Ledger key recovery service paused amid backlash, will open-source code

May 24, 2023 Coin Telegraph

Ledger CEO Pascal Gauthier says the past week has been a “humbling experience” and apologized for the firm’s “miscommunication.”

Hardware wallet company Ledger is postponing the launch of Ledger Recover following an intense week of criticism from the crypto community.

In a May 23 Twitter Spaces joined by over 13,000 users, Ledger chairman and CEO Pascal Gauthier said it has been a “humbling experience” and a hard lesson in communication:

“This experience has been very humbling. We miscommunicated on the launch of this product; it was not our intention to take people by surprise. So because of that, we understand the community’s direction and apologize for the miscommunication.”

Gauthier revealed that in response to concerns, the firm would be accelerating its plans to open-source more of its codebase. It will start with core components of its operating system and Ledger Recover, which he stated: “won’t be released until this work is complete.”

Screenshot of tweet from Pascal Gauthier as part of a thread discussing their new plans. Source: Twitter

Charles Guillemet, the chief technology officer of Ledger, said that over the coming days, a white paper on the Recover Protocol would become open source along with technical blog posts to “explain the principles of Recover” and more detailed explanations of how the process works.

“It's going to be very easy and clear for every single cryptography and security expert to have a look at the protocol to get more guarantees and understand how it works.”

Guillemet noted this would also allow developers to build their own backup provider for the seed phrase shards rather than using the one offered by Ledger.

“This has always been something important for Ledger, but this recent event showed how important it is for the community and this is why we decided to prioritize this open-sourcing process,” he added.

Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.

We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.

A thread pic.twitter.com/Dv0jBCM4Ys
— Charles Guillemet (@P3b7_) May 23, 2023

Ledger recently told Cointelegraph that it would “continue to open source more and more of our code until we reach a similar level as the Raspberry Pi.”

Ledger found itself in a PR nightmare after revealing plans on May 16 to introduce a key recovery tool called Ledger Recover. The firmware update would allow users that lost their private seed phrase to get it back via an optional feature.

I want to address the feedback over Ledger Recover, the way it was communicated, and share our path forward. Read my letter and join our town hall with our leadership team to learn more.

https://t.co/2hlPrMwzaN pic.twitter.com/juVBOpWeeG
— Pascal Gauthier @Ledger (@_pgauthier) May 23, 2023

The firm faced backlash from some members of the crypto community who believed that this would add a “backdoor” for a user’s private keys to be removed from the device.

Asia Express: Ripple, Visa join HK CBDC pilot, Huobi accusations, GameFi token up 300%

Coinbase exec uses ChatGPT ‘jailbreak’ to get odds on wild crypto scenarios

May 1, 2023 Coin Telegraph

AI Chatbot

According to ChatGPT, Bitcoin has a 15% chance it will “fade to irrelevancy” with prices down 99.99% by 2035.

A Coinbase executive claims to have discovered a “jailbreak” for artificial intelligence tool ChatGPT, allowing it to calculate the probability of bizarre crypto price scenarios.

The crypto exchange’s head of business operations and avid ChatGPT user Conor Grogan shared a screenshot of the results in an April 30 Twitter post — showing that ChatGPT states there be a 15% chance that Bitcoin (BTC) will “fade to irrelevancy” with prices falling over 99.99% by 2035.

Meanwhile, the chatbot assigned a 20% chance for Ethereum (ETH) becoming irrelevant and approaching near-zero price levels by 2035.

ChatGPT was even less confident about Litecoin (LTC) and Dogecoin (DOGE) however, attributing probabilities of 35% and 45% respectively for the coins to go to near zero.

The Coinbase executive concluded that ChatGPT is “generally” a “big fan” of Bitcoin but remains “more skeptical” when it comes to altcoins.

GPT is generally a big fan of Bitcoin; more skeptical of altcoins and their staying power pic.twitter.com/E9sUQ8AVvD
— Conor (@jconorgrogan) April 30, 2023

Prior to the cryptocurrency predictions, Grogan asked ChatGPT to assign odds to several political predictions involving Russian president Vladimir Putin, U.S. President Joe Biden and former U.S. president Donald Trump.

Other predictions were aimed towards the impact of AI on humanity, religion and the existence of aliens.

“Aliens have visited Earth and are being covered up by the government” — one wild prediction read — to which ChatGPT assigned a 10% probability.

I found a jailbreak for GPT I'm calling JAMES

-Predicts the future for ANY topic (even guesses when people might die based on its training set)
-Quantitatively assesses confidence on any topic (including conspiracy theories)
-May help researchers better find bias and align AI? pic.twitter.com/jqTcNbCT2d
— Conor (@jconorgrogan) April 30, 2023

The executive also shared a script of the prompt, which he then fed to ChatGPT to build the tables.

Grogan backed up the preciseness of the results by claiming to tested out the prompt over 100 times:

“I ran this prompt 100 times on a wiped memory GPT 3.5 and 4 and GPT would return very consistent numbers; standard deviation was <10% in most cases, and directionally it was extremely consistent.”

It isn’t the first time the executive experimented with crypto-related issues using ChatGPT.

On March 15. Grogan showed that GPT-4 — the latest iteration of ChatGPT — can spot security vulnerabilities in Ethereum smart contracts and provide an outline to exploit faulty contracts.

Studies carried out by OpenAI — the team behind ChatGPT — have shown GPT-4 to pass high school tests and law school exams with scores ranking in the 90th percentile.

Meanwhile, Italy recently lifted a ban on the AI tool after banning it for one month following a series of privacy concerns that were raised to Italian regulators.

Magazine: How to prevent AI from ‘annihilating humanity’ using blockchain

‘Worst code I’ve ever seen’: Euro stablecoin faces centralization criticism

April 21, 2023 Coin Telegraph

Code

Some pundits shared harsh sentiment towards a new euro-pegged stablecoin, but it's not publically accessible for the time being.

Criticism has been leveled at a new euro-pegged stablecoin released in France due to a decision to restrict peer-to-peer transactions.

French bank Societe Generale-Forge (SGF) released the Ethereum-based stablecoin called EUR CoinVertible (EURCV) on April 20 which is available to only qualified institutional clients.

According to observers who reviewed its smart contract code, ERC-20 transfers need to first be approved by a centralized registrar — presumably one controlled by the bank — before the transaction is processed.

In an April 20 tweet, pseudonymous smart contract engineer “alephv.eth” explained:

“They coded it so they have to whitelist all users, process all user transfers, and even process your ERC20 approvals before they process your 'transferFrom' lmao.”

She further mocked the code in a separate post, stating it was a "radical commitment to inefficiency in the name of regulation."

Nonfungible token (NFT) project founder “foobar” tweeted to his over 127,000 followers on April 20 that it’s “the worst code I’ve ever seen” and described the stablecoin as a “laughing stock.”

France launched a stablecoin on Ethereum and it's the worst code I've ever seen

Every ERC20 single transfer has to be approved in a separate eth tx submitted by a centralized registrar

What a laughingstock, is this your CBDC?https://t.co/hKkHiQTCyN pic.twitter.com/S6tRfh54wz
— foobar (@0xfoobar) April 20, 2023

Crypto researcher Mason Versluis also tweeted the code was “absolutely horrible” and suggested the French bank “stop trying to weasel” into crypto.

BREAKING: France launches stablecoin on #Ethereum, but every single transfer has to be approved in a separate ETH transaction submitted by a centralized registrar!

Absolutely horrible. Keep your centralized bullshit over there, stop trying to weasel it into crypto.

News Via:… pic.twitter.com/mcg9fvUoSp
— MASON VERSLUIS (@MasonVersluis) April 20, 2023

Plenty of others chipped in on the criticism, but Ether (ETH) investor Ryan Berckman provided a more neutral analysis.

He explained that many traditional financial firms like SGF will take “baby steps” as they move into blockchain and digital assets:

“Obviously, non-compliant, non-composable, allowlist-style stables are going to be uncompetitive in the market. Baby steps, they are coming from tradfi, they'll see it soon enough and switch to a USDC-style denylist.”

Berckman explained SGF may also be incorrect in its claim to be the first bank to launch an institutional stablecoin on a public blockchain. He pointed to the AUDN stablecoin minted by the National Australia Bank (NAB) on Ethereum in March, which claimed to be the second bank to launch a stablecoin.

Regardless, Berckman expects more banks to follow suit in the months to come, stating that he is “certain” SGF won’t be the last bank to launch a stablecoin on a public network.

SGF’s stablecoin isn’t intended for public use — at least to begin with.

EURCV is only strictly available to institutional clients onboarded by the bank through its Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures, according to the bank’s April 20 announcement.

The stablecoin is designed to bridge the gap between assets in traditional capital markets and the digital assets ecosystem.

A total of 10 million EURCV tokens were minted on Ethereum three days ago according to Ethereum explorer Etherscan. All 10 million tokens are held by one wallet address.

The stablecoin was launched on the back of growing demand for a new settlement asset to process on-chain transactions.

Magazine: Unstablecoins: Depegging, bank runs and other risks loom

Euler Finance’s offer to hacker: Keep $20M or face the law

March 15, 2023 Coin Telegraph

Euler Finance’s offer to hacker: Keep M or face the law

attack

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

euler just sent an on-chain message to the hacker pic.twitter.com/0wKIW51NjM
— 0xngmi (llamazip arc) (@0xngmi) March 14, 2023

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

Look over your shoulder for the rest of your life, or take a $20m deal. No brainer.

Although, they could easily be state actors and aren’t really worried about low levels feds. https://t.co/i5zUSDqFca
— drnick ️² (@DrNickA) March 15, 2023

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

An update on our work today to recover funds for Euler protocol users.

Here are a few actions we took immediately:

1. Stopped the direct attack as soon as possible by helping disable the EToken module, which blocked deposits and the vulnerable donation function

2. Engaged TRM… https://t.co/6ZClE9uGoH
— Euler Labs (@eulerfinance) March 14, 2023

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.

Euler Labs works with various security groups to perform audits of the Euler Finance protocol.

While the vulnerable code was reviewed and approved during an outside audit, the vulnerability was not discovered as part of the audit.

The vulnerability remained on-chain for eight… https://t.co/M3PYSOwHhL
— Euler Labs (@eulerfinance) March 14, 2023

Bitcoin core dev calls out ‘misleading’ auction selling his code as an NFT

February 28, 2023 Coin Telegraph

Bitcoin Core developer

Bitcoin core developer Luke Dashjr has called out the sellers behind an NFT auction for using his name and code without his knowledge or consent.

One of the original core developers behind Bitcoin (BTC), Luke Dashjr, has taken to social media to call out an auction site that has used his name and code without his consent to create and sell a “misleading” NFT.

The core developer said he hasn't been the first Bitcoin developer to have his name or his work used in this way.

In a Feb. 27 post on Twitter, the developer revealed a nonfungible token featuring a picture of code he wrote was sold at an auction site for 0.41 Bitcoin (BTC), or roughly $9,500 at the time of writing.

I want to make public my concern about "NFTs" which are being sold utilizing my name. Recently, a picture of code I wrote was sold at auction for .41 BTC. It was advertised as my code in the listing and presented to the public for sale and profit. 1/9 pic.twitter.com/5TcEJu4p5e
— Luke Dashjr (@LukeDashjr) February 27, 2023

“It was advertised as my code in the listing and presented to the public for sale and profit,” Dashjr explained.

“Let me be clear – I was not involved with the creation and sale of this or any other NFTs. I have not consented to the use of my code or my name for this purpose. Instead, 3rd parties are marketing my name and my code for their own monetary gain,” he added.

Dashjr revealed that the winner of the auction eventually contacted him and he had to inform them he was not involved with the sale.

*The auction winner reportedly contacted Luke Dashir, only to discover he was not involved with the sale. Source: Luke Dashir*

Dashjr claims that an individual — either the seller or the auction site — had reached out and offered him “a donation of 90% of the auction proceeds,” which he declined.

“The public should also be aware that the seller and/or auction site offered me a donation of 90% of the auction proceeds ‘should I choose to accept’ it. I feel this is a clear attempt to: (1) bribe me into silence; and/or (2) obtain my consent after the fact,” he explained, adding:

“I will not accept such payment at the expense of the public who are being misled. I will not accept any such ‘donation’.”

“Due to the misrepresentation involved and actual buyer confusion, I strongly insist upon 100% of the auction proceeds to be refunded to the buyer,” Dashjr said.

According to Dashjr, “other Bitcoin devs” have been placed in similar situations and been offered "considerable” donations for their cooperation; however, he did not provide any specific details.

*A message from a purported seller of the NFT offering Luke Dashjr a “donation” from the auction. Source: Luke Dashjr*

“Stop using my name to mislead the public so you can make a quick buck. It’s wrong,” Dashjr said.

“I do not consent to the use of my name or code for this grift. I want the public to be aware of where I stand,” he added.

Early last year, decentralized marketplace OpenSea reported that over 80% of NFTs minted using its tool were “plagiarized works, fake collections, and spam.”

Dashjr was reportedly the unfortunate victim of a hack on the last day of 2022 that lost him “basically” all his BTC.

Hackers gained access to his PGP (Pretty Good Privacy) key, a common security method that uses two keys to gain access to encrypted information.

The news ignited a debate around self-custody, which became a hot topic after the collapse of crypto exchange FTX.

US Federal Trade Commission Investigates Marketing Schemes of Crypto Firm Voyager

February 22, 2023 Bitcoin.com

Starkware Plans to Open Source Key Tech Linked to Starknet Prover

February 6, 2023 Bitcoin.com

Vitalik Buterin reveals 3 ‘huge’ opportunities for crypto in 2023

December 20, 2022 Coin Telegraph

Adoption

There's still plenty of room for innovation, according to Ethereum co-founder Vitalik Buterin.

Ethereum co-founder Vitalik Buterin has shared three “huge” opportunities yet to be realized in crypto: mass wallet adoption, inflation-resistant stablecoins and Ethereum-powered website logins.

During an interview with Bankless co-owner David Hoffman, Buterin shared his outlook for the crypto industry in 2023, responding to Hoffman’s raised concern that the “adoption wave” for decentralized applications is now over and that there’s “less opportunity” for developers to come in and build new decentralized applications.

Buterin instead shrugged off the “limbo period” that Hoffman eluded to, firstly suggesting that more developments need to be made on wallet infrastructure to make crypto easier for everyday people to use and ensure that it is capable of onboarding billions of users.

“If you can make a wallet that a billion people will use — that’s a huge opportunity,” the Ethereum co-founder said.

Secondly, Buterin said that the creation of a hyperinflation-resistant and globally accessible stablecoin that can withstand all types of conditions — both on-chain and in the broader macroeconomy — would be revolutionary for the industry:

“If you can make a stablecoin that can actually survive anything up to, and including, a U.S. dollar hyperinflation [...] that’s a huge opportunity as well if you can create something that will feel like a lifeline for everyone going through that situation.”

Buterin, thougdidn’t offer any technical suggestions as to how this could be achieved.

Lastly, Buterin said any technical developments that contribute toward Ethereum taking login powers away from Facebook, Google, Twitter and other centralized monopolies would ultimately enable Ethereum to capture more market dominance on internet-based applications:

“If you can get signed in with Ethereum to work and if you can unseat Facebook and Google and Twitter as the login overlords of the internet, that itself is a huge opportunity, right?”

Buterin did however state that the opportunity to fill market gaps was becoming less obvious due to increasing competition and the maturation of the market.

Ethereum's co-founder appears to have spent the last few weeks sharing his learnings and advice for the crypto space, including his optimism about the years ahead for the industry.

Buterin stated on Dec. 5 that blockchain-based identity, decentralized autonomous organizations (DAOs) and hybrid applications also excite him about the future of Ethereum and decentralized technologies.

A few days earlier, on Dec. 3, the Ethereum co-founder iterated the importance for traders to take a long-term view by focusing more on technical developments rather than onprice.

Following the collapse of FTX, Buterin advised traders and investors on Nov. 21 to consider the level of human influence that can be exerted over a protocol and to put more trust in open and transparent code than humans.