crypto security
Uniswap lawsuit judge calls Ether a commodity in dismissal order
United States District Court Judge Katherine Polk Failla is also the judge overseeing the SEC's lawsuit against crypto exchange Coinbase.
A United States District Court judge has called Ether (ETH) a commodity in her dismissal of a class action lawsuit against the decentralized exchange Uniswap.
In an Aug. 30 dismissal order of the case brought by Uniswap users who claimed they lost money due to scam tokens on the exchange — Judge Katherine Polk Failla wrote ETH and Bitcoin (BTC) were “crypto commodities.”
The distinction was also part of her reasoning for dismissing the case — Failla said she wasn’t convinced by an argument that Uniswap’s token sales were subject to the Exchange Act.
Interestingly, Failla is also the judge overseeing the SEC lawsuit against Coinbase. She has also had previous experience in overseeing other crypto cases in the past, including one involving Tether and Bitfinex.
The SDNY (Failla, J.) also explicitly found in its August 29 decision in Risely v. Uniswap that
— Bill Hughes : wchughes.eth (@BillHughesDC) August 30, 2023
Ethereum is a commodity, not a security.
No analysis of the issue, just the conclusion, but still, pretty definitive statement if you ask me.
pic.twitter.com/KEc5Pf5kTC
While her comment is not a distinct ruling on Ether’s legal classification in the U.S., it comes as other judges have made decisions on cryptocurrencies such as a July ruling classing XRP (XRP) as a security when sold through programmatic sales on exchanges.
In recent years, two U.S. financial regulators, the Securities and Exchange Commission and the Commodity Futures Trading Commission have tussled over jurisdiction concerning cryptocurrencies.
SEC chair Gary Gensler had once claimed “everything other than Bitcoin” is a security under his agency’s remit.
Meanwhile, the CFTC has laid claim to ETH and other cryptocurrencies as commodities — per a suit it filed against Binance in March for alleged Commodities Exchange Act violations.
Related: SEC’s first deadlines to approve 7 Bitcoin ETFs coming over the next week
However, U.S. lawmakers are yet to decide how the SEC or CFTC will be handed authority over crypto.
Multiple bills to provide digital asset regulatory clarity are inching their way through Congress which vary in how to divvy authority between the two regulators.
Some, such as the Financial Innovation and Technology for the 21st Century Act, aim to create a process for categorizing cryptocurrencies into either securities or commodities.
Others explicitly hand power to a regulator such as the Digital Commodity Exchange Act which sees crypto spot exchanges registered and regulated under the CFTC.
The Digital Asset Market Structure Bill, meanwhile, would see cryptocurrencies undergo SEC certification to prove adequate decentralization before being given commodity status.
Magazine: DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more
7 ways to safely store your private keys
Explore seven methods for safely storing your private keys to ensure security of digital assets.
In the world of digital assets, private keys act as the ultimate gatekeepers, granting access to your valuable cryptocurrencies and sensitive information. Safely storing your private keys is paramount to ensuring the security of your digital assets. This article will explore seven methods for storing private keys safely.
Hardware wallets
Hardware wallets are physical devices specifically designed to store private keys securely offline. Examples include Ledger Nano S, Ledger Nano X and Trezor. These devices are immune to online attacks and malware, offering a robust layer of security.
Paper wallets
A paper wallet involves printing one’s private key on a physical piece of paper and keeping it in a safe location. Websites like bitaddress.org can help users generate paper wallets. However, ensure that the paper and ink are of high quality to prevent degradation over time.
Encrypted USB drives
Users can encrypt a USB drive using strong encryption software, such as VeraCrypt, and then store their private key file on it. Keep the encrypted USB drive in a secure physical location or a safe deposit box.
Related: How to protect your identity online
Cold storage
Cold storage involves keeping your private keys completely offline, disconnected from the internet. This can be achieved by creating an air-gapped computer or using a dedicated offline device for key storage.
Cryptocurrency vaults
Some exchanges and platforms offer cryptocurrency vault services, such as Coinbase Custody, where private keys are stored in highly secure, monitored environments. However, it is important to be aware of the principle “not your keys, not your crypto.”
While vault services can enhance security, they introduce an element of trust by allowing a third party to hold your keys. In the event of an exchange compromise or regulatory action, your access to funds could be limited. It’s essential to weigh the benefits of added security against the potential risks and to consider diversifying your storage methods to maintain control over your digital assets.
Password managers
Modern password managers, such as LastPass and Dashlane, offer secure storage for not only passwords but also private keys. Make sure to choose a reputable and highly secure password manager.
Related: How to use a VPN for online security and privacy
Splitting the key
This method involves dividing one’s private key into multiple parts and distributing them in different secure locations. An example of this is Shamir’s Secret Sharing, which can divide a user’s key into “n” parts, requiring a minimum of “m” parts to reconstruct the key.
This cryptographic technique enhances security by preventing any single entity from knowing the complete secret, making it suitable for applications, such as key management and data protection. The secret can only be reconstructed when the minimum required shares are combined, ensuring resilience against individual breaches.
2. Shamir's Secret Sharing and Threshold Signing:
— Mohak Agarwal (@mohakagr) August 10, 2023
The algorithm lets you rebuild the private key without needing every piece of it.
Shamir's secret sharing uses a set limit, so not all participants are needed to recreate the secret or sign messages.
Making informed choices to safeguard your digital assets
Securing your private keys is non-negotiable when it comes to protecting one’s digital assets and sensitive information. Each method mentioned above has its merits, and the choice should be based on your specific needs, technical expertise and level of risk tolerance.
Remember that redundancy, access management and regular updates are crucial, regardless of the method you choose. By taking the time to implement a secure storage strategy, you can safeguard your digital assets and navigate the digital landscape with confidence.
Barely halfway and October’s the ‘biggest month’ in crypto hacks: Chainalysis
While 2021 was the biggest year on record for crypto hacks, 2022 could “likely” beat the record “at this rate” according to Chainalysis.
Blockchain analytics firm Chainalysis has labeled October 2022 as “the biggest month in the biggest year ever for hacking activity” with the total hacked value for the month nearly reaching $718 million.
Despite not being more than halfway through the month, Chainalysis said 11 different hacks on decentralized finance (DeFi) protocols had seen hundreds of millions exploited.
Four exploits alone took place on Oct. 11 worth around $122 million. Hackers siphoned $200,000 in crypto using a smart contract from crypto wallet Rabby Wallet, $1.89 million from blockchain QANplatform’s Ethereum (ETH) bridge, $2 million from TempleDAO, and a $118 million exploit on the Solana (SOL)-native Mango Markets.
Chainalysis says 2021 was the biggest year for blockchain-based hacks on record both in terms of total value hacked and the total number of hacks, but at the current rate, 2022 could “likely surpass” last year's figures as over $3 billion has been exploited across 125 hacks so far.
2/ At this rate, 2022 will likely surpass 2021 as the biggest year for hacking on record. So far, hackers have grossed over $3 billion dollars across 125 hacks. pic.twitter.com/vgT3pz2iOu
— Chainalysis (@chainalysis) October 12, 2022
The firm says it’s seeing a shift in where exploits are taking place too.
In 2019 most hacks took place on centralized cryptocurrency exchanges but as those companies increased security, the huge majority of hacks, around 90% in 2022, have taken place on DeFi protocols.
Related: From neglecting security to bad tokenomics, DeFi has played a hand in its own decline
The biggest target for hackers is cross-chain bridges with three bridges targeted this month accounting for 82% of October’s losses according to Chainalysis, the largest of these bridge hacks was a roughly $100 million exploit in the bridge between crypto exchange Binance’s BNB Smart Chain and Beacon Chain.
500,000 DAI From DAO Maker Exploit Was Sent Through Tornado Cash, Security Analysts Report
On September 8, the crypto security and smart contract auditing firm Certik revealed that 500,000 DAI was sent through the Tornado Cash mixing platform after the funds were stolen in August 2021. The digital assets originally stemmed from the DAO Maker breach that saw the loss of more than $7 million in ERC20 tokens and […]More than $1.6 billion exploited from DeFi so far in 2022
The amount exploited this year so far surpasses the total amount stolen in all of 2020 and 2021 combined, with the month of March alone beating 2020 by over $200 million.
The decentralized finance (DeFi) space has been rife with hacks, exploits, and scams so far this year with over $1.6 billion in crypto stolen from users, surpassing the total amount stolen in 2020 and 2021 combined.
Analysis from blockchain security firm CertiK revealed the statistics on May 2 showing the month of March having the most value stolen at $719.2 million, over $200 million more than what was stolen in all of 2020. The March figure is largely due to the Ronin Bridge exploit where attackers made off with over $600 million worth of crypto.
We have seen $1.6B lost in the #crypto/#web3 world so far this year.
— CertiK (@CertiKTech) May 2, 2022
In just the first 4 months on 2022 we have passed the total amount lost in 2021 ($1.3B) and in 2020 ($516MM). https://t.co/jDohhaUYUN
April was a busy month for attacks with CertiK recording 31 major incidents, an average of nearly one a day. The most valuable was the $182 million siphoned from Beanstalk Farms using a flash loan attack.
CertiK noted the nearly $80 million lost by Fei Protocol, the second most valuable heist last month, and the $10 million lost from automated market maker protocol Saddle Finance which both took place at the end of the month.
Both protocols took to Twitter to offer their respective attackers a bounty in exchange for returning the stolen funds. Whilst the chances of that happening may be slim, it’s not unheard of as the Poly Network hacker in 2021 returned nearly all of the $610 million stolen from the network along with refusing a $500,000 bounty reward.
CertiK said that April 2022 “holds the record for highest dollar amount losses in flash loan attacks ever recorded by us” with losses from that type of exploit reaching $301.4 million. In comparison, flash loan attack losses in January, February, and March 2022 combined were only $6.7 million.
Related: The biggest crypto heists of all time
The analysis of this year's DeFi exploits comes as the total value locked (TVL) in DeFi has dropped below $200 billion for the first time since March 16 according to DeFiLlama.
Between April 30 and May 1, TVL dropped by just over 3.5% to $195.87 billion, only slightly recovering to $199.42 billion today Tuesday, May 3. The last 30 days since April 3 have seen a 13.5% decrease in TVL and a nearly 22% decline since the all-time high of over $254 billion on December 2, 2021.