Autor Cointelegraph By Tom Blackstone

Crypto trading firm Auros Global misses DeFi payment due to FTX contagion

Crypto trading firm Auros Global misses DeFi payment due to FTX contagion

Uverejnil používateľ | dec 1, 2022 |

Crypto trading firm Auros Global appears to be suffering from FTX contagion after missing a principal repayment on a 2,400 Wrapped Ether (wETH) decentralized finance (DeFi) loan.Institutional credit underwriter M11 Credit, which manages liquidity pools on Maple Finance, told its followers in a Nov. 30 Twitter thread that the Auros had missed a principal payment on the 2,400 wETH loan, which is worth in total around $3 million. M11 Credit suggests that it is always in close communication with its borrowers, particularly after events in the last month, and said Auros is experiencing a “short-term liquidity issue as a result of the FTX insolvency.”We remain committed to providing transparent updates whenever possible, and are working with Auros to provide a joint statement that provides further information to lenders.If you have any questions, feel free to reach out at m11credit@maven11.com5/5— M11 Credit (@M11Credit) November 30, 2022While Auros, an algorithmic trading and market-making firm, has not yet addressed the statement by M11 Credit, the thread has been retweeted by Maple Finance itself.M11 Credit has also stressed that the missed payment does not mean the loan is in default. Instead, the missed payment has triggered a “5-day grace period as per the smart contracts.”This implies that Auros has until Dec. 5 to make the late payment before it will be declared as being in default. According to an official Maple Finance Youtube video, if a default occurs, it could result in the borrower’s collateral being liquidated and/or staked maple tokens and USDC on the platform being used to cover any shortfalls to lenders. Enforcement action could also be pursued through New York courts.M11 credit claims that it is “working with Auros to provide a joint statement that provides further information to lenders.”Cointelegraph has reached out to both M11 Credit and Auros for comment, but did not receive a reply before time of publication.Crypto exchange FTX announced on Nov. 11 that it would file for Bankruptcy after having suffered a liquidity crisis and being unable to honor withdrawals. The resulting contagion has spread to numerous other firms. BlockFi declared bankruptcy on November 28. Galois Capital and New Huo Technology have lost millions of dollars from FTX’s collapse, and Nestcoin has had to lay off workers because of its exposure to the failed exchange.

Čítaj viac
Coinbase clarifies bug bounty policy in response to Uber extortion verdict

Coinbase clarifies bug bounty policy in response to Uber extortion verdict

Uverejnil používateľ | nov 30, 2022 |

In a blog post on November 30, Coinbase sought to clarify its bug bounty program policies in response to the recent Uber data breach verdict.The company stated that it still welcomes “responsible” disclosure of security issues, but users who abuse this process will not be awarded bug bounties:“The key word in all of this is ‘responsible’. In the wake of the recent Uber verdict, there is a lot of concern in the industry about bug bounty submissions becoming extortion attempts. At Coinbase, […] we’ve put a lot of thought into how we operate our bug bounty program to stay on the right side of the law.”The official Coinbase bug bounty reporting page at HackerOneThe verdict Coinbase was referring to was issued on October 5. Joe Sullivan, former Uber security chief, was found guilty of colluding with attackers to cover up evidence of a data breach, according to a report by the Washington Post. Sullivan had originally claimed that the attackers had submitted the breach as a bug bounty and that the company had paid them as a bug bounty reward.Tech companies often use bug bounties to encourage white hat hackers to find security vulnerabilities and report them. But the Sullivan verdict has raised the question of how far a bug bounty program can go in awarding prizes to hackers without running afoul of the law itself.In its post, Coinbase stated that it has encountered some bug bounty participants who claim to have committed criminal actions that would prevent the company from being able to legally make a payout.For example, a participant submitted multiple emails to the team saying that they had “306 million users data fully dehashed” and a “bypass” to skip the 48 hour waiting period on new devices. According to Coinbase, if this person had such information, it would mean that they accessed customer data beyond what could be considered “good faith” or “accidental.” In such a case, Coinbase would not be able to pay the bounty.In this particular case, Coinbase said they believed that the participant was making a false claim. The participant did not provide any information that would allow the claim to be verified, so the team ignored the request for a bounty. But even if the person making the claim had been telling the truth, it would have been illegal to pay out the reward to them.Coinbase also emphasized that threats or other extortion attempts will not result in a bug bounty payout:“Most important of all — a bug bounty submission can never contain threats or any attempts at extortion. We are always open to paying bounties for legitimate findings. Ransom demands are an entirely different matter.”The practice of paying bug bounties is sometimes controversial. Critics say that it can encourage malicious behavior, while supporters say it often allows vulnerabilities to be discovered safely. On Oct. 19, an attacker drained the Moola Market DeFi app of $9 million worth of cryptocurrency. But when the developer offered to let the attacker keep $500K as a bug bounty, the attacker returned the other $8.5 million. A similar attack occurred on the decentralized exchange, KyberSwap, in September. In this case, the attackers stole $265K, and the developers offered to let them keep 15% of the funds if they would return the rest. Suspects in the case were later identified, but the funds have not been returned, and the hackers appear to still be at large.

Čítaj viac
The creator of the FTSE100 launches indices for crypto

The creator of the FTSE100 launches indices for crypto

Uverejnil používateľ | nov 29, 2022 |

FTSE Russell, creator of the FTSE100 stock index, has released a series of indices whose constituents are digital assets, according to a press release released via its website on Nov. 29. The series has been produced in cooperation with Digital Asset Research. FTSE Russell is a subsidiary of the London Stock Exchange.The 2022 performance of the FTSE Digital Asset Index – Large/Mid, as stated in the index’s fact sheetIndices have been used in the stock market throughout its history to track particular areas of the market. But there were relatively few made up of cryptocurrencies prior to 2021.The FTSE Digital Asset Index series appears to be the first issued by a company based in the U.K. It joins the list of crypto indices that have been released by U.S. and German companies since early 2021, including the S&P Cryptocurrency Index series, the Nasdaq Crypto Index, and the CMC Crypto 200 Index series by Soloactive.The new series contains eight indices total, including one each for large cap, mid cap, small cap, and micro cap coins, as well as four indices that combine coins from multiple market cap sizes. The company has not released a list of constituents for each index yet, but it has released a fact sheet for each one showing performance data for Q1-Q3, 2022.In the press release, Arne Staal, CEO at FTSE Russell, argued that the new indices will help to bring transparency to the crypto market, stating:“FTSE Russell has taken a measured approach to this frontier investment space and has built a rigorous and transparent framework, underpinned by robust governance and comprehensive data to meet investor needs, both where they are now and as they prepare for change in this market.”According to the company’s website, the new indices rely on a standardized set of 21 criteria to determine which institutions can be counted on to prove accurate pricing data. Once a set of institutions is decided on, the price data from these institutions is used to determine which coins go in each index and to determine the overall performance of the index.

Čítaj viac
Meta fined €265M for allowing scrapers to steal Facebook's centralized user data

Meta fined €265M for allowing scrapers to steal Facebook's centralized user data

Uverejnil používateľ | nov 28, 2022 |

The Irish Data Protection Commission (DPC) announced on Nov. 28 that it has fined Facebook developer Meta €265m for breach of the European Union’s General Data Protection Regulation (GDPR). Specifically, the commission stated that it had fined Meta for failing to design Facebook in such a way that it would protect users from data breaches.The announcement followed a more than year-long investigation that began in April, 2021. The breach itself occurred even earlier, in late 2019.Data Protection Commission announces decision in Facebook “Data Scraping” Inquiry: https://t.co/xW9nVqiJ2Y pic.twitter.com/6iDYnyVk5R— Data Protection Commission Ireland (@DPCIreland) November 28, 2022The data breach was first discovered when a Tech Crunch report revealed that hundreds of millions of Facebook users’ phone numbers were listed in a publicly-accessible database online. Although the database was later taken down by the web-host, its existence revealed that Facebook’s data had been breached.In April, 2021, the DPC began investigating the breach. At the time, Meta posted a statement about the breach called “The Facts on News Reports About Facebook Data.” Meta claimed that an attacker had used its contact importer tool to spam the server with phone numbers to see which ones had Facebook accounts associated with them. Each time the attacker got a response, they were able to gain the personal details of the user and match these details up with the users’ phone number. As a result, users’ personal data had been leaked to malicious actors.In the statement, Meta claimed that it had patched this contact importer vulnerability once the breach was discovered and that the tool was now safe.According to the new DPC statement, it found “infringement of Articles 25(1) and 25(2) GDPR” due to this incident and “has imposed administrative fines totalling €265 million.”The use of personal data in social media apps has become controversial in recent years as data breaches have become commonplace.Several blockchain companies have attempted to solve the problem by creating blockchain social media apps that do not require users to give out their email addresses or phone numbers. For example, both Bitclout and Blockster are social media apps that allow users to sign in with just an Ethereum wallet.Ethereum Developers have also offered a proposal, called “EIP-4361,” to standardize the wallet login process across all apps. Supporters believe this could eliminate the need to ask users for sensitive personal information in social media apps, which could help to prevent breaches like this in the future.

Čítaj viac
1inch releases new tool to protect traders against ‘sandwich attacks’

1inch releases new tool to protect traders against ‘sandwich attacks’

Uverejnil používateľ | nov 25, 2022 |

Exchange aggregator 1inch released a new tool called “Rabbithole” on Nov. 25, which the company says will protect traders against malicious “sandwich attacks.” The team announced the launch of the tool in a press release that has been made available to Cointelegraph.Rabbithole works by allowing users to submit transactions directly to Ethereum nodes, bypassing the mempool. In order to use it, users need to change the remote procedure call (RPC) endpoint in their crypto wallet. After that, each swap initiated via 1inch will be analyzed by the private tx routing algorithm developed by the 1inch team and then sent to validators directly if there is a possibility of a sandwich attack.According to the press release, a “sandwich attack” is a type of crypto font-running that consists of three steps:The attacker scans the blockchain’s mempool until it finds a high-value transactionA transaction is submitted to front-run the victim’s purchase, and higher gas is paid to make sure that the attacker’s transaction gets processed before the victim’s. This early transaction pumps the price of the coin that is about to be purchased, causing the victim to pay moreAfter the victim’s transaction is processed, the attacker submits a second transaction that sells their coins, pocketing the difference in priceThis type of attack is so named because it “sandwiches” the victim’s transaction between two transactions submitted by the attacker.According to a report by TarLogic, titled, “Tracking Ethereum blockchain crypto attackers: Measuring sandwich attacks,” over 60,000 Ether (ETH) was lost from sandwich attacks from May 2020 to April 2022 — a value of over $72,000,000 at the time of publication.The crypto R&D team, Flashbots, had previously released a python library that allowed users to submit transactions directly to nodes. However, this library could only be used in a developer environment. According to 1inch, Rabbithole is a library that works similarly to Flashbots, but it also includes a consumer-friendly frontend for users.Rabbithole is the latest in a string of upgrades to the 1inch decentralized exchange (DEX) aggregator. In August 2021, the team launched an Ethereum layer 2 version on Optimism and in November 2021, a new mainnet router to optimize gas costs was implemented.

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy