The Easy Company secures $14.2M funding for new crypto wallet with social features

January 10, 2023 Coin Telegraph

The Easy Company secures .2M funding for new crypto wallet with social features

The company says it wants to make it easier for users to engage with Web3 and use digital wallets.

The Easy Company, a startup focusing on building a consumer layer for the decentralized web, has raised $14.2 million in a seed round for its “social” crypto wallet, which seeks to help onboard more mainstream audiences into the Web3 ecosystem.

As reported by TechCrunch, the seed funding round was supported by a diverse group of investors, including venture capital firms Lobby Capital, Relay Ventures and 6th Man Ventures, as well as Tapestry, Upside and Scribble. Additionally, the round featured angel investors with backgrounds in traditional social media and Web3, including former executives from Instagram, Novi, Airbnb, Twitter, Uber, OpenTable and Eventbrite.

8/ Easy is backed by Lobby Capital, Relay Ventures, 6th Man Ventures, Tapestry VC, Upside Partnership, Scribble Ventures and other experienced social and web3 Investors.
— The Easy Company (@TheEasyCoHQ) January 10, 2023

The wallet is said to be available to the public on iOS and Android after completing a 30-day private testing phase. According to Easy’s CEO, Mike Dougherty, the company aims to combine user-curated profiles with engaging social features so that people can search, navigate and discover the world of Web3 on their own.

A lot of Web3 products and services today are too technical for the everyday person to use, Dougherty shared. The company aims to make it easier for users to engage with Web3 and use digital wallets. The platform reportedly has a similar layout to social media apps like Instagram, where users can swipe to view both their own NFTs or those of people they “watch,” like Instagram Stories.

Despite a long crypto winter, Web3 projects continue to receive substantial funding from Venture Capitalists. In 2022, billions of dollars poured into various projects in the ecosystem, including blockchain-based startups.

In the first two quarters of 2022, Venture Capital inflows were over $14 billion, and even though it receded to just under $5 billion in the third quarter, that was still a substantial amount given the negative impact of the sudden collapse of several prominent players in the industry, such as Celsius, Three Arrows Capital, BlockFi and FTX. Venture capitalist funding for the 2023 remains yet to be seen.

On Jan. 4, Cointelegraph reported that Singapore-based cryptocurrency exchange MEXC plans to invest $20 million to support the growth and development of Sei Network, a layer-1 blockchain platform that is specifically tailored for trading.

How to keep your crypto safe in 2023: a few tips from an analyst

January 9, 2023 Coin Telegraph

Bitcoin Wallet

Lead on-chain analyst at Glassnode, James Check, explains why taking self-custody of your private keys has become more important than ever and how to do it in a few simple steps.

There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user.

“If you have gold in your vault, if you have cash in your wallet, it's the same concept: you need to exercise a level of responsibility,” said Check in our latest Cointelegraph interview.

Check argued that, while third-party custody and semi-custodial solutions such as collaborative custody may appear more user-friendly for the average user, they also have their own, even bigger, vectors of risks.

To the analyst, when it comes to custody "there are no solutions, only trade-offs." His position is that being in full control of your own crypto and eliminating the third-party risk is well worth the effort of learning how to keep your wallet's 12 word seed phrase safe.

Ultimately, Check pointed out that the amount of time and effort someone should put into learning self-custody should be scaled proportionally to the size of thei holdings.

“If you're not willing to put more than 5 minutes into it, then don't put more than $5 into it. If you're willing to do 100 hours now, you can start talking about doing your significant sums of savings,” he said.

To find out more about Check's approach to self-custody, check out the full interview on our YouTube channel and subscribe!

MetaMask removes Wyre from aggregators amid shutdown reports

January 6, 2023 Coin Telegraph

Coin Telegraph

Wyre was set to be acquired for $1.5 billion by San Francisco e-commerce startup Bolt last year, but the deal was eventually scrapped.

Crypto wallet MetaMask is ending support for services of Wyre crypto payment platform amid reports of Wyre planning to shut down operations soon.

MetaMask took to Twitter on Jan. 5 to announce that it has removed Wyre from its mobile aggregator, which allows users to buy crypto directly through its digital wallet.

“We're currently working on extension removal and appreciate your patience,” MetaMask said, asking users not to use Wyre on the mobile aggregator.

According to the announcement, MetaMask still supports a wide number of other payment gateways, including Transak, MoonPay, and Sardine. The services are available on Apple Pay, bank cards and transfers, MetaMask noted.

The news comes soon after Wyre CEO Ioannis Giannaros reportedly announced to employees that the firm is going to soon shutdown operations.

“We'll continue to do everything we can, but I want everyone to brace themselves for the fact that we will need to unwind the business over the next couple of weeks,” Giannaros reportedly stated.

MetaMask did not immediately respond to Cointelegraph’s request to comment. Wyre did not respond to several press inquiries from Cointelegraph.

Founded in 2013 in San Francisco, Wyre is a major crypto payment firm that came close to being acquired for $1.5 billion last year. In April 2022, the United States e-commerce startup Bolt agreed to acquire Wyre. Amid the massive crypto bear market of 2022, Bolt eventually opted to scrap the deal in September.

MyEtherWallet CEO talks about the future of crypto self-custody

January 5, 2023 Coin Telegraph

Coin Telegraph

Tune in to the third episode of Hashing It Out as Cointelegraph's Elisha Owusu Akyaw discusses the future of noncustodial cryptocurrency wallets with Kosala Hemachandra, CEO of MyEtherWallet.

In the third episode of Hashing It Out podcast series, Cointelegraph’s Elisha Owusu Akyaw discusses the future of noncustodial cryptocurrency wallets with Kosala Hemachandra, CEO of MyEtherWallet.

Recent issues with centralized platforms have put the spotlight on decentralized applications (DApps), and self-custody — where users keep their funds completely under their responsibility — has become a major trend.

MyEtherWallet is one of the oldest noncustodial wallets with a focus on the Ethereum blockchain. According to Kosala Hemachandra, the wallet went live just two weeks after the Ethereum mainnet launch. The CEO of MyEtherWallet explains that they chose to make a decentralized wallet because they believed it was the only proper way to interact with blockchain technology.

“Blockchain, at its core, is a decentralized solution, so why would we create products that are centralized? Because we are defeating the whole purpose of using blockchain."

Hemachandra explains that MyEtherWallet started as a hobby project, which became more demanding since there were no examples to look at during its development. The developer had to write new Ethereum libraries in javascript.

The need to build a foundation of codebases that could accelerate growth in the Ethereum landscape was the reason why the team opted to make the code open source. What’s more, the open-source nature of the code allows the platform to have more eyes on its codebase to prevent potential vulnerabilities.

Despite growing competition, MyEtherWallet has over 3 million monthly users who are mainly from the United States and Japan. To catch up with the likes of MetaMask, the decentralized wallet is adding support for more blockchain networks and recently launched a multichain browser extension. Hemachandra also pointed out that the first two weeks after the FTX saga brought in many new users looking for decentralized alternatives to store their crypto.

On trends in the industry, Hemachandra mentioned that MyEtherWallet has yet to make plans to do an airdrop for its users despite many rumors that some of its competitors may launch their own tokens soon. According to the CEO of MyEtherWallet, they don’t see any use cases for tokens released by wallet applications at the moment.

In the episode, Elisha and Hemachandra also cover:

New features for decentralized wallets.
The Ethereum ecosystem and the popularity of layer-2 platforms.
A multichain future in the blockchain ecosystem.

Hashing It Out is a new Cointelegraph podcast series covering innovations and important stories in the blockchain industry, featuring interviews with thought leaders in the space hosted by Elisha Owusu Akyaw (GhCryptoGuy).

For more discussion with Kosala Hemachandra, listen to the full episode of Hashing It Out on the new Cointelegraph Podcasts page or Spotify, Apple Podcasts, Google Podcasts or Amazon Music.

Ancient Bitcoin Block Rewards See Decrease in Spending After Record Activity in 2020 and 2021

January 2, 2023 Bitcoin.com

Bitcoin core developer claims to have lost 200+ BTC in hack

January 2, 2023 Coin Telegraph

Bitcoin

A Bitcoin OG and core developer Luke Dashjr claims his PGP key was compromised, resulting in virtually all his Bitcoin being stolen from him on Dec. 31.

One of the original core developers behind Bitcoin (BTC), Luke Dashjr, claims to have lost “basically” all his BTC as a result of a hack that occurred just before the new year.

In a Jan. 1 post on Twitter, the developer said the alleged hackers had somehow gained access to his PGP (Pretty Good Privacy) key, a common security method that uses two keys to gain access to encrypted information.

In the thread, he shared a wallet address where some of the stolen BTC had been sent but did not reveal how much of his BTC was stolen in total.

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023

At the time of writing the wallet address in question shows four transactions between 2:08 and 2:16 pm UTC on Dec. 31, totalling 216.93 BTC — worth $3.6 million at current prices.

Dashjr said he had “no idea how” the attackers gained access to his key, though some in the community have pointed to a possible connection with an earlier Twitter post from Dashjr on Nov. 17 that noted that his server had been compromised by “new malware/backdoors on the system.”

PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) November 17, 2022

Dashjr told a user in his most recent Twitter thread that he had only noticed the recent hack after getting emails from Coinbase and Kraken about login attempts.

The incident has also caught the attention of Binance CEO Changpeng “CZ” Zhao, who offered condolences and support in a Jan. 1 post.

“Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide," he wrote.

Some in the crypto community have speculated that lax security might be to blame for the loss.

In a Jan. 1 Reddit thread, a user calling themselves SatStandard suggested that Dashjr may not have taken the Nov. 17 security breach “seriously enough” and later suggested that the Bitcoin developer “did not keep different activities separated.”

“He had hot wallet on the same computer he did everything else. It looks like he was really complacent.”

Meanwhile, a few others appear to suggest it may not have been a hack at all, suggesting that someone had stumbled across the seed phrase somehow, or it was part of an unfortunate “boating accident” ahead of tax season.

A boating accident in this context is in reference to a running joke and meme originally used by gun enthusiasts, but since repurposed by the crypto community about people trying to avoid paying taxes by claiming they lost all their BTC in a “tragic boating accident.”

Top tier boating accident.
— Nate (@beeforbacon1) January 1, 2023

Cointelegraph reached out to Dashjr over Twitter for more information about the alleged hack but did not hear back by the time of publication.

The news has also ignited a debate around self-custody, which became a hot topic after the collapse of FTX last year.

Binance’s Zhao, who previously cautioned the crypto community about self-custody, said: “Sad to see even an OG #Bitcoin Core Developer lost 200+ BTC ($3.5 million). Self custody [has] a different set of risks.”

Online social media BTC influencer Udi Wertheimer also took the time to question whether self-custody was a viable and safe option, commenting that one “shouldn’t manage your own keys.”

“If even one of Bitcoin’s OG developers messes this up, I really don’t know how other people are expected to do it safely.”

“That’s not to say self custody is bad. But you shouldn’t manage keys directly,” he said.

BitKeep exploiter used phishing sites to lure in users: Report

December 26, 2022 Coin Telegraph

Coin Telegraph

The attacker appears to be attempting to cash out funds using Binance and Changenow.

The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink.

The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker.

【12-26 #BitKeep Hack Event Summary】
1/n

According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M.
— OKLink (@OKLink) December 26, 2022

The report did not say how the malicious file stole the users’ keys in an unencrypted form. However, it may have simply asked the users to re-enter their seed words as part of the “update,” which the software could have logged and sent to the attacker.

Once the attacker had users’ private keys, they unstaked all assets and drained them into five wallets under the attacker’s control. From there, they tried to cash out some of the funds using centralised exchanges: 2 ETH and 100 USDC were sent to Binance, and 21 ETH were sent to Changenow.

The attack happened across five different networks: BNB Chain, Tron, Ethereum, and Polygon, and BNB Chain bridges Biswap, Nomiswap, and Apeswap were used to bridge some of the tokens to Ethereum. In total, over $13 million worth of crypto was taken in the attack.

It is not yet clear how the attacker convinced users to visit the fake websites. The official website for BitKeep provided a link that sent users to the official Google Play Store page for the app, but it does not carry an APK file of the app at all.

The BitKeep attack was first reported by Peck Shield at 7:30 a.m. UTC. At the time, it was blamed on an “APK version hack.” This new report from OKLink suggests that the hacked APK came from malicious sites, and that the developer’s official website has not been breached.

Ukrainian Steals Bitcoin From Russian Darknet Market, Donates to Charity

December 26, 2022 Bitcoin.com

LastPass attacker stole password vault data, showing Web2’s limitations

December 23, 2022 Coin Telegraph

Coin Telegraph

LastPass users with weak master passwords may need to change the individual passwords they stored with the service.

Password management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing.

Notice of Recent Security Incident - The LastPass Blog#lastpasshack #hack #lastpass #infosec https://t.co/sQALfnpOTy
— Thomas Zickell (@thomaszickell) December 23, 2022

LastPass first disclosed the breach in August 2022 but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and discovered that the attacker used this technical information to attack another employee’s device, which was then used to obtain keys to customer data stored in a cloud storage system.

As a result, unencrypted customer metadata has been revealed to the attacker, including “company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

In addition, some customers’ encrypted vaults were stolen. These vaults contain the website passwords that each user stores with the LastPass service. Luckily, the vaults are encrypted with a Master Password, which should prevent the attacker from being able to read them.

The statement from LastPass emphasizes that the service uses state-of-the-art encryption to make it very difficult for an attacker to read vault files without knowing the Master Password, stating:

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.”

Even so, LastPass admits that if a customer has used a weak Master Password, the attacker may be able to use brute force to guess this password, allowing them to decrypt the vault and gain all of the customers’ website passwords, as LastPass explains:

“it is important to note that if your master password does not make use of the [best practices the company recommends], then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimizing risk by changing passwords of websites you have stored.”

Can password manager hacks be eliminated with Web3?

The LastPass exploit illustrates a claim that Web3 developers have been making for years: that the traditional username and password login system needs to be scrapped in favor of blockchain wallet logins.

According to advocates for crypto wallet login, traditional password logins are fundamentally insecure because they require hashes of passwords to be kept on cloud servers. If these hashes are stolen, they can be cracked. In addition, if a user relies on the same password for multiple websites, one stolen password can lead to a breach of all others. On the other hand, most users can’t remember multiple passwords for different websites.

To solve this problem, password management services like LastPass have been invented. But these also rely on cloud services to store encrypted password vaults. If an attacker manages to obtain the password vault from the password manager service, they may be able to crack the vault and obtain all of the user’s passwords.

Web3 applications solve the problem in a different way. They use browser extension wallets like Metamask or Trustwallet to sign in using a cryptographic signature, eliminating the need for a password to be stored in the cloud.

*An example of a crypto wallet login page. Source: Blockscan Chat*

But so far, this method has only been standardized for decentralized applications. Traditional apps that require a central server don’t currently have an agreed-upon standard for how to use crypto wallets for logins.

However, a recent Ethereum Improvement Proposal (EIP) aims to remedy this situation. Called “EIP-4361,” the proposal attempts to provide a universal standard for web logins that works for both centralized and decentralized applications.

If this standard is agreed upon and implemented by the Web3 industry, its proponents hope that the entire world wide web will eventually get rid of password logins altogether, eliminating the risk of password manager breaches like the one that has happened at LastPass.

Recently Signed 2009 Bitcoin Block Reward Linked to Hal Finney’s Set of BTC Transactions

December 15, 2022 Bitcoin.com

Wallet

Can password manager hacks be eliminated with Web3?

Share this video