wallets across different chains.

Nansen Launches The Web3 Native Messaging App Nansen Connect

Users can log in with their crypto wallet, select a username based on their Nansen wallet labels, join groups based on crypto holdings and onchain behaviors, send DMs to other users (with end-to-end encryption), monitor key collection statistics and user holding information in real-time, and will eventually be able to build OTC channels for more efficient trading.

KBC Launches Kate Coin, Pegged to The Euro on a 1:1 Basis

Customers will be able to acquire Kate Coins and effectively use them via their Kate Coin wallet in KBC Mobile in a 'closed loop' environment, outside of which the coin has no monetary value.

Espresso Systems Launches Testnet of CAPE Privacy Product

Configurable Asset Privacy on Ethereum (CAPE) is a smart contract application that lets asset creators define customizable privacy policies that determine who can see what information about the asset holders and transactions under certain circumstances.

Zero-Knowledge Proof Startup zCloak Network Raises $5.8 Million in a Pre-Series A

With the new funds, the company plans to expand its partnerships with identity data attestors, Web3 applications and blockchain networks.

NFT Market Fractal Launches Crypto Wallet Sign In with Fractal

This wallet seamlessly connects Fractal and its co-op games. Players can use Sign In with Fractal to store and trade game assets, buy NFT and join Fractal tournaments. Also, Fractal provides Sign In with Fractal API for game studios.

Jack Dorsey’s TBD Announces Web3 Competitor Web5

Web5 brings decentralized identity and data storage to individuals’ applications. It lets devs focus on creating delightful user experiences, while returning ownership of data and identity to individuals. Web5’s monetary layer will be built on the foundation of Bitcoin. So far, it is still under open-source development.

Vitalik Lists 8 Non-Financial Blockchain Scenarios

8 non-financial scenarios using blockchain: user account key changes and recovery, modifying and revoking attestations, negative reputation, committing to scarcity, common knowledge, interoperability with other blockchain applications, open-source metrics and data store.

NewsFlash

- Chinese cryptocurrency-mining rig maker Nano Labs eyes $50 million Nasdaq IPO.

- NFT infrastructure startup NFTPort has raised $26 million in Series A.

- Cryptocurrency arbitrage platform Mosdex raises $20 million for global expansion.

- Blockchain company Ekta has raised $60 million and is in the early stages of building a suite of blockchain-powered products, aiming to build a blockchain ecosystem that bridges the digital and physical worlds.

- Sequoia India and Southeast Asia raises $2.85 billion funds expanding focus on Web3.

- IOBC Capital raises a venture capital fund of $50 million focusing on Web3 infrastructure, component and middleware, etc.

- Block is starting a team dedicated to building bitcoin-focused lightning infrastructure.

- Meta launches metaverse plan in Hong Kong.

- Samsung Electronics launched of Samsung Wallet that enables Galaxy users to organize digital keys, boarding passes, identification cards and more integrating with Samsung Blockchain Wallet.

- Polygon launches first ever e-commerce metaverse COMEARTH.

- BNB Chain is going to open source its BNB Beacon Chain for decentralization.

- Binance is considering re-entering the Korean market.

Market Regulation

North America

• The House of Representatives is preparing to hear testimony on digital asset regulation later this month.

• Top democrat seeks probe on use of crypto in retirement accounts.

Europe

• Russian parliament to review bill prohibiting crypto payments, and the members of the lower house are expected to vote on the legislation on first reading in mid-June.

• EU finance commissioner calls for speedy passage of crypto law MiCA which is currently in the last leg of the bloc's legislative process.

Asia

• South Korea is considering new legislation for “blockchain-based platforms”.

• Future FinTech Group Inc. ’s subsidiary NTAM has become eligible to manage virtual assets under certain conditions complying with the regulatory requirements issued by SFC.

South America

• Colombian financial superintendence prepares norms for crypto transactions.

Industry Briefing

According to CoinMarketCap, the total cryptocurrency market cap is down to $1000 billion, the new lowest since February 2021. Especially, this week, stEth has aroused huge panic that ETH price sharply goes down. This is also related to the nondisclosure of real loss by Celsius Network. And for DeFi and NFT, we can also see the downside for both. The Federal Reserve believed the crypto market structure is vulnerable regarding the slump in stablecoins and the recent crypto market situation in its Monetary Policy Report.

Though the market is not satisfying most expectations, but it's also the right time to see the quality of each project. For investments, actually, investing in blockchain never stops and infrastructure is catching more attention.

This week's security incidents mainly are contract exploits and lending, and flash loan attacks. The real security risks that can bring danger and lead to threats need more attention and are deserved to have more people to join the exploration. Then, choose the right solution to have the security really works for you.