Gnosis Safe Joins the List of NFT Supported Wallets On Apple’s AppStore Blacklist

Gnosis Safe Joins the List of NFT Supported Wallets On Apple’s AppStore Blacklist

Apple Inc. has continued to keep tight reins on its platform. This has seen it bar several crypto wallets from hosting non-fungible tokens (NFTs) not purchased using Apple’s in-app purchase system.

New Update Flagged As ‘Inappropriate’

Apple is launching a series of world-class smartphones, but users may find it hard to access their favorite digital collectibles. This follows a report by the head of product development at Gnosis Safe, Lukas Schor.

In a lengthy Twitter thread, Schor alleged that the iPhone manufacturer was barring it from hosting non-fungible tokens (NFTs) on the latest release of the Ethereum-based crypto wallet.

According to him, the tech company took offense after discovering that the new Gnosis Safe update will support user-owned NFTs, a feature Schor says has been in operation for some months already.

In response to the new update, Apple said it does not support apps, especially crypto wallets that display NFTs that cannot be purchased inside the app store. Further clarifying its position, Apple termed such apps that facilitate purchases except for its nominal Apple Pay platform as “inappropriate” and advised Gnosis Safe to revise its NFT functionality or risk being delisted.

A resubmission with a clearer update description still received a rebuff from the privacy-centric smartphone manufacturer. Per Schor, Apple maintains its position that NFTs can only be purchased from its App Store.

NFTs are digital certificates that show the owner of a particular virtual asset and can come in various forms. For now, the arts and creative industry have keyed in on the blockchain-based digital arts with NFTs like Bored Ape Yacht Club (BAYC) pieces selling for millions of dollars. This has seen popular decentralized applications (dapps) and NFTs supporting platforms like Ethereum and Solana spike value.

Also, online NFT marketplaces like OpenSea have recorded over 76,000% year-to-date (YTD) increase in NFT sales, with the platform crossing the $3 billion mark in transaction volume in early August.

Apple Actions Raising Questions

Apple’s strong stand has raised a long-debated question on its strong-handed tactics on apps that operate in the App Store. Gnosis Safe is not the only crypto wallet provider getting the boot from the company.

Other notable defaulters are Trust Wallet which said it would not support its Dapp browser on iOS 6.0 in its latest release. The company cited compliance with the platform’s laid-down rules. Another victim is imToken wallet which also removed a list of featured Dapps for iOS users citing the App Store guidelines as the reason.

However, Gnosis Safe will not go down without a fight, and Schor says the company plans to resolve the issue with the App Review Board. He also noted that Apple might not be a good vehicle for the rapidly-growing Web3.0 wave.

Read Original/a>
Author: Jimmy Aki

Non-Custodial Crypto Wallets Not Covered by Proposed Prohibition, Clarifies European Commission

Non-Custodial Crypto Wallets Not Covered by Proposed Prohibition, Clarifies European Commission

On Tuesday, besides prohibiting anonymous crypto transactions, the EU’s executive arm also added anonymous crypto asset wallets to its prohibition list, requiring the full application of AML/CFT rules to ensure complete traceability.

This created some confusion as to what exactly the crypto wallets meant here, which the European Commission confirmed is not applicable to non-custodial privacy wallets rather only to exchanges.

“Indeed, open-source, non-custodial wallets, will not be covered by the prohibition,” an EC spokesperson told Cryptonews.com.

Anti-money laundering (AML) frameworks are only applied to actors that are gatekeepers of the financial system, which in crypto means VASPs like exchanges that provide virtual asset services.

“But this requirement does not apply to un-hosted wallets that are retained by the users themselves,” the spokesperson added.

This week, European Union (EU) policymakers proposed tightening regulations on the cryptocurrency sector by prohibiting the anonymous transfer of crypto assets and requiring companies to collect data on both senders and recipients as part of its broad plan to crack down on money laundering and terrorist financing.

“The present proposal aims at introducing in EU law these new requirements of the VASPs, by providing an obligation for these actors to collect and make accessible data concerning the originators and beneficiaries of the transfers of virtual or crypto assets they operate,” reads the proposal.

The law, as we reported, basically extends the Financial Action Task Force’s “travel rule” that applies to wire transfers to the entire crypto industry.

Read Original/a>
Author: AnTy

Hackers Have Been Stealing Crypto From Wallets for Over a Year with a New Malware

Hackers Have Been Stealing Crypto From Wallets for Over a Year with a New Malware Dubbed ‘ElectroRAT’

A new malware, dubbed ElectroRAT has been discovered by cybersecurity researchers at Intezer Labs; the remote access Trojan (RAT) targets crypto wallet users and has been operational for the past year according to the report published on Jan 5.

With crypto prices on a bullish trend, the market continues to be exposed to malicious attackers looking to drain funds from users’ wallets. This latest malware is said to have been embedded in three crypto apps built on Electron hence the pseudo ‘ElectroRAT’.

Under the Hood

Per the report, the apps in which the malware was hidden include Jamm, eTrade/Kintum, and DaoPoker. All these are crypto-oriented applications with the first two being trading apps, while DaoPoker was fronted as a gambling platform. Notably, the three applications were deployed for Linux, Mac, and Windows versions.

Intezer Labs researchers highlighted that the malware took longer to be detected since the apps were built from scratch, concealing the actual intention, which was to breach users’ crypto-wallets. The report describes ElectroRAT as extremely intrusive given its embedded functionalities. ElectroRAT has,

“Various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console.”

This malware was written on the Golang programming language which made it even more difficult for malicious malware to be detected. Golang has become a favorite amongst malware authors given the complexity of analyzing projects written in this language; they tend to be more sophisticated than malware written in C#, C++, and C.

Level of Exposure

Intezer Labs estimated that thousands of users may have already been affected by the malware, although they might not be aware. According to additional evidence from the report, some of the victims are Metamask wallet users. This comes as no surprise given that the three apps sourced for marketing support and were able to advertise on popular crypto portals such as SteemCoinPan and Bitcointalk.

Cyber sec stakeholders who have commented on this development include Casa crypto custody CTO, Jameson Lopp, who said that such novel malware is to be expected in a bull market. He went on to caution crypto users against using wallets that store private keys on one’s desktop/laptop; instead, the ‘private keys should be stored on dedicated hardware devices’.

Read Original/a>
Author: Edwin Munyui

Bitcoin SV Multisig Wallet, ElectrumSV, Exploited; Putting Real Users’ BSV In Jeopardy

  • Bitcoin SV has a critical bug in its multisig wallets, putting “zillions of funds” in jeopardy.
  • No real funds have been lost, a statement on Reddit reads.
  • Users are warned against sending BSV tokens to the ElectrumSV multisig contract.

A Reddit post by former Blockstream developer and co-founder Gregory Maxwell states that Bitcoin SV’s multisig contracts no longer provide any security to the users, causing a loss of all BSV tokens. However, no real user funds have been affected by the critical bug; the statement reads.

In a quest to offer users a faster and less costly payment system, Bitcoin SV had to make some changes to Bitcoin Cash’s consensus rules during the hard fork in November 2018. One of the key changes was to rip out P2SH, or pay-to-script-hash, which allows a user to send a transaction to a “script” rather than a public key address. This was important for users signing into multisig addresses, which are wallet addresses that require several private keys to sign the transaction.

BSV abandoned the P2SH with a homebred solution in “Electrumsv (and presumably elsewhere)” called accumulator multisig, which is a script that looks like a P2PKH, or pay-to-public key hash, buts adds up “the number of passes and compares them to a threshold.” The problem arises on the threshold figure whereby instead of accepting X signatures or more, the developers instead coded accepting X signatures or less.

Electrumsv released a statement on Monday asking users not to send any funds to the accumulator multisig wallet to avoid losing their funds.

According to Maxwell, the developers did not test the multisig solution well enough, only checking if too many signatures would raise a problem but leaving out the consequences of fewer signatures to the multisig wallets. He writes,

“The result is that these scripts had no security at all and could just be spent by a scriptsig that pushes a couple of zeros.”

One user, Aaron67, claims he lost 600 BSV (~$94,800) due to the exploit code when he sent his tokens to the multisig wallet – losing every single token. He explains that he thought it was safe to send funds to the wallet as it was featured by CoinGeek, a website run by Calvin Ayre, a close friend to nChain’s and Bitcoin SV founder, Craig Wright. According to the ElectrumSV team, the harmful bugs came from the developers at nChain.

A failed code change on Bitcoin SV

According to Maxwell, the current BSV bug is not clear if it was an honest mistake or a scam from developers. However, he warns users from sending large amounts using scripts that are culpable of being a scam or built by developers that are easily deceived.

Even if the critical bug is accidental, Maxwell claims the error could be avoided if the developers took the time to check and test the homebred multisig wallet. Moreover, the issue could be completely avoided if the BSV developers did not gut “the competent, time tested, and highly peer-reviewed mechanisms” used on Bitcoin multisig wallet in favor of the less tested BSV homebred accumulator multisig solution.

In his closing remarks, Maxwell states that the presence of such a simple code error shows that there may be other issues on the BSV code.

“Kinda makes you wonder what amazing bugs are lurking in their node software or wallets,” he states. “I can say for sure: I’m not going to run any of it and risk finding out.”

Read Original/a>
Author: Lujan Odera

Hackers Move $5.7M of Stolen BTC; Not Impressed With Bitfinex’s $400 Million Reward

Bitfinex 2016 hackers move millions worth of stolen BTC between wallets for the first time since the $400 million rewards for returning the 120,000 BTC hacked stash was announced. A total of 478 Bitcoins (BTC) currently worth over $5.8 million moved to unknown wallets with a cybersecurity analyst stating the hackers are planning to “chain hop” the BTC.

On Monday, August 17, reports from Whale Alert, a bot that aggregates transactions on blockchains, confirmed hackers from the Bitfinex hack moved nearly $6 million worth of BTC in two transactions – 467.67 BTC (~$5.77 million) and 5.648296 BTC (~$70,000) – both to unknown wallets.

Four years ago, hackers stole over 120,000 BTC, then worth about $73 million, from the Bitfinex exchange causing the most significant daily BTC price drop at the time. Today the Bitcoins are worth over $1.4 billion at current prices, and the hackers seem ready to sell off the whole stash.

Bitfinex launched a return policy for the stolen BTC tokens last week, offering 30% of the total amount of BTC returned or any information to recovering the assets. Despite the reward being over $400 million (for the whole stash returned), the hackers seem comfortable to spend the remaining BTC.

Since the Bitfinex hack, the attackers have cashed out the BTC to new account wallets showing no signs of returning the BTC, with the asset’s price skyrocketing over 80% in 2020. Over the year, hackers have moved massive amounts to new wallets. In May, the hackers moved about 29 BTC (~$255,000) to an unknown wallet and doubled up their actions earlier this month – moving $12 million worth of BTC on the hack’s fourth anniversary.

Currently, several blockchain analysis firms that are tracking the stolen BTC, making it harder for hackers to sell off the assets. According to Rich Sanders, CEO of CipherTrace, a blockchain forensics firm, the hacker’s latest movement of the BTC is to split the assets into many smaller wallets to make it easier to cash out on KYC-less crypto exchanges such as InstaSwap.

Sanders explains the move of splitting the amounts as “chain hopping” whereby having many small accounts become very resource-intensive for authorities to follow through. However, he agrees this can only be done on smaller exchanges that do not have blockchain analysis systems such as CipherTrace and Chainalysis.

With the hackers increasingly cashing out their “profits” and shrugging off the $400 million dollar reward, Bitfinex plans to increase its efforts in tracking down the perpetrators of the theft.

Read Original/a>
Author: Lujan Odera

New Law Bans Anonymous Wallet Deposits To Curb Illicit Activities in Russia; Must KYC

The Russian government has passed a ruling to ban anonymous deposits into online wallets to curb illicit use of these anonymous funds. The banning would supposedly affect almost 10 million people who use different online wallet services such as Yandex, WebMoney, PayPal, and Kiwi.

People use these online payment and wallet services anonymously, where they top-up their wallet with a certain amount and then proceed to use it for different purposes, including buying of cryptocurrencies.

The government hopes to curb financing of terrorism and the illegal drug trade, which has been a growing concern given almost 10 million people make use of these online payment portals to make anonymous deposits to these online wallets.

The Russian government has been cautious about legalizing crypto use in the country since they believe legalizing crypto as a legal tender can undermine their sovereignty on issuing cash. However, Antonina Levashenko, an economist by profession, believes the measures taken against anonymous crypto wallet deposits won’t affect the blockchain space and the progress made in the decentralized ecosystem. Levashenko explained,

“Will it affect cryptocurrencies? Currently, these changes have been implemented only about electronic money by the amendments to the law on the national payment system. But shortly, undoubtedly, yes. FATF standards are always applied to new technologies by analogy: if at first the standards were spelled out for classic bank accounts, then they were first extended to electronic wallets and prepaid cards, and then to virtual wallets for cryptocurrencies, ”

Experts Believe the Impact of Ban Would be Minimal

Maria Stankevich, an EXMO crypto exchange business development manager, believes the current ruling by the government would only impact those exchanges which haven’t been following the compliance set by the regulatory authorities. She also noted that the current ban would force bad actors to either shut their operations or make changes to incorporate the compliance guidelines set by the authorities. Stankevich explained,

“A small insider: one large payment system … at one time refused us after a long passage of all compliance procedures. Colleagues explained this by the fact that despite the strong anti-money laundering and anti-fraud procedures, our exchange can replenish an account through the named payment systems, which, in turn, can be replenished with cash. This means that no one can trace the origin of these funds, which contradicts all the policies of this payment giant. We were distraught then but hoped that someday such a law would be adopted.”

Just last week, President Putin has signed a law for Law on Digital Financial Assets, which prohibits the use of bitcoin and other cryptocurrencies as a means of payment. The rules and guidelines related to the new Law on Digital Financial Assets would come into practice by January 1st, 2021.

Read Original/a>
Author: James W

Crypto Hardware Wallet Ledger: ‘Funds are Safe’ After ‘BigSpender’ Vulnerability Found

A vulnerability was recently discovered by ZenGo in popular cryptocurrency wallets Ledger, Edge, and BRD. Named BigSpender, the vulnerability could lead to a double-spend and an incorrect balance on the wallet.

Double-spending is spending the same money more than once and preventing it is one of the most critical tasks of any digital currency system.

The issue with BigSpender is that “vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually.”

This negligence results in increasing a user’s balance on an unconfirmed incoming transaction but doesn’t decrease if the transaction is double-spent.

Other implications included the state of canceled transactions not updated in the users’ transaction history, canceled transactions’ coins still being selected by the wallet’s software, and user interfaces not well distinguished from a confirmed state.

Easy with Minimal Risk

The vulnerability was found while investigating the handling of Bitcoin’s Replace-by-Fee (RBF) feature, a standard method that allows users to “undo” a yet to be confirmed transaction by sending another transaction, spending the same coins with a higher fee.

Due to RBF’s standard nature, attackers can easily and with minimal risk launch the basic double-spend, amplification attack, and Denial-of-Service (DoS) BigSpender exploits.

According to the ZenGo report, in some of the vulnerable wallets, this attack is hard or even impossible to recover from in which DoS attack becomes permanent.

Attackers don’t even need a big amount of money to launch the attack, they only pay for the small cancellation fees. And they do it by sending a small amount to many users of a vulnerable wallet as it doesn’t need the consent of victims which are then unable to use their funds.

Funds are Safe

BRD has related a fix while Edge and Ledger are working on it. Ledger and BRD have already handed bug bounty awards to ZenGo.

“There is no actual double-spend being performed. The user funds stay safe,” Ledger told Forbes.

In its official response, Ledger reassured that “it’s not a vulnerability, but instead a clever piece of social engineering where a malicious actor would try to trick you.” The vulnerability cannot be used to get the 24-word recovery phrase or access your crypto in any way. Your funds are safe, it said.

ZenGo has also released an open-source tool checking your BigSpender vulnerability in Bitcoin wallets.

Read Original/a>
Author: AnTy

Token Listing Platform CoinList to Streamline The Wrapped BTC (wBTC) Buying Process

  • Coinlist well into minting wBTC directly from users’ digital wallets, helping users avert a tedious process.
  • They are reportedly responsible for minting about 25% of the total wBTCs in circulation.

There have been reports of San Francisco based Coinlist now venturing into the Decentralized Finance Sphere. Since February this year, they have been directly involved with helping investors mainly financial firms with wrapped Bitcoin (wBTC) acquisitions.

The wBTC is an ERC token based on Ethereum that is backed by Bitcoin on 1:1 ration. This translates to for each wBTC in circulation there is an actual BTC in cold storage by Bitgo according to their forum. This may not be fully transparent but it has now put the BTC in a standard Ethereum form hence the BTC could now be used in Ethereum smart contracts.

The long process of converting Bitcoin to wBTC that involved first converting it to Ethereum was tedious and the tokens listing platform deciding to ease the burden at a small cost. They now offer their users the ability to convert BTC to wBTC and Vice versa at their own convenience straight from your wallet. Coinlist has revealed that they are responsible for minting up to 25% of the total wBTCs in circulation and a daily trading average of 20%. Their current rate for every transaction is 0.25%.

Coinlist rise to fame in ICO Era

Notably, Coinlist founded in 2017 and backed by Twitter founder Jack Dorsey and Polychain Capital made their name during the Initial Coin Offering era (ICO). They have reportedly held 12 ICOs since its launch including the $257 million Filecoin ICO the same year and more recent Dfinity sale of $102 million.

Their growth was however stunted as they suffered post ICO era. They have been involved in much smaller ICOs: $60 million Algorand and $72 million ICO for Nervos in 2019. The most recently held this year March for Solana Blockchain raising a meager $1.76 million.

They raised $10 million in a series funding backed by Jack Dorsey and VC Polychain Capital held last year in October.

Read Original/a>
Author: Lujan Odera

Criminal Assets Bureau Confiscates Over 6,000 Bitcoin But Unable to Sell Them

The Criminal Assets Bureau (Cab) has confiscated 12 online accounts, wallets containing 6,000 bitcoin of a drug dealer who had €55 million (over $59.6 million) of his fortune in the digital currency but lost the keys to access his wallet after hiding them with his fishing rod, which has now gone missing, reported the Irish Times.

This also means, these €53.6 million worth of bitcoin are also out of the Cab’s reach, which has been apparently the biggest case in the Cab’s 25-year history. Bitcoin advocate Andreas Antonopoulos said,

“Funny how people who create money by fiat think they can also seize it by fiat, even when it’s not fiat. “But we said we seized it. In writing and on official paper and everything! What do you mean it’s not seized?” Crypto: I respect your authority but I doubt your ability.”

However, trader Crypto Gainz says, even still,

“you know the amount of bitcoin and presumably the owner of the address(es) Now try it with monero. You wouldn’t even know the amount seized. It wouldn’t warrant a headline.”

Punishment of stupidity

The drug dealer Clifton Collins, 49, from Dublin, originally bought most of his bitcoin in late 2011 and early 2012 using cash that he made from growing crops of cannabis. In the last decade, Bitcoin’s value soared 9 million percent and is currently trading at $9,630.

In early 2017, during the last bull run, he had these over 6,000 BTC in one account but because it might be too easy for hackers to access, Collins spread it across 12 accounts, 500 Bitcoin worth €4.5 million in each wallet.

Collins printed out the code on a piece of paper and hid it inside the aluminum cap of his case containing his fishing rod which he kept at his rented home in Cornamona, Co Galway. But a burglary during the time he was arrested and jailed for possession of cannabis lost him his fishing rod and the codes to access his wallet. However, Collins has reportedly come to terms with the loss of the money and took it as a punishment for his own stupidity.

For now, Cab has been able to access only a small stash of Bitcoin valued at €1.5 million that he had in other accounts and seized them along with €100,000 in cash.

Garda officers are hopeful that advances in technology would allow them one day to access the bitcoin that they haven’t’ been able to so they could be sold.

Read Original/a>
Author: AnTy

Kraken Security Labs Discovers ShapeShift’s KeepKey Crypto Wallet Can Be Hacked Easily For $75

KeepKey hardware wallets are affected by a flaw that would make them vulnerable to attacks if a hacker has access to the device for around 15 minutes. This is according to a recent report released by Kraken Security Labs and published in a blog post on December 10.

KeepKey Crypto Hardware Wallet Affected By Flaw

As per the report released by Kraken, an attacker would rely on voltage glitching to extract the encrypted key of the user from KeepKey wallets. After this, the encrypted seed can be cracked and the PIN can be easily hacked with brute force. The researchers claim that it is possible to perform this attack with a consumer-friendly glitching device for just $75.

In addition to it, the report explains that it would not be possible to stop these attacks from happening with a software update from the company. In order to solve this issue, a needed  complete hardware redesign, which is certainly expensive to perform and very costly for users.

The company claims that they are already aware of these attacks but their goal is to protect users against remote attacks that could happen to online, desktop or mobile wallets, among others.

It is very important for users to be sure that if they lose their cryptocurrency wallet, the funds could be potentially accessed by attackers and the funds could be at risk of being stolen. The cryptocurrency market has many times been affected by hacks that were pointed at exchanges and other large holders of digital assets.

The report has also advised users to enable the BIP39 Passphrase with the KeepKey client in order to protect the crypto funds in the wallet. The passphrase is generally not user-friendly in practice but it is also not stored on the device, meaning it would not be vulnerable to this attack.

Read Original/a>
Author: Carl T