1. Home
  2. Wallet

Wallet

Metamask addresses privacy concerns with new features for enhanced control

The new features allow a user to manage which servers are able to receive their IP address.

Web3 wallet app Metamask has introduced a number of new features aimed at enhancing privacy and giving users more control, according to a March 14 blog post by the developer. The new features come after Metamask had previously been criticized for allegedly intruding on users’ privacy.

Previously, Metamask used its Infura RPC node to connect to Ethereum automatically, whenever a user first set up the wallet. Although the user could change the settings later, this still meant that the user’s public address was transmitted to Infura before they had a chance to change their node, according to a report from Ethereum node operator Chase Wright.

Infura is owned by Metamask’s parent company, Consensys.

Under the new version of Metamask extension, labeled “10.25.0,” users are prompted with the option to use an “advanced configuration” during setup. Choosing this option reveals a number of settings that can be configured, including one that allows the user to choose a different RPC node than the default Infura one.

In addition to letting the user enter their own node details, the “advanced configuration” dialogue box also allows them to turn off incoming transactions, phishing detection, and enhanced token detection. These features require data to be sent to third-parties such as Etherscan and jsDeliver, according to the app’s UI. Users concerned about privacy can now turn off these features during setup if they want to.

According to the post, the new mobile version of Metamask also includes privacy enhancements. Previously, the app did not allow users to connect one account to a Web3 app while leaving another account disconnected. The user only had the option of connecting all of them or none at all.

However, the new version allows users to select which particular accounts they want to connect to an app, without disclosing the other addresses they control.

In its post, Metamask stated that it has always intended to preserve privacy for users and that it believes these new features align with these values, stating:

“Data exploitation goes against MetaMask core values. Instead, we believe in equipping our community with the founding principles that guide our development—true ownership and privacy[…]We are committed to protecting the privacy of our users so that you will not, and ultimately, cannot be exploited by yet another centralized entity.”

On November 23, Metamask became heavily criticized in the crypto community for releasing a privacy policy that stated it would collect IP addresses from users. Consensys responded to the criticism on Nov. 24 by saying that RPC nodes have always collected IP addresses and that the substance of the privacy policy was not new, although the language used in it had changed. On Dec. 6, Consensys announced that IP addresses collected through Infura would no longer be stored for more than 7 days.

Pump.fun halts livestreams indefinitely after community backlash

FTX-related stablecoins on the move: $145M transferred to crypto exchanges

Three wallets, reportedly associated with both FTX and its subsidiary, Alameda Research, have moved 69.64 million USDT and 75.94 million USDC.

Amid the multiple ongoing investigations, FTX continues to move funds. The addresses, related to the failed crypto exchange, reportedly transferred around $145 million in stablecoins to a range of operating platforms. 

As Lookonchain spotted on March 14, three wallets, associated with both FTX and its subsidiary, Alameda Research, have moved 69.64 million USDT and 75.94 million USDC. The Tether reserves have gone to custodial wallets on such platforms as Coinbase, Binance and Kraken. All funds in USDC were transferred to Coinbase custodial wallet.

Both FTX and Alameda are in the process of recovering their assets as they face the demands to return the funds to different groups of investors. According to FTX attorney Andy Dietderich, already by January 2023, the troubled cryptocurrency exchange has recovered $5 billion in cash and liquid cryptocurrencies. However, its total liabilities exceed $8.8 billion.

Related: Crypto investment products see largest outflows on record amid SVB collapse

The latest update in the FTX bankruptcy case came as a new deal had been struck with a company owned by the government of Abu Dhabi. Alameda Research sold its remaining interest in venture capital firm Sequoia Capital to the Abu Dhabi sovereign wealth fund for $45 million.

In March, Alameda Research has filed suit against Grayscale Investments in the Court of Chancery in the State of Delaware. The suit seeks to “unlock $9 billion or more in value for shareholders of the Grayscale Bitcoin and Ethereum Trusts […] and realize over a quarter billion dollars in asset value for the FTX Debtors' customers and creditors,” according to a statement.

As cases against FTX pile up, some plaintiffs requested the consolidation of lawsuits against the bankrupt exchange. However, on March 8, a judge denied the consolidation request, highlighting that the defendants have not yet been allowed to respond. U.S. District Judge Jacqueline Corley recently denied the request to consolidate five proposed class-action suits against FTX.

Pump.fun halts livestreams indefinitely after community backlash

CoinTracker integrates with H&R Block to offer crypto tax preparation

The new integration allows crypto users to automatically fill out the crypto portion of Form 8949, which is used to report capital gains and losses from investments for tax filings.

Crypto tax software provider CoinTracker is integrating its software with H&R Block, a company that helps millions of customers prepare their income taxes across Canada, the United States and Australia. 

In an announcement seen by Cointelegraph, CoinTracker noted the partnership will allow American H&R Block customers to use CoinTracker and automatically fill in their Form 8949 regarding crypto trades. This form is submitted during tax season to report one’s capital gains and losses from investments.

Previously, users had to cut and paste crypto trade data into each form field on the H&R Block app, which could lead to mistakes. Under the new integration, H&R users can import their crypto transactions from “most” exchanges into their H&R Block tax returns. 

H&R Block is an American tax preparation company founded in 1955. In 2020, H&R Block had around 20 million tax customers.

The two companies also made some additional upgrades for the 2023 tax season as a result of the integration, including the offer of free CoinTracker accounts to all H&R users who have fewer than 25 crypto trades, as well as certain discounts for other H&R users. 

In a statement, CoinTracker COO Vera Tzoneva said that the new integration should cut down on the hassle of paying crypto taxes, stating:

“The process of crypto tax filing is far too complex. We remain fixated on delivering peace of mind and the requisite tools for all crypto users. Partnering with H&R Block is a major step toward realizing this vision.”

Related: Bitcoin-friendly Cash App integrates TaxBit amid tax-filing season

Tax season is seen by some as a confusing and complex time for some crypto traders. While legally defined “crypto brokers” are required to issue a Form 1099-B to each customer, the Internal Revenue Service has yet to clearly explain what firms fall under the definition of “brokers.”

Most centralized exchanges produced the required forms for their users but not decentralized finance protocols. This has left some taxpayers relying on blockchain explorers to determine their gains and losses.

Even if a taxpayer only uses centralized exchanges, tracking gains and losses can still become complex if the user transfers crypto between exchanges, as this can cause transactions to show up on multiple forms.

CoinTracker’s crypto tax software is one of many.

Over the past few years, several crypto tax software solutions have been offered, including CoinTracker, Koinly, Taxbit, CoinLedger, TokenTax and others. These products allow the user to enter their exchange and wallet accounts into a single interface that tracks all of their transactions.

However, not all solutions are integrated with tax preparation platforms like H&R Block, TurboTax, FreeTaxUSA, etc.

Pump.fun halts livestreams indefinitely after community backlash

Multisig wallets vulnerable to exploitation by Starknet apps, says developer Safeheron

The vulnerability allegedly allows Web3 apps using the Starknet protocol to bypass the security protection of private keys in MPC wallets, potentially exposing users' private keys to wallet providers.

Certain multisignature (multisig) wallets can be exploited by Web3 apps that use the Starknet protocol, according to a March 9 press release provided to Cointelegraph by Multi-Party Computation (MPC) wallet developer Safeheron. The vulnerability affects MPC wallets that interact with Starknet apps such as dYdX. According to the press release, Safeheron is working with app developers to patch the vulnerability.

According to Safeheron’s protocol documentation, MPC wallets are sometimes used by financial institutions and Web3 app developers to secure crypto assets they own. Similar to a standard multisig wallet, they require multiple signatures for each transaction. But unlike standard multisigs, they do not require specialized smart contracts to be deployed to the blockchain, nor do they have to be built into the blockchain’s protocol.

Instead, these wallets work by generating “shards” of a private key, with each shard being held by one signer. These shards have to be joined together off-chain in order to produce a signature. Because of this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic, according to the docs.

MPC wallets are often seen as more secure than single signature wallets, since an attacker can’t generally hack them unless they compromise more than one device.

However, Safeheron claims to have discovered a security flaw that arises when these wallets interact with Starknet-based apps such as dYdX and Fireblocks. When these apps “obtain a stark_key_signature and/or api_key_signature,” they can “bypass the security protection of private keys in MPC wallets,” the company said in its press release. This can allow an attacker to place orders, perform layer 2 transfers, cancel orders, and engage in other unauthorized transactions.

Related: New “zero-value transfer” scam is targeting Ethereum users

Safeheron implied that the vulnerability only leaks the users’ private keys to the wallet provider. Therefore, as long as the wallet provider itself is not dishonest and has not been taken over by an attacker, the user’s funds should be safe. However, it argued that this makes the user dependent on trust in the wallet provider. This can allow attackers to circumvent the wallet’s security by attacking the platform itself, as the company explained:

“The interaction between MPC wallets and dYdX or similar dApps [decentralized applications] that use signature-derived keys undermines the principle of self-custody for MPC wallet platforms. Customers may be able to bypass pre-defined transaction policies, and employees who have left the organization may still retain the capability to operate the dApp.”

The company said that it is working with Web3 app developers Fireblocks, Fordefi, ZenGo, and StarkWare to patch the vulnerability. It has also made dYdX aware of the problem, it said. In mid-March, the company plans to make its protocol open source in an effort to further help app developers patch the vulnerability.

Cointelegraph has attempted to contact dYdX, but has been unable to get a response before publication.

Avihu Levy, Head of Product at StarkWare told Cointelegraph that the company applauds Safeheron's attempt to raise awareness about the issue and to help provide a fix, stating:

 “It’s great that Safeheron is open-sourcing a protocol focusing on this challenge[...]We encourage developers to address any security challenge that should arise with any integration, however limited its scope. This includes the challenge being discussed now.

Starknet is a layer 2 Ethereum protocol that uses zero-knowledge proofs to secure the network. When a user first connects to a Starknet app, they derive a STARK key using their ordinary Ethereum wallet. It is this process that Safeheron says is resulting in leaked keys for MPC wallets.

Starknet attempted to improve its security and decentralization in February by open-sourcing its prover

Pump.fun halts livestreams indefinitely after community backlash

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3On March 8, Coinbase announced the launch of its Wallet-as-a-Service (WaaS) product. The WaaS product aims to “bring the next hundred million consumers into Web3 through a seamless wallet-onboarding experience.” The Coinbase WaaS offers wallet infrastructure application programming interfaces (APIs) to companies, enabling them to build their own custom Web3 crypto wallets. Coinbase’s Wallet-as-a-Service Aims […]

Pump.fun halts livestreams indefinitely after community backlash

Coinbase launches wallet-as-a-service for businesses

The adoption of Web3 wallets is hindered by complex seed phrases and a poor user experience, according to Coinbase.

Crypto exchange Coinbase has launched a new business solution for enterprises looking to offer Web3 wallets to their customers — a move it says will help streamline the adoption of Web3 products and services. 

Coinbase’s wallet-as-a-service, or WaaS, provides enterprises with the technical infrastructure to create and launch customizable on-chain wallets, the exchange announced on March 8. Specifically, WaaS provides a wallet application programming interface (API) that allows businesses to create wallets for simple customer onboarding, loyalty programs or in-game purchases.

According to Coinbase, Web3 wallets have struggled to gain wider mainstream acceptance because of their complexity, poor user experience and the challenges associated with maintaining mnemonic seeds.

When asked about how WaaS solves the complexities of Web3 wallets, the head of product at Coinbase’s Web3 Developer Platforms, Patrick McGregor, said the new solution provides “control over end-to-end product experiences,” a reduction in “implementation cost and complexity” and helps brands improve security while reducing risks.  

“Today, companies are forced to push their users through confusing onboarding flows, often instructing users to download third-party self-custodial wallets,” he said. “This context switching results in high drop-off rates during onboarding, meaning a company is never able to deliver its product to users.”

The WaaS toolkit incorporates multi-party computation (MPC), a form of cryptography that allows multiple parties to jointly compute a function without revealing their inputs to one another. In practice, MPC is said to enhance private key security within Web3 platforms. An MPC crypto wallet allows users to store their digital assets more securely because their private keys are split into multiple parts and distributed among the parties involved in the protocol. 

“The problems of key loss that plague the traditional self-custody world are avoided with WaaS’ MPC cryptographic functionality," McGregor explained. “Our [software development kits] provide robust, user-friendly backup functionality to ensure that users continue to maintain access to their assets.”

The crypto exchange’s WaaS infrastructure is currently being used by companies such as Floor, Moonray, thirdweb and tokenproof.

Related: HyperPlay game aggregator alpha launched, features in-built Web3 wallet

Web3 infrastructure development appears to be heating up amid crypto winter, as startups, corporations and investors look to define the future vision of the decentralized internet. Although not everyone is convinced that current Web3 modalities are advancing the principles of decentralization, developments around MPC and decentralized privacy suggest many in the industry are taking it seriously.

McGregor noted that many companies are “seeking to build for Web3 ahead of the next bull market,” a period in which cryptocurrency prices generally rise. Coinbase is “seeing strong excitement about token-gated content (for both online opportunities and physical real-world use cases), moving loyalty programs on-chain, deep integrations between games and assets owned by users, and more.”

Pump.fun halts livestreams indefinitely after community backlash

Uniswap wants to launch mobile wallet but Apple won’t green-light it’s launch

Despite having its first build approved in October, Uniswap Labs is facing issues with Apple's App Store regarding its mobile wallet.

Uniswap Labs has announced plans to release a new self-custodial mobile wallet that will offer users the ability to swap on L1 or L2 networks without having to switch networks.

According to Uniswap Labs, the wallet will allow users to check price charts and search for any token across various networks, including Ethereum, Polygon, Arbitrum, and Optimism. To ensure maximum security, Uniswap Labs worked with Trail of Bits for the audit of the wallet. Additionally, the seed phrases and private keys of both imported and newly created wallets will be encrypted and stored on devices using Apple's secure enclave, which is excluded from device backups. Uniswap also shared that users will be able to manually store their seed phrases with a paper copy or encrypt and store it on Apple iCloud.

Despite having its first build approved in October, Uniswap Labs has faced issues with Apple's App Store regarding its mobile wallet. Although other self-custody swapping wallets have been approved, the final build of Uniswap's mobile wallet was rejected by Apple just a few days before its planned December launch. 

Uniswap Labs shared that it responded to Apple's concerns, answered all their questions, and reiterated that it was compliant with their guidelines. However, Apple has still not greenlit the launch, and Uniswap Labs remains in limbo. As a result, Uniswap Labs is offering early access to a few thousand Testflight users while waiting for Apple to approve the launch. 

Uniswap noted in its announcement: 

Apple won't green-light our launch and we don't know why. We are stuck in limbo.

Related: Uniswap DAO debate shows devs still struggle to secure cross-chain bridges

On Feb 6, Cointelegraph reported that members of the Uniswap community voted in favor of deploying Uniswap v3 on Boba Network’s layer-2 protocol on Ethereum, which means that the Boba Network will be the sixth chain to deploy Uniswap v3. The move was backed by several entities, such as GFX Labs, Blockchain at Michigan, Gauntlet and ConsenSys.

Pump.fun halts livestreams indefinitely after community backlash

HyperPlay game aggregator alpha launched, features in-built Web3 wallet

The game aggregator will allow users to link their Web3 wallets to various games through crypto wallet provider MetaMask.

HyperPlay, a Web3-native game launcher with a built-in crypto wallet, has announced its early access launch.

The online game launcher was built in collaboration with crypto wallet provider MetaMask, aimed at integrating players’ crypto wallets with game libraries such as Epic Games Store, GOG (formerly Good Old Games), and its own HyperPlay Store. 

The new platform, founded by former MetaMask operations lead JacobC.eth, doesn’t charge developers any commissions and instead plans to rely on crypto services such as swaps and bridges to monetize the platform.

Users of the newly launched alpha version of the platform can create new MetaMask wallets within its interface and can even import their existing wallets through an “import” button.

Speaking to Cointelegraph, JacobC.eth said that this wallet can be overlaid on top of a game, allowing users to quickly confirm transactions while playing.

According to the March 1 announcement, HyperPlay has launched its platform with 21 Web3 titles, including The Sandbox, Another World, Bionic Owl, DeFi Kingdoms an Moonblasters. In addition, it is connected to both the Epic Games and GOG stores, allowing players to launch the games they own from these other platforms using it.

The platform’s founder told Cointelegraph that a new game aggregator is needed because Web3 games are being deplatformed and overtaxed by major stores, as he explained:

“Today, Web3 game developers are being deplatformed by Apple, Steam, Google, and those legacy Web2 stores are also forcing the developers’ to accept 30% taxes on every in-game action that happens in their economies, so we wanted to create a more competitive market between game stores.”

Related: Unity gaming engine adds MetaMask functionality

He also argued that the platform can give players a universal wallet that doesn’t require them to alt-tab out of a game every time they do a transaction, stating:

“We built Hyperplay as a native desktop application that allows the player to pass their wallet into every game that they play, and we want to make interoperability, permissionless extensibility, and great UX the default for Web3 gaming.”

JacobC.eth emphasized that HyperPlay is in an alpha build and may not be stable. The team hopes to get feedback from playtesters and improve the product as it moves toward a full public launch in the future.

According to a recent DappRadar report, gaming transactions made up nearly half of all blockchain activity in the month of January. However, Web3 games still struggle to reach mainstream adoption due to complex onboarding processes. Square Enix recently announced that it will be making major investments in the space, as it considers blockchain technology to be essential to the gaming industry of the future.

Pump.fun halts livestreams indefinitely after community backlash

Mastercard to allow crypto payments in Web3 via USDC settlements

The Mastercard-Immersve partnership uses decentralized protocols to settle real-time cryptocurrency transactions on outlets accepting Mastercard payments online.

A partnership between Web3 payment protocol Immersve and payments giant Mastercard will allow users to make crypto payments on digital, physical and the Metaverse worlds. USD Coin (USDC) tokens — a US dollar-backed stablecoin issued by Circle — will be used to settle transactions on Mastercard’s network.

The Mastercard-Immersve partnership uses decentralized protocols to settle real-time cryptocurrency transactions on outlets accepting Mastercard payments online. Users will be able to use their existing Web3 wallets to make direct crypto payments without relying on a third party for collateral.

Instead, Immersve will partner with a third-party settlement provider and allow its users to use USDC for all purchases. Once the transaction is successful from the user’s end, USDC will get converted to fiat before settling on Mastercard’s network.

Immersve-Mastercard partnership for crypto payments in the Metaverse. Source: immersve.com

Users will be able to access the feature through popular Web3 wallets and use their private keys to approve payments. In this regard, Jerome Faury, CEO at Immersve, shared optimism toward crypto use cases, stating:

“Collaborating with a well-known and trusted brand like Mastercard is a big step towards mainstream adoption of web3 wallets.”

Moreover, Web3 wallets and decentralized finance (DeFi) protocols can integrate into Immersve’s APIs and smart contracts to transact anywhere Mastercard is accepted.

Related: Bit2Me and Mastercard launch debit card with crypto cashback

Over several years, Mastercard has fostered numerous partnerships to stay relevant in the crypto ecosystem. One such initiative was Mastercard’s partnership with crypto exchange Binance to launch a prepaid card in Latin America.

The card allows real-time crypto-fiat conversions for 14 tokens in Brazil. At the time of the launch, perks included up to 8% cash back in crypto on eligible purchases and zero fees on some ATM withdrawals.

Pump.fun halts livestreams indefinitely after community backlash

Unstoppable Domains and Crypto Browser Opera Widen Scope to Offer Accessible Web3 Identity System

Unstoppable Domains and Crypto Browser Opera Widen Scope to Offer Accessible Web3 Identity SystemOpera, the Web3 browser, and Unstoppable Domains, the non-fungible token (NFT) domain provider, have announced that users can now access all domain endings, including .x, .crypto, and .nft, across Opera’s browsers. Additionally, Opera and Unstoppable are offering a free .nft domain that matches an Opera user’s Twitter handle after account verification. Opera Expands Web3 Capabilities […]

Pump.fun halts livestreams indefinitely after community backlash