Boxmining v2

Author: ronalthapa

  • Urgent: Ongoing Solana Hack, Million Dollars Drained from more than 5,000 Wallets

    Urgent: Ongoing Solana Hack, Million Dollars Drained from more than 5,000 Wallets

    What Happened to Solana?

    More than $6 million have been stolen from more than 5000 Solana wallets late Tuesday night, according to a tweet from Solana auditor OtterSec. The tweet is supported by other accounts on Twitter that claimed their holdings were wiped in a matter of minutes.

    The Solana auditor revealed that the transactions were in fact authorized by the owners of the wallets, suggesting a private key breach on a massive scale.

    ETH users may also be impacted by the attack. It is uncertain that the attack is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.

    See also: What is Solana (SOL token): explained

    What Caused the Solana Attack?

    The exact cause of the Solana attack is as yet unknown, but Magic Eden, leading NFT marketplace of Solana, urged all Solana users to “revoke permissions for any suspicious links” as well as all apps if necessary.

    Reports indicate that all internet-connected hot wallets on Solana such as Phantom and Slope have been affected. Wallets that have not been used in more than six months seem to be mostly targeted, and all Phantom wallets have been compromised.

    Phantom tweeted, β€œWe are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.”

    On the other hand, crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.

    Sam Bankman-Fried, founder and CEO of FTX, commented in an interview with Fortune, “this wasn’t a core blockchain problem, likely seems like one app someone built was buggy.”

    Slope wallet to blame for the Solana attack?

    Solana is still investigating the hack, but so far is suggesting that wallet provider Slope is largely responsible for the security exploit. In a tweet, they state that “…it appears affected addresses were at one point created, imported, or used in Slope wallet applications.”

    Solana’s investigation is suggesting that Slope may be responsible.

    The Solana team has also found that whilst 60% of the victims were Phantom users, those who were affected did not generate their seed phrase using Phantom. Also, those who were solely Phantom users did not have their wallets drained.

    How Do I Protect Myself from this Attack?

    Users are advised to move their funds to a cold wallet such as a Ledger or Trezor hardware wallet, and ensure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.

    For users without a hardware wallet, sending funds to major crypto exchange is a viable temporary solution.

    In the form of a community warning, web3 gaming company Star Atlas also urges users to withdraw permission for all of the apps in their wallets and shift money to cold storage with the Solana exploit underway.

    I have been affected by the Solana attack. What should I do?

    As ongoing investigations suggest that Slope may be responsible for the recent hack, Solana co-founder Anatoly Yakovenko advised Slope wallet users to regenerate their feed phrase in a different wallet.

    Slope has also issued a statement recommending ALL Slope users (not just those affected by the Solana attack) create a new and unique seed phrase wallet and transfer all their assets there. They also reassure users who have been using hardware wallets that their keys have not been compromised. Check this page for our hardware wallet reviews and guides.

    Note: Until 8th Aug 2022, Ledger is offering 10% off the Ledger Nano X and Ledger Nano S Plus when entering the code MOVESOL2LEDGER at checkout. Click here to buy!

    Is the Attack Still Ongoing?

    It’s unknown at this point whether the breach is still active, where it came from, and whether any further user funds are still in danger. Blockchain fraud investigator @zachxbt revealed that the attackers funded the main wallet connected to this operation via Binance seven months ago.

    The transaction history reveals that the wallet was inactive until today, at which point, the hackers made transactions with four separate wallets ten minutes before the incident occurred.

    Solana Hacker Wallet Address

    Frequently Asked Questions (FAQ)

    How do I protect myself from the Solana Hack?

    The current best strategy is to move funds into a cold wallet – such as the ledger hardware wallet. Make sure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.

    Where to move my Solana funds if I don’t have hardware wallet?

    If you don’t have a hardware wallet, moving funds to a major crypto exchange is also a viable option now. However, it is recommended that users should get a hardware wallet and transfer their funds there as soon as possible. Check this page for our hardware wallet reviews and guides.

    Which Solana wallets were hacked?

    Multiple wallets – Phantom, Slope, Solflare, TrustWallet – across a wide variety of platforms are compromised. It is advised to move your funds to a hardware wallet or major crypto exchange for security purposes.

    Who were the Solana hackers?

    Investigators identified the following four wallets as the address of the attackers:
    CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

    Is Solana dead?

    The widespread Solana wallet hack certainly impacts the market sentiment toward Solana, and many investors have expressed doubt about the project’s future. As of now, the attack has prompted an 8% drop in Solana’s price in the two hours following the first reports of the attack.

    What caused the Solana wallet hack?

    Crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.

    An ongoing investigation by Solana suggests that wallet provider Slope is responsible. This is because affected addresses were once created, imported, or used in Slope mobile wallet applications.

  • Crypto Bitcoin Horror Stories to Give You Nightmares

    Crypto Bitcoin Horror Stories to Give You Nightmares

    You’d be surprised at how people, loaded with Bitcoin and other crypto, managed to lose their ticket to retirement.

    One Wrong Click – $120,000 Crypto Gone

    A phishing attack is the oldest play in the book, the bread and butter of web3 scammers.

    They work by tricking victims with fake error messages, wallet pop ups, or flashy hyperlinks. They will then lead you to unofficial websites or extensions that would expose your wallet seed phrase or other sensitive information.Β 

    You’d think people would be more careful about connecting to shady websites, but the truth is both crypto newbies and veterans still fall victim to these to this day!

    Reddit user PowerofTheGods shared his story of how he lost $120,000 after clicking on a malicious link. While his ledger was unlocked, a Trojan malware took control of his computer and wiped all of his wallets in a matter of minutes. The sight of all his assets being transferred to the hacker’s wallet address still haunts him to this day.

    The story went viral and countless people also shared their unlucky experience. They reported to the authorities, but there was nothing they could do as cryptocurrency is still largely unregulated.

    Always be cautious when encountering suspicious links especially from an unknown source. Also always double-check the link that you are clicking is indeed the right one. Some scammers can even copy the domains of well-known DApps with slight moderations to it, and you won’t even notice the difference.

    Crypto Exchange CEO Died – All Users’ Assets Locked

    This case is the literal sense of the phrase, “taking secrets to the grave.”

    Canadian exchange QuadrigaCX’s CEO Gerald Cotten allegedly passed away in India in 2018. He was the sole custodian of the exchange’s crypto store, which is all held in cold storage.

    No one has ever been able to unlock the digital wallet passwords on his encrypted laptop. As a result, over 115,000 users’ assets are locked indefinitely, including 26,500 Bitcoin, 11,000 Bitcoin Cash, 200,000 Litecoin, and 430,000 Ethereum.

    In fact, in early 2022, Netflix released a documentary, Trust No One: The Hunt for the Crypto King, about Cotten’s life and his death in India.

    The morale of the story is never store your crypto on exchanges, especially if you have large holdings. Consider holding your funds in hardware wallets likeΒ Ledger Nano X,Β Ledger Nano SΒ orΒ Trezor Model T.

    Forgotten Password to 7,002 Hard-Earned Bitcoin

    About 20% of all Bitcoins are lost in circulation. That is a lot of money that is unlikely to be recovered. This happens when users forget their private key or even the password to the hard drive containing the private key.

    German engineer Stefan Thomas was given 7,002 Bitcoin in exchange for creating an animated video in 2011 called “What is Bitcoin?” However, he has forgotten the password to his encrypted hard drive called IronKey, which stores the private key to the Bitcoins.

    IronKey allows users 10 attempts to input their password correctly before the funds are encrypted forever. Thomas only has two attempts left before his Bitcoins are gone forever.

    Always remember to write down your password and seed phrase on a piece of paper and store it securely. Or it would be a lifetime of regret.

    Spring Cleaning Gone Wrong – 8,000 Bitcoins Lost

    Remember when some of your stuff would go missing, only to find out your mom had thrown them away because she thought it was useless? An action figure with sentimental value? No big deal!

    But for James Howells, it was life-changing. He had two identical laptop hard drives β€” one was blank and the other contained 8,000 Bitcoins. Howells had meant to throw out the blank one when he was clearing out the office, but instead the drive containing the crypto ended up in a landfill in Newport, Wales!

    This unlucky disaster continues to haunt Howells to this day. He has repeatedly petitioned Newport City Council if he can dig up the landfill site, which were all denied.

    10,000 Bitcoins for 2 Pizzas

    May 22 is known as Bitcoin Pizza Day. It is a well-known story in the crypto world. It was the day Laszlo Hanyecz paid 10,000 Bitcoins for two Papa John’s pizzas in 2010, which was worth $30 at the time. Now they are worth nearly $230 million!

    We can’t blame him for not knowing the future. Since Bitcoin did not have that much value back then, it was more like redemption points for pizza. Had he held his Bitcoins, he would not have to work a day in his life again.

    Amazingly, Laszlo said that he had no regrets about it, and was happy to be a part of the early history of Bitcoin. In fact, Hanyecz is the first person to use Bitcoin in a commercial transaction.

  • 3 Ways You’re Losing Crypto Without You Knowing!

    3 Ways You’re Losing Crypto Without You Knowing!

    If you think you are safe on the blockchain, think again! You’re constantly being watched, and malicious actors are getting more creative at stealing your precious crypto. Here’s what might be waiting for you.

    Your Crypto and IP Address Are Exposed Interacting on DApps

    Did you know that your personal data including your crypto and IP address are exposed whenever you connect to a DApp? Here’s how it works.

    Your wallet does not actually interact with the blockchain directly. Instead, it can only do that through nodes. A node is one of the computers that run the blockchain’s software to validate and store the entire history of transactions on the network.

    Each time you connect to a DApp, make a transaction or deposit funds to a protocol, the request is sent to a node, which verifies and executes the transactions. These nodes are usually deployed and run by node providers. But what you do NOT know is that node requests are also packed with sensitive information like your IP address, web browser version, and so on.

    Now, of course, these data remain at the node company. They have strict policies not to share the data with a third party. But what if the company gets hacked or acquired by some other company? That is when your personal information is out in the open. Node providers can also ban you from accessing the blockchain entirely via their nodes.

    Crypto Sandwich Attack on Decentralized Exchanges

    Have you ever wondered why you end up paying more for the tokens you buy on certain decentralized exchanges (DEX), only to find out they are worth less afterwards? The truth is, when you trade on DEXes, you are always losing out to bots. Here’s how it works.

    When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined. This is called the “sandwich attack” because your pending transaction is “sandwiched” between the bots’ orders.

    Each transaction is sent to a public mempool, which is a queue for the transactions that have not been added to a block and are still unconfirmed. It is visible to everyone, and bots, being quick enough, can exploit that. There is nothing much we can do about it because that is just the public nature of blockchains.

    Getting Doxxed by Your Ethereum Name Service Domain

    Showing off your Ethereum Name Service (ENS) domain is cool, but did you know that people can use that to track down your wallet addresses?

    You can check out Unstoppable Domains: Get ready for a censorship immune future on how domain name services work.

    While ENS is a huge step forward in terms of convenience, it also means several steps backward when it comes to privacy. Since most blockchains are open and transparent, anyone can use your ENS to snoop on your finances. It is the difference between sending someone an email and them being able to look at your entire inbox.

    Here’s how it works. You will need a wallet address to register an ENS domain. As a result, each ENS domain has a wallet address attached to it. Even if you do not use your main wallet address to register your ENS, it is easy to trace this address back to your other addresses.

    Let’s look at an example – neutral.eth. At first glance, there isn’t much going on. At first glance, there isn’t much going on, but when digging a little deeper, the Ethereum address that registered the name held 58,000 Ethereum at one point, worth about $15 million at the time. This address regularly received large payments from the crypto exchange Poloniex’s main wallet. And all activities stopped the same day Circle – who owned the Poloniex exchange at the time, got rid of trading fees. This shows it was a company wallet that created neutral.eth.

    Just from an ENS domain alone, you can watch people’s movements, see insights into business deals and know just how much money people really have – all by observing public blockchain data. If your valuable information falls into the wrong hands, there would be a target on your back.

    Are DApps private?

    Certain DApps are run by node providers who can see your personal information such as IP address and web browser version etc.

    What is a Sandwich Attack?

    When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined.

    Are ENS domains private?

    Since each ENS domain has a wallet address attached to it, it is easy to trace this address back to your other addresses.

  • Will Tether Stablecoin (USDT) Depeg Again? Reserve FUD Continues

    Will Tether Stablecoin (USDT) Depeg Again? Reserve FUD Continues

    USDT has reclaimed its peg after UST collapse. But will this happen again amidst FUD rumors surrounding Tether?

    What is USDT?

    Tether (USDT) is the world’s largest stablecoin by market cap with more than $65 billion in circulation at the time of writing. Stablecoins have long been the anchor of cryptocurrency trading because they are pegged to the U.S. Dollar, allowing investors to “cash out” of risky investments instead of swapping to another crypto coin that would fluctuate in value.

    For more information on stablecoins, check out “The Pros and Cons of Stablecoins: Why You Need To Know How They Work.”

    What Happened to USDT?

    However, stablecoins are not exactly 100% “stable”. This is shown by the sudden vaporization of $18 billion in the collapse of Terra’s algorithmic stable terraUSD (UST), which caused a dangerous domino effect across the market.

    This catastrophic event spurred panic selling in other stablecoins, and Tether Ltd., the company behind USDT, honored billions of dollars’ worth of redemptions following UST’s bank run. As a result, USDT’s peg broke and fell to as low as 95 cents. It is a huge red flag if a stablecoin drops below 99 cents, especially for stablecoin heavyweights such as USDT itself.

    Fortunately, USDT has passed the market’s stress test. They were able to withstand redemptions in extremely volatile conditions, eventually reclaiming the peg. However, Tether is still facing criticisms for the lack of transparency about the nature of assets backing the stablecoin.

    Tether fights back: calls short-selling hedge funds “flat out wrong”

    Many hedge funds saw the collapse of Terra as a reason to short USDT. According to a Wall Street Journal podcast, the reason for this is twofold. Firstly is the fact that institutional investors are withdrawing from risky investments (such as crypto) since the Federal Reserve is aggressively raising interest rates. Secondly, they are worried about the quality of the assets backing Tether.

    In Tether’s blog post on 28th July 2022, Tether hit back at these hedge funds, saying that, “…the underlying thesis of this trade is incredibly misinformed and flat-out wrong. It is further supported by a blind belief in what borders on outright conspiracy theories about Tether.”

    Tether also added in a blog post on 27th July 2022 that its portfolio does not contain any Chinese commercial paper. Furthermore, as of the date of the post, its total commercial paper exposure has been reduced to around 3.7 billion (from 30 billion a year ago). Tether also states that it has plans to further reduce its total commercial paper exposure to 0 by October/early November 2022.

    What is Exactly Backing USDT Value?

    Tether has claimed that all USDT tokens are backed 100% by the company’s reserves. According to their latest reserves attestation report audited by MHA Cayman, an independent accounting firm, the company’s total assets exceed its total liabilities, suggesting that USDT is fully backed. Its holdings include U.S. Treasury bills, money market funds, cash, and commercial paper.

    Great, this finally puts an end to what is in their reserves and we can all sleep peacefully without worrying about a USDT collapse, right? Not quite. In fact, there are namely two big issues surrounding Tether’s backing.

    • Nearly Half of USDT’s Reserves Were in Commercial Paper

    According to the report, Tether has more than $20 billion worth of commercial paper in their total assets. Commercial paper is a short-term unsecured debt issued by companies. This poses a problem to backing stablecoins because they are generally seen as less secure and illiquid, unlike cash and U.S. Treasury bills.

    There have also been rumors that most Tether’s commercial paper holdings are backed by debt-ridden property developers in China, albeit Tether denies the rumors. As mentioned previously, Tether has denied rumours that its portfolio contains Chinese commercial paper.

    On the positive side, Tether has taken an initiative in reducing its commercial paper holdings to zero in favor for U.S. Treasuries to back USDT reserves. Tether currently has around 3.7 billion in commercial paper exposure (as of July 2022) but plans to eliminate this completely by October/early November 2022.

    Does this mean that Tether is taking on a leadership role in support of greater transparency for the stablecoin industry? Or is this just a facade, given that Tether continues to avoid a comprehensive audit? This brings us to the next issue. Ambien

    • Tether Has Yet to Undergo an Impartial and Comprehensive Audit

    Though Tether was open about the state of their reserves, the problem lies with the firm that audited it. MHA Cayman is a small-time independent accounting firm based in Cayman Islands. So it is understandable that critics believe that it is more of a validation of information based on management claims than an audit.

    John Reed Stark, an SEC attorney leading cyber-related projects for 15 years, tweeted that the best way for Tether to end the allegations against them would be to “engage a big-four accounting firm to conduct an audit which finds a rock-solid balance sheet. He also added, that, “without a proper audit, everything else Tether’s CFO says is just noise.”

    The big-four refers to the four largest professional services networks in the world, consisting of the global accounting networks Deloitte, Ernst & Young, KPMG, and PwC. They have recently been getting involved in the blockchain industry, working with many crypto companies for regulation purposes.

    A big-four audit carries a lot of weight with the SEC, and many larger companies want to be a part of it because it would make their enterprise more attractive and trustworthy to investors.

    What Would Happen if USDT Collapses?

    If USDT were to collapse, it would deliver catastrophic results in the industry, sparing nothing. It would mean the end of Ethereum DeFi which is a predominantly USDT-based market. This would trigger a chain reaction across all smart-contract networks.

    Bitcoin will also be severely impacted as more than half of bitcoin is traded for USDT since 2019, according to data cited by JPMorgan analysts. As a result, history would repeat itself, triggering another bank run, destabilizing exchanges and causing a panic drop in Bitcoin’s price.

    But we should not forget that USDT was able to maintain its stability through multiple black swan events and extremely volatile conditions, and has managed to stick to its values and honor all redemption requests during the UST collapse in May.

    After all, USDT has long been the king of stablecoins and is critical for maintaining any confidence in the industry. All the big players in crypto will simply not let a collapse happen.

  • 10 Best Smart Contract Security Auditing Firms in 2022

    10 Best Smart Contract Security Auditing Firms in 2022

    We have compiled an updated list of the top performing blockchain security and smart contract auditing companies in 2022, giving you comprehensive data and history of these firms for you to make the best informed decision possible.

    Why Do Smart Contract Auditors Matter?

    A lot has happened since 2020 when we last ranked the best smart contract auditors at the time. As the crypto space is evolving, so are hackers and scammers around the world. Web3 attacks are becoming increasingly frequent, and each day malicious players have found creative ways to exploit smart contract vulnerabilities for quick profit.

    One of the largest crypto hacks in history happened earlier this year when Wormhole, Solana’s cross-chain bridge, was hacked on February 2nd. The attack exploited a signature verification vulnerability in the network that allowed the hacker to freely mint 120,000 wETH, worth $325 million at the time. As a result, security audits are extremely important. According to an article by Hacken, though Solana may be blamed for providing the instrument with security flaws to its projects, Wormhole might have “prevented the incident by auditing the instruments it used.”

    Quality smart contract assurance helps identify potential issues, and ensure that the protocol is ready at all times to address any threat that could put its users’ funds at risk. However, there are no guarantees that a protocol will be 100% secure after an audit, but a good smart contract auditor can still perform thorough reviews to potentially prevent major vulnerabilities after launch. To keep up with the increasing demand in blockchain security, certain auditing firms have also branched out to offer other cybersecurity services such as penetration testing, running bug bounty programs, vulnerability assessments, and threat modelling.

    What Makes a Good Smart Contract Auditor?

    We have compiled our list of the top smart contract auditors this year based on a set of criteria. One of the first steps in finding a reliable smart contract auditor is to check the portfolios of projects they have audited. Doing so allows you to see the size and popularity of the projects they have audited, and more importantly if any of the projects they have worked on have been compromised. Larger projects tend to attract more attention from hackers, and if they have not been exploited for a long period of time, then it is a good sign that their security is up to date thanks to their auditor(s).

    The next factor to consider is the auditor’s expertise in certain blockchains. As of now, most auditors offer only Ethereum contract audits. Only some are specialized in auditing projects on altchains such as BNB, Solana or Polygon. This is because EVM-compatible chains have different architectures, and certain altchains use a completely different programming language, e.g. Rust for Solana. Different firms have different areas of expertise in auditing protocols built on different blockchains, so it is best to assess their level of competency before engaging them for an audit. For example, if you are looking for a Polygon-based contract audit, check the firm’s past audits for Polygon-based projects.

    Finally, it goes without saying but the quality of audit reports is an important consideration to look for in a reliable auditor. Different auditing firms have their own methodology and approach. In many instances, the scope of an audit varies according to the scale and complexity of the project as well as the auditor’s agreement with their clients. It is important to note that a good report should include a comprehensive description of all the problems that were found during the test and inspection, and the findings of the audit have been addressed by the project.

    Hacken

    Website: https://hacken.io/

    Projects Audited: 700+

    Major Clients: FTX, Avalanche, VeChain, Huobi, Kyber, Air Asia

    Chains Supported: Ethereum, EVM Chains, BNB Chain, Solana, Polygon, Avalanche, NEAR, Fantom

    Hacken is a leading cybersecurity consulting company focused on blockchain security. Since its inception in 2017, Hacken has been educating and growing the ethical white hat hacker community to continually nurture and build the blockchain security ecosystem. Who better to identify and address cybersecurity threats than a hacker? (https://www.kambioeyewear.com/)

    Hacken provides a wide range of security services including blockchain security consulting, web/mobile penetration testing, vulnerability assessments, coordination of bug bounty programs and more. The company also encompasses security products such as HackenAI Security Platform, hVPN, and hPass etc. Beyond just blockchain security ecosystem, Hacken has also partnered with non-blockchain giants like Air Asia.

    Over the years, Hacken has built a commendable reputation as a security risk assessment for companies requiring a digital environment to create or enable services for their consumers, which is why Hacken is certified as Web 3.0 security standard by two of the world’s largest cryptocurrency data aggregator Coingecko and Coinmarketcap.

    Quantstamp

    Website: https://quantstamp.com/

    Projects Audited: 200+

    Major Clients: Ethereum 2.0, Solana, BNB Chain, Cardano, Maker, Curve, OpenSea

    Chains Supported: All chains

    Quantstamp is a security validation protocol for smart contracts and is one of the most recognized auditing companies in the blockchain sector. Their security team consists of PhDs and security professionals with experience in top IT companies such as Google, Facebook, Apple, and Ethereum Foundation.

    Quantstamp specializes in auditing services of all programming languages designed for use in blockchain applications. Since its launch in 2017, Quantstamp has audited over 200 projects and helped secure over $200 billion in value. Its services include auditing layer-1 blockchains, smart contract-powered NFT and DeFi protocols, and developing financial frameworks for layer-1 blockchain ecosystems.

    Trail of Bits

    Website: https://www.trailofbits.com/

    Projects Audited: 500+

    Major Clients: 0x Protocol, Compound, MakerDAO, Acala, Balancer, yearn.finance

    Chains Supported: Ethereum, Polkadot, Polygon, Tezos, Arbitrum

    Trail of Bits is a cybersecurity industry giant with a long list of big-name clients such as Microsoft, Adobe, Reddit, Zoom, Airbnb, and Reddit etc. Founded in 2012, before smart contracts were even invented, the company prides itself as a network of developers with the capabilities of identifying and fixing loopholes in software, devices, and code. They have long developed tools that help developers find and fix critical vulnerabilities. Manticore is one of their signature tools, a multi-contract and multi-transaction emulator. Other tools include Cryptic, Slither and Echidna which are also blockchain-focused solutions.

    ConsenSys Diligence

    Website: https://consensys.net/

    Projects Audited: 100+

    Major Clients: 0x Exchange, Aave, Balancer, Uniswap

    Chains Supported: Ethereum

    Consenys is a US-based blockchain technology solutions company and is one of the biggest and prominent blockchain incubators in the industry. Unlike other security firms mentioned on this list, ConsenSys dedicates its resources and technological expertise solely to the development of Ethereum blockchain applications and software, especially financial infrastructures.

    Its signature product, MythX, is one of the most powerful automated scanners for Ethereum smart contracts, providing a solid API which developers can use to access security analytics tools. Over the years, ConsenSys has successfully protected over 100 Ethereum-based projects and uncovered over 200 issues. Apart from security auditing, the company also provides two other services known as Fuzzing, a bug-finding tool for first specifications, and Scribble, a runtime verification tool that translates high-level specifications into Solidity code.

    CertiK

    Website: https://www.certik.com/

    Projects Audited: 1800+

    Major Clients: BNB Chain, Polygon, The Sandbox

    Chains Supported: All chains

    CertiK is a blockchain security company specialized in formal verification and AI technology in collaboration with some of the world’s best cybersecurity experts to create end-to-end audit services. The company has developed “CertiK Chain”, a public blockchain focused on mathematically validating the safety of smart contracts through formal and manual verification. Other services of CertiK include Skynet, Skytrace and Penetration Testing.

    CertiK is an official partner company of Binance, and is also backed by numerous big-name firms such as Golden Sachs, Coinbase, Lightspeed, Matrix Partners, and DHVC.

    LeastAuthority

    Website: https://leastauthority.com/

    Projects Audited: 80+

    Major Clients: Ethereum Foundation, Chia Network, O(1) Labs, Protocol Labs, cLabs, Tezos Foundation

    Chains Supported: Ethereum, Chia Network, Tezos

    LeastAuthority is a cybersecurity consulting firm with its main focus on privacy. Using privacy-enhancing technologies, it classifies itself as an enabler of private and disruptive storage solutions. The platform offers two major products which are essentially storage architectures. The first, Privatestorage (formerly S4), is a centralized system that provides storage infrastructure to end-users and offers them the autonomy over the collection, processing and distribution of their private data. The second product, Tahoe LAFS, enables a decentralized, distributed and fault-tolerant storage facility.

    Apart from security audits, other services also include penetration testing, network and traffic analysis, and mechanism and incentive design. The company’s consultants work with developers throughout their development cycles to ensure that their projects are not susceptible to security threats.

    ChainSecurity

    Website: https://chainsecurity.com/

    Projects Audited: 85+

    Major Clients: yearn.finance, Maker, Compound, Curve, Rarible, Kyber Network

    Chains Supported: Ethereum

    ChainSecurity is a blockchain security firm led by security experts from the renowned university ETH Zurich. Similar to ConsenSys, the company specializes in Ethereum contract auditing. They have developed an automated audit platform that allows projects to thoroughly analyze smart contract designs, test their viability, and monitor metrics detailing their performances after launch. The company has worked with more than 85 Ethereum-based projects and helped secure more than $17 billion worth of assets.

    OpenZeppelin

    Website: https://openzeppelin.com/

    Projects Audited: 150+

    Major Clients: Ethereum Foundation, Coinbase, Compound, Aave, The Graph

    Chains Supported: Ethereum

    OpenZeppelin is a cybersecurity technology and services company known for its development of Solidity libraries known as “OpenZeppelin Contracts.” These libraries are used in most Solidity projects as a tested and standard template for contracts deployable on DApps. Developers can easily integrate these solutions into their applications through OpenZeppelin’s native SDK.

    OpenZeppelin was the first cybersecurity company to reinvent blockchain security by introducing elements of gamification to identify security vulnerabilities in smart contracts. “Ethernaut” is a web3/Solidity war game which challenges gamers to find and exploit loopholes in smart contracts to progress to the next level. The company also provides free services such as “Defender”, which helps clients automate their smart contract administration, offering a more secure and private transaction infrastructure.

    SlowMist

    Website: https://www.slowmist.com/en/

    Projects Audited: 1000+

    Major Clients: Binance, OKX, Huobi, Pancakeswap, Crypto.com

    Chains Supported: Ethereum, EVM Chains, EOS, Fabric, Solana, VeChain, ONT

    SlowMist is China’s leading blockchain security company founded in 2018. The team at SlowMust has over 10 years of experience in network security, specializing in smart contract audits, blockchain security, wallet security testing, and more. The company constantly tracks and publishes data about security situation on crypto exchanges through their Blockchain Threat Intelligence (BTI) service. Their most notable product MistTrack is a system that tracks the movement of stolen funds. Since its launch, it has helped recover nearly $1 billion in stolen funds.

    The company also offers security-related products such as anti-money laundering software, DarkHandBook (crypto safeguarding handbook), SlowMist Hacked (crypto hack archives), and FireWall.X (firewall for EOS smart contracts).

    Runtime Verification

    Website: https://runtimeverification.com/

    Projects Audited: 100+

    Major Clients: Algorand, Polkadot, Tezos Foundation, Ethereum Community Fund, NASA

    Chains Supported: All Chains

    Runtime Verification is a research and development company focused on verification-based techniques to perform security audits on virtual machines and smart contracts on public blockchains. The platform is a dynamic software analysis approach that analyzes programs as they execute, observing the results of the execution and using those results to find bugs. This solution designs standard models for high-value applications and uses them as templates to develop security-sensitive products.

    Runtime Verification has developed two main smart contract security products. The first, K Semantic Framework, offers smart contract correctness proofs to validate the viability of Ethereum and Cardano’s smart contracts. The second, Firefly, is a test coverage analysis tool for Ethereum smart contracts. The company has also worked with Ethereum Foundation on building a formal framework for Ethereum 2.0 testing.

  • Ethereum Merge is Coming, Is This the End of Ethereum Killers?

    Ethereum Merge is Coming, Is This the End of Ethereum Killers?

    The Ethereum network is said to be the fastest and most scalable blockchain after the Merge in September, effectively cementing its position as the front-runner of smart-contract networks. What will this mean for other popular competing layer-1 blockchains known as “Ethereum Killers?” If you are holding any of these coins, you might want to consider its future prospects.

    The Ethereum Merge in September

    Ethereum founder Vitalik Buterin addressed at the Ethereum Community Conference in Paris that the Ethereum network will hit the 55% roadmap completion level after its much-anticipated “Merge” in September. The Merge will mark the beginning of Ethereum’s proof-of-stake upgrade, potentially enabling the network to process 100,000 transactions per second (tps), according to Buterin, which is significantly higher than even centralized financial services like Visa and Mastercard.

    For the longest time, the biggest problem that has been plaguing Ethereum is scalability. In its current state, Ethereum can only process 12 to 25 tps with an average confirmation time of around six minutes. As a result, the network gets congested, leading to extremely high gas fees. To address that problem, the Merge involves many protocol changes that would allow users to enjoy fast transactions and low gas fees. Buterin has even given each of these planned upgrades rhyming names which he calls the “merge”, “surge”, “verge” and “purge.

    • Merge
      • Refers to combining the Ethereum mainnet with the proof-of-stake beacon chain, also known as EIP-3675.
    • Surge
      • Refers to the addition of Ethereum sharding, a scaling solution which will further enable cheap layer-2 blockchains and lower the cost of rollups or bundled transactions, making it easier for users to operate nodes that secure the Ethereum network. This reduces congestion on the main chain by distributing traffic to 64 shard chains.
    • Verge
      • Refers to the implementaion of “Verkle trees” (a kind of mathematical proof) and “stateless clients”, aimed at making the network more decentralized. These features will allow users to become network validators without having to store large amounts of data on their nodes.
    • Purge
      • Refers to the removal of historical data in a bid to streamline the network, also known as EIP-4444, a proposal focused on storing said historical data in execution clients such as The Graph, BitTorrent and block explorers, since relying to store everything on existing nodes can hamper scalability.

    What are “Ethereum Killer” Blockchains?

    “Ethereum Killers” refer to Ethereum’s competing layer-1 blockchains, namely Solana, Avalanche, Polkadot, Algorand, and Cardano. They inherited the killer name because they offer similar features to Ethereum but at significantly lower costs and faster speed.

    Ethereum Killer coins have been a very popular asset to investors looking for an alternative network to Ethereum. Smart-contract platforms have been dominating the market cap in the crypto space. According to Coingecko, it is the second highest crypto category by market cap, just behind the Ethereum ecosystem.

    What will happen to “Ethereum Killers” after Merge in September?

    If Buterin is able to deliver what he promised, then Ethereum will most certainly be the front-runner of smart-contract networks. People will look to Ethereum to being the primary platform for DApp development, DeFi activities, NFT minting and marketplace and more.

    Although Ethereum Killer coins have been pumping recently due to bullish sentiment surrounding Ethereum and its long-awaited Merge, communities are speculating whether this is just hype as competing blockchains of Ethereum will no longer have competitive advantage in terms of speed and scalability. Even until now, none of them have been able to dethrone Ethereum from its number two spot by market cap. The upcoming merge will only propel Ethereum upward, but that is if Buterin delivers what he promised. He stated that they will soon test the merge on Ropsten (Ethereum’s testnet).

    The largest future problem for Ethereum will most likely remain to be scalability. Although the new system will be faster, it is unlikely to solve the issue of high gas fees immediately since network demand is likely to rise as efficiency increases. But that is not to say that gas fees will forever be expensive on the Ethereum blockchain. But until Ethereum is able to achieve high scalability, Ethereum Killer blockchains remain to be viable alternatives for fast transactions and low gas fees. We will just have to wait and see in September.

  • Top Cryptocurrency News Today (22 July 2022)

    Top Cryptocurrency News Today (22 July 2022)

    Ethereum Massively Scales to 100K Transactions Per Second Post-Merge, What Will Happen to “ETH Killers?”

    Ethereum founder Vitalik Buterin addressed at the Ethereum Community Conference in Paris that the network will hit the 55% roadmap completion level after its much-anticipated “Merge” in September. The biggest problem that has been plaguing Ethereum is scalability. In its current state, Ethereum can only process 12 to 25 transactions per second with an average confirmation time of around six minutes. As a result, the network gets congested, leading to extremely high gas fees.

    The shift from proof-of-work to proof-of-stake post-merge will enable Ethereum to process 100,000 transactions per second, according to Buterin, which is significantly higher than even centralized financial services like Visa and Mastercard. This will greatly benefit the ecosystem as users can enjoy instant transactions and low gas fees. So the question is, “What will happen to Ethereum Killer coins such as Solana or Avalanche?” If Buterin is able to deliver what he promised, then Ethereum will most certainly be the front-runner of all smart-contract platforms. The whole purpose of Ethereum Killers is to have a competitive advantage over Ethereum in terms of scalability. Will we see the end of Ethereum Killers after September?

    Zipmex Suspends Withdrawals, Joins Growing List of Struggling Crypto Exchanges

    Zipmex, a cryptocurrency exchange based in Southeast Asia, has frozen withdrawals until further notice due to “volatile market conditions” and the “resulting financial difficulties of key business partners.” Much like the rest of the crypto fallout, the insolvency of Zipmex’s counterparty has caused the company to face liquidity issues. According to their official statement, Zipmex’s current exposure to crypto lender Babel Finance is $48 million, with an additional $5 million to Celsius Network, which filed for bankruptcy last week.

    With the series of defaults continuing to haunt the industry, investors should be cautious when dealing with any crypto exchange at the moment. Consider holding your funds in hardware wallets like Ledger Nano X, Ledger Nano S or Trezor Model T.

    Coinbase Urges SEC to Begin Regulating Digital Asset Securities after Inside Trading Bust, Desperate Move?

    Coinbase has called on the Securities and Exchange Commission (SEC) to develop a viable regulatory framework for digital asset securities following the arrest of a Coinbase ex-manager involved in inside-trading earlier today. With rumours of Coinbase’s insolvency growing, communities are speculating whether this initiative is an attempt to revive the crypto exchange. Coinbase has yet to comment on that matter but explained that the existing rules for traditional securities being inapplicable to crypto assets calls for new rulemaking. However, they also added that the procedure should involve the public’s input rather than behind closed doors. Will we be seeing Coinbase making a comeback or are they just delaying the inevitable?

    Binance Unveils Scholarship Program! Future of Crypto Looking Good?

    Binance is sponsoring a scholarship program that focuses on improving education that will empower the next generation of blockchain experts. Scholarships will be available for vocational education (currently for 1,000 Ukrainian students), for undergraduate studies and for master’s degrees, providing opportunities for scholars to acquire experience in the blockchain ecosystem.

    This is a huge step forward as education in blockchain and cryptocurrency is still limited and inaccessible to most people, not to mention a growing pandemic of student loan debts worldwide. Fostering an environment for new talent means faster development in the space, especially when the future of crypto is at stake.