Lightning Speed 004: What’s The Lightning Development Initiative?

There’s no denying that 2021 was the Lightning Network’s year. What does the future hold, though? If the objective is to onboard the next billion people, the network needs work and fine-tuning. To grab the bull by the horns, The Human Rights Foundation and Strike set up three 1 BTC bounties

The bounties will go to the first person or team to develop an anonymous Lightning tip jar, a tokenless way to peg BTC to dollars, or a privacy-focused wallet that supports some kind of Chaumian e-cash feature. In a Twitter Spaces conversation about the program, they named it The Lightning Development Initiative. 

A catchy name that we’ll use from now on to refer to all of this. This fourth edition of Lightning Speed is all about the future. Let’s explore the three ideas and the new information that we have about each of them.

5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!

The Lightning Development Initiative In Twitter Spaces

Among the speakers were Strike’s Jack Mallers, The Human Rights Foundation’s Alex Gladstein, Bitcoin Magazine’s Christian Keroles AKA CK Snarks, and Tales From The Crypt’s Matt Odell. It took place December 29th and Bitcoin Magazine hosted it. A Twitter user named Gigi summarized it for us.

Bounty #1: An Anonymous Tip Jar

In our sister site Bitcoinist’s report, they described the challenge as follows:

Get 110 USDT Futures Bonus for FREE!

“Can you create a Lightning tip jar that doesn’t reveal any information about the parties involved? That’s the first task. How to receive completely anonymous donations. According to Bitcoin Mag, the “goal is to enable anyone to use free and open-source software (FOSS) to print a QR code that can be used for receiving Lightning payments privately. Importantly, “The QR code should not reveal the public key or IP address of the user.” 

In the Lightning Development Initiative’s report, we learned that this has to do with the two competing protocols, Bolt12 and lnurl. Jack Mallers “pointed out the absolute need for interoperability on LN and that even though lnurl might not be “optimal” right now, the market will eventually decide what open standard they prefer to use. He thinks that currently UX is a major focus for the LN community and we should make peace with the fact that there will be competition between solutions.”

Mallers put forth another interesting idea, “contrary to the Bitcoin main chain, we can somewhat afford to f**k up on the Lightning Network. As long as the Bitcoin monetary policy is not threatened then we can freely fiddle on top of the protocol via Lightning.”

BTCUSD price chart for 01/14/2021 - TradingView

BTC price chart for 01/14/2022 on Bitfinex | Source: BTC/USD on

Bounty #2: Stablecoin On Lightning Without A Token

Bitcoinist described this one as:

“The second challenge seems to be even more difficult, at least on a conceptual level. The HRF and Strike want a wallet that enables “anyone to “peg” an amount of bitcoin to U.S. dollars without needing an exchange or another token.” That’s right, without a centralized entity. And relying only on sats and bitcoin.”

Gigi summarizes why the world needs this:

“The goal is to allow people to access dollars without a single point of failure. Further down the line, as Bitcoin becomes less volatile, these people can use btc, but until then there’s massive demand for holding value in dollars. The tether market cap is proof of this.”

Bounty #3: A Chaumian E-Cash Feature

First of all, Investopedia defines Chaumian e-cash as:

“eCash was a digital-based system that facilitated the transfer of funds anonymously. A pioneer in cryptocurrency, its goal was to secure the privacy of individuals that use the Internet for micropayments. eCash was created by Dr. David Chaum under his company, DigiCash, in 1990.“

So, once again, anonymity is the priority. As Alex Gladstein put it when announcing the bounties, they’re “for the first open-source, non-custodial, non-KYC Lightning wallets to ship features requested by dissidents worldwide.” Also, take into consideration the words of security expert Brian Trollz’s words, “Bitcoin without privacy is nothing but a surveillance system.”

What does Gigi have for us on this topic? “We need a sort of Chaumian e-cash, extremely easy to use for the Plebs and accessible. Maybe the solution is a federated  one, making it harder to regulate.” He then quotes Jack Mallers again, “There’s going to be a singular standard for the internet of money (Bitcoin). Many will compete on top of BTC so we need “interoperability to the standard.”

Conclusion: The Future Is Bright

Developers, teams, companies, anyone can earn the Lighting Development Initiative’s bounties. The non-profit OpenSats will serve as the judge. They are all open for the whole year. If by the end of 2022 no one has claimed them, the money will go to the Human Rights Foundation’s Bitcoin Development Fund on January 1st. Which is fair. Especially considering they gave 425 million Sats to these worthy organizations and individuals.

For more information and details read Bitcoinist’s original report.

Featured Image by Micah Tindell on Unsplash  | Charts by TradingView


Tagged : / / / / / / / / / / / / / / / / / / / / / / / /

Ledger Adds Bitcoin Bounty and New Data Security After Hack

Matt Johnson, Ledger’s new Chief Information Security Officer (CISO), had no choice but to hit the ground not just running but, well, sprinting. His first week of work entailed scrutinizing the fallout from an extensive data dump of customer information, among other areas such as data security and increased attacks that would come as a byproduct of bitcoin pumping. 

In the aftermath of the largest hack in company history, and a little over a week after Johnson started, the hardware wallet company Ledger has announced its first measures to address the data breach and ensure such a hack doesn’t happen again. 

These include working with blockchain analytics firm Chainalysis to hunt the hackers, offering a 5 BTC bounty for information leading to the hacker’s arrest and creating a comprehensive review of what information the company holds onto, where it’s stored and how long it’s retained. 

The Ledger hack

Ledger publicly revealed that customer information had been compromised in July 2020. At the time, the company estimated 9,500 customers had been affected by the hack. In the following months, CoinDesk documented a string of convincing phishing attempts executed by the hackers, including emails that mimicked official Ledger correspondence and text messages. 

Then, in December 2020, a data dump “exposed 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to people who had ordered Ledger’s devices, which store the private keys for cryptocurrency wallets,” as CoinDesk reported.  The number of people affected was much higher than the original estimate of 9,500.  

A rash of SIM swaps were reported in the days following the data dump and some customers started getting extortion emails, including threats of violence. 

Now, Ledger has released new information about the hack, revealing that it was likely due, in part, to rogue actors at Shopify, its e-commerce partner at the time. 

Shopify’s rogue agents

On Dec. 23, 2020, Ledger was notified by Shopify of an incident “involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020,” according to a blog post. 

Shopify told Ledger the data breach was part of its disclosure in September 2020, which involved over 200 merchants. Until Dec. 21, 2020, though, Shopify had not “discovered that Ledger was also targeted in this attack.” Shopify told Ledger it is continuing to investigate and that the issue had been reported to law enforcement. 

In an interview last December, Ledger CEO Pascal Gauthier told CoinDesk the initial hack was, in part, a result of the company scaling so quickly, and that he and incoming CISO Matt Johnson would be announcing a new data policy and plan to further address the leaks in January.

Today, Ledger announced its plans for the future. 

Ledger’s data security after the hack

First and foremost, in a blog post, Ledger reiterated the company will never ask customers for their 24 recovery words, which can be used to access bitcoin and crypto wallets. They also stressed that as long as customers had not shared these words, their Ledger hardware devices were secure. 

“We are announcing changes in the way Ledger will collect and handle customer data: keeping personal data for as short a time as legally possible, minimizing the display of personal data in emails, moving needed data in a further segregated environment as soon as possible, and creating a secure channel for communicating 1:1 with our customers via Ledger Live,” the authors, including new CISO Matt Johnson, wrote. 

First, Ledger is changing the way it stores data. In an interview, Johnson said that while he would prefer not to have to hold user data at all, the company is legally obligated to do so for a period of time. But Ledger is looking to go beyond what privacy is required by the European Union’s General Protection Data Regulation, according to Johnson. 

“By going beyond the GDPR, what we mean is not ‘holding data longer than GDPR requires’, but quite the opposite,” said Johnson. “Our goal is to delete data such as name, address, and phone number as soon as possible, even if we would be allowed to keep them under the GDPR. Some data, however, we will need to keep to fulfill our legal obligations such as accounting or tax requirements, and this data will be further segregated to limit its access.”

Delete, delete, delete

Moving forward, Ledger will delete data from its e-commerce partner as well as move customer data to a database that can’t be accessed from the internet as soon as your order is fulfilled, before deleting it as soon as they’re legally able. 

The company will also be deleting names, addresses and phone numbers from confirmation emails sent to customers so that this data is not passed through third-party e-commerce email providers. 

The email and social media will only be used for marketing messages and announcements, Ledger Live accounts are being set up to communicate technical and security information, seemingly to avoid instances of previous phishing scams, in which scammers encouraged Ledger users to download important security updates via genuine-looking emails.

Finally, Johnson will be doing a comprehensive review of third parties handling the data. 

“I will be going through and doing an examination of every single one of our third parties that we have to share or have the transmission of the data with as part of the supply chain,” said Johnson in a Zoom call. 

“We’ll be going through and looking at making sure that all of their processes are appropriate and rigorous, because if we’re entrusting our data to them, we need to be 100% sure that they are actually operating to the best of their capability to meet all of those minimal requirements, and preferably push them to go beyond that.”

A bitcoin bounty and law enforcement

Ledger is working with various law enforcement agencies as well as the blockchain analytics firm Chainalysis. It has even set up a bitcoin bounty for information related to those responsible for the hack. 

“We’re running down leads so we can actually be able to recover, if that’s at all possible, stolen funds if it’s landing on exchanges,” said Johnson. “We want to make sure information is all being obtained in a legal way and shared directly with law enforcement agencies. 

Johnson said Ledger wants to make sure all information gathering is done legally and “above board” with the goal of prosecuting the individuals responsible. 

The blog post qualified the bitcoin bounty, stating that the BTC will be disbursed at the discretion of Ledger and will take a variety of factors into consideration. In echoing Johnson’s comments, these include whether the information has been obtained legally, whether it’s new, how substantial it is and how far it would go toward furthering the investigation and successful prosecution. 

The company also hopes it can collaborate with other companies and individuals in the crypto industry to fund this bounty. It envisions a general purpose bounty fund, a sort of foundation to fight scamming and phishing attacks across the industry. 

“We are actively trying to do things to protect and improve that ecosystem,” said Johnson. 

Protecting your bitcoin even when recovery phrase is shared

The Ledger engineering team is also developing a product that “will protect the funds of a user even if they had shared their recovery seed with an attacker.”

Jerôme De Tychey, Global Head of Client Success at Ledger, said in an email the majority of the phishing attacks rely on making the Ledger Nano owners reveal their 24-word phrase. Scammers seize on that opportune moment of panic where the owners believe their funds to be at risk. Remembering crucial safety measures at that moment is not always possible, especially when the scammers pose as Ledger support staff. 

“We are acknowledging this problem and we will soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance as well,” said De Tychey in an email to CoinDesk

Moving ahead, how and when these changes are clarified and implemented will go a long way toward regaining users’ trust. But they represent a step forward for Ledger’s security in the aftermath of an extensive data breach, and just may work for the crypto community more generally. With bitcoin and other altcoins booming, the security around crypto tools and products is an iterative process. 

“There are always these new avenues that people attempt to exploit,” said Johnson. “So we have to do that continual reassessment and ask what else we can do to make this even more secure than what it is today. Ledger wallets haven’t been compromised, so they’re going after the human elements time and time and time again. So what else can we do? What else can we do to help protect the end customer? Because these are real people.”



Tagged : / / / / / / /
Bitcoin (BTC) $ 27,821.45 2.07%
Ethereum (ETH) $ 1,897.66 2.91%
Litecoin (LTC) $ 91.34 2.21%
Bitcoin Cash (BCH) $ 116.82 2.35%