Autor Cointelegraph By Gareth Jenkinson

Experts find private keys on Slope servers, still puzzled over access

Experts find private keys on Slope servers, still puzzled over access

Uverejnil používateľ | aug 5, 2022 |

Blockchain auditing firms are still trying to figure out how hackers gained access to about 8,000 private keys used to drain Solana-based wallets. Investigations are ongoing after attackers managed to steal some $5 million worth of SOL and SPL tokens on Aug. 3. Ecosystem participants and security firms are assisting in uncovering the intricacies of the event. Solana has worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. It has since emerged that some of the private keys that were compromised were directly tied to Slope. Blockchain audit and security firms Otter Security and SlowMist assisted in ongoing investigations and unpacked their findings in direct correspondence with Cointelegraph. Otter Security founder Robert Chen shared insights from first-hand access to affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of affected wallets had private keys which were present on Slope’s Sentry logging servers in plaintext:”The working theory is that an attacker somehow exfiltrated these logs and were able to use this to compromise the users. This is still an ongoing investigation, and current evidence does not explain all of the compromised accounts.”Chen also told Cointelegraph that some 5,300 private keys which were not a part of the exploit were found in the Sentry instance. Nearly half of these addresses still have tokens in them – with users urged to move funds if they have not done so already.The SlowMist team came to a similar conclusion after being invited to analyze the exploit by Slope. The team also noted that the Sentry service of Slope Wallet collected the user’s mnemonic phrase and private key and sent it to o7e.slope.finance. Once again, SlowMist could not find any evidence explaining how the credentials were stolen. Cointelegraph also reached out to Chainalysis, which confirmed that it was carrying out blockchain analysis on the incident after sharing initial findings online. The blockchain analysis firm also noted that the exploit mainly affected users that had imported accounts to or from Slope.Finance. While the incident absolves Solana from bearing the brunt of the exploit, the situation has highlighted the need for auditing services of wallet providers. SlowMist recommended that wallets should be audited by multiple security companies before release and called for open source development to increase security. Chen said that some wallets providers had “flown under the radar” when it came to security when compared to decentralized applications. He hopes to see the incident shift user sentiment towards the relationship between wallets and validation from external security partners.

Čítaj viac
Alexander Vinnik reportedly en route to the US after extradition

Alexander Vinnik reportedly en route to the US after extradition

Uverejnil používateľ | aug 5, 2022 |

Accused BTC-e operator Alexander Vinnik has reportedly been extradited to America to face up to multiple charges relating to money laundering while working at the now-defunct cryptocurrency exchange.Vinnik has been embroiled in legal battles over the past five years for his alleged role as the mastermind of BTC-e. The cryptocurrency exchange is said to have profited from various illicit activities that used the platform to launder some $4 billion worth of Bitcoin (BTC).Vinnik’s lawyer Frédéric Bélot told American news network CNN on Aug. 5 that Vinnik was in transit from Greece to the United States, where he’s set to face a raft of charges in the Northern District Court of California. The Russian national is accused of money laundering and operating an unlicensed money service in America, in addition to other charges.The accused has already been serving a five-year sentence in France since December 2020 after he was convicted for money laundering as part of an organized criminal group. Vinnik’s lawyers had launched an appeal that was unsuccessful, maintaining that Vinnik was just an employee of the exchange and had no involvement in illicit activities at BTC-e.Related: A life after crime: What happens to crypto seized in criminal investigations?Vinnik was originally arrested in Greece while on holiday in 2017, with America, France and Russia tussling for his extradition from that point onwards. Greece’s Council of State opted to extradite Vinnik to France in early 2020, despite numerous attempts by Russia to request his transit to their jurisdiction.As previously reported by Cointelegraph, Vinnik had agreed to an extradition request from Russia, given that he faced far less serious charges. In contrast, Vinnik faces up to 55 years in prison in America with 21 counts of unlicensed money service business, money laundering and related crimes filed by the Department of Justice.

Čítaj viac
Solana wallets 'compromised and abandoned’ as users warned of scam solutions

Solana wallets 'compromised and abandoned’ as users warned of scam solutions

Uverejnil používateľ | aug 3, 2022 |

The cryptocurrency ecosystem has been rocked by a widespread exploit targeting Solana wallets that have been ongoing since Aug. 3. Phantom and Slope, two Solana-based wallet services, initially flagged the attack on their social media platforms, alongside a host of cryptocurrency influencers, blockchain analytic and security firms and victims of the hack as it continued to unfold.A handful of commentators noted that attackers had gained access to user private keys, as transactions were signed on the chain legitimately. Ava Labs CEO and founder Emin Gun Sirer estimated that more than 7,000 wallets had been affected, a number cited by various other individuals and firms online.As investigations begin to unpack the root cause that allowed an attacker to pillage thousands of wallets, affected users are being warned not to accept help from individuals online purporting to have solutions to the hack. Heidi Chakos, the host of the YouTube channel Crypto Tips, stressed that scammers would be looking to exploit the ongoing situation:DON’T interact with ANYONE who reaches out to you with a solution to this SOLANA hack. They are scammers— Heidi (@blockchainchick) August 3, 2022Solana Status has been providing updates since the exploit began and noted that 7,767 wallets had been affected at 5 a.m. UTC on Aug. 3. Several wallets were affected across mobile and browser extensions. There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets. Do not reuse your seed phrase on a hardware wallet – create a new seed phrase. Wallets drained should be treated as compromised, and abandoned.— Solana Status (@SolanaStatus) August 3, 2022

Solana stressed that users move funds to cold storage and create new seed phrases, while the owners of the nearly 8,000 drained wallets were told that these should “be treated as compromised, and abandoned.”Engineers from multiple ecosystems are investigating the root cause of the incident with assistance from security firms. Users affected by the exploit are being asked to provide their compromised wallet addresses to the Solana Foundation to assist in the investigation. Cointelegraph has reached out to Solana for an updated figure of the number of wallets affected by the exploit. It is also unclear whether affected wallets will see funds recouped or refunded after the incident. 

Čítaj viac
Enterprise crypto custody firm Fireblocks integrates Tokeny for token minting

Enterprise crypto custody firm Fireblocks integrates Tokeny for token minting

Uverejnil používateľ | aug 2, 2022 |

Enterprise cryptocurrency custody firm Fireblocks is set to offer token minting services through a new integration with Ethereum- and Polygon-friendly platform Tokeny.The new feature allows businesses and retail customers to mint and manage permissioned tokens, digital securities, stablecoins and loyalty programs across various trading applications, payment networks and digital banks. Fireblocks and Tokeny make use of ERC-3643 security tokens deployed on the Ethereum and Polygon blockchains.Fireblocks provides an enterprise solution for moving, storing and issuing digital assets to exchanges, lending desks, custodians, banks, trading desks and hedge funds. Fireblocks’ technology is used by more than 1,300 financial institutions, and the company claims to have processed more than $3 trillion in digital asset transfers to date. The latest integration offers institutional-grade users the ability to mint and manage their tokens in additionanaging conventional cryptocurrency portfolios.Related: Fireblocks acquires stablecoin payments platform First DigitalThe company was founded in 2019 by three cyber security experts who had investigated a series of hacks on South Korean exchanges conducted by the Lazarus Group for Check Point Research. The trio formed Fireblocks as a secure platform for financial institutions to protect digital assets from online threats using MPC technology to secure private keys and API credentials.The company is considered a cryptocurrency unicorn, having raised well in excess of $500 million in the three years since its inception. Its list of corporate users includes cryptocurrency exchanges, hedge funds, market makers and over-the-counter trading desks like BlockFi, eToro, Galaxy Digital, Celsius and Crypto.com.Fireblocks was recently valued at over $8 billion in January 2022,  following a series E fundraising round that takes its overall investments raised to just under $800 million.Tokeny had an eventful 2021, processing $28 billion worth of assets that were tokenized through its solutions. The firm’s technology allows financial institutions to issue, transfer and manage securities and tokens that are cross-functional across the Ethereum and Polygon blockchains.

Čítaj viac
Kim Kardashian legal team files motion to dismiss EthereumMax crypto lawsuit

Kim Kardashian legal team files motion to dismiss EthereumMax crypto lawsuit

Uverejnil používateľ | aug 2, 2022 |

Kim Kardashian’s legal team has filed a motion to set aside a class-action complaint aimed at the businesswoman and other American celebrities.Kardashian and a handful of other prominent American social media influencers were served with a class action complaint in January 2022 over claims they had misled investors through the social media promotion of a cryptocurrency token called EthereumMax.Kardashian had posted Instagram story posts promoting the project in June 2021, with the likes of boxing great Floyd Mayweather also embroiled in the lawsuit after promoting the Ethereum-based token in the build-up to a celebrity boxing bout against Youtuber Logan Paul during the same period.Fans could purchase pay-per-view tickets with the tokens, which surged after the promotion of Kardashian and other influencers. The value of EthereumMax dropped significantly afterwards, leaving many out of pocket.The original court filing that listed Kardashian, Mayweather and eight others claimed that company executives had collaborated with celebrity promoters to make misleading statements about the token and their control of the majority of tokens. Steve Gentile and Giovanni Perone were listed as co-founders of the project. Related: Year of sponsorships: Celebrities who embraced crypto in 2021Kardashian’s legal team has argued for the dismissal of the class action lawsuit in court documents reviewed by Cointelegraph, hitting back at the ten claims brought against the influencer. A key point was Kardashian’s Instagram stories in question:“Crucially, no named plaintiff alleges that they in fact viewed either Instagram post before purchasing tokens during the relevant time period.”The filing also argued that the plaintiffs’ claims that influencers were paid in Ethereum (ETH) to promote EMAX were unfounded, given their lack of evidence that Kardashian had received financial compensation for her Instagram posts.Kardashian’s legal team also highlighted that there was no evidence put forward of Kardashian ever purchasing, receiving, or selling the tokens herself. The defendants have together put forward an omnibus motion to dismiss the overall class action claims.While Kardashian moves to distance herself from her involvement in the EthereumMax debacle, this is the latest instance where Mayweather has been involved in a shady cryptocurrency project promotion. The boxer had previously escaped a lawsuit after promoting the fraudulent Centra Tech ICO in 2017 alongside American music producer DJ Khaled. The pair got off the hook after a judge ruled that investors failed to prove they’d bought tokens due to the promotional efforts of Mayweather and Khaled.

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy