fbpx
Connect with us

Bit Coin

Experts find private keys on Slope servers, still puzzled over access

Published

on

Experts find private keys on Slope servers, still puzzled over access

Blockchain analysis firms involved in the Solana exploit investigation unpack the latest developments as teams try to figure out how private keys were stolen.

1286 Total views

24 Total shares

Experts find private keys on Slope servers, still puzzled over access

Blockchain auditing firms are still trying to figure out how hackers gained access to about 8,000 private keys used to drain Solana-based wallets. 

Investigations are ongoing after attackers managed to steal some $5 million worth of Solana (SOL) and Solana Program Library (SPL) tokens on Wednesday. Ecosystem participants and security firms are assisting in uncovering the intricacies of the event.

Solana has worked closely with Phantom and Slope.Finance, the two Solana-based wallet providers that had user accounts affected by the exploits. It has since emerged that some of the private keys that were compromised were directly tied to Slope.

Blockchain audit and security firms Otter Security and SlowMist assisted in ongoing investigations and unpacked their findings in direct correspondence with Cointelegraph.

Otter Security founder Robert Chen shared insights from first-hand access to affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of affected wallets had private keys that were present on Slope’s Sentry logging servers in plaintext:

“The working theory is that an attacker somehow exfiltrated these logs and were able to use this to compromise the users. This is still an ongoing investigation, and current evidence does not explain all of the compromised accounts.”

Chen also told Cointelegraph that some 5,300 private keys that were not a part of the exploit were found in the Sentry instance. Nearly half of these addresses still have tokens in them — with users urged to move funds if they have not done so already.

The SlowMist team came to a similar conclusion after being invited to analyze the exploit by Slope. The team also noted that the Sentry service of Slope Wallet collected the user’s mnemonic phrase and private key and sent it to o7e.slope.finance. Once again, SlowMist could not find any evidence explaining how the credentials were stolen.

Cointelegraph also reached out to Chainalysis, which confirmed that it was carrying out blockchain analysis on the incident after sharing initial findings online. The blockchain analysis firm also noted that the exploit mainly affected users that had imported accounts to or from Slope.Finance.

While the incident absolves Solana from bearing the brunt of the exploit, the situation has highlighted the need for auditing services of wallet providers. SlowMist recommended that wallets should be audited by multiple security companies before release and called for open source development to increase security.

Chen said that some wallet providers had “flown under the radar” when it came to security when compared to decentralized applications. He hopes to see the incident shift user sentiment toward the relationship between wallets and validation from external security partners.

Go to Source

Bit Coin

Crypto Exchange Zipmex Moves to Release Some BTC, ETH Holdings This Week

Published

on

Crypto Exchange Zipmex Moves to Release Some BTC, ETH Holdings This Week

Shortly after resuming withdrawals for some altcoins, Asian crypto exchange Zipmex announced that it will be easing withdrawal amounts of Bitcoin and Ether later this week.

The statement comes after the platform had assured its users on August 4 that it is “committed to resuming all services on the Zipmex platform ASAP and to rebuild confidence and alleviate customer concerns.”

August 11, 16 earmarked for release

Zipmex, a cryptocurrency exchange with offices in Singapore and Thailand, announced a temporary halt to client withdrawals from the platform back on July 20. While the exchange blamed falling crypto asset prices and loan defaults by industry heavyweights for the decision, it said it will resume withdrawals less than 24 hours after suspending operations.

Now, despite the exchange’s battle with Babel and Celsius, it intends to release a specific amount of ETH and BTC on August 11 and 16, respectively.

Zipmex is planning to release a specific amount of ETH and BTC on 11 and 16 August respectively. We’re working hard to release the balance of Z Wallet holdings ASAP.

Thank you for your ongoing patience and support.

Zipmex Team

#Zipmex pic.twitter.com/moywJffXau

— ZIPMEX (@zipmex) August 8, 2022

Previously on August 2, 100% of users’ SOL was released, 100% of XRP was announced for release on August 4, and Zipmex said it will make 100% of ADA available on August 9, 2022. Stablecoins, on the other hand, will remain inaccessible for the time being.

Meanwhile, in Singapore, Zipmex has requested bankruptcy protection to address its financial concerns by way of a moratorium for five of its businesses. While the hearing is to take place on August 15, it is crucial to reiterate that Zipmex has raised a total of $62.9 million in investment over the course of 6 rounds. As per Crunchbase, Coinbase and B Capital Group were the most recent investors.

That said, co-founder Akalarp Yimwilai had also stated on Twitter last month that the “primary objective at this stage is to raise funds and open up Z Wallet as soon as possible.”

We reiterate that we have an audit trail and written evidence on all sequence of events. However, our primary objective at this stage is to raise funds and open up Z Wallet as soon as possible.

— Akalarp Yimwilai (@akalarp) July 29, 2022

Will the Singapore court go the Vauld way?

Just last week, the High Court of Singapore granted the troubled cryptocurrency lender Vauld a three-month moratorium period. As a result, the corporation will be effectively protected from any prospective legal action from creditors during this time. Therefore, a similar route for Zipmex will allow the platform to resolve its liquidity issues and re-enable its Z wallet.

Just to reiterate, Zipmex Asia Pte Ltd, Zipmex Pte Ltd, Thailand-based Zipmex Company Limited, PT Zipmex Exchange Indonesia, and Zipmex Australia Pty Ltd are among the businesses asking for assistance under Section 64 of Singapore’s Insolvency, Restructuring and Dissolution Act 2018. According to Singaporean legislation, these businesses must be given an automatic moratorium for 30 days or until the court issues a ruling.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Go to Source

Continue Reading

Bit Coin

Dave Portnoy’s SafeMoon position is down 94%, claims he’s being sued by project

Published

on

Dave Portnoy’s SafeMoon position is down 94%, claims he’s being sued by project

The Barstool Sports founder panic-sold Bitcoin in 2020 and has expressed fleeting interest in digital assets ever since.

1258 Total views

48 Total shares

Dave Portnoy's SafeMoon position is down 94%, claims he's being sued by project

Barstool Sports founder Dave Portnoy has watched his investment in SafeMoon (SAFEMOON) crash by over 94%, proving to crypto enthusiasts that he is, in fact, capable of hodling during the bear market. 

The stock trader and media personality took to Twitter on Monday to lament his $40,000 investment in the memecoin, which has fallen to just $2,370.94 after he didn’t withdraw a single token. “Still holding by the way,” Portnoy said. “Diamond hands.”

I put 40k into @safemoon I haven’t withdrawn any. It’s not worth 2.3k. And I’m being sued. https://t.co/qRAyBegQMm

— Dave Portnoy (@stoolpresidente) August 8, 2022

Portnoy claimed that he’s also being sued by SafeMoon, possibly for “trashing” the project on his show, but didn’t elaborate much further. In a separate tweet, Portnoy shared a screenshot of SafeMoon’s sales manager expressing displeasure with the Barstool Sports frontman for giving the company “a bad look and unfair representation.” Portnoy “mentioned his SafeMoon losses on air but failed to mention he hasn’t upgraded his holdings to V2 yet,” the manager said.

And let’s not forget when @safemoon themselves complained about me trashing them. pic.twitter.com/1Fg2i9lijC

— Dave Portnoy (@stoolpresidente) August 8, 2022

Portnoy is no stranger to cryptocurrencies, having bought Bitcoin (BTC) in August 2020 only to sell it one week later due to volatility. He later expressed regret over his lack of conviction and went on to make several additional bets on cryptos, which included SafeMoon.

Related: Dogecoin founder speaks out against ‘meme coins’

As far as prices go, SafeMoon is down over 99% from its all-time high of $0.00001399 in April 2021, according to CoinMarketCap. The coin has a lifetime return on investment of negative 86%. 

SafeMoon was audited in May 2021 by blockchain security firm HashEx. At the time, the firm identified 12 smart contract vulnerabilities, including a “temporary ownership renounce” that made it especially prone to a rug pull.

Go to Source

Continue Reading

Bit Coin

Circle freezes blacklisted Tornado Cash smart contract addresses

Published

on

Circle freezes blacklisted Tornado Cash smart contract addresses

Stablecoin issuers can blacklist interactions with the Tornado Cash DApp on the Ethereum smart contract level.

997 Total views

19 Total shares

Circle freezes blacklisted Tornado Cash smart contract addresses

Crypto data aggregator Dune Analytics said that, on Monday, Circle, the issuer of the USD Coin (USDC) stablecoin, froze over 75,000 USDC worth of funds linked to the 44 Tornado Cash addresses sanctioned by the U.S. Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons (SDN) list. Tornado Cash is a decentralized application, or DApp, used to obfuscate the trail of previous cryptocurrency transactions on the Ethereum blockchain. 

All U.S. persons and entities are prohibited from interacting with the virtual currency mixer’s USDC and Ethereum smart contract addresses on the SDN list. Penalties for willful noncompliance can range from fines of $50,000 to $10,000,000 and 10 to 30 years imprisonment. An estimated $437 million worth of assets, consisting of stablecoins, Ethereum, and wrapped Bitcoin (WBTC), are currently held in Tornado Cash’s smart contract addresses. As a result, issuers are expected to take steps to prevent the transaction or redemption of such assets. 

Both the entities behind USDC and Tether can freeze their stablecoin transfers to and from Tornado Cash on the Ethereum smart contract level. Meanwhile, Palo Alto, California-based BitGo, would also, theoretically, need to restrict access to Tornado Cash to comply with such sanctions. One possible method is suspending the redemption of Tornado Cash-linked WBTC.

As told by pseudonymous DeFi educator BowTiedIguana, the new Tornado Cash sanctions apply across the board for U.S. individuals and entities. Simple interactions such as Gitcoin donations, working for the project, running or downloading its software, visiting its website, and depositing/withdrawing from smart contracts could be interpreted as violations. 

Circle just frozen 75,000 USDC belonging to unsuspecting Tornado users, as well as 149 USDC donated to the project. pic.twitter.com/GBS41FtZvB

— banteg (@bantg) August 8, 2022

Go to Source

Continue Reading
Home | Latest News | Cryptocurrency | Bit Coin | Experts find private keys on Slope servers, still puzzled over access
a

Market

Trending