1. Home
  2. chain

chain

Jump Crypto unveils critical vulnerability on Binance’s BNB Chain

The security flaw would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team.

Web3 infrastructure firm Jump Crypto has discovered a vulnerability in the Binance BNB Beacon Chain, which would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team, enabling a patch to be developed and deployed within 24 hours.

In a blog post from Feb. 10, Jump Crypto disclosed a detailed report about the vulnerability found two days earlier, which could "have led to a large loss of funds."

As per the report, the BNB Chain is composed of two blockchains - the EVM compatible Smart Chain (BSC), which is based on a fork of go-ethereum and the Beacon Chain, built on top of Tendermint and Cosmos SDK.

However, the Beacon Chain uses a BNB fork hosted on GitHub with several BNB-specific changes. "It deviates from the Cosmos SDK upstream in several ways, motivating us to take extra care in reviewing the differences," notes Jump Crypto, which recently started a broad research effort dedicated to discovering and patching vulnerabilities across projects via coordinated disclosure.

The vulnerability would allow an attacker to mint an almost unlimited amount of BNB tokens via a malicious transfer, meaning that destination accounts would receive a much larger number of BNB tokens than the sender initially provided. Jump Crypto noted:

"Bugs that allow infinite minting of native assets are some of the most critical vulnerabilities in web3. As such, this finding is proof that we all must stay vigilant and collaborate to elevate security assurances across all projects."

The BNB team fixed the issue by switching to overflow resistant arithmetic methods for the sdk.Coin type. The patch will result in a golang panic and a transaction failure if the Coin calculation overflows.

The BNB Chain is the native blockchain behind crypto exchange Binance. The company CEO, Changpeng Zhao, thanked Jump Crypto's team for reporting the bug on Twitter:

In October 2022, the BNB Chain was briefly suspended after a cross-chain exploit compromised nearly $80 million worth of cryptocurrency. The genesis of the breach took place on the BSC Token Hub, eventually resulting in the creation of an “extra BNB,” shows an official post on Reddit. 

Cosmos co-founder proposes peer-to-peer clearing system in white paper

88x Finance partners with Axelar Network for cross-chain yield aggregator

The startup is one of the projects participating in the Axelar Ecosystem Startup Funding Program.

The crypto bear market may be lasting longer than expected, but some Web3 startups see it as the perfect opportunity to build solutions and infrastructure that will welcome users and institutions when the next wave of adoption arrives.

Cross-chain yield aggregator 88x Finance claims that the emergence of general message passing and true composability between blockchains is an opportunity to provide services both to retail and professional investors.

Roughly six months after starting to build the platform, the protocol is now participating in the Axelar Ecosystem Startup Funding Program, a $60 million startup funding program dedicated to accelerating Web3 protocols, backed by Axelar and a group of 15 blockchain investors

“We started working on cross-chain yield aggregation because it seems like the natural evolution of bridges/general message passing protocols, etc.,” Nick Avramov, co-founder of the crypto startup, told Cointelegraph.

Related: Security and interoperability, the challenges ahead of Web3 mass adoption

Yield aggregators combine multiple smart contracts protocols and strategies to maximize return on investment. They use smart contracts to invest crypto assets in yield-paying products and services through automated strategies. They are similar to having a fund manager in charge of a crypto portfolio, providing the best decentralized finance, or DeFi, crypto staking opportunities.

Georgios Vlachos, co-founder at Axelar, explained to Cointelegraph that since crypto is becoming increasingly decentralized, with a growing number of blockchain networks and DeFi platforms operating independently of one another, cross-chain yield aggregation will be an important aspect of DeFi in the coming years. He also noted:

“Cross-chain yield aggregation can also help to diversify risk and increase returns. By combining yield-generating strategies across multiple blockchain networks, investors can potentially reduce the impact of market fluctuations on their overall portfolio.”

88x said it intends to provide vault automation strategies and diversification through predefined investment strategies running across multiple blockchains. “Within a single interface, users can enjoy yield farming opportunities on Ethereum, BNB Chain, Avalanche, Polygon and many more networks — without the need to switch between wallets,” Will Kamalov, co-founder of 88x Finance, told Cointelegraph.

Even with the market crisis, Web3 projects attracted $30 billion in 2021 and $36 billion in 2022, data from Cointelegraph Research shows. Among one of the first rounds of funding this year, blockchain development platform QuickNode closed a $60 million funding round intended to onboard more Web3 users and developers worldwide.

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Polygon Announces Upcoming Hard Fork to Address Gas Spikes and Chain Reorganizations

Polygon Announces Upcoming Hard Fork to Address Gas Spikes and Chain ReorganizationsThe Ethereum scaling blockchain, Polygon, has revealed plans to initiate a hard fork on Jan. 17, 2023. According to the team, the network upgrade will “reduce the severity of gas spikes” and “address chain reorganizations (reorgs) in an effort to reduce time to finality.” Polygon Team Outlines Network Upgrades to Improve User Experience On Jan. […]

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Bridge attacks will still pose major challenge for DeFi in 2023: Security experts

Hackers have stolen over $2.5 billion through vulnerabilities on cross-chain bridges in the past two years.

Security has been a critical challenge for decentralized finance (DeFi) and its evolution. Between 2020 and 2022, hackers stole over $2.5 billion through vulnerabilities on cross-chain bridges, Token Terminal data shows. Compared to other security breaches, this is a substantial amount.

Issues with bridges have a root cause: All of them have an "inherent vulnerability," Theo Gauthier, founder and CEO of Toposware, told Cointelegraph. According to Gauthier, no matter how secure a bridge is on its own, it is "entirely reliant on the security of the chains it connects," meaning that any breach or bug within one of the two bridged chains makes the overall bridge vulnerable.

Briefly, bridges are used to connect different blockchains and aim to address the lack of standards between protocols. Interoperability between blockchains is considered to be a critical goal for enhancing the end-user experience and promoting broader crypto adoption.

Solutions for interoperability and security in the crypto industry are gaining traction despite the bear market. One of the major technologies available is zero-knowledge rollups (ZKPs), which allow data to be verified and proven as accurate without revealing further information, unlike typical interoperability solutions that require networks to disclose their states.

Related: Industry execs voice confidence in DeFi adoption despite security flaws

Through ZKPs, it is also possible to create a ZK-powered Ethereum Virtual Machine (EVM), noted Polygon's chief information security officer Mudit Gupta, allowing developers to launch scalable and completely private Ethereum compatible smart contracts. Gupta also noted that:

"We believe in the old crypto adage of “don’t trust, verify.” With ZK powered solutions, this is absolutely possible. The zkEVM has shown that it can maintain privacy, decentralization, speed and scalability. With this, there is no need to sacrifice anything that has made the crypto space what it is, and in fact it improves it."

For bridges, the solution would be auditing and real-time monitoring standards, noted Gustavo Gonzalez, solutions developer at Open Zeppelin. Bridges smart contracts "should be audited, ideally by multiple third parties, before being released “into the wild.” New audits should happen anytime updates are made, and all results should be transparently shared with the community."

Machine learning technology could also be used to flag potentially suspicious patterns of activity with advanced security monitoring, detecting an attack before it actually happens, said Gonzalez.

Combining security software solutions with blockchain protocols could make the entire space more secure for users and investors. A Bitcoin (BTC) maximalist would say "Just use Bitcoin, and you won't have these issues at all." While smart contracts for Bitcoin are in the works, DeFi players will be tasked with building trust within their respective ecosystems amid ongoing security concerns.

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Serum exchange rendered ‘defunct’ following the collapse of Alameda and FTX

The project shared that “a community-wide effort to fork Serum is going strong,” however.

The Solana-based decentralized exchange (DEX) has notified its community that the collapse of its backers — Alameda and FTX — has rendered its program “defunct”. 

The team behind the project shared that “there is hope”, in spite of its ongoing challenges, because of the community option available to "fork" Serum

According to the announcement, “a community-wide effort to fork Serum is going strong”. OpenBook, the community-led fork of the Serum V3 program, is already live on the Solana Mainnet with over $1M daily volume, supported by continuous efforts to expand it and grow its liquidity. 

The existence of OpenBook however poses a threat to Serum, because “with Openbook's existence, Serum's volume and liquidity has dropped to near-zero” as users and protocols prefer Openbook because it’s a safer option following the security risks associated with the “old Serum code” which was compromised in the FTX hack

When it comes to its SRM token, the DEX shared that the “future of SRM is uncertain”, as community members appear divided on the subject. Some believe it should still be used “for discounts”, while others believe it should not be used at all due to its exposure to FTX and Alameda. 

Related: BlockFi bankruptcy filing triggers a wide range of community reactions

On Nov 12, Cointelegraph reported that FTX was hacked with wallets tied to FTX and FTX US drained of $659 million in cumulative outflows, as reported by Nansen. 

Following the FTX hack, ​​Solana’s developers forked the widely used token liquidity hub, Serum, after it was compromised in the series of unauthorized transactions. On Nov 12, Solana co-founder Anatoly Yakovenko tweeted that developers depending on Serum were forking the code after the upgraded key was compromised, sharing that many “protocols depend on serum markets for liquidity and liquidations.”

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Polkadot incentivizes its community to fight scams through an “anti-scam bounty”

Polkadot said it rewards community members in a consistent manner with bounties paid in USDC.

Polkadot, a protocol that connects blockchains, has announced its latest initiative to help its ecosystem fight scams. 

According to the company, relying on security-minded individuals within its community to fight scams has proven to be an effective method of safeguarding its ecosystem. To incentivize the members of its community to continue to do the work, Polkadot consistently rewards them with bounties paid in USDC. 

Polkadot shared that its bounty is currently managed by the general curators, which for now, consists of three community members, and two people from the W3F Anti-Scam department. However, in the long term, Polkadot hopes that the bounty will be eventually managed exclusively by the community. 

As part of the community-led anti-scam initiative, community members are tasked with finding and taking down scam sites, fake social media profiles, and phishing apps, as well as protecting its Discord servers from raids. Additionally, the community will create educational materials for users as well as an Anti-Scam Dashboard to act as the central hub for all anti-scam activities in its ecosystem.

Overall, the initiative encourages participating members to come up with ideas for expanding anti-scam activities to other areas. By decentralizing its anti-scam efforts, the Web3 Foundation and Parity have shifted their decision-making process to the community. 

Related: Polkadot co-founder Gavin Wood steps down as CEO of Parity

Polkadot appears to be making the necessary strides to grow and strengthen its ecosystem. On Oct 17, Cointelegraph reported that Polkadot hit an all-time high in development activity. Project developers reported that 66 blockchains are now live on Polkadot and its parachain startup network Kusama.

Since its inception, over 140,000 messages have been exchanged between chains via 135 messaging channels. Together, the Polkadot and Kusama treasuries have cumulatively paid out 9.6 million DOT and 346,700 KSM ($72.8 million total) to fund spending proposals in the ecosystem.

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Casper Association launches $25M grant to support developers on its blockchain

To complement the launch of its grant program, Casper said it will provide education to support developers and innovators on its network.

Scalable blockchain network Casper announced the launch of its new Casper Accelerate Grant Program on Nov. 23, created to support developers and innovators who are building apps to support infrastructure, end-user applications, and research innovation on its blockchain.

The Casper Network is a Proof-of-Stake (PoS) enterprise-focused blockchain designed to help businesses to build private or permissioned apps, aimed at accelerating businesses and the adoption of blockchain technology. The network also boasts of solving the “scalability trilemma”, which revolves around “security, decentralization, and high throughput.” It also features upgradeable smart contracts, relatively lower gas fees compared to other Layer 1 blockchains, and developer-friendly features to make it easier for the protocol to evolve as businesses expand their use.

To complement the launch of its grant program, Casper said it is creating a new digital portal to support developers and innovators on the network with practical tools and code, to help build their products. The developer portal is scheduled to go live in the first quarter of 2023. 

Related: zkSync developer Matter Labs raises $200M, commits to open-sourcing platform

Despite being in a bear market, projects still appear to be raising and investing funds to improve the web3 ecosystem and the adoption of blockchain technology. On Nov 23, Cointelegraph reported that Onomy, a Cosmos blockchain-based ecosystem, raised millions from investors for the development of its new protocol; a project that seeks to merge decentralized finance (DeFi) and the foreign exchange market. 

On Oct. 18, Celestia Foundation also announced that it had raised $55 million in funding for building a modular blockchain architecture with the goal of solving challenges inherent to deploying and scaling blockchains. The company shared that it intends to build infrastructure that will make it easy for anyone with the technical know-how to deploy their own blockchain at minimal expense.

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Crypto Twitter reacts to Binance CEO’s deleted tweet about Coinbase’s Bitcoin Holdings

Coinbase CEO Brian Armstrong indirectly addressed CZ’s tweets as “FUD.”

Coinbase was trending on Twitter on Nov. 22 after Binance CEO Changpeng Zhao, known also as CZ, sent out a tweet that appeared to question Coinbase’s Bitcoin holdings.

In the since deleted tweet, CZ referenced a yahoo finance article that alleged that “Coinbase Custody holds 635,000 BTC on behalf of Grayscale.” CZ added, “4 months ago, Coinbase (I assume exchange) has less than 600K,” with a link to a 4 month old article from Bitcoinist. The Binance CEO made it clear that he was simply quoting “news reports", and not making any claims of his own. However, his tweet was not received well by the crypto community. 

A screenshot of CZ's since-deleted tweet.

Shortly after, Coinbase CEO Brian Armstrong indirectly responded to CZ in a series of tweets, stating; “If you see FUD out there - remember, our financials are public (we're a public company),“ with a link to Coinbase’s Q3 shareholder letter. He clarified that his company holds “~2M BTC. ~$39.9B worth as of 9/30 (see our 10Q).”

CZ deleted his tweet shortly afterward, stating: “Brian Armstrong just told me the numbers in the articles are wrong. Deleted the previous tweet. Let’s work together to improve transparency in the industry.”

Given recent market events, and Binance's perceived role in instigating them, some have called out CZ for the insinuations. To recap, FTX’S liquidation crunch, which led to an overall spiral in the market over the past two weeks, is believed by many to have been initially triggered by the Binance CEO after his tweets caused panic and a bank run on FTX.

Will Clemente, co-founder of digital asset research firm Reflexivity Research, shared on Twitter; “That latest tweet CZ made about Coinbase’s Bitcoin holdings that he just deleted wasn’t a great look. I get the argument that he’s trying to protect the industry but CZ is more than smart enough to know that exchange and custody wallets are separate.”

Mario Nawfal, Founder & CEO of IBCgroup.io, shared on Twitter: “Is CZ implying Coinbase custody does NOT hold 1 to 1 BTC on behalf of Grayscale Trust???? See his latest tweet. This is a concern I never had til now. This is a VERY serious question (implied accusation?) to ask.”

Analyst, trader, and investor @360_trader shared: “CZ just proved today he’s all about one thing… his empire. He IS NOT here to look out for the industry … he deleted the tweet… But now … as I already expected … He’s exposed himself as a villain.”

Trader and investor @BobLoukas called out CZ for his lack of due diligence before tweeting. He shared: “CZ ‘Let’s work together to improve transparency in the industry.’ Also CZ - Let me tweet to millions some random FUD in the middle of a bear market major liquidity event before maybe just reaching out to confirm.”

Related: Binance CEO denies report firm met with Abu Dhabi investors for crypto recovery fund

On Nov 18, Cryptocurrency investment product provider Grayscale Investments shared that all digital assets that underlie Grayscale’s digital asset products are stored under the custody of Coinbase Custody Trust Company, LLC. Although the company has refused to provide on-chain proof of reserves or wallet addresses to show the underlying assets, citing “security concerns.” At the time of publication, Coinbase $COIN token had experienced a $5.3% increase in price. 

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Steph Curry files trademark for the ‘Curryverse’ where players earn NFTs

NBA superstar Steph Curry filed a trademark application for the “Curryverse" metaverse on Oct. 26.

National Basketball League (NBA) megastar Steph Curry looks set to introduce his own version of the Metaverse to NBA’s 650 million fans — filing a “Curryverse” trademark application on Oct. 26. 

If approved, the United States-based trademark application, filed by SC30 Inc. will grant the four-time NBA champion exclusive rights for “entertainment services, namely, personal and virtual and metaversal appearances.”

According to the filing, the “Curryverse” will also provide “online gaming services in the nature of virtual worlds,” where players will be able to earn both fungible and nonfungible tokens (NFTs), which will be able to be bought or sold at an “online marketplace.”

The application also covers virtual clothing and goods, business management and investment services, charitable fundraising services, and software as a service (Saas) featuring software platforms for designing, promoting, selling, and exchanging NFTs, among others. 

While more specific details of the Curryverse haven’t been announced, the NBA star’s metaverse will likely garner a lot of attention given his 47 million fan base on Instagram and 17.1 million followers on Twitter.

While the Metaverse-related trademark appears to be a first for Curry, it definitely isn’t his first move into Web3.

In August 2021, Curry first became a part of the NFT community following a $206,000 Bored Ape Yacht Club purchase.

The Golden State Warriors player’s liking for golf also led him to invest in LinksDAO — a decentralized autonomous organization (DAO) that aimed to build the “world’s greatest golf community.”

The NBA superstar has also featured in an FTX advertisement in March as part of his ambassador role with the popular crypto exchange.

NBA’s Miami Heat gets Web3 sponsor

Meanwhile, just eight days after landing a multi-year partnership with National Football League (NFL) team New England Patriots, blockchain infrastructure firm Chain has just become the official “Web3/Blockchain infrastructure partner” of the Miami Heat.

Chain stated in its Nov. 1 press release that its partnership will aim to “bridge the gap between the sports industry and Web3 technology” by providing a suite of products and services that “address the complexities of overall blockchain management.”

Related: Aussie media company goes all in on NBA fan engagement with NFTs

The partnership will also see Chain’s logo be imprinted on the Miami Heat player’s pre-game shooting shirt, with the blockchain solutions company also set to prominently feature on the NBA team’s social media platforms.

In Mar. 2021, FTX entered a $135 million partnership with the Florida-based team to secure naming rights to the Miami Heat’s 21,000 seat stadium until 2040 — which is now officially called FTX Arena.

Cosmos co-founder proposes peer-to-peer clearing system in white paper

Exchange Giant Coinbase Adds Custody Support for 14 Ethereum (ETH)-Based Altcoins, Spurring Rallies Up to 20%

Exchange Giant Coinbase Adds Custody Support for 14 Ethereum (ETH)-Based Altcoins, Spurring Rallies Up to 20%

Top US-based crypto exchange platform Coinbase is expanding its suite of digital assets by adding custody support for over a dozen of Ethereum (ETH)-based altcoins. Coinbase says it’s adding 14 new cryptocurrencies to the growing roster of virtual currencies in its Coinbase Custody cold storage trust. Coinbase Custody, which launched in July 2018, is a […]

The post Exchange Giant Coinbase Adds Custody Support for 14 Ethereum (ETH)-Based Altcoins, Spurring Rallies Up to 20% appeared first on The Daily Hodl.

Cosmos co-founder proposes peer-to-peer clearing system in white paper