FreeCryptoCurrency.Me

Cybersecurity startup Unciphered demonstrated a hack of a notable hardware crypto wallet manufactured by OneKey, a Hong Kong-based firm that raised $20 million last year.

Unciphered showed what’s called a “man-in-the-middle” hack of the wallet in a YouTube video where it was able to extract the mnemonic seed phrase, also known as the private key, from the OneKey Mini hardware wallet by exploiting a vulnerability. OneKey promptly patched the vulnerability after being contacted.

In a hardware wallet, private keys that grant access to crypto assets are stored offline and protected by a physical device, which makes them much less susceptible to hacking or theft. But Unciphered was able to bypass the hardware security mechanisms put in place within OneKey Mini.

The firm said it exploited the lack of encryption between the hardware wallet’s CPU and the secure element by using a field programmable gate array that was able to intercept communications between the processor and the secure element, which holds the device’s seed phrase.

No one affected

“The FPGA is a high speed processor also known as a field programmable gate array, allowing us to iterate through different algorithms, bypass the wallet’s security and extract the mnemonics,” Unciphered said.

OneKey acknowledged the vulnerability in a statement and said it had updated the security patch.

“No one was affected,” the company said, emphasizing that a potential attack, as demonstrated by Unciphered, cannot be exploited remotely and would require both the crypto wallet of a user and specialized FPGA equipment.

OneKey said it paid Unciphered a bounty for the disclosure.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

NFT heavyweight Yuga Labs is attempting to cement its place in French art history with the donation of CryptoPunk #110 to one of the country’s leading contemporary art museums. 

The female punk, who wears purple lipstick, an earring, smokes a cigarette and sports a mohawk will live in the Centre Pompidou’s permanent collection. It is part of the NFT shops Punks Legacy Project.

CryptoPunk #110 is the second Punks Legacy Project donation from Yuga Labs. CryptoPunk #305 was donated to the Institute of Contemporary Art, Miami at Art Basel 2022. 

CryptoPunks are generally considered one of the most valuable assets in the NFT space, which has seen values drop over the past year. The floor price, or the lowest entry point to the collection for buyers, has been consistently rangebound between 60 and 65 ETH (or around $100,000) since September, according to data from NFT Price Floor.

Since June last year, the CryptoPunks collection has been headed by Noah Davis, the former head of digital art at Christie’s auction house, who said that “aesthetically speaking, Punks are about as chic as Donald Judd furniture or Piet Mondrian paintings,” and believes that CryptoPunks deserve to be on the walls of contemporary art and design institutions worldwide.

Yuga Labs also owns top collections including Bored Ape Yacht Club, Meebits, Otherdeeds and Beeple’s 10KTF.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The gaming studio behind web3 tower defense game Omega Royale raised $2.1 million in funds for its play-to-mint project. 

The round, Tower Pop’s second, was led by Play Ventures, Agnitio Capital and backed by angel investor Santiago R. Santos. Its previous round closed in 2021 at around $700,000.

Play-to-mint gives NFTs to gamers who are the “most dedicated” to the game and rank the highest, according to a report in Venture Beat. This represents a play for the web3 mobile gaming market.

A single-player version was launched on a website first, with a multi-player track to be added in the first quarter, according to the report. Anyone can play for free, with the option to opt in and collect NFTs.

The round adds to a flurry of funding for projects in the NFT and gaming subsector, the most popular one in terms of the percentage of total funding since August 2021, according to The Block Research. Last month, crypto gaming platform Oh Baby Games raised a $6 million seed round as it emerged from stealth. In the same month, Neopets Meta, the web3 version of the popular virtual pet game, raised a $4 million round.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Securities and Exchange Commission Chair Gary Gensler sent another warning shot to the crypto industry this morning, just a day after the regulator said it settled with the Kraken exchange over allegations surrounding its staking program. 

“This really should put everyone on notice in this marketplace whether you call it lend, whether you call it earn, whether you call it yield, whether you offer what’s called an annual percentage yield, APY,” Gensler said on CNBC.

The SEC said Thursday that crypto intermediaries needed to provide “proper disclosures and safeguards required by our securities laws” when offering services such as lending or staking. Kraken subsequently agreed to end its on-chain staking services for U.S. clients only without admitting or denying the allegations.  

“Those other platforms should take note of this and seek to come into compliance,” Gensler said Friday.

Backlash

The move promoted an immediate backlash, with SEC Commissioner Hester Peirce, a longtime crypto advocate, saying she disagreed with the commission’s action in a dissenting statement in which she argued that using enforcement actions to set law in an emerging industry is not “efficient or fair.” Gensler said Peirce and him “chat regularly” when he was asked about those comments on Friday. 

The settlement signaled an aggressive move by the SEC, some experts said on Thursday, calling it a “bad sign for ‘staking as a service’ as it’s currently offered in the United States.” 

The development follows multiple enforcement actions this year. On Jan. 12, the agency charged both Gemini and Genesis with the unregistered offering and sale of securities through the Gemini Earn lending program.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Ajuna, a web3 gaming platform based in Switzerland, raised a $5 million round led by crypto venture capital firm CMCC Global. 

The platform, which previously raised a $2 million seed round led by Fundamental Labs, enables gaming development engines Unreal and Unity to integrate with blockchain technology, per a release on the funding announcement. By allowing developers to build web3 games using existing and widespread gaming engines,  the company says this will help speed up blockchain games, which are prone to lags. 

“The platform empowers studios to incorporate immutable digital assets into their games, resulting in powerful new experiences for gamers,” said founding partner of CMCC Charlie Morris in a release.

Funding plans

The project will funnel the funding into further integration with other leading game engines and invest in supporting teams that deploy their games and products on the Ajuna network. Along with the funding round, it’s also debuting its first iteration of a collectible NFT-powered game Awesome Ajuna Avatars. 

Ajuna’s backing follows a flurry of funding for projects in the NFTs and gaming subsector — the most popular subsector in terms of percentage of total funding since August 2021, according to The Block Research. Last month, crypto gaming platform Oh Baby Games raised a $6 million seed round as it emerged from stealth. In the same month, Neopets Meta, the web3 version of the popular virtual pet game, also raised a $4 million round.

Still, January saw deals in the subsector decline from 40% in December to 26% but as The Block Research’s John Dantoni points out, it’s still premature to suggest that it’s lost its appeal to crypto investors, citing previous lulls that led the way to pickups in funding. 

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Uniswap DAO has concluded the final vote that will be used to execute the proposed deployment of Uniswap v3 on the BNB Chain.

The vote ended on Friday with 66% of DAO delegates in favor of the move, according to Tally voting page. Delegates with major voting power including Ethereum software company ConsenSys and Compound Finance founder Robert Leshner voted in favor of the proposal. Meanwhile, venture capital giant Andreessen Horowitz voted against the proposal, deploying 15 million votes in the process.

This particular vote has created a significant debate about the governance process for cross-chain app deployments. Several delegates including bridge providers argued against the deployment going ahead with only Wormhole as the chosen bridge provider. A bridge provider is a protocol that is used to send crypto tokens across supported networks. They instead advocated for a bridge-agnostic solution. Andreessen Horowitz for its part was in favor of LayerZero being chosen, rather than Wormhole.

These debates have led to the creation of a bridge assessment committee for Uniswap. This committee will develop a framework for the governance proposal that will guide future cross-chain deployments.

Capturing market share

With the vote finalized, Plasma Labs will be looking to deploy Uniswap v3 on the BNB Chain. This execution could happen after the governance process passes a temporary waiting period.

Plasma Labs, in its proposal, said that Uniswap may target as much as half of PancakeSwap’s market share. PancakeSwap is the leading decentralized exchange on the BNB Chain. The platform controls $2.4 billion in total value locked, according to DeFiLlama.

Uniswap’s proposed deployment on BNB Chain arguably comes with a sense of urgency. This is because Uniswap’s business license for its v3 iteration expires on April 1. The license prevents other platforms from launching copy-cat protocols.

PancakeSwap, during a recent ask-me-anything session, expressed plans to launch a third version of its protocol. PancakeSwap is itself a fork of Uniswap v2 and has gone on to process more than $432 billion in volume since its launch. Some Uniswap delegates have expressed concern that not deploying on BNB Chain before the license expiration could see the protocol concede market share to competitors.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto wallet app Phantom introduced support for “Sign In With” (SIW) standards to improve user security and protect against phishing attacks. 

Phantom will provide users with necessary information when they interact with decentralized apps (dApps) that adopt certain security standards for Solana and Ethereum crypto users, including Sign In With X (CAIP-122) and Sign In With Ethereum (EIP-4361), according to a blog post published yesterday. 

These standards help crypto accounts to securely authenticate with off-chain services by signing a message. The new feature is an optional addition to Phantom’s suite of security services and is up to the discretion of dApps.

If a dApp implements a SIW format but has invalid fields, Phantom will issue a warning to users. The wallet will display pop-up fields that provide information such as the domain name of the site and nonce, to prevent signature replay attacks. Such attacks can happen when an attacker intercepts a digital signature and then uses it to gain unauthorized access. Digital signatures are used to verify the authenticity of transactions and messages, but if an attacker is able to capture one, they can bypass the authentication process and potentially access sensitive data or steal assets.

Phishing concern

The move is in response to increasing concern over the vulnerability of generic sign-in messages, which can be intercepted by phishing attacks. The “Sign In With” standards are intended to eliminate the uncertainty in determining whether a user is at risk of such phishing attempts. Phantom believes that, eventually, the decentralized web ecosystem will fully adopt SIW standards as a chain-agnostic solution for generic sign-in messages and as an alternative to centralized identity providers.

Developed by a group of Ethereum creators who also built the decentralized exchange 0x, Phantom is the most widely used wallet on the Solana blockchain. In November, it expanded its reach across two blockchains, Ethereum and Polygon.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Cryptocurrency prices nosedived overnight on the back of increased regulatory scrutiny. Coinbase and Silvergate extended losses in the early session. 

Bitcoin was trading at $21,770, down 4.2% over the past 24 hours, according to TradingView data. Most of its losses occurred around 3 p.m. EST as news broke of the SEC’s enforcement action against Kraken’s staking protocol. 

BTCUSD chart by TradingView

Ether experienced a more exaggerated sell-off, dropping 6.2% to about $1,530. Binance’s BNB fell 4.4%, Cardano’s ADA shed 6.7% and Polygon’s MATIC was down 5%. 

Dog-themed memecoins were also in the red. Dogecoin plunged 7.5% and shiba inu lost more than 8%.

Crypto stocks

Coinbase shares continued to trade lower in the early session, dropping 2.6% by 8:10 a.m. EST, according to Nasdaq data. 

COIN chart by TradingView

The perceived risk to Coinbase’s staking revenue is cause for concern, according to analysts. 

Silvergate’s losses were steeper in the early session. Shares in the crypto-friendly bank dropped below $15, down about 5%.

Jack Dorsey’s Block fell almost 2% to trade at less than $75, while MicroStrategy slipped 1.4% to about $245.50.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto chiefs say bitcoin prices have hit bottom and are consolidating. 

Bitcoin was trading around $21,760 at 7 a.m. EST, down about 4% over the past 24 hours, according to TradingView data. The leading cryptocurrency by market cap is up about 31% year-to-date. 

BTCUSD chart by TradingView

“Pantera has been through 10 years of bitcoin cycles, and I’ve traded through 35 years of similar cycles. I believe that blockchain assets have seen the lows and that we’re in the next bull market cycle,” said Pantera CEO Dan Morehead, adding: “Regardless of what happens in the interest-rate-sensitive asset classes.”

Morehead said this bear market was the only one to completely wipe out the previous bull market, giving back 136% of the last rally. “I think we’re done with that and beginning to grind higher,” he said.

Pantera Capital on Bitcoin Price Cycles

Osprey Funds Greg King shared a similar sentiment on Bloomberg TV, noting that each down cycle is slightly less than the previous one — “If that’s the case this time, we’ve bottomed out.”

King said prices wouldn’t necessarily rise in a straight line from this point, as “the optimism translates into finding the wall of worry.” The Osprey Funds chief was referencing a theory in traditional financial markets that says when markets are trending higher (in the early stages of a bull cycle), they are climbing a “wall of worry,” or rising despite a lack of abundant positive sentiment. 

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

A hacker siphoned more than $3.6 million from the decentralized finance (DeFi) protocol dForce in what appears to be a reentrancy attack on a Curve vault it operated on the Arbitrum and Optimism blockchains.

The DeFi project confirmed the incident in a Twitter post, adding that it has paused its contracts to prevent further damage.

The attack was seemingly enabled by a reentrancy vulnerability, which can occur when an attacker repeatedly invokes a smart contract function and extracts assets from it before the contract updates its internal state. This can happen when there is a bug in the smart contract code or a lack of proper security measures.

“On Feb. 10, our wstETH/ETH Curve vaults on Arbitrum and Optimism were exploited and we immediately paused all vaults. The vulnerability is identified, and the exploit was specific to dForce’s wstETH/ETH-Curve vault,” the team noted.

According to two leading crypto security firms, BlockSec and PeckShield, total losses from the attack were about $3.6 million. The reentrancy bug was present in a smart contract function used by dForce to calculate oracle prices on the Arbitrum and Optimism chains when connected to Curve Finance. The specific function, known as “get_virtual_price,” is a command that gives an estimated oracle price and can be invoked by any protocol when connected to Curve. It is used to calculate the price of the liquidity pool token.

Matthew Jiang, director of security services at BlockSec, told The Block that any protocol using the “get_virtual_price” function to calculate the price oracle is vulnerable, including dForce. He added that the issue is publicly known and does not impact Curve itself. Still, projects need to be more cautious and take additional steps while estimating oracle prices, as they can be manipulated by malicious actors to carry out reentrancy attacks.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.