New Open-Source Code Vulnerability Was Found and Fixed In Facebook’s Libra

A recently discovered vulnerability on the open-source protocol of Facebook’s Libra was just fixed. The vulnerability was originally discovered by OpenZeppelin, a third-party audit company that is focused on crypto products.

The developers of the company have found some vulnerabilities in the scripting language created by Facebook, which is called Move. According to the company, the vulnerabilities were pretty severe and could lead to huge problems if the code went online before they were addressed.

OpenZeppelin’s CEO Demian Brener affirmed that one of the vulnerabilities allowed hackers to use smart contracts disguised as inline comments and they could use it to steal money. Fortunately, the issues have been patched as soon as possible, so these flaws will never actually see the light of day.

The auditor company was originally created back in 2015 and it has worked with several high-profile initiatives so far, including organizations such as the Ethereum Foundation, Coinbase, and the Brave browser.

The Move script was mostly devised by the developers of Calibra, the company created by Facebook to handle the project. They have defined the most important features of the technology, but since the code is open, anyone can give their opinions on what works or not.

According to Brener, audits are becoming more important to the industry each day. Crypto projects are getting considerably bigger as time passes, so more third-party audits are needed for them to work well, as no team can completely audit them alone.

Libra has a very complex system, just like many other recent tokens. These products will be used to manage a lot of money, so making sure that they work well is needed.

Read Original/a>
Author: Gabriel Machado

Coinbase’s Password Vulnerability May Have Affected 3,500 Customers

Coinbase has recently reported that the company found a vulnerability in its system that affected the passwords of some users. According to the company, some passwords were stored in a plain text file on the company’s servers.

The information was not accessed by any outside source at any time, but around 3,500 customers had their passwords stored in a less than secure way up until recently. The glitch may have affected only 0.1% of the clients but was relevant enough to be disclosed.

How has this happened, in the first place? According to the company, due to a very specific error in the procedure. The registration form would simply not be loaded correctly and the attempt to create the account would fail. However, the log of the failure would be sent to the company.

According to Coinbase, the error would happen when JavaScript was not properly loaded during the inscription.

This meant that the name, information, and password of the person would be still in an unprotected place after the person succeeded in creating the account. Over 90% of the time, the customers retried and used the same password again, which caused the vulnerability.

After discovering this possible vulnerability, Coinbase looked at the other files present on the company’s database to see if another one could be problematic. Fortunately, no others were found at the time of this report.

According to a recent post, the company completely fixed the problem and excluded the file with sensitive information. All accounts that may have possibly be affected also were prompted to create new passwords in order to protect their assets.

Read Original/a>
Author: Gabriel Machado

Dash Warns About Security Vulnerability In MyDashWallet, Suggesting Not To Use It

Dash-Warns-About-Security-Vulnerability-In-MyDashWallet-Suggesting-Not-To-Use-It
  • Dash warns about a vulnerability that affected My Dash Wallet users
  • The wallet informed that the issue has been solved

The team behind Dash, one of the most popular digital currencies in the market, is warning about a vulnerability they found at My Dash Wallet. According to a recent Tweet released by Dash, they found a vulnerability and urge the community not to use the wallet until further notice.

Dash Warns About My Dash Wallet Vulnerability

According to Dash, the third party wallet My Dash Wallet is affected by a vulnerability that could be harmful for users. Apparently, an externally loaded script was sending users private keys to a server. At the same time, the official Twitter account of Dash mentioned that other wallets such as Coinomi and Jaxx are safe.

My Dash Wallet informed that the external library has been already removed and the external site fixed itself back on May 13th. In addition to it, they explained that there was no browser getting the hacked script. Nevertheless, they recommended creating  a new HD Wallet and move funds there.

As mentioned before, Dash is one of the most popular digital currencies in the market. Indeed, it is currently the 15th largest and it has a market capitalization of $1.28 billion. In addition to it, each Dash coin can be purchased for $145.

Wallets and crypto exchanges have had many different vulnerabilities that have affected their credibility and ended up with users losing their funds. This is why there are many investors that do not trust the whole crypto space and prefer to remain on the sidelines until these services become more mature.

A few months ago, the cryptocurrency exchange Binance was affected by a hack in which they lost around 7,000 BTC.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

Read Original/a>
Author: Carl T

CosmosSDK has Anticipated Patch for Critical Security Vulnerability Found

CosmosSDK has Anticipated Patch for Critical Security Vulnerability Found

A recent post on the Cosmos Network Forum highlighted a critical security vulnerability. According to the post, the vulnerability was reported to the Tendermintn team.

It continues that a patch is available in v 0.34.6 of the CosmosSDK and that the patch is also “available now.” The platform intends to provide technical details concerning the vulnerability in 7-10 business days.

The timeframe is to provide a reasonable amount of time to harden their systems. The platform also notes that it is coordinating a hard fork for a Cosmos mainnet upgrade, and that it is also reaching out to validators to ensure that they will be able to respond during the network transition.

It also recommends that service providers upgrading full node update to the latest and most secure version of the CosmosSDK immediately.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

[Domain Disclosure] The crypto-community content sourced, created and published on BitcoinExchangeGuide should never be used or taken as financial investment advice. Under no circumstances does any article represent our recommendation or reflect our direct outlook. We b-e-g of you to do more independent due diligence, take full responsibility for your own decisions and understand trading cryptocurrencies is a very high-risk activity with extremely volatile market changes which can result in significant losses. Editorial Policy \ Investment Disclaimer

Read Original/a>
Author: Bitcoin Exchange Guide News Team