Boxmining v2

Tag: blockchain

  • Common NFT Scams and How to Avoid Them

    Common NFT Scams and How to Avoid Them

    NFTs (non-fungible tokens) have become very popular amongst cryptocurrency traders and are drawing a lot of attention from several industries. The world of art has greatly benefitted from the sector, more than other industries (so far) because it opens creators and potential buyers to an ever-expanding marketplace. Generally, this stems from NFTs’ non-fungible nature, meaning that each one is unique. 

    What makes NFTs special?

    Anyone can trade one Bitcoin (BTC) or Ether (ETH) for another and end up with the same asset they traded in terms of value and usability. However, non-fungibility means that no two assets are alike. If you trade one NFT for another, the newly-received asset will be fundamentally different. In the art sector, this allows people to buy directly from the creator, with the assurance that there is no duplicate anywhere. NFTs have also created a whole asset class and industry of NFT speculators which buy, sell and trade them for profit. There are estimates that in 2021 alone, there were over US$23 billion worth of trades in NFTs. In fact, the most expensive NFT sold in 2021 was Beeple’s The First 5,000 Days, which sold for US$69.3 million.

    Some Common NFT Scams

    However, as with most up-and-coming industries, the NFT space is rife with its fair share of scams. Malicious players find ways to take advantage of buyers pumping money into the industry. Scammers are also becoming more sophisticated with their methods and will go to any lengths to swindle NFT holders, especially since some NFTs are worth millions. Here are some common NFT scams.

    Fake offers

    Scammers frequently entice NFT holders with false offers. Known methods include phishing emails, fake links, and service offers that require people to sign malicious contracts. Sometimes, people willingly give up their signatures for seemingly legitimate reasons, such as a paid offer to help animate your NFT. Tokens and NFTs may get stolen after you sign the transaction. In December 2021, scammers hacked the NFT marketplace Fractal, pushing a link to prospective buyers through the platform’s official Discord. Within 10 minutes, around 370 users lost 862 SOL, worth more than US$150,000 at the time.

    False NFT projects

    The NFT space has seen several rug pull scams where a known or unknown creator publishes an NFT for sale. For many reasons, including the possibility of high returns, people may skip adequate due diligence and quickly sink money into a new NFT with growing popularity. In many cases, these projects eventually lose their value and can’t be sold for a profit or the initial capital. The unknown creators then take all the money and are almost always unreachable. A popular example is the Frosties rug pull and scam. In January, buyers who purchased pieces of the cartoon ice cream digital collection lost a total of . (https://inboundrem.com) 3 million after the creators and funds disappeared from OpenSea.

    Counterfeit NFTs

    Scammers can create fake NFTs that resemble originals, especially when the original is not very popular. The forger would then list the fake NFT on a marketplace where an unsuspecting buyer may purchase what they think is the authentic version. Since no one wants a plagiarized or counterfeit NFT, the buyer is left with a worthless asset.

    Pump and dump scams

    Here, a group of scammers artificially pump a worthless NFT collection which eventually drives price and demand from speculators. Within a short period, the collection garners enough attention that people consider it valuable and start buying. However, the group will pull the plug and disappear as soon as they make enough money from the sale. The price of the NFT eventually tanks, leaving holders unable to resell their worthless NFTs. A relevant example of a pump-and-dump scam is the Squid Game token. Last year, unknown creators launched a token that exploited the popularity of Netflix’s Squid Game series. The SQUID token pumped past $2,800 and eventually crashed to $0. The scammers made away with more than $3 million in total and have still not been found.

    Fake Holder Verification Bots

    Scammers may create programs that impersonate authentic verification bots used with discord servers. Owners then allow approvals for these fake bots that transfer sensitive information to scammers who steal the NFTs.

    How to Avoid NFT Scams

    All players in the NFT marketplace should know how to avoid scams. Due diligence often does the trick, as fake projects or assets usually have features that stick out. Generally, avoiding scams requires a lot of caution from NFT holders. Owners looking to sell their NFTs must set approvals. The process requires the seller to set an approval so that the marketplace can transact on the owner’s behalf if, for example, someone else buys the asset. While popular marketplaces like OpenSea are relatively safe, there is still a significant risk with setting approvals.

    Approvals give the receiving contract or address the authority needed to transfer tokens. If a malicious bot or contract has the approval, your funds are not safe. To avoid these scams, there are a few things to note.

    Setting approvals and verification

    The blockchain is a public ledger and does not need permission for people to read stored information. However, executing transactions on the blockchain requires gas. When transacting with a third-party bot, marketplace, or address, any verification requiring gas fees is likely illicit. In the same way, setting approvals should cost some gas. There might be a serious problem if a transaction to set an approval is gasless.

    Due diligence

    It is important to do intensive research into an NFT collection or project before purchasing it. Trustworthy projects should have verifiable teams compromised of members without fraudulent histories. Depending on the project, a whitepaper might also be necessary. For phishing scams, buyers must double-check email addresses and links to ensure authenticity. Buyers must also do their due diligence to avoid plagiarized or counterfeit NFTs by confirming verification ticks on marketplaces or sticking to links posted on the project’s official Discord.

    Discord Notes

    Buyers using Collabland for management can attach specific notes to authentic bots in a server. This note will be available anywhere you see the bot, making it easy to avoid corrupt bots. 

    Personal Safety

    All wallet credentials should only be in safe locations that are not easily accessible by third parties. It is inadvisable to keep this information on a mobile phone or with someone else. All owners should also consider unique passwords in addition to two-factor authentication (2FA).

    Conclusion: Staying Safe

    Avoiding NFT scams requires continuous effort. Buyers who have done their due diligence should consider taking further steps, including actions not listed above. Since the NFT space is still somewhat nascent, buyers should expect that scammers may come up with newer ways to steal NFTs or swindle unsuspecting users. Therefore, traders must take additional protective steps when buying, selling, or setting approvals for NFTs.

  • Layer-1 vs Layer-2 Blockchain Scaling Solutions: What are the Differences?

    Layer-1 vs Layer-2 Blockchain Scaling Solutions: What are the Differences?

    What are Layer-1 and Layer-2 Solutions?

    Layer-1 refers to the base level of the blockchain’s underlying infrastructure. Bitcoin, Ethereum, Binance Smart Chain, and Solana are examples of layer-1 blockchains. These networks can process and finalize transactions on its own blockchain.

    On the other hand, layer-2 refers to a network built on top of a layer-1 blockchain. Its main purpose is to help offload computational work from layer-1s by processing transactions off-chain, increasing transaction speed and throughput. Polygon, for example, is a layer-2 solution that runs on top of Ethereum to facilitate transactions away from the mainnet.

    Layer-1 Overview

    Underlying Problems of Layer-1

    Scalability is the biggest issue that has been plaguing most layer-1 blockchains. As more users carry out increased simultaneous transactions, the blockchain becomes slow and expensive to use. Ethereum, for example, is the most used decentralized network, but its gas fees and process time are high.

    Blockchain Trilemma

    This is known as the “blockchain trilemma” — an impossibility for blockchains to simultaneously achieve decentralization, security, and scalability. As such, a decentralized and secure layer-1 blockchain cannot provide scalability. And a scalable, secure network lacks decentralization.

    This happens because of the fundamental nature of a blockchain. All transactions require the independent verification of the nodes who are running the blockchain’s software. The verified data will then be logged and stored on the blockchain.

    Transaction Confirmation Time

    However, depending on the network, this entire process takes time. For Bitcoin, all transactions require six confirmations in the blockchain from miners before being processed. The completion time varies between ten minutes and an hour. A node can only handle so much at a time. In times of network congestion, users will experience longer confirmation times and higher gas fees due to high demand.

    How do Layer-1 Solutions Work?

    There are several ways to increase throughput and overall network capacity of layer-1 blockchains.

    Transition to Proof-of-Stake

    For blockchains using proof-of-work as their consensus mechanism, they may switch to proof-of-stake to increase transactions per second while reducing gas fees. Ethereum is a great example of this as they are undergoing a transition to proof-of-stake called the “Merge.”

    The blockchain’s development team can also introduce a hard fork or soft fork of the network for their community to vote and approve:

    Soft Fork

    A soft fork is when new features are implemented to the protocol at a programming level. It is a backward-compatible upgrade, which means that the non-upgraded nodes will still see the chain as valid and can still communicate with other upgraded nodes. In other words, the addition of a new rule will not clash with the older rules.

    An example of a soft fork is Bitcoin’s SegWit update in which signatures are separated from transaction data, freeing up more space for transactions to be stored in a single block, increasing the throughput of the network.

    Hard Fork

    On the other hand, a hard fork is a major change to the blockchain’s protocol that results in the splitting of the blockchain, creating a second blockchain that inherits all of its history with the original, but is on its own towards a new direction. The new rules conflict with the rules of the old nodes, which means upgraded nodes cannot communicate with non-upgraded nodes.

    In July 2016, the Ethereum network hard forked into two blockchains: Ethereum and Ethereum Classic. Ethereum Classic is the old Ethereum with a completely seperate cryptocurrency (ETC). They have different technological and philosophical goals.

    Layer-2 Overview

    How do Layer-2 Solutions Work?

    Layer-2 solutions are built on top of a layer-1 blockchain to increase its throughput and overall network capacity. They work in parallel or independent of the main chain. Rollups and sidechains are two of the most common layer-2 solutions that help offload computational load from layer-1s:

    Rollups

    Rollups scale layer-1 blockchains by processing transactions on layer-2 platforms before submitting the results back to the layer-1. The term “rollup” refers to the way that the chain bundles many transactions to be submitted to the main chain.

    There are two types of rollups: Optimistic Rollups and Zero-Knowledge Rollups (ZK Rollups). The difference is in how they validate transactions.

    In short, Optimistic Rollups assumes that the transactions are valid, hence an “optimistic” outlook, whereas ZK Rollups attempt to prove that the transactions are valid.

    See also: Understanding Layer 2 & Scaling Solutions: Arbitrum, Boba, Optimism, Polygon, Ethereum 2.0

    Arbitrum, Optimism, and Boba Network are examples of layer-2 projects employing optimistic rollups. On the other hand, Starknet and zkSync are among the Ethereum layer-2s that leverage ZK Rollups.

    Sidechains

    Sidechains are secondary blockchains that run parallel to the layer-1 blockchain. Since they have their own virtual machine and validators, they can operate independently. In short, the sidechains validate the transactions and then send them back to the main chain via bridges.

    Polygon is the most popular sidechain that aims to scale Ethereum by building and connecting Ethereum-compatible blockchain networks. Polygon operates on its own consensus mechanism and also has its own native token known as $MATIC.

    Are Layer-2 Solutions Viable Long-term?

    Although layer-2 provides a quick solution to improve scalability, questions have been raised as to whether layer-2 will be irrelevant once scalability issues are solved on layer-1’s end.

    Ethereum 2.0 will ultimately be able to speed up transactions while drastically reducing gas fees. This not only affects layer-2 solutions but also impacts other competing layer-1 blockchains like Solana or Avalanche.

    However, as of now, because of the upcoming Merge in September, we still see bullish sentiment surrounding competing layer-1s of Ethereum and several other layer-2 projects. Perhaps the completion of Ethereum 2.0 will indirectly foster other layer-1 and layer-2 ecosystems, instead of the other way around.

    Key Takeaway

    If you are new to crypto, it may be confusing to distinguish between layer-1 blockchains and layer-2 solutions. It is helpful to understand the differences between the two as well as the different approaches to scaling that they offer.

    Layer-1 blockchains are networks that can validate and finalize transactions by themselves, and their scaling solutions involve improvements to the existing protocol. On the other hand, layer-2 solutions are built on top of a layer-1 blockchain to help scale its throughput and overall network capacity.

  • How Much Money Has Been Stolen in Crypto throughout History?

    How Much Money Has Been Stolen in Crypto throughout History?

    Is Cryptocurrency Even Safe?

    The potential of blockchain applications is endless. It is based on principles of cryptography, decentralization and consensus, which ensure trust in transactions. It eliminates the need for intermediaries in a wide array of transactions, virtually transforming every corner of the global economy.

    Cryptocurrency, as a result of blockchain technology, gives us total control over our money, thereby becoming our own bank. On paper, crypto is generally safe thanks to the blockchain’s decentralized distributed ledger and the encryption process every transaction undergoes.

    However, the crypto space is still in development, and most of us still have to rely on third-party wallet providers to store our crypto. The security of our fund is only as safe as the safeguards and security measures the provider has in place.

    As crypto evolves, so do hackers and scammers. Malicious actors are getting more creative at exploiting vulnerabilities in blockchain projects, devising new tactics to bypass their security controls.

    How Much Money Has Been Stolen to Date?

    Over the years, hackers have exploited loopholes within the platforms of these third parties, especially on DeFi protocols. They have also coordinated attacks on certain cryptocurrencies directly such as utilizing flash loans to their advantage — borrowing a large amount of funds without collateral to quickly carry out pump-and-dump schemes.

    Crypto Hacks since 2011 (Source: Comparitech)

    To this date, more than $7 billion have been stolen in the crypto space. As crypto prices tend to change, that $7 billion would be worth so much more today. If the hackers were to cash it in today, they would have amassed a fortune worth more than $40 billion!

    This number alone is from exploits and thefts by hackers. It does not include other events such as rug pulls or corporate fraud. Those numbers would be even higher if they are added together.

    Five Largest Crypto Hacks in History

    Comparitech, a pro-consumer website that focuses on cyber security, has managed to track and record all attacks that have happened in the crypto space since 2011.

    There are 365 recorded attacks so far and the five largest hacks make up more than one-third of the stolen $7+ billion:

    Ronin Network (Axie Infinity) – $620 Million Stolen

    Ronin Network is an Ethereum-linked sidechain that powers Axie Infinity, one of the leading blockchain games. On 29 March 2022, Ronin Network was hacked and 173,600 ETH and 255,000 USDC were stolen as a result, worth $620 million at the time.

    See also: The Pros and Cons of Stablecoins: Why You Need To Know How They Work

    The U.S. Treasury Department attributed the hack to Lazarus, a North Korean hacking group. Lazarus reportedly reached out to developers of Axie Infinity via LinkedIn on the pretense of a fake company, offering them an “extremely generous” compensation package.

    A senior engineer took the bait and clicked a PDF which supposedly contained the “offer.” This led to the engineer’s computer being compromised as well as the validator nodes of the Ronin Network.

    Poly Network – $610 Million Stolen

    Poly Network is a cross-chain protocol that implements blockchain interoperability in DeFi. In August 2021, a hacker managed to exploit a vulnerability in Poly Network’s code which enabled them to transfer more than $600 million worth of tokens to their own account.

    Through a series of negotiation, Poly Network pleaded with the hacker to return the stolen funds, calling him “Mr. White Hat.” The platform even offered him a $500,000 bounty and a job as “chief security advisor.” Surprisingly, the hacker returned all of the stolen funds!

    Security experts believe that it was likely the hacker realized it would be impossible to launder the money and cash out, since all transactions are recorded on the blockchain.

    Coincheck – $532 Million Stolen

    Coincheck is a Japanese cryptocurrency exchange and NFT marketplace founded in 2012. In January 2018, its NEM (XEM) tokens worth more than $530 million at the time were stolen and transferred to 11 different addresses.

    Hackers exploited the fact that the tokens were being stored in a “hot wallet”, which was connected to the server. This made it susceptible to phishing attacks.

    Coincheck also did not have a multi-signature security measure in place, which requires more than one person to sign off before funds can be moved. As a result, a single point of failure would be established.

    MT Gox – $470 Million Stolen

    MT Gox was a Japanese Bitcoin exchange founded in 2010, and it was handling over 70% of all Bitcoin transactions worldwide by early 2014.

    It is arguably the most infamous case of crypto hacks in history. It was the first large-scale hack on an exchange and is still the biggest theft of Bitcoin (BTC) from an exchange to this day.

    The attack on MT Gox was not a solitary event. Rather, the exchange had been leaking funds since 2011, until it was discovered in February 2014. During this period, around 100,000 BTC were stolen from the exchange and 750,000 BTC were stolen from the exchange’s customers. At the time, these BTC were both $470 million, but today, they are worth around $4.7 billion!

    MT Gox filed for bankruptcy shortly after the hack. Only 200,000 of the stolen BTC were successfully recovered.

    Wormhole – $326 Million Stolen

    Wormhole is a blockchain bridge between Solana and other top DeFi networks, allowing users to swap Solana tokens (SOL) for other crypto on DApps across the Ethereum network.

    The attack exploited a signature verification vulnerability in the network that allowed the hacker to freely mint 120,000 wrapped ETH (wETH), worth $326 million at the time.

    Cross-chain bridges are critical infrastructure in the DeFi ecosystem as users can move their funds between blockchains. A lot of money is being moved. This means that security is a number one priority for these platforms. However, Wormhole was harshly criticized for its lack of comprehensive security audit before going live.

    According to an article by Hacken, though Solana may be blamed for providing the instrument with security flaws to its projects, Wormhole might have “prevented the incident by auditing the instruments it used.”

    The Bottom Line

    Despite improvements, the crypto industry still faces security concerns, especially in peer-to-peer ecosystems where anybody can join anonymously. It becomes almost impossible to track malicious actors when their identity is hidden.

    New forms of cyber threats are emerging that are capable of causing massive, irreparable damage. And this list will only continue to grow unless there is a solid security measure that is widely established.

    Therefore, it is important to learn about the potential security flaws that are prevalent in third-party platforms like DeFi, crypto wallets and exchanges. As investors, we should recognize the kinds of attacks that hackers pull off so that we can spot and avoid them beforehand.

  • Urgent: Ongoing Solana Hack, Million Dollars Drained from more than 5,000 Wallets

    Urgent: Ongoing Solana Hack, Million Dollars Drained from more than 5,000 Wallets

    What Happened to Solana?

    More than $6 million have been stolen from more than 5000 Solana wallets late Tuesday night, according to a tweet from Solana auditor OtterSec. The tweet is supported by other accounts on Twitter that claimed their holdings were wiped in a matter of minutes.

    The Solana auditor revealed that the transactions were in fact authorized by the owners of the wallets, suggesting a private key breach on a massive scale.

    ETH users may also be impacted by the attack. It is uncertain that the attack is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.

    See also: What is Solana (SOL token): explained

    What Caused the Solana Attack?

    The exact cause of the Solana attack is as yet unknown, but Magic Eden, leading NFT marketplace of Solana, urged all Solana users to “revoke permissions for any suspicious links” as well as all apps if necessary.

    Reports indicate that all internet-connected hot wallets on Solana such as Phantom and Slope have been affected. Wallets that have not been used in more than six months seem to be mostly targeted, and all Phantom wallets have been compromised.

    Phantom tweeted, “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.”

    On the other hand, crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.

    Sam Bankman-Fried, founder and CEO of FTX, commented in an interview with Fortune, “this wasn’t a core blockchain problem, likely seems like one app someone built was buggy.”

    Slope wallet to blame for the Solana attack?

    Solana is still investigating the hack, but so far is suggesting that wallet provider Slope is largely responsible for the security exploit. In a tweet, they state that “…it appears affected addresses were at one point created, imported, or used in Slope wallet applications.”

    Solana’s investigation is suggesting that Slope may be responsible.

    The Solana team has also found that whilst 60% of the victims were Phantom users, those who were affected did not generate their seed phrase using Phantom. Also, those who were solely Phantom users did not have their wallets drained.

    How Do I Protect Myself from this Attack?

    Users are advised to move their funds to a cold wallet such as a Ledger or Trezor hardware wallet, and ensure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.

    For users without a hardware wallet, sending funds to major crypto exchange is a viable temporary solution.

    In the form of a community warning, web3 gaming company Star Atlas also urges users to withdraw permission for all of the apps in their wallets and shift money to cold storage with the Solana exploit underway.

    I have been affected by the Solana attack. What should I do?

    As ongoing investigations suggest that Slope may be responsible for the recent hack, Solana co-founder Anatoly Yakovenko advised Slope wallet users to regenerate their feed phrase in a different wallet.

    Slope has also issued a statement recommending ALL Slope users (not just those affected by the Solana attack) create a new and unique seed phrase wallet and transfer all their assets there. They also reassure users who have been using hardware wallets that their keys have not been compromised. Check this page for our hardware wallet reviews and guides.

    Note: Until 8th Aug 2022, Ledger is offering 10% off the Ledger Nano X and Ledger Nano S Plus when entering the code MOVESOL2LEDGER at checkout. Click here to buy!

    Is the Attack Still Ongoing?

    It’s unknown at this point whether the breach is still active, where it came from, and whether any further user funds are still in danger. Blockchain fraud investigator @zachxbt revealed that the attackers funded the main wallet connected to this operation via Binance seven months ago.

    The transaction history reveals that the wallet was inactive until today, at which point, the hackers made transactions with four separate wallets ten minutes before the incident occurred.

    Solana Hacker Wallet Address

    Frequently Asked Questions (FAQ)

    How do I protect myself from the Solana Hack?

    The current best strategy is to move funds into a cold wallet – such as the ledger hardware wallet. Make sure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.

    Where to move my Solana funds if I don’t have hardware wallet?

    If you don’t have a hardware wallet, moving funds to a major crypto exchange is also a viable option now. However, it is recommended that users should get a hardware wallet and transfer their funds there as soon as possible. Check this page for our hardware wallet reviews and guides.

    Which Solana wallets were hacked?

    Multiple wallets – Phantom, Slope, Solflare, TrustWallet – across a wide variety of platforms are compromised. It is advised to move your funds to a hardware wallet or major crypto exchange for security purposes.

    Who were the Solana hackers?

    Investigators identified the following four wallets as the address of the attackers:
    CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

    Is Solana dead?

    The widespread Solana wallet hack certainly impacts the market sentiment toward Solana, and many investors have expressed doubt about the project’s future. As of now, the attack has prompted an 8% drop in Solana’s price in the two hours following the first reports of the attack.

    What caused the Solana wallet hack?

    Crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.

    An ongoing investigation by Solana suggests that wallet provider Slope is responsible. This is because affected addresses were once created, imported, or used in Slope mobile wallet applications.

  • Crypto Bitcoin Horror Stories to Give You Nightmares

    Crypto Bitcoin Horror Stories to Give You Nightmares

    You’d be surprised at how people, loaded with Bitcoin and other crypto, managed to lose their ticket to retirement.

    One Wrong Click – $120,000 Crypto Gone

    A phishing attack is the oldest play in the book, the bread and butter of web3 scammers.

    They work by tricking victims with fake error messages, wallet pop ups, or flashy hyperlinks. They will then lead you to unofficial websites or extensions that would expose your wallet seed phrase or other sensitive information. 

    You’d think people would be more careful about connecting to shady websites, but the truth is both crypto newbies and veterans still fall victim to these to this day!

    Reddit user PowerofTheGods shared his story of how he lost $120,000 after clicking on a malicious link. While his ledger was unlocked, a Trojan malware took control of his computer and wiped all of his wallets in a matter of minutes. The sight of all his assets being transferred to the hacker’s wallet address still haunts him to this day.

    The story went viral and countless people also shared their unlucky experience. They reported to the authorities, but there was nothing they could do as cryptocurrency is still largely unregulated.

    Always be cautious when encountering suspicious links especially from an unknown source. Also always double-check the link that you are clicking is indeed the right one. Some scammers can even copy the domains of well-known DApps with slight moderations to it, and you won’t even notice the difference.

    Crypto Exchange CEO Died – All Users’ Assets Locked

    This case is the literal sense of the phrase, “taking secrets to the grave.”

    Canadian exchange QuadrigaCX’s CEO Gerald Cotten allegedly passed away in India in 2018. He was the sole custodian of the exchange’s crypto store, which is all held in cold storage.

    No one has ever been able to unlock the digital wallet passwords on his encrypted laptop. As a result, over 115,000 users’ assets are locked indefinitely, including 26,500 Bitcoin, 11,000 Bitcoin Cash, 200,000 Litecoin, and 430,000 Ethereum.

    In fact, in early 2022, Netflix released a documentary, Trust No One: The Hunt for the Crypto King, about Cotten’s life and his death in India.

    The morale of the story is never store your crypto on exchanges, especially if you have large holdings. Consider holding your funds in hardware wallets like Ledger Nano XLedger Nano S or Trezor Model T.

    Forgotten Password to 7,002 Hard-Earned Bitcoin

    About 20% of all Bitcoins are lost in circulation. That is a lot of money that is unlikely to be recovered. This happens when users forget their private key or even the password to the hard drive containing the private key.

    German engineer Stefan Thomas was given 7,002 Bitcoin in exchange for creating an animated video in 2011 called “What is Bitcoin?” However, he has forgotten the password to his encrypted hard drive called IronKey, which stores the private key to the Bitcoins.

    IronKey allows users 10 attempts to input their password correctly before the funds are encrypted forever. Thomas only has two attempts left before his Bitcoins are gone forever.

    Always remember to write down your password and seed phrase on a piece of paper and store it securely. Or it would be a lifetime of regret.

    Spring Cleaning Gone Wrong – 8,000 Bitcoins Lost

    Remember when some of your stuff would go missing, only to find out your mom had thrown them away because she thought it was useless? An action figure with sentimental value? No big deal!

    But for James Howells, it was life-changing. He had two identical laptop hard drives — one was blank and the other contained 8,000 Bitcoins. Howells had meant to throw out the blank one when he was clearing out the office, but instead the drive containing the crypto ended up in a landfill in Newport, Wales!

    This unlucky disaster continues to haunt Howells to this day. He has repeatedly petitioned Newport City Council if he can dig up the landfill site, which were all denied.

    10,000 Bitcoins for 2 Pizzas

    May 22 is known as Bitcoin Pizza Day. It is a well-known story in the crypto world. It was the day Laszlo Hanyecz paid 10,000 Bitcoins for two Papa John’s pizzas in 2010, which was worth $30 at the time. Now they are worth nearly $230 million!

    We can’t blame him for not knowing the future. Since Bitcoin did not have that much value back then, it was more like redemption points for pizza. Had he held his Bitcoins, he would not have to work a day in his life again.

    Amazingly, Laszlo said that he had no regrets about it, and was happy to be a part of the early history of Bitcoin. In fact, Hanyecz is the first person to use Bitcoin in a commercial transaction.

  • 3 Ways You’re Losing Crypto Without You Knowing!

    3 Ways You’re Losing Crypto Without You Knowing!

    If you think you are safe on the blockchain, think again! You’re constantly being watched, and malicious actors are getting more creative at stealing your precious crypto. Here’s what might be waiting for you.

    Your Crypto and IP Address Are Exposed Interacting on DApps

    Did you know that your personal data including your crypto and IP address are exposed whenever you connect to a DApp? Here’s how it works.

    Your wallet does not actually interact with the blockchain directly. Instead, it can only do that through nodes. A node is one of the computers that run the blockchain’s software to validate and store the entire history of transactions on the network.

    Each time you connect to a DApp, make a transaction or deposit funds to a protocol, the request is sent to a node, which verifies and executes the transactions. These nodes are usually deployed and run by node providers. But what you do NOT know is that node requests are also packed with sensitive information like your IP address, web browser version, and so on.

    Now, of course, these data remain at the node company. They have strict policies not to share the data with a third party. But what if the company gets hacked or acquired by some other company? That is when your personal information is out in the open. Node providers can also ban you from accessing the blockchain entirely via their nodes.

    Crypto Sandwich Attack on Decentralized Exchanges

    Have you ever wondered why you end up paying more for the tokens you buy on certain decentralized exchanges (DEX), only to find out they are worth less afterwards? The truth is, when you trade on DEXes, you are always losing out to bots. Here’s how it works.

    When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined. This is called the “sandwich attack” because your pending transaction is “sandwiched” between the bots’ orders.

    Each transaction is sent to a public mempool, which is a queue for the transactions that have not been added to a block and are still unconfirmed. It is visible to everyone, and bots, being quick enough, can exploit that. There is nothing much we can do about it because that is just the public nature of blockchains.

    Getting Doxxed by Your Ethereum Name Service Domain

    Showing off your Ethereum Name Service (ENS) domain is cool, but did you know that people can use that to track down your wallet addresses?

    You can check out Unstoppable Domains: Get ready for a censorship immune future on how domain name services work.

    While ENS is a huge step forward in terms of convenience, it also means several steps backward when it comes to privacy. Since most blockchains are open and transparent, anyone can use your ENS to snoop on your finances. It is the difference between sending someone an email and them being able to look at your entire inbox.

    Here’s how it works. You will need a wallet address to register an ENS domain. As a result, each ENS domain has a wallet address attached to it. Even if you do not use your main wallet address to register your ENS, it is easy to trace this address back to your other addresses.

    Let’s look at an example – neutral.eth. At first glance, there isn’t much going on. At first glance, there isn’t much going on, but when digging a little deeper, the Ethereum address that registered the name held 58,000 Ethereum at one point, worth about $15 million at the time. This address regularly received large payments from the crypto exchange Poloniex’s main wallet. And all activities stopped the same day Circle – who owned the Poloniex exchange at the time, got rid of trading fees. This shows it was a company wallet that created neutral.eth.

    Just from an ENS domain alone, you can watch people’s movements, see insights into business deals and know just how much money people really have – all by observing public blockchain data. If your valuable information falls into the wrong hands, there would be a target on your back.

    Are DApps private?

    Certain DApps are run by node providers who can see your personal information such as IP address and web browser version etc.

    What is a Sandwich Attack?

    When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined.

    Are ENS domains private?

    Since each ENS domain has a wallet address attached to it, it is easy to trace this address back to your other addresses.

  • How to Fix Stuck Transactions on Ethereum

    How to Fix Stuck Transactions on Ethereum

    Ethereum is one of the world’s most versatile blockchains, with functionality that supports innumerable decentralized applications and blockchain assets. Although conceived in 2013 by Vitalik Buterin, Ethereum did not launch until 2015, it has since been at the forefront of blockchain utility, especially with the recent popularity of non-fungible tokens (NFTs).

    An NFT is an asset on a blockchain that is completely verifiably unique and therefore irreplaceable. Today, many people use NFTs to digitize real-world assets and expose these assets to a global audience. NFTs are very popular in art and photography, as they allow creators to access a wide pool of potential fans and buyers. Currently, most NFTs are on the Ethereum blockchain.

    Ethereum is also the most popular network for decentralized applications (DApps). These apps are powered by smart contracts that drive several functions on the blockchain using specified agreements and conditions. Since the NFT and DApp markets exploded, the Ethereum network has become very busy, and sometimes leaves some transactions stuck for long periods.

    Check out our video on how to fix stuck transactions on Ethereum:

    FIX stuck transactions on Ethereum

    Why Do Some Transactions Get Stuck?

    A delay in processing simply means that no miner has picked up the transaction yet. All Ethereum transactions require a gas fee (gwei), a processing fee set to incentivize miners to pick up and process the transaction. This fee is never static, as it depends on the network congestion at transaction time. Sometimes, gas fees may be very high if there are a lot of people transacting simultaneously.

    Ethereum wallets usually recommend a gas fee based on current network specifics but would let the user increase or reduce it as preferred. If a transaction is delayed for too long, it’s likely that the gas fees for other transactions on the network are considerably higher, and miners are ignoring the lower prices.

    What is a Nonce?

    Used in cryptography as an acronym for “Number Only Used Once,” a nonce is a number that functions as an identifier for a transaction. This number is sequential and follows an order such that transactions with lower nonces get processed before others. Since one Ethereum wallet can initiate any number of transactions, nonces represent a (sometimes chronological) sequence that transaction processing follows.

    How to Fix a Stuck Transaction

    There are three main ways to fix a stuck transaction: cancelling the transaction, increasing the gas fee, or introducing a new transaction with a custom nonce. Before fixing a stuck transaction, it is important to verify the transaction in a block explorer like Etherscan to confirm that it is pending. An ETH wallet may provide users with a cancel or reset button that helps to delete the transaction. After cancelling, it might be necessary to close the wallet application or browser and then reopen it.

    If it is a hardware wallet, turning off and disconnecting the device is also required. Although this is a simple and quick way to solve stuck transactions, users should note that this method may not always work. It is also possible to fix a transaction by increasing the set gas fee. If a user initiates a transaction with a low gas fee but later increases it to match the market’s current price, miners will pick up and process the transaction.

    Another way is to use a new transaction to clear the old one by setting a custom nonce. For instance, a wallet might have three pending transactions, each with nonces 3, 4, and 5, respectively. The network would process nonce 3 first before the others. However, if the gas fee for that transaction is low and miners aren’t picking it, all three transactions could remain stuck.

    The solution here is to initiate a new 0 ETH transaction with a high gas price and send the transaction to the user’s own address. To clear out the transaction, the user must ensure that the nonce specified in the new transaction is the same as the old one. Although this will cost some gas, it immediately clears out the clog and resolves all the other transactions.

    How to Prevent a Stuck Transaction

    The simplest way to prevent a stuck transaction is to ensure the gas fee you are setting agrees with current market prices. If the gas fee is high enough, miners pick it up almost immediately and process the transaction without delay. Users can confirm current gas prices from the wallet or from other online sources. If you are looking to save on gas fees, there are gas tracking websites and applications that will help you optimize this process.

    Conclusion

    Fixing a stuck Ethereum transaction is easy and usually takes a few minutes. When the transaction is still “pending” on the block explorer, these methods can help solve any problems concerning transaction delay. However, users should note that it is mostly impossible to fix any transactions where the status has moved from “pending” to “completed.”

  • EtherDrops Review and Tutorial

    EtherDrops Review and Tutorial

    EtherDrops is a Telegram based bot designed to track major crypto markets and NFTs. Many crypto enthusiasts would use data tracking sites such as CoinMarketCap and CoinGecko, and these tools are excellent as ‘wikipedias’ for all the altcoins out there. However, for those with more advanced needs, there are much better resources available that can make your life easier.

    If you’ve been in crypto for several years, you’ll probably have a Telegram account. Most of the crypto projects in existence have official Telegram channels to keep their communities informed and up to date on developments, so the chances are you also use the messaging platform.

    This is just as well, because one thing that makes Telegram very useful is its ability to add bots that serve different purposes to the end-user. This is where EtherDrops comes in, so you can be part of the various crypto communities and track your tokens all on the Telegram app.

    What is EtherDrops?

    Originally created in 2018 as a tool to monitor Ethereum wallets, EtherDrops was mainly used to track the transactions of Ether ‘whales’ as well as one’s own wallets on the first smart-contract blockchain. 

    Four years later, EtherDrops has evolved into something much bigger than wallet monitoring. It is now integrated with Ethereum, Polygon, Fantom, Avalanche and BNB Smart Chain, providing a convenient place to track all your crypto activities within one Telegram bot.

    Users are equipped with simple-to-use tools to follow coin prices, as well as track and receive real-time notifications on wallet transactions, DEX and CEX swaps, NFTs, liquidity pools, Binance funding, gas prices, and more.

    By shaping settings according to your own personalized needs using a unique combination of advanced tools and instruments, EtherDrops becomes a simple yet essential bot that notifies you about anything you want, or alerts you to certain conditions. Thousands of investors, traders, and holders use it to navigate their crypto journeys.

    The bot already has more than 400,000 users on board and keeps growing steadily. With the product sending over 5,000,000 notifications daily, it’s no surprise that each day they welcome hundreds of new users onboard.

    EtherDrops Features

    Major features of EtherDrops include:

    • Price tracking; 
    • Wallet tracking;
    • Liquidity pools;
    • OpenSea integration;
    • Gas price notifications;
    • Integration with Telegram groups and channels; and 
    • Token distribution alerts. 

    Price Tracking

    Tracking the prices of various cryptocurrencies is a basic need for long-term investors or traders. Add coins by name, ticker or contract address. Apply your personalized settings to receive instant notifications about price changes and swaps.

    • Price Change Notifications – Set % Price Change to generate an alert.
    • Swap Alerts – Set $ Value to track Swaps on Uniswap, Sushiswap, Balancer and other supported DEXs.

    Wallet Tracking

    Add a wallet by its address to monitor incoming and outgoing transactions, airdrops, NFT transactions, and created contracts.

    • Transaction Notifications – Choose between different event types and set $ alerts to be notified about transactions.
    • Wallet Balance – Check Balances of assets and NFTs.

    Liquidity Pools

    Add a liquidity pool by its contract address and receive % pool changes should it increase or decrease within the specified range.

    • LP Changes – Set the % change value to stay on top of your added pool.

    OpenSea Integration

    Track the floor price and metrics of NFTs and arts on the Ethereum network. To follow your collection, add it by the name or address and set a % price change or generate a $ price target.

    Gas Price Notifications

    At times ETH gas prices can be really high and leave you with an eye-watering bill in fees to pay if you make a transaction. Set gas price notifications and save yourself a fortune!

    • Set Gas Alerts – Set Gwei amount to generate an alert. As soon as it hits the target or lower, you’ll be immediately notified.

    Check out our Advanced Tips and Tricks to Save on Ethereum Gas Fees:

    Integration with Groups & Channels

    If you are an admin or a community manager of a project using Telegram, or you run a trading group, your channel could benefit from integration with the EtherDrops bot.

    • All Bot Features in your Groups and Channels – The same alerts and notifications you set in your individual account can be applied to groups and channels.

    Token Distribution Alerts

    Token distributions often create market price pressure and increase capitalization. Be the first to obtain such info and assess market conditions to make a play in your favor (if you use Margin or Futures trading). 

    • Token Distribution – Receive distribution alerts from seed, private and other events for tokens that you’ve added to monitoring.

    Tutorial: How to use EtherDrops

    1. How to install EtherDrops bot

    To install EtherDrops, simply follow this link to open the bot in Telegram. It will automatically link the bot to your account. Here is an official list of the available EtherDrops install links. If you experience any delays with bot updates, you can switch to any other official link.

    2. How to add a wallet

    In the Main Menu, select “+Add wallet”. Tick ✅ which networks you wish to add to monitoring for your wallet and press ✔ Done (for example ETH and Polygon). Then type in your wallet address and name it. You’ll now be immediately notified whenever there are any transactions happening within the wallet, including NFT activity, in/out transactions, airdrops, etc.

    3. How to edit wallets

    In the Main Menu, select “Edit Wallets”. Choose the wallet you wish to edit. The menu with available options will open up. You can Delete, Rename, make it your Favourite (if ON, notifications with this wallet will be illuminated for better visibility), follow only IN, OUT or ALL transactions, check Balances, add/remove Networks for this wallet, set Alert Transactions filter (you’ll only be notified about transactions that are bigger than the specified threshold).

    4. How to add a liquidity pool

    In the Main Menu, select “+Add pool”. Choose the network. Next, enter the address of the liquidity pool. Enter the % liquidity change to create a notification. When the liquidity of a pool changes within your specified range, you’ll be instantly notified.

    5. How to edit liquidity pools

    In the Main Menu, proceed to “Edit pools”. Choose the liquidity pool to add additional settings. You can Delete, Rename, turn your Notifications ON or OFF for this specific pool, or change the % notification alert.

    6. How to add a new coin

    In the Main Menu, select “+Add coin”. Next, enter the contract address, symbol, or name of the coin. Choose the coin from the list and select network (ETH, BSC, ERC-20, Polygon, or CEX). Finally, enter the % price change and $ value for swaps (in case the coin is traded on a DEX) to create a notification. Now you are following this coin. Whenever there is a swap or price change within the range you specified, you’ll receive an instant notification.

    7. How to edit coins

    In the Main Menu, proceed to “Edit coins”. Choose the coin. You can Delete, turn your Notifications ON or OFF for this specific coin, change Price Denomination (in USD, BNB, ETH, BTC), change the price % notification alert, create a price alert (if a coin is x USD, you’ll receive a notification), or change swap alerts.

    8. How to add an NFT

    In the Main Menu, select “+Add NFT”. Enter the contract address or name of the NFT. Select the right one and type in the % price change alert to receive notifications.

    9. How to edit NFTs

    In the Main Menu, select “Edit NFT”. Choose the NFT. You can Delete, change % alert or price, set a new price alert, or turn notifications ON/OFF.

    10. How to set gas price alerts

    In the Main Menu, select “Set gas alert”. Type in the desired fast gas price to create an alert.

    Conclusion

    EtherDrops is a simple yet comprehensive one-stop tool for all your crypto tracking needs and continues to add new networks, coins, and exchanges as the market expands so you’ll never be short of what you need. It just takes one click and a few easy-to-follow steps within Telegram to get set up, and that short initial setup time proves to be well worth it.

    For a comprehensive tutorial on the more advanced features of EtherDrops such as quick shortcuts, special commands, managing profiles, how to set up the bot for groups and channels, and subscription options, read to the end of this quide. If TL;DR you can also watch a video tutorial here.

    Follow DropsTab / EtherDrops for more information:

    Website | Telegram | Twitter | Medium

  • 10 Best Smart Contract Security Auditing Firms in 2022

    10 Best Smart Contract Security Auditing Firms in 2022

    We have compiled an updated list of the top performing blockchain security and smart contract auditing companies in 2022, giving you comprehensive data and history of these firms for you to make the best informed decision possible.

    Why Do Smart Contract Auditors Matter?

    A lot has happened since 2020 when we last ranked the best smart contract auditors at the time. As the crypto space is evolving, so are hackers and scammers around the world. Web3 attacks are becoming increasingly frequent, and each day malicious players have found creative ways to exploit smart contract vulnerabilities for quick profit.

    One of the largest crypto hacks in history happened earlier this year when Wormhole, Solana’s cross-chain bridge, was hacked on February 2nd. The attack exploited a signature verification vulnerability in the network that allowed the hacker to freely mint 120,000 wETH, worth $325 million at the time. As a result, security audits are extremely important. According to an article by Hacken, though Solana may be blamed for providing the instrument with security flaws to its projects, Wormhole might have “prevented the incident by auditing the instruments it used.”

    Quality smart contract assurance helps identify potential issues, and ensure that the protocol is ready at all times to address any threat that could put its users’ funds at risk. However, there are no guarantees that a protocol will be 100% secure after an audit, but a good smart contract auditor can still perform thorough reviews to potentially prevent major vulnerabilities after launch. To keep up with the increasing demand in blockchain security, certain auditing firms have also branched out to offer other cybersecurity services such as penetration testing, running bug bounty programs, vulnerability assessments, and threat modelling.

    What Makes a Good Smart Contract Auditor?

    We have compiled our list of the top smart contract auditors this year based on a set of criteria. One of the first steps in finding a reliable smart contract auditor is to check the portfolios of projects they have audited. Doing so allows you to see the size and popularity of the projects they have audited, and more importantly if any of the projects they have worked on have been compromised. Larger projects tend to attract more attention from hackers, and if they have not been exploited for a long period of time, then it is a good sign that their security is up to date thanks to their auditor(s).

    The next factor to consider is the auditor’s expertise in certain blockchains. As of now, most auditors offer only Ethereum contract audits. Only some are specialized in auditing projects on altchains such as BNB, Solana or Polygon. This is because EVM-compatible chains have different architectures, and certain altchains use a completely different programming language, e.g. Rust for Solana. Different firms have different areas of expertise in auditing protocols built on different blockchains, so it is best to assess their level of competency before engaging them for an audit. For example, if you are looking for a Polygon-based contract audit, check the firm’s past audits for Polygon-based projects.

    Finally, it goes without saying but the quality of audit reports is an important consideration to look for in a reliable auditor. Different auditing firms have their own methodology and approach. In many instances, the scope of an audit varies according to the scale and complexity of the project as well as the auditor’s agreement with their clients. It is important to note that a good report should include a comprehensive description of all the problems that were found during the test and inspection, and the findings of the audit have been addressed by the project.

    Hacken

    Website: https://hacken.io/

    Projects Audited: 700+

    Major Clients: FTX, Avalanche, VeChain, Huobi, Kyber, Air Asia

    Chains Supported: Ethereum, EVM Chains, BNB Chain, Solana, Polygon, Avalanche, NEAR, Fantom

    Hacken is a leading cybersecurity consulting company focused on blockchain security. Since its inception in 2017, Hacken has been educating and growing the ethical white hat hacker community to continually nurture and build the blockchain security ecosystem. Who better to identify and address cybersecurity threats than a hacker? (https://www.kambioeyewear.com/)

    Hacken provides a wide range of security services including blockchain security consulting, web/mobile penetration testing, vulnerability assessments, coordination of bug bounty programs and more. The company also encompasses security products such as HackenAI Security Platform, hVPN, and hPass etc. Beyond just blockchain security ecosystem, Hacken has also partnered with non-blockchain giants like Air Asia.

    Over the years, Hacken has built a commendable reputation as a security risk assessment for companies requiring a digital environment to create or enable services for their consumers, which is why Hacken is certified as Web 3.0 security standard by two of the world’s largest cryptocurrency data aggregator Coingecko and Coinmarketcap.

    Quantstamp

    Website: https://quantstamp.com/

    Projects Audited: 200+

    Major Clients: Ethereum 2.0, Solana, BNB Chain, Cardano, Maker, Curve, OpenSea

    Chains Supported: All chains

    Quantstamp is a security validation protocol for smart contracts and is one of the most recognized auditing companies in the blockchain sector. Their security team consists of PhDs and security professionals with experience in top IT companies such as Google, Facebook, Apple, and Ethereum Foundation.

    Quantstamp specializes in auditing services of all programming languages designed for use in blockchain applications. Since its launch in 2017, Quantstamp has audited over 200 projects and helped secure over $200 billion in value. Its services include auditing layer-1 blockchains, smart contract-powered NFT and DeFi protocols, and developing financial frameworks for layer-1 blockchain ecosystems.

    Trail of Bits

    Website: https://www.trailofbits.com/

    Projects Audited: 500+

    Major Clients: 0x Protocol, Compound, MakerDAO, Acala, Balancer, yearn.finance

    Chains Supported: Ethereum, Polkadot, Polygon, Tezos, Arbitrum

    Trail of Bits is a cybersecurity industry giant with a long list of big-name clients such as Microsoft, Adobe, Reddit, Zoom, Airbnb, and Reddit etc. Founded in 2012, before smart contracts were even invented, the company prides itself as a network of developers with the capabilities of identifying and fixing loopholes in software, devices, and code. They have long developed tools that help developers find and fix critical vulnerabilities. Manticore is one of their signature tools, a multi-contract and multi-transaction emulator. Other tools include Cryptic, Slither and Echidna which are also blockchain-focused solutions.

    ConsenSys Diligence

    Website: https://consensys.net/

    Projects Audited: 100+

    Major Clients: 0x Exchange, Aave, Balancer, Uniswap

    Chains Supported: Ethereum

    Consenys is a US-based blockchain technology solutions company and is one of the biggest and prominent blockchain incubators in the industry. Unlike other security firms mentioned on this list, ConsenSys dedicates its resources and technological expertise solely to the development of Ethereum blockchain applications and software, especially financial infrastructures.

    Its signature product, MythX, is one of the most powerful automated scanners for Ethereum smart contracts, providing a solid API which developers can use to access security analytics tools. Over the years, ConsenSys has successfully protected over 100 Ethereum-based projects and uncovered over 200 issues. Apart from security auditing, the company also provides two other services known as Fuzzing, a bug-finding tool for first specifications, and Scribble, a runtime verification tool that translates high-level specifications into Solidity code.

    CertiK

    Website: https://www.certik.com/

    Projects Audited: 1800+

    Major Clients: BNB Chain, Polygon, The Sandbox

    Chains Supported: All chains

    CertiK is a blockchain security company specialized in formal verification and AI technology in collaboration with some of the world’s best cybersecurity experts to create end-to-end audit services. The company has developed “CertiK Chain”, a public blockchain focused on mathematically validating the safety of smart contracts through formal and manual verification. Other services of CertiK include Skynet, Skytrace and Penetration Testing.

    CertiK is an official partner company of Binance, and is also backed by numerous big-name firms such as Golden Sachs, Coinbase, Lightspeed, Matrix Partners, and DHVC.

    LeastAuthority

    Website: https://leastauthority.com/

    Projects Audited: 80+

    Major Clients: Ethereum Foundation, Chia Network, O(1) Labs, Protocol Labs, cLabs, Tezos Foundation

    Chains Supported: Ethereum, Chia Network, Tezos

    LeastAuthority is a cybersecurity consulting firm with its main focus on privacy. Using privacy-enhancing technologies, it classifies itself as an enabler of private and disruptive storage solutions. The platform offers two major products which are essentially storage architectures. The first, Privatestorage (formerly S4), is a centralized system that provides storage infrastructure to end-users and offers them the autonomy over the collection, processing and distribution of their private data. The second product, Tahoe LAFS, enables a decentralized, distributed and fault-tolerant storage facility.

    Apart from security audits, other services also include penetration testing, network and traffic analysis, and mechanism and incentive design. The company’s consultants work with developers throughout their development cycles to ensure that their projects are not susceptible to security threats.

    ChainSecurity

    Website: https://chainsecurity.com/

    Projects Audited: 85+

    Major Clients: yearn.finance, Maker, Compound, Curve, Rarible, Kyber Network

    Chains Supported: Ethereum

    ChainSecurity is a blockchain security firm led by security experts from the renowned university ETH Zurich. Similar to ConsenSys, the company specializes in Ethereum contract auditing. They have developed an automated audit platform that allows projects to thoroughly analyze smart contract designs, test their viability, and monitor metrics detailing their performances after launch. The company has worked with more than 85 Ethereum-based projects and helped secure more than $17 billion worth of assets.

    OpenZeppelin

    Website: https://openzeppelin.com/

    Projects Audited: 150+

    Major Clients: Ethereum Foundation, Coinbase, Compound, Aave, The Graph

    Chains Supported: Ethereum

    OpenZeppelin is a cybersecurity technology and services company known for its development of Solidity libraries known as “OpenZeppelin Contracts.” These libraries are used in most Solidity projects as a tested and standard template for contracts deployable on DApps. Developers can easily integrate these solutions into their applications through OpenZeppelin’s native SDK.

    OpenZeppelin was the first cybersecurity company to reinvent blockchain security by introducing elements of gamification to identify security vulnerabilities in smart contracts. “Ethernaut” is a web3/Solidity war game which challenges gamers to find and exploit loopholes in smart contracts to progress to the next level. The company also provides free services such as “Defender”, which helps clients automate their smart contract administration, offering a more secure and private transaction infrastructure.

    SlowMist

    Website: https://www.slowmist.com/en/

    Projects Audited: 1000+

    Major Clients: Binance, OKX, Huobi, Pancakeswap, Crypto.com

    Chains Supported: Ethereum, EVM Chains, EOS, Fabric, Solana, VeChain, ONT

    SlowMist is China’s leading blockchain security company founded in 2018. The team at SlowMust has over 10 years of experience in network security, specializing in smart contract audits, blockchain security, wallet security testing, and more. The company constantly tracks and publishes data about security situation on crypto exchanges through their Blockchain Threat Intelligence (BTI) service. Their most notable product MistTrack is a system that tracks the movement of stolen funds. Since its launch, it has helped recover nearly $1 billion in stolen funds.

    The company also offers security-related products such as anti-money laundering software, DarkHandBook (crypto safeguarding handbook), SlowMist Hacked (crypto hack archives), and FireWall.X (firewall for EOS smart contracts).

    Runtime Verification

    Website: https://runtimeverification.com/

    Projects Audited: 100+

    Major Clients: Algorand, Polkadot, Tezos Foundation, Ethereum Community Fund, NASA

    Chains Supported: All Chains

    Runtime Verification is a research and development company focused on verification-based techniques to perform security audits on virtual machines and smart contracts on public blockchains. The platform is a dynamic software analysis approach that analyzes programs as they execute, observing the results of the execution and using those results to find bugs. This solution designs standard models for high-value applications and uses them as templates to develop security-sensitive products.

    Runtime Verification has developed two main smart contract security products. The first, K Semantic Framework, offers smart contract correctness proofs to validate the viability of Ethereum and Cardano’s smart contracts. The second, Firefly, is a test coverage analysis tool for Ethereum smart contracts. The company has also worked with Ethereum Foundation on building a formal framework for Ethereum 2.0 testing.

  • Ethereum Merge is Coming, Is This the End of Ethereum Killers?

    Ethereum Merge is Coming, Is This the End of Ethereum Killers?

    The Ethereum network is said to be the fastest and most scalable blockchain after the Merge in September, effectively cementing its position as the front-runner of smart-contract networks. What will this mean for other popular competing layer-1 blockchains known as “Ethereum Killers?” If you are holding any of these coins, you might want to consider its future prospects.

    The Ethereum Merge in September

    Ethereum founder Vitalik Buterin addressed at the Ethereum Community Conference in Paris that the Ethereum network will hit the 55% roadmap completion level after its much-anticipated “Merge” in September. The Merge will mark the beginning of Ethereum’s proof-of-stake upgrade, potentially enabling the network to process 100,000 transactions per second (tps), according to Buterin, which is significantly higher than even centralized financial services like Visa and Mastercard.

    For the longest time, the biggest problem that has been plaguing Ethereum is scalability. In its current state, Ethereum can only process 12 to 25 tps with an average confirmation time of around six minutes. As a result, the network gets congested, leading to extremely high gas fees. To address that problem, the Merge involves many protocol changes that would allow users to enjoy fast transactions and low gas fees. Buterin has even given each of these planned upgrades rhyming names which he calls the “merge”, “surge”, “verge” and “purge.

    • Merge
      • Refers to combining the Ethereum mainnet with the proof-of-stake beacon chain, also known as EIP-3675.
    • Surge
      • Refers to the addition of Ethereum sharding, a scaling solution which will further enable cheap layer-2 blockchains and lower the cost of rollups or bundled transactions, making it easier for users to operate nodes that secure the Ethereum network. This reduces congestion on the main chain by distributing traffic to 64 shard chains.
    • Verge
      • Refers to the implementaion of “Verkle trees” (a kind of mathematical proof) and “stateless clients”, aimed at making the network more decentralized. These features will allow users to become network validators without having to store large amounts of data on their nodes.
    • Purge
      • Refers to the removal of historical data in a bid to streamline the network, also known as EIP-4444, a proposal focused on storing said historical data in execution clients such as The Graph, BitTorrent and block explorers, since relying to store everything on existing nodes can hamper scalability.

    What are “Ethereum Killer” Blockchains?

    “Ethereum Killers” refer to Ethereum’s competing layer-1 blockchains, namely Solana, Avalanche, Polkadot, Algorand, and Cardano. They inherited the killer name because they offer similar features to Ethereum but at significantly lower costs and faster speed.

    Ethereum Killer coins have been a very popular asset to investors looking for an alternative network to Ethereum. Smart-contract platforms have been dominating the market cap in the crypto space. According to Coingecko, it is the second highest crypto category by market cap, just behind the Ethereum ecosystem.

    What will happen to “Ethereum Killers” after Merge in September?

    If Buterin is able to deliver what he promised, then Ethereum will most certainly be the front-runner of smart-contract networks. People will look to Ethereum to being the primary platform for DApp development, DeFi activities, NFT minting and marketplace and more.

    Although Ethereum Killer coins have been pumping recently due to bullish sentiment surrounding Ethereum and its long-awaited Merge, communities are speculating whether this is just hype as competing blockchains of Ethereum will no longer have competitive advantage in terms of speed and scalability. Even until now, none of them have been able to dethrone Ethereum from its number two spot by market cap. The upcoming merge will only propel Ethereum upward, but that is if Buterin delivers what he promised. He stated that they will soon test the merge on Ropsten (Ethereum’s testnet).

    The largest future problem for Ethereum will most likely remain to be scalability. Although the new system will be faster, it is unlikely to solve the issue of high gas fees immediately since network demand is likely to rise as efficiency increases. But that is not to say that gas fees will forever be expensive on the Ethereum blockchain. But until Ethereum is able to achieve high scalability, Ethereum Killer blockchains remain to be viable alternatives for fast transactions and low gas fees. We will just have to wait and see in September.