Google’s Authenticator Update Raises Security Concerns

Google has published an update to its Authenticator app that keeps a “one-time code” in cloud storage. This update is part of the company’s endeavor to assist customers in maintaining access to their two-factor authentication (2FA) systems. Users who have misplaced their device that contained their authenticator may still access their two-factor authentication using this code. The storage of one-time codes in a user’s Google Account, as recommended by Google, is said to improve both convenience and security and shield users from being locked out of their accounts. However, this approach is causing other people to worry about their safety.

In a post made to the r/Cryptocurrency forum, the user u/pojut pointed out that keeping one-time codes in cloud storage connected with the user’s Google account might render users more susceptible to attacks from cybercriminals. If a hacker were to get the user’s Google password, they would be able to gain complete access to all of the user’s authenticator-linked applications. An outdated phone that is utilized just for the purpose of housing the authenticator app was recommended by user u/pojut as a solution to this problem.

Developers of cybersecurity software called Mysk have also taken to Twitter to provide a warning about the extra issues that come with using Google’s cloud storage-based approach to two-factor authentication (2FA). Users that use Google Authenticator as a second factor of authentication for logging into their cryptocurrency exchange accounts and other services linked to finance may find this to be a substantial cause for worry. The two-factor authentication (2FA) system is vulnerable to a variety of attacks, the most prevalent of which is known as “SIM swapping.” This kind of identity theft allows con artists to take control of a phone number by deceiving a telecoms operator into associating the number with their own SIM card.

A recent example of this may be seen in a lawsuit that was recently filed against the cryptocurrency exchange Coinbase, which is situated in the United States. In the case, a client claimed that he had lost “90% of his life savings” as a result of being a victim of such an assault. Notably, Coinbase itself recommends using authenticator applications for two-factor authentication rather than sending a verification code by text message. The company calls SMS two-factor authentication the “least secure” type of authentication.

An upgrade to Google Authenticator may benefit users who have misplaced their authenticator app, but it has caused some users to be concerned about the service’s level of security. The use of cloud storage to store one-time codes leaves users open to attack by cybercriminals, who may then be able to discover the user’s Google password and, as a result, acquire complete access to all of the authenticator-linked applications used by the user. Users who use Google Authenticator for two-factor authentication should take precautions to safeguard themselves, such as installing their authentication app on a different device and avoiding two-factor authentication through SMS.

Source

Tagged : / / / / /

The Sandbox partners with Ledger Enterprise for NFT security integration.

In its latest move to bolster security and enhance its partners’ experiences, The Sandbox has partnered with Ledger Enterprise to develop security integration. This partnership will enable The Sandbox’s partners to migrate their nonfungible token collections to the Ledger wallet, ensuring the highest level of security for these assets.

The collaboration will also see The Sandbox appear as a decentralized application (DApp) on Ledger Enterprise, and a specific widget will be integrated into the Ledger Live desktop application. This will allow for the transfer of all NFTs in The Sandbox collection wallet to the Ledger Enterprise wallet, thereby ensuring their security.

As part of the partnership, The Sandbox will recommend Ledger Enterprise to its LAND owner ecosystem, while Ledger will promote The Sandbox metaverse to its clients. The initiative extends the recently established partnership between The Sandbox and Ledger to promote crypto education in the metaverse.

This partnership follows a successful collaboration between The Sandbox and Ledger in 2022, which saw the two companies promote crypto security education through a game called School of Block in The Sandbox’s metaverse. According to the VP of Communications at The Sandbox, Ariel Wengroff, the company was thrilled with this experience.

Ledger recently raised $109 million (100 million euros) in a Series C funding round extension, placing its valuation at $1.4 billion (1.3 billion euros). The capital, provided by investors such as VaynerFund, Cité Gestion SPV, True Global Ventures, and Digital Finance Group, will be used to expand the company’s distribution network, increase production, and develop new products.

The Sandbox is actively broadening its partnerships network and signed a memorandum of understanding with the government of Saudi Arabia in February to explore, advise and support each other in metaverse development. The Sandbox has also previously partnered with some of the biggest names both inside and outside of the Web3 space, including Snoop Dogg, Gucci, Tim, Atari, HSBC, and Warner Music Group.

In conclusion, The Sandbox’s partnership with Ledger Enterprise is a significant step in ensuring the security and safety of nonfungible token collections on its platform. The collaboration will enable The Sandbox’s partners to enjoy the highest level of security and enhance their overall experience on the platform. With its growing list of partnerships, The Sandbox continues to position itself as a leading decentralized metaverse platform in the Web3 space.

Source

Tagged : / / / / /

MetaMask Denies Involvement in Massive Wallet-Draining Exploit

MetaMask, a leading cryptocurrency wallet provider, has recently been accused of being involved in a massive wallet-draining operation that resulted in the loss of over 5,000 ETH, worth more than $10.5 million in crypto and nonfungible tokens (NFTs) since December 2022. However, MetaMask has strongly denied these claims, stating that the exploit was not specific to its wallet.

In response to a series of tweets by Taylor Monahan, the founder of Ethereum wallet manager MyCrypto, MetaMask issued a statement on April 18, saying that recent reporting on Monahan’s thread has incorrectly claimed that a massive wallet-draining operation is a result of a MetaMask exploit. The wallet provider confirmed that the 5,000 ETH was stolen “from various addresses across 11 blockchains,” adding that the claim that funds were hacked from MetaMask “is incorrect.”

MetaMask’s security team is currently researching the source of the exploit and is working with others across the Web3 wallet space. According to an official statement from the company, it is possible that there had been “some sort of private key or seed phrase leak.” There are also numerous independent security researchers who are investigating the incident.

Monahan, in her thread on the exploit, stated that “no one knows how” this massive attack was conducted, but her “best guess” was that a significant amount of old data was obtained and used to extract the funds. She also originally claimed that the attacker was draining long-time MetaMask users and employees by using the wallet. However, she later stated that the exploit is not specific to MetaMask, and “users of all wallets, even those created on a hardware wallet,” have been impacted by the exploit.

MetaMask is known for its strong security features, and the company has taken steps to address the issue. It is essential to note that users should always take precautions when storing their crypto assets in any wallet, as there is always a risk of theft or hacking. It is crucial to keep private keys and seed phrases secure, and to use multi-factor authentication whenever possible.

In conclusion, MetaMask denies its involvement in the massive wallet-draining exploit that has impacted many cryptocurrency users across different wallets. The company’s security team is currently working to determine the source of the exploit, and it is essential that all crypto users take necessary security precautions when storing their assets.

Source

Tagged : / / / / /

Binance to Disable Multiple Old Deposit Addresses

Binance, the world’s largest cryptocurrency exchange by trading volume, has announced that it will disable multiple old deposit addresses as part of its ongoing infrastructure upgrade. The retirement of selected deposit addresses and memos will take place in batches across multiple blockchains, including Ether (ETH), Tron (TRX), BNB (BNB), and Stellar (XLM).

According to Binance, the retirement of old addresses is a routine and essential part of enhancing security and efficiency for its users. The users of impacted deposit blockchain addresses will receive notification via email, urging them to obtain a new address and memo upon receiving the notification. The email will also include the expiration date for any outdated deposit addresses, and old deposit addresses will become invalid once users obtain a new one.

To obtain a new deposit address, impacted users must log in to their Binance account and follow the instructions mentioned in their email notification. The migration is scheduled for between April and June 2023, and Binance assures that the funds won’t be lost if someone mistakenly sends assets to expired addresses. However, payments made to addresses that have already expired will not be immediately reimbursed, and users must manually credit the deposits from the old address using the “transaction history” page.

Binance regularly upgrades and maintains its infrastructure to ensure the security and efficiency of its services. The exchange recently raised concerns against 191 high-risk and untrustworthy decentralized applications and fake tokens on its native blockchain network called BNB Chain.

The change in deposit addresses of multiple blockchains, including Ethereum, comes just a day before Binance is set to open ETH withdrawal for its users. Millions of Ether are now unlocked after the Shapella upgrades on April 12, with major exchanges and custodians having already made arrangements for users to unstake their ETH from the Beacon Chain nearly three years after staking it.

In conclusion, Binance’s move to disable multiple old deposit addresses is part of its continuous effort to enhance the security and efficiency of its services. Impacted users are encouraged to obtain new addresses and memos as soon as possible to avoid complications in their transactions. Binance assures users that their funds won’t be lost, and the migration process is scheduled to take place gradually between April and June 2023.

Source

Tagged : / / / / /

NFTs Get Security Boost with New Warranty Service

The rise of Web3 has led to an explosion in the popularity of nonfungible tokens (NFTs), which offer unique ownership of digital assets, including art, music, and even tweets. However, the Web3 space has seen its fair share of exploits, with hackers exploiting more than $320 million in the first quarter of 2023 alone. As a result, securing digital assets has become a top priority for many users, particularly those considering joining the Web3 space.

To address this security gap, Wert and Avata have launched a new NFT warranty service. The opt-in service will provide coverage for up to 90% of the value of compromised digital assets in a smart contract hack, offering a sense of security and trust for both active and prospective collectors. The service will be available on nearly 80 digital asset marketplaces, including the KnownOrigin NFT marketplace.

According to Vano Basiladze, CEO of Wert, the NFT protection will be charged at 6% of the asset cost at checkout, with coverage calculated by the purchase price rather than the current market value. By offering a service that ensures some degree of protection against hacks and theft, Basiladze believes that mass adoption of NFTs and Web3 technologies in general will be perpetuated.

“Overall, any consumer looking to get into the NFT space wants to protect their money invested, and by offering them that sense of security, they are able to engage in Web3 on a deeper level with reduced risk,” Basiladze said.

Basiladze also noted that high-value NFTs, similar to traditional collectibles and art, are often bought by serious investors who are more worried about security than the average collector. By offering warranties, the NFT industry can become more open to professional collectors and investors.

The NFT market has exploded in recent years, with some projections estimating that NFT-related global transactions will skyrocket from 24 million in 2022 to nearly 40 million by 2027. In fact, a recent study from CoinGecko revealed that 25% of NFT owners have a collection of 51 digital assets or more. As such, the need for increased security and protection of digital assets is more important than ever.

In conclusion, the launch of Wert and Avata’s NFT warranty service represents a significant step forward for NFT security. By reducing the risk for both active and prospective collectors, the offering aims to encourage mass adoption of NFTs and Web3 technologies. With the NFT market continuing to grow, the need for increased security measures is paramount, and this warranty service is a welcome addition to the ecosystem.

Source

Tagged : / / / / /

PureFi Introduces SafeTransact to Enhance Web3 Security

The Web3 technology has fundamentally altered the manner in which financial exchanges are carried out by removing the need for middlemen while also enabling decentralized and protected peer-to-peer transactions. Despite this, Web3 comes with its own set of unique security issues and concerns, such as the possibility of hacking attacks to blockchain networks. Web 3 security businesses are continually inventing and creating new methods to safeguard Web 3 transactions in order to overcome the problems that have been outlined above.

SafeTransact is a brand new approach that has been proposed by PureFi, a decentralized finance (DeFi) protocol for cryptocurrency onboarding. Its purpose is to increase the level of security that Web3 transactions have. In order to offer an extra degree of security that is focused on prevention, SafeTransact analyzes blockchain transactions and immediately warns users of any questionable behaviors that it discovers. This solution was developed with the intention of integrating with AMLSafe, which is a multi-crypto wallet that is part of the same ecosystem.

In order to determine the level of risk associated with permitted transactions, the SafeTransact system evaluates a number of characteristics, including the token address, sender address, spender address, and amount. The risk levels associated with token transfer transactions are determined by the system after conducting an analysis of the input data, which includes addresses for “from,” “to,” and “amount.” For the purpose of providing a thorough risk assessment, it examines decentralized exchange addresses, the senders of funds, the tokens that come into and leave the exchange, and the quantities that are transmitted.

Because of the proliferation of DeFi and Web3, security has emerged as one of the most important concerns. The necessity for increased security measures was brought to light by a research that was recently published by Chainalysis. The analysis found that the DeFi sector was the one that saw the most attacks and data breaches in 2022. Audits of Web3 apps are carried out by security organizations in order to discover possible vulnerabilities and hazards. In addition, these businesses offer blockchain-specific security solutions that may assist in the detection and prevention of attacks on blockchain networks.

Enhancing Web3’s level of security has been made easier thanks to the SafeTransact technology. It is possible to reduce the risk of potential hackers and data breaches by conducting an analysis of blockchain transactions and identifying suspicious behaviors. Additionally, the connection with AMLSafe offers an extra layer of protection, making it possible to confirm that all financial dealings are in accordance with the anti-money laundering legislation.

In conclusion, Web3 security businesses play a crucial part in assuring the safety of blockchain-based platforms and apps by providing a range of services. Because of the one-of-a-kind problems and dangers that are related with blockchain-based transactions, security organizations are constantly researching and implementing novel strategies in order to secure Web3 transactions. The incorporation of SafeTransact into the global crypto security arsenal by PureFi is a step in the right direction and exemplifies the efforts that are still being made to make Web3 more secure.

Source

Tagged : / / / / /

Wakweli and Polygon Partner for NFT Authentication

In a bid to enhance the security of the digital ecosystem, Web3 infrastructure protocol Wakweli has partnered with layer-2 scaling platform Polygon to offer certification of authenticity for non-fungible tokens (NFTs). The partnership means that every NFT project holder on the Polygon chain can request authenticity certificates for each asset.

Negotiations for the partnership agreement began in August 2022, with the final details of the agreement concluded this March. Wakweli’s testnet will be available in April, which can be used with Polygon’s Mumbai testnet. Alpha testing with Polygon’s mainnet will begin in Q2 2023, with general mainnet compatibility expected to be ready by Q3 2023.

By providing a medium for detecting counterfeit NFTs, the partnership between the two companies has unlocked a definitive way to fight these scam attempts, thereby creating more trust in the thriving ecosystem. The Wakweli platform and application programming interface will offer developers access to advanced use case scenarios, including automatically generating certification requests when minting or accessing more detailed certification information.

Wakweli’s certification system provides an innovative solution to the ongoing problem of counterfeit NFTs, which has plagued the NFT market since its inception. The certification system will help to ensure that NFTs are authentic, thereby promoting transparency and trust in the digital asset market.

Polygon has gained significant traction through partnerships with major brands such as Starbucks and Adidas, leading to increased adoption of the network among cryptocurrency users. The collaboration with Wakweli is expected to further strengthen Polygon’s position in the market by offering an additional layer of security and authenticity to the digital assets on its platform.

In the past month, the Polygon Foundation has also collaborated with the South Korean multinational conglomerate Lotte Group to showcase the company’s NFT projects. This collaboration highlights the growing interest in NFTs and their potential applications across different industries.

Overall, the partnership between Wakweli and Polygon represents a significant step forward in enhancing the security and trustworthiness of the digital asset market. As the adoption of NFTs continues to grow, the need for robust certification and authentication systems will become increasingly important. The collaboration between Wakweli and Polygon is a promising development in this direction, and it is expected to have a positive impact on the overall growth and sustainability of the digital asset market.

Source

Tagged : / / / / /

Arbitrum Discord Server Hacked for Phishing Attack

Arbitrum, a blockchain platform that aims to provide fast and low-cost transactions, recently experienced a security breach on its official Discord server. On March 25, security firm CetriK warned the crypto community about a possible phishing attack being circulated through the server. According to reports, a hacked Discord account belonging to one of Arbitrum’s developers was used to share a fake announcement with a phishing link.

The phishing message on Discord offered users “the opportunity to re-claim an additional stake in Arbitrum DAO Governance,” citing issues during the initial token claim drive. However, the URL supporting the announcement contained a misspelling of Arbitrum as “Arbtirum,” which is a common tactic used by hackers in phishing attacks. Clicking on the link typically leads unsuspecting users to a fake website that prompts them to enter sensitive information, such as their wallet’s private key.

As of now, Arbitrum has not released an official statement regarding the incident. Investors are advised to avoid interacting with the announcement until further clarification is provided. It is essential to remain vigilant against unrealistic claims and deceptions as hackers continue to exploit the hype surrounding cryptocurrency.

Meanwhile, two airdrop hunters were able to take advantage of the situation and collect approximately $3.3 million worth of ARB tokens. Airdrops are promotional events where crypto projects distribute free tokens to users who complete certain tasks, such as sharing a post on social media or joining a Telegram group. However, it is crucial to exercise caution when participating in airdrops, as scammers often impersonate legitimate projects to steal users’ personal information or funds.

In recent years, the crypto community has seen an increase in phishing attacks and other types of cybercrime. As the value of cryptocurrencies continues to rise, so does the incentive for hackers to target investors and platforms. It is crucial to follow best security practices, such as using strong passwords, enabling two-factor authentication, and avoiding suspicious links and emails. By remaining vigilant and informed, users can protect themselves from potential threats and enjoy the benefits of the crypto revolution.

Source

Tagged : / / / / /

Circle CEO Criticizes SEC Stablecoin regulations

According to Jeremy Allaire, founder and CEO of Circle, the United States Securities and Exchange Commission is not the suitable institution to oversee stablecoins.

The chief executive officer of Circle provided his opinions on the SEC and its recent actions to crack down on the cryptocurrency sector, including the stablecoin issuer Paxos, in an interview that took place on February 24 with Bloomberg.

Allaire seems to have taken issue with the SEC’s emphasis on stablecoins, stating that dollar-pegged “payment stablecoins” should be subject to the supervision of a banking authority rather than the SEC. This seems to be the case.

“I don’t think the SEC is the regulator for stablecoins,” said Allaire, adding, “There is a reason why everywhere in the world, including the U.S., the government is specifically saying payment stablecoins are a payment system and banking regulator activity.” “I don’t think the SEC is the regulator for stablecoins.”

Following the delivery of a Wells notice to Paxos, which is the issuer of Binance USD (BUSD), Circle affirmed the previous week that it had not been the subject of an investigation by the SEC.

“There are plenty of varieties, as we like to say, not all stablecoins are made equal,” Allaire stated. He continued by saying, “But, obviously, from a policy standpoint, the consistent position throughout the globe is that this is a payment system, prudential regulator area.”

However, the CEO of Circle said that he generally supported a recent proposal made by the SEC regarding cryptocurrency custody. This plan would make it far more difficult for exchanges to become custodians.

We believe that having competent custodians who are able to offer the right control structures as well as bankruptcy protections and other things is a very crucial and highly useful component of the market system.

USD Coin, which is issued by Circle, is the second-largest stablecoin in circulation worldwide (USDC). Its market share is 31% thanks to its circulating supply of $42.2 billion, which provides it that percentage. According to CoinGecko’s data, Tether continues to be the most popular stable cryptocurrency, with a supply of $70.6 billion and a market share of 52%.

On February 23, Allaire expressed his agreement with SEC Commissioner Hester Peirce’s statement that the agency need to consult with Congress. Some people argue that the Securities and Exchange Commission has been taking matters of crypto rules and enforcement into its own hands due to the absence of law in this area.

According to the article, Circle is planning to increase its staff by as much as 25 percent, breaking the typical trend of layoffs in the cryptocurrency industry.

Source

Tagged : / / / / / /

Blockchain Association Rejects Court’s Securities Ruling on Private Blockchains

Following the decision of a federal judge to allow a lawsuit against Dapper Labs’ NBA Top Shot nonfungible tokens (NFTs) to go forward, the chief legal officer of the Blockchain Association stated that “it would be absurd” for a United States court to rule that digital assets on private blockchains are securities. This statement was made in response to the judge’s decision to allow the lawsuit to go forward.

U.S. attorney Jake Chervinsky issued a statement after a federal court refused a move to dismiss a 2021 lawsuit claiming Dapper Labs of marketing NFTs as unregistered securities. The ruling prompted Chervinsky’s comments.

Chervinsky was one of a number of attorneys who posted on Twitter to repeat that the judge’s rejection of the motion does not indicate that a decision has been reached about the complaint; rather, it just indicates that the lawsuit was “facially plausible.”

“The judge didn’t make any decisions at all. Because the securities allegations were at least “plausible,” an exceedingly low standard and not at all a final determination, he permitted the case to go beyond a request to dismiss it. He noted that this decision was not a final judgement at all.

“Putting this debate to the side for a moment, it would be completely ridiculous if every valuable digital object held on centralized databases was a security.”

According to his explanation, this would force every major video game producer, event ticketing site, travel rewards program, and so on to become publicly traded companies that are subject to regulation by the SEC.

Jesse Hynes, an additional attorney in the United States, weighed in on the move in a tweet on February 22. He said that motions to dismiss are “rarely ever successful” due to the fact that the plaintiff just has to allege sufficient evidence for the case to continue.

“The court concluded in the Dapper case that the plaintiff presented sufficient evidence showing, IF ALL THE ALLEGATIONS ARE TRUE, then there is a securities breach,” the judge said.

“Now we enter the phase of discovery in which we seek to uncover what the actual facts are. The attorney continued by saying that after that is finished, Dapper would most likely submit a move for a summary judgment.

The charges that Dapper Labs distributed the NBA Top Shot Moments NFTs on a privately-run blockchain were a “fundamental” component for the court’s decision to deny the motion to dismiss, according to another United States attorney by the name of James Murphy, also known as “MetaLawMan.”

As a result of this, MetaLawMan proposed that the fact that XRP (XRP) is issued on a public blockchain “could be considered a net positive” for Ripple in its case against the U.S. Securities Exchange Commission (SEC). This was prompted by the fact that this “could be considered a net positive” for Ripple.

Plaintiff Jeeun Friel initiated the class-action lawsuit against Dapper Labs in May 2021. In the complaint, Ms. Friel said that the defendant offered NFTs in the capacity of unregistered securities.

On February 22, Judge Marreo ruled against the plaintiff’s petition to dismiss the complaint. He said that the method through which Dapper Labs provides the NFTs has the ability to establish a suitable legal connection between investors and themselves, which fulfills the investment contract conditions outlined in the Howey test. This is the case because the Howey test was developed.

However, given that Marreo said that not all NFTs would constitute securities and that each case will need to be evaluated on a case-by-case basis, it is very doubtful that the eventual result of this case will set a precedent for NFTs.

In the 15 minutes after the termination, the price of the Dapper Labs-issued Flow (FLOW) token dropped by 6.4%, moving from $1.24 to $1.16. According to CoinGecko, the FLOW token has recently made a comeback and is now trading at $1.29.

Source

Tagged : / / / / / / / / / /
Bitcoin (BTC) $ 25,790.91 3.72%
Ethereum (ETH) $ 1,814.80 3.01%
Litecoin (LTC) $ 87.31 6.66%
Bitcoin Cash (BCH) $ 109.29 3.91%