1. Home
  2. Coding

Coding

$250K bounty ‘not too low to be insulting,’ says Coinbase white hat hacker

The white-hat hacker responsible for discovering a crisis-level flaw in Coinbase API said the $250K bounty was not "too low."

On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team.

Tree of Alpha had discovered “a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them.” The flaw in the code had the potential to “nuke” the market.

Commenting on the flaw, Tree of Alpha told Cointelegraph that the “vulnerability itself was indeed worrying,” sharing that “some oversight on both the dev team and the QA/testing team was needed to let this happen.”

“While the advanced trading product was not available for everyone and was still in beta testing, a significant number of users could have used the exploit.”

However, thanks to the hacker's quick reactions and an “overwhelming community response,” the danger was averted and Coinbase avoided a “possible crisis.”

As is common with white hat hacking, a bounty was duly awarded. Coinbase has initially awarded $250,000–an insignificant sum for the Silicon Valley-born unicorn. Twitter was quick to judge the quarter-million sum as a “bear market” bounty, particularly considering the scale of the hack and that Coinbase executives earn that figure annually.

Coinbase executive salaries according to Comparably. Source: Comparably

Tree of Alpha told Cointelegraph that the amount was “not too low to be insulting.”

“While a higher bounty might have been wise to deter more grey hats from exploiting vulnerabilities, it is common in the crypto sphere to lose touch with the value of money. For most working human beings, $250K is a very decent sum.”

Related: MakerDAO launches biggest ever bug bounty with $10M reward

Ultimately, the events shone a light on the importance of white hat hacking for a relatively nascent industry. The U.S. State Department recently announced it would offer up to $10 million in crypto rewards to white hat hackers; however, Tree of Alpha affirmed that “white hat hacking is crucial yet criminally overlooked by companies.”

In a word to the wise, they concluded:

“Companies won't hesitate to spend tens of millions on marketing but won't spend a fraction of it on making sure there is something left to market.”

Coinbase CEO Brian Armstrong was among the first to thank the white-hat hacker for saving his company:

Capital Inflows Drive Solana’s Comeback Rally, Glassnode Report Reveals

Crypto Stories: Gavin Wood discusses why he decided to code Ethereum

The latest episode of Cointelegraph's YouTube series tells the story of Gavin Wood, co-founder of Ethereum and founder of Polkadot and Kusama networks.

Among the original founding fathers of Ethereum (ETH) is Gavin Wood, who joined a group led by Vitalik Buterin that set out to build Bitcoin's competition. Wood is the computer scientist who wrote the first smart contracts for the Ethereum blockchain back in 2014. In an exclusive interview with Cointelegraph, Wood admitted that at the time, he just needed a job.  

A self-described "technologist at heart," he knew coding was his calling and made the "obvious" switch from building LEGO bricks to writing blocks of code from an early age.

He first discovered Bitcoin via The Silk Road, the online black market that ran from 2011 to 2013. The cryptocurrency originally "took his fancy" for being "a purely algorithmic mechanism for human cooperation and interaction" that, according to Wood, "allows for the creation of social structures that we haven't seen yet."

He realized there might be a job opportunity for him and started networking. After a meeting with Johnny Bitcoin, Wood was hired with the task of helping Buterin take Ethereum from white paper to a functioning blockchain. His hope in creating Ethereum was to affect change in society for the better.

"This is [the] technology that is being used to build the new world — the world that's going to drive human civilization for the rest of this century, at least."

Related: Crypto Stories: Vitalik Buterin talks creating Ethereum in previously unreleased 2014 interview

The video ends with words by Wood from another interview at a July 2014 conference in Hong Kong in which he suggested to Cointelegraph that economic institutions could be substituted by Ethereum. Almost eight years later, economic and financial institutions are indeed being disrupted not just by Ethereum but by the constantly evolving blockchain and cryptocurrency technology. 

Wood ended up leaving the development team at Ethereum to eventually found Polkadot (DOT), a sharded multi-chain protocol, and Kusama (KSM), used as a test network on the Polkadot chain.

Capital Inflows Drive Solana’s Comeback Rally, Glassnode Report Reveals

Web3 developer growth hits an all-time high as ecosystem matures

Web3 developer growth hit an all-time high in 2021, yet challenges lie ahead for new developers flooding the space.

“Web3” may be one of the biggest buzzwords of 2022, but the idea of creating an entirely decentralized platform to host decentralized applications has long been a vision of the crypto community. While it’s notable that some blockchain companies began building out Web3 applications four or five years ago, the Web3 space has only started gaining traction recently. 

The recent growth of Web3 was highlighted in a new report from Electric Capital, a venture capital firm that has been investing in Web3 companies since 2018. The “Electric Capital 2021 Developer Report” analyzed data from nearly 500,000 code repositories and 160 million code commits across Web3, finding that over 34,000 new developers committed code to Web3 projects in 2021 — the highest number of developers in history according to the document.

Moreover, the report pointed out that 65% of active developers and 45% of full-time developers started working on Web3 last year. The document also found that over 18,000 monthly active developers commit code to open-source crypto and Web3 projects today, primarily building on the Ethereum network.

Web2 developers flood the Web3 space

Maria Shen, a partner at Electric Capital, told Cointelegraph that 2021 was a year of historic growth for Web3 development, as it brought in the highest number of monthly active developers the crypto space has ever seen. She elaborated that this number refers only to open-source developers:

“While there are a large number of closed-source developers working in crypto, Web3 is highly open-source. This is the main difference between how companies function in Web3 from Web2. In Web2, everyone is developing privately before the final product is shipped. In Web3, developers are shipping and building in the open.”

Even with these differences, Shen remarked that an increasingly high number of Web2 developers have been migrating into the Web3 space recently. She believes this is the case partly because Web3 allows for a more flexible point of entry.

For instance, Shen explained that part-time developers can easily come in and build out Web3 projects. “In Web2, you either work for Google, or you don’t. There really isn’t an option in-between. But Web3 allows for hobbyists to join,” she said. And due to its open nature, Shen explained, the Web3 space contains more of a variety for developers, letting individuals work either full-time, part-time or even on occasion. She said:

“Full-time developers may commit 10 or more days a month to a project, while a part-time developer may only work nights and weekends. We are seeing Web2 developers come in because Web3 uniquely allows this to happen.”

Another reason Web2 developers have taken a recent interest in Web3 is mainstream adoption. For instance, Shen remarked that the rise of nonfungible tokens (NFT) has helped usher in a new group of developers who are focused on art, design and supporting creators. Echoing this sentiment, Tegan Kline, co-founder of Edge and Node — the development team behind open-source indexing protocol The Graph — told Cointelegraph that developers everywhere are dipping their toes into Web3 due to the rise of decentralized finance and NFTs. “NFTs have made it easy for traditional companies to enter Web3,” she said.

Kline added that The Graph has seen a 300% year-over-year developer growth, noting that Edge and Node has recently hired engineers from Google, Amazon Web Services and Airbnb, along with individuals from traditional financial organizations. “The mass exodus into Web3 is here, and I think we will continue to see more tech companies move into the space,” said Kline.

Solutions are maturing to help Web3 developers build

In addition to a more flexible point of entry and mainstream adoption, it’s important to point out that solutions are maturing, making it much easier for developers to build products for decentralized, Web3 ecosystems.

For example, taking centralized points of data and incorporating that within decentralized protocols is an important feature of Web3.

Heikki Vänttinen, co-founder of blockchain oracle API3, told Cointelegraph that API3 aims to bring off-chain data sources — such as real-world weather data — to blockchain networks at scale. “We bring the API economy to the blockchain to enable decentralized applications and smart contracts to do things based on real-world data and events,” he said. Vänttinen explained that the oracle’s “Beacon” features are continuously updated data feeds, each powered by a single first-party oracle, which makes it easier for Web3 projects to build on API3’s technology.

Vänttinen further mentioned that Beacons eliminate the need for third-party oracles, like Chainlink for instance. “Instead of having a third-party entity that exists between a smart contract on-chain, Beacons enable APIs to be directly connected to a smart contract instead of having a middleman oraclize the data source off-chain.” In turn, Vänttinen explained that data querying for Web3 development has become more cost-efficient, faster and better regulated.

To put this in perspective, Shawn Douglass, CEO of Amberdata — a digital asset data provider — told Cointelegraph that Amberdata is using API3’s Beacons to offer its APIs on-chain in the form of first-party oracles. “This provides a more secure and cost-efficient approach than alternative solutions that employ middlemen,” he remarked.

In regard to how this may help Web3 developers, Douglass said that Ameberdata Beacons will be used at ETHDenver 2022’s “Buidlathon,” where over 3,000 Web3 developers will have the opportunity to build their own API3-powered data feeds. While Douglass commented that he is curious to see what use cases will be built, he explained that Beacons are not about helping developers build faster. “This solution is more about enabling developers to build with data directly from proven, reputable data providers, without having to rely on third-party oracles,” he said.

Data aside, another challenge facing Web3 developers today is integrating new products into crypto wallets. Erik Marks, an engineer at MetaMask — a software cryptocurrency wallet for the Ethereum blockchain — told Cointelegraph that integrating with wallets is often the fastest and, sometimes, the only way to grow a product’s user base in Web3:

“This is especially true for those building completely novel things — for example, networks and protocols, exotic assets, scaling solutions, etc. Any application can only build and maintain so many features at a time, and some integrations inevitably become de-prioritized.”

In order to ensure that developers can easily build out Web3 applications, Marks explained that MetaMask has released a new feature called “Snaps.” Marks added that Snaps was recently released through MetaMask Flask, which is the company’s developer-focused distribution channel.

According to Marks, Snaps was designed to allow developers to expand the functionality of MetaMask at runtime without the organization’s involvement:

“Developers can add their own features and make them available to users by themselves. Any wallet developer will tell you that providing first-class support for just Ethereum and its various layer-2 networks is challenging enough, to say nothing of the up-and-coming layer-1 networks out there. The only way to keep up is to invite the Web3 developer community into the wallet itself and allow anyone to extend its capabilities with as little involvement from us as possible.”

Adding to this, Jacobc.eth, lead of operations at MetaMask, told Cointelegraph that when Snaps matures, getting MetaMask to support hardware wallets, layer-2 networks or new asset types will no longer involve asking MetaMask. “You’ll just build a Snap and then tell your users about it,” he said.

Web3 developers will continue to increase over time

Given the maturing Web3 ecosystem, industry experts believe that the Web3 developer space will continue to grow over time. Shen thinks this is the case by looking back at how the crypto space has matured previously. She mentioned that during the 2017 and 2018 bull run, crypto prices peaked in January 2018, but developers didn’t start flooding the space until about a year later. “If we think this market is like the last one, developers will still be coming in through 2023.”

Kline further commented that the Web3 space is already going mainstream, yet she predicts that the next six to 12 months will focus on finalizing the sector. “We’ve reached the limits of what we can do in a centralized world. Web3 is allowing us to scale further.” While this may be, Shen pointed out that many challenges remain for Web3 developers. “In Web2, there are a lot of off-the-shelf tools developers can use to ship products fast, but you don’t have that in Web3,” she said. As such, Shen mentioned that creating the underlying infrastructure for Web3 will continue to pose challenges, remarking that although the space is maturing, it still lacks much-needed accessibility.

For example, interoperability is a major component still required of Web3, which would enable different ecosystems to communicate with one another. Maly Ly, co-founder and CEO of the Laconic Network — an upcoming blockchain project for aggregating data in Web3 — told Cointelegraph that different blockchains need to be able to communicate with each other in order to enable interoperability and expand utility.

Ly mentioned that the necessity for cross-chain communication has led to the proliferation of bridges, which require faster and more flexible access to verifiable blockchain data, or proofs. With this, Ly believes that a number of solutions will arise this year to meet these challenges:

“The promise of Web3 is aligned with network, builder and user incentives reliant on trustless systems where data availability and verifiability is essential. Solving these fundamental data querying and verification problems will help address core decentralized application development and adoption challenges.” 

Capital Inflows Drive Solana’s Comeback Rally, Glassnode Report Reveals

There’s a browser plugin that autoblocks Twitter NFT profile pictures

A popular Github contributor called mcclure built a browser plugin that autoblocks Twitter accounts using NFT profile pictures.

That was quick. Within 24 hours of the launch of the Twitter nonfungible token, or NFT, profile pictures for iOS update, a github contributor called mcclure has coded up and shared a browser extension that automatically blocks Twitter accounts using an NFT profile picture.

The program called NFTBlocker blocks paying subscribers of the Twitter Blue for iOS service who choose to display an NFT as their profile picture. 

The extension works with Chrome and Firefox on desktop and while an early prototype, “future versions of this plugin will scan your notifications and do the blocking automatically.”

But why would someone code up such an extension? According to mcclure’s README, it’s because NFTs are an “investment scam.”

They don’t mince their words:

“In short, NFT users are just irritating to be around. People who bought NFTs have to keep hyping other people to buy NFTs or the NFTs they bought will lose value. Twitter NFT cliques are rife with sockpuppet accounts, dogpiling and indifferentiable monkey clones. Blocking NFT users just makes Twitter nicer.”

The web developer also recommends using the app Better TweetDek to block NFT profile picture users.

Related: Crypto and NFTs meet regulation as Turkey takes on the digital future

However, mcclure appears somewhat misinformed about the driving force behind Twitter’s pivot to using NFTs. In the README section, Mcclure claims that Jack Dorsey “is invested in cryptocurrency and if Twitter makes NFTs more popular, Jack Dorsey will make money.”

While Jack Dorsey is hugely invested in cryptocurrency, he has demonstrated little interest in NFTs since standing down as CEO of Twitter last year.

He has dedicated his career to furthering Bitcoin adoption, mining and development under his new role of CEO of Block. He recently announced the Bitcoin Legal Defense Fund as well as Cash App's integration for lightning payments.

Capital Inflows Drive Solana’s Comeback Rally, Glassnode Report Reveals