Consensys Software has issued a statement addressing U.S. Securities and Exchange Commission (SEC) charges accusing the company of unregistered securities offerings through Metamask staking and swaps. Consensys contends the SEC’s actions are regulatory overreach and vows to defend its position in court, emphasizing the broader implications for the web3 ecosystem. Consensys Challenges SEC Charges On […]
Bitcoin News
Dydx Chain Launches New Software Version, Adds Slinky Oracle for Real-Time Price Updates
The decentralized finance (defi) protocol, Dydx, has officially launched version 5.0.0 of its blockchain software, introducing innovative trading features aimed at enhancing market dynamics and user control. This update, approved by the Dydx community, includes the implementation of isolated markets and margins, designed to refine risk management and collateral usage. Dydx Chain Launches Upgrade According […]
Bitcoin News
Software Engineer: Anchoring AI on Public Blockchains Aids in Establishing a ‘Permanent Provenance Trail’
With artificial intelligence (AI) seemingly destined to become central to everyday digital applications and services, anchoring AI models on public blockchains potentially helps to “establish a permanent provenance trail,” asserted Michael Heinrich, CEO of 0G Labs. According to Heinrich, such a provenance trail enables “ex-post or real-time monitoring analysis” to detect any tampering, injection of […]
Bitcoin News
Wyoming Senator Slams DOJ’s Take on Non-Custodial Crypto Software, Vows to Protect User Rights
Wyoming’s Republican Senator Cynthia Lummis has responded to the Department of Justice’s (DOJ) latest argument regarding non-custodial software. Lummis’s remarks follow the DOJ’s reply brief on the indictment against Tornado Cash developer Roman Storm’s motion to dismiss. Senator Lummis Questions DOJ’s Non-Custodial Wallet Stance, Cites Legal Misinterpretations Senator Cynthia Lummis, a staunch advocate of cryptocurrency, […]
Bitcoin News
Developer Alerts Ledger Live Software Could Be Tracking User IDs, Apps and Balances
Rektbuilder, a developer, has stated that cryptocurrency hardware wallet company Ledger can track user identities, apps, and even cryptocurrency balances in the device through the use of Ledger Live, its wallet management software. The developer discovered this behavior while working on Lecce Libre, a lighter, less intrusive software for the hardware wallet.
Ledger Live Sends User Information to Ledger, Developer Alleges
Developer Rektbuilder alerted about the information that Ledger, the hardware wallet manufacturer, receives through its wallet management program Ledger Live. According to his findings, the software embeds checks for the ID of each device when installing or updating apps and firmware.
The developer, currently working on “Lecce Libre,” a less intrusive and lighter app to manage Ledger hardware wallets, warned that removing this verification code breaks the app, meaning that using it is mandatory. He stated:
I tried disabling the remote tracking and it’s impossible, it breaks if you do. Which means Ledger knows it’s you every time you plug the device in.
Previously, he had also reported having removed balance summary details involving network calls for asset balances. Rektbuilder stated that the Ledger Live made 2,000 network calls for “all sorts of unnecessary stuff,” having already removed them in Lecce Libre.
He escalated his concerns, stressing that due to the available recovery function that allows retrieving the private keys in the device, nobody can be sure these are not being read.
Emin Gün Sirer, founder and CEO of Ava Labs, also called on Ledger to address the issues presented by Rektbuilder. He stressed that Ledger “should be able to confirm or deny (1) if these claims are true, (2) if there’s a way to work entirely offline without tracking, and (3) if the private keys are readable from the secure element.”
Ledger, which recently faced an attack that caused users to lose 0,000 in assets, has contacted Rektbuilder, who reported they are now working with the wallet company to obtain feedback on the issues raised.
What do you think about Ledger Live’s alleged privacy issues? Tell us in the comments section below.
A Major Vulnerability Found in Early Crypto Wallet Software Risks Billions in Assets
A critical vulnerability in early cryptocurrency wallets, identified by cybersecurity startup Unciphered, threatens billions of dollars in digital assets. Originating from a flaw in the BitcoinJS software used for wallet generation between 2011 and 2015, this issue exposes wallets to potential exploitation. Millions of users are being urged to transfer their assets to wallets generated with updated, secure software.
Report Shows Early Crypto Wallets Exposed to Billion-Dollar Vulnerability
Unciphered‘s exhaustive 22-month investigation has unearthed a significant flaw in BitcoinJS, a widely used browser-based cryptocurrency wallet generation tool. This flaw stems from the SecureRandom function in the JSBN javascript library, compounded by weaknesses in major browsers’ Math.random implementations. This vulnerability, affecting wallets created from 2011 to 2015, makes them susceptible to attacks, with earlier wallets being more vulnerable.
Unciphered disclosed that it has coordinated with various entities to alert millions of users about this vulnerability. For individuals with assets in affected wallets, immediate action is recommended: transferring assets to newly generated wallets using reliable software. This proactive step is crucial for safeguarding digital assets against potential exploitation.
The vulnerability first surfaced for the team during a project for a client locked out of a Blockchain.com bitcoin wallet. This led to the rediscovery of a potential issue in BitcoinJS-generated wallets from 2011-2015. The implication is staggering, potentially affecting millions of cryptocurrency wallets generated during this period, with a significant value of assets at risk.
The vulnerability arises from the way BitcoinJS, a Javascript implementation of Bitcoin, used the JSBN library’s SecureRandom function. This function’s deficiency, particularly in its entropy collection and PRNG (pseudo-random number generator), creates a situation where key material could potentially be recovered by an attacker. The SecureRandom function’s failure to effectively utilize browser cryptographic functions compounded this issue, relying instead on weaker RNG methods.
This situation is critical because bitcoin private keys, requiring 256 bits of entropy, were generated with less entropy than needed. The varied impact of this vulnerability makes some wallets more susceptible to attacks than others. However, certain mitigation measures, like incorporating additional entropy sources, have been implemented over time, reducing the risk for newer wallets.
The vulnerability extends beyond bitcoin, potentially affecting dogecoin, litecoin, and zcash-based wallets. Various wallet services and projects that derived their code from BitcoinJS, including popular ones like Dogechain.info and Blockchain.info, might also be impacted. This highlights the widespread implications of the vulnerability across multiple cryptocurrencies.
Unciphered’s researchers detail that historically, third-party library dependencies have often led to vulnerabilities in software development. Similar issues have been seen in other projects, such as OpenSSL on Debian platforms. The current situation with BitcoinJS and its ecosystem exemplifies this ongoing risk in software development, especially when it comes to securing financial assets and sensitive information.
What do you think about the bug Unciphered discovered? Share your thoughts and opinions about this subject in the comments section below.
Bitcoin Fog Case Challenges Blockchain Analysis; Chainalysis Software Faces Scrutiny in US Court
Since his arrest in April 2021, Roman Sterlingov, the alleged operator of the crypto mixing service Bitcoin Fog, has been defending his claimed innocence for more than two years. Recent court filings indicate Sterlingov’s legal team is challenging the Reactor software from Chainalysis, which was presented as evidence in the case. Sterlingov’s attorney contends that the Reactor’s heuristics have “no known error rates for, no rates of false positives, no rates of false negatives, nor any peer-reviewed paper attesting to their accuracy.
Attorney Labels Chainalysis Methods as ‘Junk Science’ in Bitcoin Fog Trial
A recent court filing from the lawsuit against Roman Sterlingov, who is accused of operating the crypto mixing application Bitcoin Fog, reveals that his attorneys are challenging the Reactor software from Chainalysis. Attorney Tor Ekeland labeled the Reactor software’s heuristics as “junk science” in court, as reported by Bloomberg. In the court document, Sterlingov’s legal team stated:
In regards to the slide on page 9 of 45, the summary table of Bitcoin Fog darknet market exposure, these figures appear to be based upon Chainalysis Reactor’s heuristics that the Government can produce no known error rates for, no rates of false positives, no rates of false negatives, nor any peer-reviewed paper attesting to their accuracy.
The court order reveals the U.S. government’s knowledge that the defense is challenging the legitimacy of the clustering techniques tied to the Bitcoin Fog cluster. Furthermore, the defense fervently asserts that the slide is contentious, more inclined to prejudice than provide clarity, lacks a solid basis, and includes hearsay. To conclude, attorneys emphasize that there’s no clarity on when the valuations concerning the exchange rate between BTC and the U.S. dollar were established.
This isn’t the first instance where the U.S. government’s blockchain specialists have faced scrutiny. In the Crypto 6 scenario, Ian Freeman, a co-anchor of the radio show “Free Talk Live,” presented a Daubert motion, intending to dismiss the government’s expert testimony. Freeman’s attorneys contended that private entities and proprietary software employed in blockchain scrutiny fall short of the Daubert benchmarks for acceptable evidence. After Ekeland’s letter to the court, the U.S. government responded, defending its analysis in the case against Sterlingov.
Prosecutors Defend Blockchain Analysis and Insist the Evidence Meets Daubert Benchmarks
In a response filing, prosecutors emphasized that “blockchain analysis” meets the Daubert criteria for admissibility and highlighted there was “significant testimony regarding the reliability of Chainalysis Reactor.” The government stated that both the software and the broader field of blockchain analysis have undergone testing, including scrutiny during law enforcement investigations. They further specified that methods used in blockchain analysis have been “studied by academics,” with research focused on clustering techniques to minimize false positives. The prosecutors elaborated:
The government’s Nov. 7, 2022, filing noted that blockchain analysis does have commercially accepted standards, even in the absence of a government standards body or certification board.
Sabrina Willmer and David Voreacos of Bloomberg reported that Chainalysis has defended its position in court documents, describing the criticism as a “smear campaign.” However, U.S. judge Randolph Moss has permitted the defense to enlist an expert to examine Chainalysis’s methods for tracing blockchain data. Moss emphasized that any findings should remain confidential.
What’s your take on the criticism Sterlingov’s lawyer presented in the court battle? Dive into the conversation and share your perspectives on this topic in the comments below.
Israeli Cyber Crime Unit Raids Company Accused of Producing a Crypto-Stealing ‘Sting Software’
Israeli law enforcement recently raided the offices of a company accused of producing software used by criminals to defraud crypto investors of millions of dollars. Some six suspects were arrested following the raid on a company that is reportedly operated by the country’s infamous crime families.
‘Sting Software’
The Israeli police’s National Cyber Crime Unit recently raided an IT company whose so-called “sting software” has helped criminal syndicates to steal millions of dollars from crypto investors. According to a Ynet News report, six individuals were arrested while dozens were taken in for questioning.
According to the report, the raided company is believed to be operated by the country’s infamous crime families. In his remarks following the raid, Dudi Katz, the head of Lahav 433’s National Cyber Crime Unit, said:
“We were able to stem the tide of this crime wave and bring down hundreds of call centers. This operation spanned internationally and was unique in scope, including cooperation with German police forces.”
In addition to German law enforcement, members of the Israel Money Laundering and Terror Financing Prohibition Authority as well as the Israeli Tax Authority were also involved in the raid.
Detained Suspect Denies Charges
As stated in the report, criminal syndicates would lure unsuspecting victims with the promise of high returns on crypto investment. The victims who showed an interest were then given purported credentials to access or control their investment portfolio. However, the report said when victims attempted to withdraw or cash out their profits they would realize that this option was not available.
Meanwhile, one unnamed suspect’s legal representatives Shay Roda and Uri Goldman said their client rejects the charges. They said as the investigations into the company continued, they would be able to relay the suspect’s “message to the relevant cyber investigators.”
What are your thoughts on this story? Let us know what you think in the comments section below.
Ethereum Software Client Geth Issues Hotfix To Tighten Security
Geth, the most renowned software client of Ethereum, has provided a hotfix to the threatening security challenges in its code. The news was posted on Tuesday at 07:08 UTC to GitHub. However, the details of the terms were not disclosed immediately.
The release is titled Hades Gamma (V1.10.8); it was posted to Ethereum GitHub on Tuesday at about 07:08 UTC.
According to one of the posts on the release page, it didn’t disclose the details of the vectors, including their fixes. This would have allowed the dependent downstream projects and node operators to update their software and nodes.
Related Reading | Bittrex Global CEO Declares Dubai Will Gain Benefit From Cryptocurrency Market Expansion
A report from Ethernodes.org states that close to 75% of all the nodes on the Ethereum blockchain run Geth. Therefore, these users are advised to upgrade to Geth V.1.10.8, the updated version, immediately.
Guido Vraken Discovering The Bug In Ethereum
A software developer Guido Vraken announced on August 18th that he had discovered the bug. Guido Vraken is a scientist who specializes in discovering open-source software code vulnerabilities.
He is also interested in scientific works, product development and validation, regulatory matters, and teaching. Guido Vraken is a graduate of the University of Ghent and a volunteer at Natuurpunt.
As stated earlier in the GitHub security advisory post, Geth’s vulnerability can make a node unable to execute Ethereum blocks.
The Ethereum experienced a temporary split on its chain during the last Geth code’s fix for a software bug. The split resulted from communication lapses from Geth developers regarding the bug, which was a deliberate act.
However, several computers known as ‘nodes’ don’t bother to customize their Geth users to the normal implementation. This led to a consensus failure in the blockchain, as recorded in November 2020.
Geth Developers Take On The Latest Version
In a blog post, the Geth developer team mentioned that not exposing the security vulnerability is backed by some reasons. First, the act delays all potential attacks on intending node operators that require more time to migrate to the newest version.
Now, Geth developers emphasize how urgent it is for all their software users to migrate to the latest version. However, their formal August 18th announcement didn’t explicitly describe the vulnerability nature and form.
Related Reading | Former DigitalX Executive Appointed As The New Binance Australia CEO
One of the Geth developers, Péter Szilágyi, stated his opinion while tweeting about the code release on Tuesday. He said that “People were not happy with our hotfix last time; they noted that we didn’t make the announcement. So we have decided to do it differently this time; let’s know the one that works better,” – he added.
Infura and other major Etherum-based wallets and services have pledged their support for this latest Geth release. They publicly made this announcement on Twitter.
Featured Image From Pixabay
NewsBTC
Altrady — A Review of the Super-Fast Multi-Exchange Crypto Trading and Portfolio Management Software
The cryptocurrency market offers a plethora of opportunities for traders to make profit. It works the best only when these opportunities are leveraged at the right time, which calls for the use of specialized trading tools. Altrady is one such cryptocurrency trading software that is perfected over time to equip its users with the best crypto trading tools the technology has to offer.
As an all-in-one trading platform, Altrady can be used to manage trades as well as crypto portfolios over some of the leading cryptocurrency exchanges in the market. While exchanges are the go-to place for crypto traders, they aren’t optimal for professional trading as the interface and tools are designed by keeping retails traders and one-off buyers and sellers in mind. The need for specialized software is felt across the community and recognizing the genuine need, a team of traders who are familiar with these challenges have created Altrady. In addition to basic functionalities, Altrady incorporates powerful trading tools that readily offer a better insight into the market, a trove of historical and real-time analytical data, news alerts with market updates and intelligent market scanning mechanisms to make the decision process easier for traders.
Features that Make Altrady Stand Out
The most prominent feature of Altrady is its Smart Trading feature that offers a wide range of flexible trading options for users. The Smart Orders feature allows users to maintain full control over their positions by simplifying entry orders and automating exit orders. The features can be used to place three types of orders, viz., Market Order, Limit Order and Ladder Order.
Using Smart Orders, traders can either choose to open a new position or extend existing positions by adding more orders. The existing positions can be further customized by selecting desired start data and time or manually entering information regarding the average entry or exit price, quantity, and cost. They can also pick the order side and select Buy (Long) or Sell (Short) based on their preference.
For added convenience, Altrady is also working on support for form preset where users can create trading form templates. These templates can be readily picked from the list and used to execute orders. The order forms themselves are clear and well-defined for traders to set the relevant parameters.
The Smart Orders feature enables increased automation of trades by offering a way to set a variety of conditions for all order types. Traders can choose to enter their own expiration time for entry orders, take profit conditions based on scales and targets. Soon, it will be incorporating an innovative “Keep free coins” option where users can choose to recover the initial investment in a crypto pair while retaining the profit in coins instead of USDT or other stablecoin.
Easy Portfolio Visualization
Altrady will incorporate widgets that provide a bird’s eye view of the portfolio.
My Position Widget
The My Positions widget will display all smart positions, enabling users to track and modify their orders while the assets table gives an overview of all available crypto assets, amount locked in open orders and total equity at any particular given time.
Made to Suit Your Tastes
The highly customizable interface on Altrady can be modified as per each trader’s preference. They can choose how their trading screen looks like. Using this feature, traders can ensure that the trading pairs, market data and analytical tools and charts they favor are prominently displayed on their home screen at all times. The ready availability of desired information at fingertips significantly cuts short the time otherwise taken to navigate through the platform, thereby giving an advantage over traders on conventional exchange/trading platforms. Even a slight improvement in reaction times on a highly volatile crypto market may mean a huge difference in profit and loss percentages.
Ready to Use on Any Device
The Altrady crypto trading and portfolio management software is versatile and available on multiple devices. Traders can either opt for the desktop software, a mobile app on Android and iOS devices or the browser-based responsive web trading interface that works on any connected device with browser capabilities.
Supported Exchanges
Altrady users can trade cryptocurrencies on some of the leading exchange platforms with almost zero delay. The list of supported exchanges includes Binance, Bittrex, HitBTC, KuCoin, Coinbase Pro, Kraken, Poloniex and OKEx, with FTX and Bybit to be added soon and many more. Users can trade on any of these exchanges from within the Altrady interface without having to familiarize themselves with each platform’s interface.
Market Scanners Help Keep an Ear to the Ground
The Quick Scan and Crypto Base Scanners monitor the price movements in the crypto market and notify traders about upcoming profit-making opportunities.
Quick Scan provides alters on potential scalping and other profitable opportunities whenever the price of a crypto asset goes up or down.
Meanwhile, Crypto Base Scanner is optimal for traders opting for QFL trading strategy where this tool provides them information about the preferable entry points and automatically notifies them of any opportunity to generate profits while following the QFL strategy.
Pricing
The Altrady platform is available in three different plans that are suitable for traders with different expertise levels and earning expectations.
The Basic Plan costing EUR 14.95 per month provides almost all the functionalities that are available on the Altrady ecosystem apart from few advanced trading strategies and analytics. It is a good entry point for anyone exploring Altrady and based on their changing needs, they can upgrade to a more suitable plan on a later date.
The Essential Plan offers all the Altrady functionalities at a monthly subscription fee of EUR 29.95. However, users of this plan will miss out on two exclusive features that are available only to Premium customers – Base Scanner and Quick Scanner.
Premium Plan is the top-tier subscription package offered by Altrady. It is designed to meet the needs of advanced and professional traders who have many demanding requirements compared to others. Available at EUR 44.95 a month the Premium Plan is a complete all-around package.
All these plans can be either availed on a monthly basis or as an annual plan. Those opting to pay upfront for a whole year get a 30% discount on the total cost, making it an attractive option to consider. However, those who wish to explore the platform in-depth before committing their money can avail of the 14-day trial for free and subscribe only after they are convinced about its effectiveness.
With the new added features and Altrady roadmap it’s very possible that the pricing will change soon.
Additional Resources
Altrady Crypto Trading Academy is a collection of educational resources where users can learn a lot about crypto trading and the platform itself. The step-by-step tutorial enables users to learn everything about crypto trading from scratch and implement it while executing trades. At any point, if the users have any queries or complaints, they can write to the support team or refer to detailed documentation available on the Altrady platform to get it addressed.
More in Store
While Altrady is already is a highly capable, full-fledged crypto trading and portfolio management platform, it continues to improve its offering through constant innovation. The team behind Altrady is working on introducing new features. Some of these latest and upcoming features include Manual Smart Positions, Trading bot Positions, Signals Bot, Grid Bot and more.
The existing and upcoming features on the Altrady platform paves the way for traders to realize the full potential of automated trading. The balance achieved by the platform in terms of speed, usability and convenience makes it ideal for traders to play the market and exploit maximum profit-making opportunities in their favor.
Learn more about Altrady at – https://www.altrady.com/