1. Home
  2. Coinbase Wallet

Coinbase Wallet

Coinbase rolls out crypto transfers via links sent on WhatsApp, Telegram

Recipients need to download a Coinbase Wallet to receive the funds, but the crypto exchange says they’ve simplified the process for less tech-savvy users.

A new feature from Coinbase Wallet allows for the transfer of crypto through a link that can be sent through some of the most popular social media sites and messaging apps as the crypto exchange looks to make its service accessible to a wider market.

“Users can now send money on any platform that they can share a link,” Coinbase said in a Dec.

There’s no payment fee when sending USD Coin (USDC), a U.S.

Clicking the link will take the recipient to their device’s app store to download Coinbase Wallet — if not already downloaded — where they can create a wallet in one click, Coinbase noted.

If the funds aren’t claimed within two weeks, they will be returned to the sender.

Coinbase also made a “simple mode” for its wallet to help new and less savvy tech users which only shows basic functions like buying, sending, receiving and viewing assets.

Related: How to prepare for the next crypto bull market: 5 simple steps

Read more

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Unstoppable Domains launches instant messaging with XMTP

Unstoppable Domains now allows owners of .crypto, .polygon and other Web3 usernames to send messages to each other through multiple messaging apps.

Unstoppable Domains (UD) has launched an instant messaging system for owners of Web3 usernames, according to an Aug. 23 announcement from principal engineer Aaron Quirk. Owners of .crypto, .wallet, .polygon or other UD-registered usernames can now message each other across most apps that use XMTP, including the UD iOS app and website, Coinbase Wallet, and Lens protocol apps such as Lenster and Buttrfly. The announcement clarified that the Android version of UD will not provide messaging at launch but will provide this feature soon.

The new messaging integration relies on the extensible message transport protocol (XMTP), an independent protocol, to fully encrypt and send messages to recipients. This means that messages should still be available even if UD were to cease operations in the future. “Your messages will be preserved and accessible to you no matter what happens to Unstoppable,” the announcement stated.

Web3 usernames have been around since 2017. They allow crypto users to associate their crypto addresses — long strings of characters representing accounts — with more easy-to-remember names. For example, the extremely difficult-to-remember 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 can become simply “Vitalik.eth.”

These crypto usernames have mostly been used to receive payments in the past. But a few projects are trying to expand their utility to include other applications, including messaging. For example, Coinbase Wallet launched an instant messaging system on July 12, allowing users to message each other via their .eth or .cb.id usernames. The Coinbase Wallet feature was also integrated with social media protocol Lens, thanks to the two projects' shared use of XMTP.

Related: Web3 usernames may see greater adoption due to recent advancements

However, this shared system did not extend to usernames registered through Unstoppable Domains, such as ones ending in .crypto or .polygon. According to Quirk’s announcement, this issue has now been solved. Users of Lens apps or Coinbase Wallet can now send messages to each other using their Unstoppable Domains usernames in addition to other methods.

Quirk also stated that the company will soon release an integration with Push Protocol, allowing username owners to sign up to receive notifications from Web3 projects. The projects will be able to message users via the Unstoppable Domains website or app.

On April 26, Unstoppable Domains also partnered with Binance.US, allowing its users to register names ending in .BinanceUS. And it called a truce with rival Ethereum Name Service (ENS) on July 17, allowing ENS .eth names to be sold in the UD store for the first time.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report

Cybersecurity certification platform CER said the vast majority of wallets do not hire outside experts to perform penetration tests.

A July report from cybersecurity certification platform CER found that only six of 45, or 13.3%, of cryptocurrency wallet brands have undergone penetration testing to find security vulnerabilities. Of these, only half have performed tests on the latest versions of their products. 

The three brands that have done up-to-date penetration tests are MetaMask, ZenGo, and Trust Wallet, according to the report. Rabby and Bifrost performed penetration testing on older versions of their software and LedgerLive did them on an unknown version (listed as “N/A” in the report). All other brands listed did not provide any evidence of having done these tests.

The report also provided an overall ranking of the security of each wallet, listing MetaMask, ZenGo, Rabby, Trust Wallet, and Coinbase wallet as being the most secure wallets overall.

CER rankings for wallet security. Source: CER.

“Penetration testing” is a method of finding security vulnerabilities in computer systems or software. A security researcher attempts to hack into the device or software and use it for purposes it wasn’t intended. In most cases, a penetration tester is given little to no information about how the product works. This process is used to simulate real-world attempts at hacking to uncover vulnerabilities before the product is released.

CER found that 39 out of 45 wallet brands didn't perform any penetration testing at all, not even on older versions of the software. CER speculated that the reason may be that these tests are expensive, especially if the company makes frequent upgrades to their products, stating, “We attribute it to the amount of updates an average app has, where each new update can disqualify the pentest made earlier.”

They found that the most popular wallet brands were more likely to perform security audits, including penetration tests, as they often had the funds to do so:

“Essentially, popular wallets tend to adopt more robust security measures to protect their increasing user base. This seems logical – a higher user base often corresponds to more significant funds to secure, more visibility, and consequently, more potential threats. It can also result in a positive feedback loop, with more secure wallets attracting new users in higher numbers than the less secure ones.”

CER’s ranking of wallets was based on a methodology that included factors like bug bounties, past incidents, and security features, such as restore methods and password requirements.

Although most wallet brands don’t perform penetration testing, CER stated that many of them do rely on bug bounties to find vulnerabilities, which is often an effective means of preventing hacks. They rated 47 out of 159 individual wallets as “secure” overall, meaning that they had a security score of above 60. These 159 wallets included some that were from the same brands. For example, MetaMask for Edge browser was considered a separate wallet from MetamlMask for Android.

Related: Bug bounties can help secure blockchain networks, but have mixed results

Wallet security has become an urgent issue in 2023 as over $100 million was lost in the Atomic Wallet hack on June 3. The Atomic team has speculated that the breach may have been caused by a virus or injection of malware in the company’s infrastructure, but the exact vulnerability that allowed the attack is still unknown. Web wallet MyAlgo also suffered a security breach in late February, resulting in an estimated loss to users of over $9 million.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

ICP-based blockchain chat app launches ‘Communities’ to compete with Discord

OpenChat implemented a new feature that allows admins to create groups within groups, similar to Discord’s channels within servers.

Blockchain chat app OpenChat has enabled users to create Discord-like servers called “Communities,” according to an Aug. 2 announcement.

Early UX prototype for OpenChat Communities. Source: OpenChat

OpenChat is a blockchain-based chat app running on the Internet Computer (ICP) network. It facilitates mostly crypto-oriented chat groups, including some with a few thousand members. LootMoneyArmy (3,201 members), Magnetic (2,703 members) and DFinityVN (2,597 members) are some examples of OpenChat groups.

The app’s development team first announced the Communities feature in February. At the time, they observed that users were employing OpenChat for different reasons than initially anticipated. While developers originally intended Communities to be used as an instant messaging app similar to WhatsApp or Signal, end-users seemed more interested in using the app to form public groups and build communities.

While the developers welcomed this interest, they also explained that OpenChat lacked the hierarchical system used in apps like Discord or Slack. This prevented group admins from using it to create subgroups to keep conversation focused on particular topics, ultimately making groups on OpenChat less effective than they otherwise could be.

The team promised to fix this problem by implementing Communities at some point in the future, making the app more suitable for users interested in joining groups. The new feature would replace the current groups with “communities” and allow admins to create “groups” within these communities, similar to the way Discord has channels within servers. Admins would also be able to make their communities private, giving them a function similar to a Slack group, the post stated.

The Aug. 2 announcement states that Communities has now launched and is available within the app.

In a conversation with Cointelegaph, OpenChat co-founder Julian Jeffs said Communities will eventually allow crypto protocols to build communities directly from their own websites, eliminating the need for downloading external programs like Discord or Telegram.

“One other sort of notable thing on the roadmap that Communities will facilitate is providing integrations to other apps in the ecosystem as well,” Jeffs explained. “There are a lot of other apps that would like to have a chat function within but don’t necessarily want to send their users outside of their website or the app.”

Jeffs further explained that the team is experimenting with several designs for this future “Communities integration” system. One concept is to provide a “server-to-server synchronization” between OpenChat and each project, while another option is to create a set of front-end components that projects could “drop in” to their interfaces. Either way, the integration would allow users of Web3 protocols to chat with other users and get technical support from admins without needing to navigate away from the apps they are using.

The team stressed that the “integrations” feature will not be a part of Communities at launch but is planned to be implemented in a later patch.

Related: New Web3 ID app lets users find each other based on proven interests

Discord and Telegram are the two most widely used messaging apps in the crypto community, but these Web2 platforms don’t allow users to post messages using their Web3 identities. This can lead to users getting scammed by persons claiming to be holders of wallets they don’t actually control. 

OpenChat is one project trying to solve this problem. Another example is Grill.chat, which runs on a Polkadot chain but allows Ethereum wallet holders to chat using their Ethereum usernames. Coinbase wallet’s new messaging feature is another example of the growing movement to allow wallet-based chat.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Coinbase Launches Feature Allowing for Direct Messaging Between Ethereum Addresses

Coinbase Launches Feature Allowing for Direct Messaging Between Ethereum Addresses

Top US-based crypto exchange platform Coinbase is launching a new feature that would allow private direct messaging between Ethereum (ETH) addresses. In a new thread, Coinbase says that it is rolling out a new decentralized chat feature for its wallet powered by web3 chat protocol XMPT that aims to grant users ownership of their chats. […]

The post Coinbase Launches Feature Allowing for Direct Messaging Between Ethereum Addresses appeared first on The Daily Hodl.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

How to stake Polygon (MATIC)

Staking MATIC helps one to generate passive income. Find how to stake MATIC via MetaMask, Binance, Coinbase Wallet and Trust Wallet.

The Polygon network, formerly the Matic network, is an Ethereum-scaling protocol that reduces cost and embeds high security. In a short span, Polygon has gained a high level of traction.

A string of solutions on a single network sets Polygon apart from other Ethereum scaling projects. It empowers developers to zero in on a scaling solution that works best with their applications. Polygon Labs has been consistently working to develop scaling solutions based on plasma sidechains, a blockchain bridge, different types of zero-knowledge proofs and Optimistic Rollups.

Processing bundles of transactions on the Polygon proof-of-stake (PoS) blockchain drastically reduces the burden on the Ethereum main chain, making transactions faster. The throughput rate in the Ethereum base layer is roughly 14 transactions per second, while Polygon has the potential to handle exponentially higher transactions per second. 

Anyone wanting to participate in the network by updating transactional data on the system must stake Polygon (MATIC). In the Polygon network, a validator’s job is to ensure the network’s security and add transactions to blocks. Validators stake, allowing users to delegate tokens in exchange for rewards net of any commissions charged by validators. 

Staking of MATIC, explained

Anyone looking to stake MATIC has to delegate tokens to a validator. Stakers can earn rewards against the staked funds. For now, there are no minimum staking requirements though validators can decide the minimum acceptable limit for staking. Validators might charge fees or commissions for these services. Staked MATIC tokens have an unlocking period of 80 checkpoints, approximately three to four days. Stakers wanting to exit just need to send an unbound request.

It helps to factor in validators’ credibility before delegating funds to any of them. One can hop to the Polygon staking dashboard to get information about validators, viewing metrics such as active validators, their uptime, commission and the amount required to stake. These metrics are valuable tools to help select reliable validator(s):

  • Uptime refers to the number of blocks signed in a specific time period. A validator’s uptime should be close to 100%. Otherwise, it indicates the validator is unreliable, as reflected in their public performance metrics.
  • Commission rate is the percentage of one’s rewards the validator receives for their services.
  • The stake amount indicates the total number of tokens delegated to a validator.

How to stake MATIC on MetaMask

MetaMask is a decentralized, noncustodial cryptocurrency wallet that interacts with the Ethereum blockchain. The wallet is accessible as a mobile app and browser extension on Google Chrome, Brave, Firefox, Opera and Edge.

Here are the steps to stake MATIC on MetaMask:

Step 1:  Add MetaMask as a browser extension.

Download MetaMask on your machine and install it as browser extension

To stake MATIC on MetaMask, users need to visit the MetaMask website and set it up as a browser extension. Go to “Download.” One can choose between the currently used browser and iOS or Android. Select the download option for the browser to add MetaMask.

Step 2: Connect MetaMask to the Polygon blockchain.

MetaMask is compatible with different blockchains. To connect MetaMask to Polygon, go to “Networks” and “Add network.” In the window that appears, users must populate relevant data regarding the Polygon blockchain.

Click Add Network

Step 3: Transfer MATIC tokens to MetaMask.

To transfer MATIC tokens to the MetaMask wallet, copy the address from the wallet and feed it in as the destination address on the exchange or another wallet. Now, transfer MATIC tokens to MetaMask. 

Step 4: Connect MetaMask to the Polygon Wallet.

On the following link, click “MetaMask” to connect MetaMask to the Polygon wallet. https://wallet.polygon.technology/ 

Step 5: Stake MATIC via MetaMask.

Once the connection is established, staking is enabled.

Step 6: Delegate MATIC.

Select a validator to which tokens will be delegated.

One needs to use the control panel for staking. Click on the button “Apps” and then select “Staking.” Put the validator’s name in the search bar and click “Delegate.” All relevant information, such as the number of tokens staked, uptime and commission amount, is visible next to the validator’s name.

Feed in the MATIC amount for staking and click “Continue.” In the pop-up extension window, click “Confirm.” The transaction might take a few minutes to complete, depending on traffic.

To execute a transaction, stake MATIC and begin receiving rewards, users must buy a voucher and pay for gas. Click “Buy Voucher.” Specify details like the gas limit and price, and re-confirm the transaction.

Delegation is now complete. Users can “Stake more” or withdraw the rewards using the control panel. However, note that all transactions on the Ethereum network are paid in Ether (ETH). Therefore, the delegator must have enough ETH in the wallet to pay for the transactions.

How to stake MATIC on Coinbase Wallet

To stake MATIC on Coinbase, users need to use a wallet, as they don’t provide a staking feature on the exchange. If users have funds on the exchange but not in the wallet, they will need to move funds to the wallet. Even though Coinbase Wallet doesn’t have a built-in staking feature, there is a way to do it.

Here are the steps leading to staking MATIC on Coinbase Wallet.

Step 1: Install Coinbase wallet.

Install Coinbase wallet

Install Coinbase Wallet on your smartphone. If it is an iPhone, go to the Apple App Store; visit the Play Store for Android.

The process includes creating a new wallet, agreeing to the terms of service, picking a username, setting privacy preferences, creating a passcode and backing up the wallet with a recovery phrase to help access the account in case users forget the passcode.

Step 2: Move funds to the wallet.

Open the wallet and go down to the bottom right. Tap there and scroll down the screen that appears. The link “Connect to Coinbase” will be visible. Hit the link, and it will ask for authorization. Once done, the wallet will establish the user’s connection to their wallet.

Hit “Buy or transfer.” When the exchange prompts you to select a coin, select “MATIC wallet.” Now, users can feed in the number of coins they want to transfer. The wallet will ask for a verification code. Once successfully deposited, funds will be transferred. MATIC tokens on Coinbase exchange are ERC-20 tokens, meaning they run on top of the Ethereum network. 

Step 3: Stake MATIC.

Click Polygon wallet to find the option Polygon staking (1)

Visit the  Polygon website. On the top menu, click “Use Polygon” and “Staking.” On the next page, click “Become a delegator.”

To delegate click Become a Delegator

The user is taken to a page displaying a list of validators and their relevant details. One can sort the list in line with four parameters: performance, commission, stake and random, by clicking a drop-down list on the right of the page. The user can view the validators as a grid or a list. They can also search for a specific validator using a search box on the left.

When users click any of the validators, they are taken to the page displaying further details of the relevant validator, such as MATIC staked, the commission asked, checkpoints signed and health status. Users can go through the list and click any validator.

A different page displays further details of the validator. This includes the amount of MATIC their Ethereum wallet balance holds and its value in dollars, their stake, heimdall fee, rewards earned, performance index, checkpoints signed and more. Heimdall fees refer to the fees the validator has to pay using the Polygon network to submit checkpoints.

The user must log in by clicking the button at the top-right using their credentials. Users without an account on Polygon must create one and click the “Become a Delegator” button.

Log in and click Become a Delegator

Users need to populate the number of MATIC coins they intend to delegate and tap “Continue.” When the user clicks “Continue,” a pop-up appears. The user must tap the “Delegate” button to complete the process.

How to stake MATIC on Trust Wallet

Trust Wallet is a decentralized, noncustodial mobile app wallet for storing, exchanging and transferring crypto assets. Here is the process to stake MATIC on Trust Wallet:

Step 1: Set up a Trust Wallet. 

Set up a Trust Wallet on your mobile phone. Select the preferred operating system (iOS or Android) and install the app.

If users have already been using Trust Wallet, they must import the wallet. Otherwise, they have to set up a new wallet. To import an existing wallet, click the “I already have a wallet” button and  confirm a six-digit passcode.

If a user is uninitiated with the wallet, they must read and agree to the privacy policy and terms of service, create and confirm a six-digit passcode and back up the wallet with a recovery phrase.

Trust Wallet allows a wallet for several coins, but a multicoin wallet is usually the most suitable. As MATIC staking occurs on Ethereum, one requires an adequate amount of ETH and MATIC on the Ethereum mainnet.

Step 2: Connect Trust Wallet to Polygon. 

Log in to the Polygon staking dashboard and click “Become a Delegator.” From the list of wallets, select “WalletConnect” to connect to Trust Wallet on Polygon. A QR code will appear on the screen.

Select WalletConnect to get connected to Trust Wallet

Return to the Trust Wallet app, go to the settings and choose WalletConnect. Click the “New Connection” button. Scan the QR code on the Polygon staking dashboard. Click “Confirm” to establish the connection.

Step 3: Delegate and approve transaction.

Select the validator and click “Delegate.” Feed the number of MATIC coins to be staked and click “Continue.” To approve the transaction, confirm the smart contract call in the Trust Wallet app.

Get back to the Polygon staking dashboard and click “Delegate.” Confirm yet another smart contract call in the Trust Wallet app. Delegation is active and users can begin accruing rewards. 

How to stake using Ledger

Ledger is a popular device for storing cryptocurrencies. Before staking MATIC with Ledger, one needs to prepare for it.

Step 1: Prepare for staking.

The process starts with updating Ledger Live to the latest version using the link: https://www.ledger.com/ledger-live/download 

Connect the Ledger device to “My Ledger” and install the latest version of the ETH app on the Ledger device. Enable blind signing in the ETH app settings. When the preparation process is completed, Close Ledger Live or problems might arise when working with MetaMask.

Users also need to ensure MATIC is stored in the Ledger Ethereum account and not in the Polygon account, as MATIC staking happens on the Ethereum network.

Step 2: Connect Ledger ETH account to MetaMask.

Connect the Ledger device to the desktop and open the ETH app within. Now, link the Ledger ETH account to MetaMask.

Once the connection is established, go to the Polygon Wallet app.

Connect your Ledger Ether account to MetaMask by following these steps. 

Once done, go to the Polygon Web Wallet app, select “Connect to a Wallet” and then MetaMask.

When MetaMask opens in the browser, select the Ledger account, click “Next” and then “Connect.” Ledger displays “Sign message.” Select “Sign message” and simultaneously press both buttons to confirm. Now, MetaMask is connected to the Polygon Wallet app.

Step 3: Select a validator.

Select “Polygon Staking.” In the app’s top-right corner, click the “Login” button and select MetaMask again.

Choose a validator from the list that appears. Users need to consider two parameters: a high score for “Checkpoint signed” and a low “Commission.” 

Step 4: Delegate.

Click the “Delegate” button, fill in the amount of MATIC to be staked and click “Continue.” MetaMask displays “Give permission to access your MATIC?”

Review the fee amount; if it looks satisfactory, click “Confirm.” Ledger now displays “Review transaction.”

Select “Accept and send” and press both buttons simultaneously to “sign the transaction.” Ledger now displays “Application is ready.”

Return to the Polygon Web Wallet App, select a validator and click “Delegate.”

Review and confirm the transaction through MetaMask and Ledger devices. When the Ethereum network confirms the transaction, the screen will display “Delegation Completed.”

How to stake MATIC using ZenGo wallet

ZenGo is a self-compatible wallet. It’s compatible with WalletConnect, with no seed phrase vulnerability. Let’s go through how users can stake MATIC using a ZenGo wallet.

Step 1: Install the ZenGo wallet on your mobile phone.

Visit the ZenGo website, select an operating system (iOS or Android) and install the app on the mobile phone. To accelerate the search, one can scan the QR code.

Open the ZenGo app, enter an email address and tap “Continue.” ZenGo requires the user to confirm their email address. For confirmation, reach the inbox by tapping “Open My Email” in the ZenGo app, then tap “Tap to Confirm” in the email received. After email address verification, enable biometrics to make the app even more secure.

Create a Recovery Kit for the safety of funds and easy access when changing devices. As a noncustodial wallet, ZenGo shares an encrypted secret key share. Part of the key stored on the device helps unlock the wallet and use it with a face scan. Once the Recovery Kit is created, tap “Done.”

Create a face scan and recovery kit

Step 2: Connect ZenGo wallet to Polygon.

Users need to connect the ZenGo wallet to Polygon. Open the link https://staking.polygon.technology/ 

Go to the Polygon staking dashboard. In the upper right part of the screen, tap “Login.”

Take an account of Overview and login

Tap WalletConnect from the list of available connections. WalletConnect protocol enables one to connect ZenGo to Polygon. The QR code will appear.

Go to the ZenGo wallet homepage and tap the “Connect to Apps” button in the upper right corner. Scan the QR code.

Step 3: Select a validator and delegate MATIC.

Now begins the process of delegating MATIC. Make sure to have MATIC in ERC-20 and 0.05–0.1 ETH for fees, as the delegation happens on the Ethereum mainnet.

On the Polygon staking dashboard, scroll down to find information such as the network’s overview, active validators, their amount of stake, uptime, commission, amount of stake and health metrics.

Select a validator after considering the metrics and tap “Delegate” at the bottom-right of the screen.

In the pop-up box that appears, users need to enter the amount of MATIC to be staked and tap “Continue.” You can stake with an amount as low as 1 MATIC. To confirm the transaction, return to the ZenGo app and approve the transaction in the pop-up window.

Revisit the Polygon staking dashboard and tap “Delegate.” In the ZenGo wallet, confirm the transaction and wait for approval.

Delegation complete

Once delegation is active, the user will begin receiving rewards. At each checkpoint, rewards get accrued.

Rewards are received in the “My Account” section of the Polygon staking dashboard. Users can also unstake, stake to multiple validators or restake funds. To withdraw the rewards accrued, users must have a minimum of 2 MATIC in their account.

The road ahead

As a prominent layer-2 network, the Polygon protocol is a solution that helps Ethereum expand in size, security, efficiency and use cases. As the unit of payment and settlement in the network, MATIC helps power the system. The Matic network went live in 2020, rebranded to Polygon in February 2021, and is being used by developers to build Ethereum-compatible decentralized applications.

The Polygon protocol has been instrumental in making Ethereum usable and pulling it out of the mess the blockchain found itself in after rapid growth. Transactions were stuck for hours over a lack of scalability, with the cost of executing transactions often more than the transaction amount itself. The Polygon protocol has effectively transformed Ethereum into a full-fledged multichain system with the advantages of Ethereum’s decentralization and vibrancy.

MATIC token is here to stay and keeps playing an increasingly important role in retaining the functionality of Ethereum ecosystem. Staking, meanwhile, will serve as a mechanism to ensure proper governance and security of the network.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

ZenGo uncovers ‘red pill attack’ vulnerability in popular Web3 apps

The vulnerability has since been patched, although it affected several leading transaction simulation vendors.

According to a blog post published by developers of crypto wallet ZenGo, the firm said it had uncovered security vulnerabilities in transaction simulation solutions used by popular decentralized applications, or dApps. Dubbed the "red pill attack," this vulnerability allowed malicious dApps to steal user assets based on opaque transaction approvals offered to and approved by users. The vulnerability derives its name from the iconic "red pill" scene from The Matrix movie series. 

"If malware is able to detect its actually being executed in a simulated environment or living in the matrix, it can behave in a benign manner, thus deceiving the anti-malware solution, and reveal its true malicious nature only when actually executed in a real environment."

ZenGo claimed its research revealed that many leading vendors, including Coinbase Wallet, were at one point in time vulnerable to such attacks. "All vendors were very receptive to our reports," said ZenGo, "and most of them were quick to fix their faulty implementations."

The vulnerability is possible due to a programming oversight in "Special Variables" among smart contracts storing general information on the blockchain functionality, such as timestamp of the current block. During simulations however, ZenGo says there is no correct value for Special Variables and claims developers "take a shortcut" and set them to an arbitrary value.

"For example, the "COINBASE" instruction contains the address of the current block miner. Since during simulation there is no real block and hence no miner, some simulation implementations just set it to the null address (all zeros address)."

In a video, ZenGo developers demonstrated how a smart contract simulation on Polygon (MATIC) asks users to send native coins in exchange for another could be compromised via this method:

"When the user actually sends the transaction on-chain, COINBASE [Wallet] is actually filled with the non-zero address of the current miner and the contract just takes the sent coins."

ZenGo said the fix for the vulnerability was straightforward: "instead of populating these vulnerable variables with arbitrary values, the simulations need to populate them with meaningful values." The firm presented redacted screenshots of bug bounties, apparently awarded by Coinbase, for solving the issue. The Ethereum Foundation has also awarded ZenGo a $50,000 grant for its research on transaction simulations.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3On March 8, Coinbase announced the launch of its Wallet-as-a-Service (WaaS) product. The WaaS product aims to “bring the next hundred million consumers into Web3 through a seamless wallet-onboarding experience.” The Coinbase WaaS offers wallet infrastructure application programming interfaces (APIs) to companies, enabling them to build their own custom Web3 crypto wallets. Coinbase’s Wallet-as-a-Service Aims […]

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Crypto Exchange Coinbase Adds New Wallet Security Feature To Protect Against Phishing and Scams

Crypto Exchange Coinbase Adds New Wallet Security Feature To Protect Against Phishing and Scams

US-based cryptocurrency platform Coinbase is enhancing the safety of Coinbase Wallet as threats to users increase. The crypto exchange says it has added features to its wallet to help protect its users against scams such as phishing attacks and malicious airdrops. According to the crypto exchange, the Coinbase Wallet will now offer more clarity to […]

The post Crypto Exchange Coinbase Adds New Wallet Security Feature To Protect Against Phishing and Scams appeared first on The Daily Hodl.

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption

Web3 Crypto Onboarding Platform Transak Integrates With Coinbase Wallet

Web3 Crypto Onboarding Platform Transak Integrates With Coinbase WalletAccording to Transak, users of the Coinbase self-custody wallet in South East Asia can now use its Web3 onboarding platform “as a fiat on-ramp to buy crypto.” Transak’s integration with the Coinbase wallet is coming at a time when more users are becoming “aware of the importance of keeping their assets safe, secure, and in […]

Sony’s Soneium Might Be the Answer to Mass Web3 Adoption