FreeCryptoCurrency.Me

Latin America exchange Bitso sees “tremendous potential” for crypto adoption in Colombia, according to its new country manager Emilio Pardo. 

Bitso, a Gibraltar-registered unicorn valued at $2.2 billion, already has a strong presence in Mexico, Argentina and Brazil. Now, it’s working to launch its platform in Colombia and gain a seat at the table as regulators define the country’s digital asset policy. The South American country ranked 11th on Chainalysis’ 2021 global crypto adoption index.

Pardo, who joined Bitso after serving as Mastercard’s head of business development for the Andes region, says he was drawn to working with the cryptocurrency exchange because of its approach with financial regulators.

“Regulation in Colombia, I think, sooner or later it’s going to come,” Pardo said. “And we are the first one raising our hand saying, ‘We want to be regulated. We want to have the rules of the game clear.’” Moreover, Bitso also wants to play a role in helping regulators navigate the crypto ecosystem. 

But despite the strong interest in crypto usage here, Colombia has not yet formed any specific regulations around using digital assets. However, its tax authority recently announced it would take action to crack down on those who do not correctly declare crypto assets.

One of the most important factors shaping Colombia’s future crypto policy is a sandbox supervised by Colombia’s financial regulator, the Superintendencia Financiera de Colombia (SFC). The project is allowing crypto firms like Bitso to demonstrate what types of services it can offer to banks and financial institutions.

Under this sandbox, Bitso has been working on a pilot program with the country’s oldest bank, Banco de Bogotá. The partnership, which went live for certain customers and employees last month, focuses on offering cash-in and cash-out operations. It is scheduled to run until January 2023. Up to 5,000 customers can take part in the project, Pardo said, with the bank ultimately responsible for choosing how many people will be able to participate.

Since Bitso is taking the approach of working with Colombian regulators before officially launching a product in the market, its trading platform is not widely available here yet. However, Pardo said the company has a goal of making its services available to all Colombians before the end of the year. It plans to hire more people in Colombia to fill out its small team of about 10-15 people, placing priority on roles relating to compliance and public policy.

Bitso isn’t the only exchange courting Colombia’s financial institutions and regulators as crypto finds its footing in the country. Notably, Banco de Bogotá also just started a trial with exchange Buda.com after receiving necessary approvals. Meanwhile, Gemini launched a similar pilot project with Bancolombia on Dec. 14. 

According to Pardo, a clear winner among the competition hasn’t emerged yet. However, Bitso hopes to snag the top spot when that happens.  

“We are probably the early adopters in the Colombian market,” Pardo said. “With our vision, hopefully we will achieve the number one position sooner [rather] than later.”

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

FTX.US, the American affiliate of Sam Bankman-Fried’s crypto exchange FTX, is launching a new gaming business.

Dubbed FTX Gaming, the new unit aims to help gaming studios integrate blockchain technology and NFTs into their games, according to two job openings posted by FTX.US earlier this month. FTX.US is hiring software engineers with experience in the C# programming language and the Unity game engine. Unity is a popular game development platform created by Unity Technologies.

Bloomberg first reported the news. An FTX spokesperson told the publication that FTX Gaming will provide a “crypto-as-a-service” platform through which game publishers can launch tokens and offer support for NFTs.

Gaming is an exciting use case for crypto, according to FTX, as more than two billion gamers in the world have played with and collected digital items and can now also own them through NFTs.

The news comes a month after FTX.US president Brett Harrison tweeted that gaming will be a big part of the exchange’s 2022 plans. “Excited for the tech challenges this will bring for us — integrating NFT, crypto trading, and wallet tech directly into in-game economies at [a] massive scale,” Harrison said at the time.

In November, FTX also launched a $100 million blockchain gaming fund along with Solana Ventures and Lightspeed Venture Partners to invest in startups focused on building blockchain gaming studios. The blockchain gaming category has also been very popular among venture capitalists, having attracted billions of dollars worth of investments.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

While much ink has been spilled highlighting the accomplishments (and losses) of the crypto market’s trading and investment firms, there remains one group that plays an integral, behind-the-scenes security role: crypto bug sleuths. 

From white hat hackers to researchers, this group of mostly anonymous coders and analysts scan blockchains and APIs to find possibly harmful gaps in the systems that power the crypto market. 

The discovery of a bug in a new trading feature by the pseudonymous account Tree of Alpha provides the latest example. They discovered a bug in the beta feature that would let a user to sell crypto in one account so long as they had the same amount of crypto in another account — allowing someone, for instance, to sell 100 Bitcoin with 100 SHIB.  

“I just used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, a pair I do not have access to, without holding any BTC,” Tree of Alpha explained. “Hoping this is a UI bug, I check the fills on the order, and they match the API: those trades really happened, on the live order book.”

Tree of Alpha described the bug as “market-nuking” when he took to Twitter on February 11. Coinbase ultimately rewarded the researcher $250,000 for his efforts.

To learn more, The Block sat down with the research to ask him about his background, the Coinbase bug, and what it means for crypto adoption. 

Below is our conversation with Tree of Alpha, edited for clarity and brevity:

Frank Chaparro: How did you get involved in the space and discover these types of exploits?

Tree of Alpha: I started in crypto around end of 2017, basically buying the top with pennies, as a newly-graduated software engineer.

I spent 2 years learning more about developing by writing hundreds of trading bots that would never reliably make money, before eventually switching to news trading & botting, and finding out the fastest ways to get information. Most of the exploits I find I do while looking for tradeable information. This applies to the Tesla + Doge leak, the CoinDesk one and this recent Coinbase vulnerability.

FC: The $250,000 reward seems light — given the magnitude — and the fact some DeFi protocols have offered millions. Do you think this was an appropriate amount?

ToA: It is hard to tell with the amount of factors to take into account. If you think about the possible prejudice? Sure, it seems light, even though we cannot know exactly the amount of damage that could have been done. 

DeFi protocols have very little leverage over hackers, since all the action can happen without any KYC and there is a certain culture of “code is law” to which some adhere. Coinbase is different: it is a US-listed centralized exchange enforcing KYC measures which can easily call on law enforcement to get involved.  

Bounties have to be sizeable enough to turn grey hats into white hats, yet not big enough that hundreds of people will start poking everywhere. According to the overall Twitter response, it looks like a 7-figure bounty was expected.

I did not expect that much: the size of the bounty is proportional to the severity of the issue, and since I did not exploit it the exchange can state that the possible damage wasn’t that high by offering a smaller one.

FC: What do you think this means for new entrants to crypto, can they trust centralized venues?

ToA: No matter how much people like touting the sacrosanct decentralized nature of crypto, the fact remains that we still need trust in many of the actors involved: trust that the smart contract you use doesn’t have any vulnerabilities, trust that your wallet app didn’t go rogue, trust that CEX’s are safe, etc. 

You also need to take into account that centralized entities are much more likely to be able to cover the damages from an exploit than a decentralized project. The beauty of crypto is that you have the choice: entrust your funds to an exchange, or self-custody and take responsibility for everything that entails.

FC: How do you think this issue went unnoticed?

ToA: This is a hard one: I do not know. When writing tests for an API that accepts a source account, a target account, and a product ID, the first thing I would make sure of is that the person indeed has more than “QTY” in the account. Coinbase had that part. 

The second is making sure that, for a sale on “BTC-USD” product for example, “source account” is a “BTC” account and “target account” is a “USD” account. That part was missing, and any guess from me as to why would be speculation.

While every developer knows best practices at least vaguely, the harsh truth is a lot of shortcuts are taken to save time. If Tesla, a $890 billion company, tests payment integrations on live environment, that should tell you enough about the others.

FC: Can you estimate the potential damage if it was exploited?

ToA: I cannot, that is up to very specific Coinbase internals.

The highest reward with the least chance of being discovered would have been, in my opinion, putting up huge BTC sell walls very close to the last traded price in order to send the market in a panic. A very small fraction would have actually filled as the narrative would have spread, and a bad actor could have profited handsomely from the ensuing chaos by shorting on other exchanges. 

All in all with this exploit, I believe most of the damage would have been on the market itself, and not as much on Coinbase customer holdings. The risk system would have kicked in, stopping all withdrawals and Coinbase could have done an internal rollback after the blow.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Jared Polis, the Governor of Colorado (D), explained in an Ethereum-focused speech in Denver on February 18 that Colorado will accept state taxes and fees in cryptocurrency by the summer of 2022. 

“We won’t be holding those assets in that form, but we will have a layer that accepts payment in those forms and then conversion into the units that we use, which is dollars, for budgeting and payments,” he says in his ETHDenver talk. “But as a matter of convenience for the public, we will be accepting first for taxes and then for many different fees and services by this summer.” 

The reasons Colorado will accept crypto payments for state taxes and fees are for increased user convenience and faster payment speeds, the governor said. The state is still looking for the right company to facilitate these crypto transactions. 

Polis has been friendly toward crypto during his time as a member of Congress, playing a key role in the launch of the Congressional Blockchain Caucus, a platform for legislators to discuss policy and regulation related to Web3 technology, in 2016. 

Polis adds in the ETHDenver talk that Ethereum and blockchain is a “critical part of Colorado’s overall innovation ecosystem,” and that Colorado will be a crypto-forward state.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

It’s not every day you go on a treasure hunt for $84 million. For father and son duo Chris and Charlie Brooks, it was just part of the job.

Chris, 50, and Charlie, 20, run a bitcoin recovery service. And since bitcoin’s big gains last year business has been booming. In the past 13 months, they have recouped seven figures worth of bitcoin for their clients. They’ve also had their fair share of bizarre, only-in-crypto type experiences. 

The duo recently sat down with The Block to recount how the business started and how it works — and tell some of their craziest stories. 

“Call me now”

For Chris and Charlie, business really took off in September, after they were featured in Business Insider. The article inspired a flurry of inbound requests.

One of those requests came from three burly men from Georgia. The men, who got in touch the day after the article, sent only a screenshot of a wallet with a balance of $84 million, a number, and a message: “Call me now.”

Chris and Charlie hopped on a Zoom call with the prospective clients, who told them that they had won 5,000 bitcoin in a court case in around 2012 or 2013.

“They said they had won 5,000 bitcoin and said they were able to withdraw $3,000 a week but they wanted to pull it all out and they wanted us to come down and figure out how to withdraw all of this bitcoin in one lump sum,” says Charlie.  “And they said they would make us millionaires.” 

The next morning, the two sleuths got on a plane to Georgia. They went for lunch and witnessed the three men bring out a few tablets, showing their accounts. Yet the duo were surprised to see the accounts showed $3.2 billion in ether (ETH) — a figure that didn’t match the court case explanation. This was the first major red flag.

Charlie (left) and Chris (right) Brooks as they hop on a plane to Georgia.

“We hopped back in their truck. Drove another hour deeper into Georgia,” says Chris. “We pull up at this strip mall because one of them owns a strip mall. They just start handing us notebooks with seed phrases on them.”

Charlie adds that there were around 20 to 30 notebooks and that the guys just kept watching over what they were doing. The duo spent around 10 hours pouring through them, looking at every private key and seed phrase on them. After spending the day there, they managed to unlock just $10 of bitcoin. 

It was a total disaster.

Charlie explains that the men had portfolio trackers set to these wallets containing large amounts of cryptocurrency and that they were convinced they had the private keys to them. He estimates that they had been sold these addresses on the premise that they controlled the funds. In other words, they had been scammed.

As for the $3,000 a week they were supposedly able to withdraw, that was a bald-faced lie, according to Charlie.

“It was a few plane tickets down the drain and a day wasted,” says Charlie. “They were really sweet guys though.”

Chris follows on, “We were never worried about being kidnapped, it was just such a bizarre experience.”

How the business came about

Chris first heard about bitcoin in 2014 when his business coach recommended that he take a look at it. It was worth $600 at the time. He says he “quickly realized it was ridiculous” and went on to ignore it for three years.

Three years later, during bitcoin’s epic 2017 rally to $20,000, Chris came back around and bought his first bitcoin. Then, while on holiday, he read a book about bitcoin and it changed his mind about it.

He started looking for a way to build a business around it. A programming engineer with 20 years of experience, he considered mining or automated trading strategies. Then he started coming across stories of people losing passwords to their bitcoin wallets and thought he would take a shot at starting a recovery service.

Known as Crypto Asset Recovery, the business ran for little over half a year before he shut up shop. By then, bitcoin’s price had crashed and he wasn’t making any money. 

Charlie (left) and Chris (right) Brooks in their home office.

Fast forward to December 2020, and the price of bitcoin is back above $20,000 and breaking new highs. His son Charlie, who had been a computer science student, had just taken six months off to go traveling. When he got home they started hashing out business ideas — they had an idea of building one together — and they thought back to the bitcoin business. 

“We decided we were going to give it a try and rehash the business,” Charlie says. So far, business has been going strong, though it remains sensitive to the broader crypto markets.

How does the bitcoin recovery service work?

Prospective clients typically reach out to the duo and say they’ve got a wallet but have lost the password to get into it (as opposed to losing the private key for the wallet — a very different problem). 

In order for the duo to help, they have to get access to the wallet and collect as much information as possible about the client’s normal passwords, such as for their email address. Sometimes they need the client to hand over an encrypted copy of their private key. 

Typically the father and son will first jump on a video call with the client to get to know the problem. This is the moment where both sides are working out if they can trust each other. The client is looking to see if they feel safe handing over their passwords, while Chris and Charlie are looking to check if the client is being genuine about their story.

“At the same time we need to figure out if the story they’re telling us is real,” says Chris. In crypto, that can be especially difficult. 

“We look at people who come to us with 1,000 bitcoin in a bitcoin core wallet for example. These wallets are just purchased on the internet as lost wallets,” Chris says. These are files that contain private keys to bitcoin addresses where the owner forgot the password and they’re hard to access. They can be bought on websites like AllPrivateKeys. He adds that even if the two were able to open one of these wallets, they wouldn’t know if the client necessarily owned the bitcoin inside.

Another struggle is that it’s often hard for the duo to know how much money is in the wallets before they open them. In some cases, they know the public address, so it’s trivial to look the wallet up and find out how much is inside, but they often don’t have this information.

And while it can be tempting to chase after wallets that clients say contain a lot of crypto, as they found in Georgia, sometimes the treasury chest at the end of the rainbow is all but empty.

You never know what you’re gonna get

In fact, according to Charlie, the whole business is very hit and miss, with 40-50% of wallets that they get inside turning out to be empty.

He says the two of them had been working on one wallet for a month or two. The client said it had 12 bitcoin inside it, worth $500,000 at current prices. When they finally got inside it, they realized that wasn’t nearly the case. 

“We tried to act as professional as we are, but when we crack a big wallet we jump up and down and are super stoked about the payday we’re getting. We were super excited about this 12 bitcoin crack,” says Charlie. “It turned out he had $2.38 in the wallet.”

Carlie says it’s common for people to lose track of their wallets and get confused over how many wallets they have and which providers they actually set wallets up with. This is often because of the time gap between when they set them up and when they suddenly remember or find them and want access.

On the other hand, there are some good experiences. One client bought 2.35 bitcoin for $399 at a CVS drug store in 2011 and forgot all about it. Apparently it was purchased through Blockchain.com (Blockchain.info at the time) via payment processor BitPay.

Charlie says the former co-founder of Blockchain.com, Nic Cary, had set up a range of backchannels for people to buy bitcoin in its early days. Yet the current team was unaware that this used to be possible. But they were still able to work with the company to get access to the wallet.

“After a month or so we got inside her wallet and her $399 investment had accumulated up to $150,000 at that point. She had just retired and was able to pay a big chunk of her daughter’s college bill,” says Charlie.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The nascent market for non-fungible tokens was sent into a tizzy Saturday evening after millions of dollars worth of NFTs on OpenSea were swiped by a hacker.

At the time of writing, it is not clear if the assets were stolen via a breach stemming from a deficiency in OpenSea’s platform or a phishing attack—a commonplace way for thieves to access accounts through factitious emails. 

“We are actively investigating rumors of an exploit associated with OpenSea related smart contracts,” the firm said in a tweet. “This appears to be a phishing attack originating outside of OpenSea’s website.”

A spokeswoman for the firm directed The Block to this tweet when reached for further update.

At this point The Block can confirm that the hacker has stollen roughly $3 million in assets, which includes popular NFTs like Bored Apes, Azuki and CloneX.

The CEO of Nasen, Alex Svanevik estimates that about 19 OpenSea users have been impacted.

OpenSea—which recently raised at a valuation topping $13 billion—is one of the largest platforms for NFT trading. It counts Andreessen Horowitz and actor Ashton Kutcher as backers. 

We will update this report when we learn more.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

“Market-nuking” 

Those are two words that can capture a trader’s attention in crypto. And when an anonymous account Tree of Alpha used those words to describe a possible exploit on Coinbase, it sent crypto Twitter into a tizzy about the extent to which Coinbase could be exploited.

Ultimately, those words were accurate to describe what could have happened if Coinbase’s leadership did not identify and fix what Tree of Alpha found.

In a blog post, Coinbase said that the problem was a bug in the new trading feature in limited beta availability. An exploiter, using two accounts, could manually modify their APIs connected to the exchange to sell a certain amount in one asset if they had the same amount in the other account with the same amount of another crypto.

“The user submits a market order to the BTC-USD order book to sell 100 BTC, but manually edits their API request to specify their SHIB account as the source of funds,” Coinbase explained. “As a result, a market order to sell 100 BTC on the BTC-USD order book would be entered on the Coinbase Exchange,” the firm added.

Coinbase said it would pay Tree of Alpha $250,000 as a bounty — a figure that’s dwarfed by the bounties paid by DeFi protocols. Wormhole offered to pay out $10 million after its eye-popping hack earlier this month.

As for Coinbase’s bug, Tree of Alpha said that he discovered it whilst poking around Coinbase’s new advanced trading platform. “I just used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, a pair I do not have access to, without holding any BTC,” he explained. “Hoping this is a UI bug, I check the fills on the order, and they match the API: those trades really happened, on the live order book.”

In other words, Tree of Alpha was able to sell ~$1,000 worth of bitcoin with only ~$70 worth of ether in his account (rough maths based on February 11 pricing).

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Quick Take

• From next to nothing, Tiger Global has been involved in 35 crypto deals since the start of 2021. 
• Now the tech investment giant appears to be ramping up its DeFi investment strategies. 

This feature story is available to
subscribers of The Block News Plus.
You can continue reading
this News Plus feature on The Block.

A digital artist who goes by the name of Pplpleasr announced on February 18 at the Ethereum-focused conference ETHDenver that she is helping to launch a decentralized video platform called Shibuya. 

Pplpleasr is the NFT artist responsible for Fortune’s NFT cover as well as the decentralized art collection platform PleasrDAO, which is currently raising $69 million. According to a slide deck viewed by The Block, Pplpleasr’s latest project is a media platform she describes as a mix of Netflix, Vimeo and the crowdfunding platform Kickstarter — but with a decentralized spin. Shibuya will enable users to directly affect the platform’s content through the use of non-fungible tokens (NFTs) and cryptocurrency.

“Shibuya is a decentralized Hollywood, where cultures and ideas meet in one eclectic and inspiring place,” Pplpleasr said at ETHDenver.

The first piece of media Shibuya will launch is called White Rabbit, which the artist described as including elements of anime, the English drama Black Mirror and Web3. A short preview of White Rabbit released at the conference shows a woman waking up in a field and encountering a prodigious castle. The preview stops there, showing the woman staring down two doors. Each door represents a different ending for the episode. 

To watch the episodes, viewers must mint NFTs on Shibuya that can be staked to cast a vote on the episode’s direction. Voters will then be rewarded with White Rabbit tokens — fractionalized ownership of the web series. 

Shibuya has not accepted outside funding, Pplpleasr said. Other collaborators on the project include the digital artist Maciej Kuciara, who lists their NFTs on the auction house Phillips. The platform will tentatively launch on March 1, Pplpleasr said, and plans to incorporate more media beyond video in the future.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Nexo announced a set of policy changes for US customers, a move that comes as the Securities and Exchange Commission scrutinizes products and services in the crypto lending sector.

Per an email sent to customers and a statement on Nexo’s official subreddit, the policy changes affect both existing accounts as well as new ones, with the firm saying it “voluntarily implemented changes to its Earn Interest Product in the U.S. to comply with newly-announced guidance.”

“Nexo’s registered clients who are currently earning interest on the platform will continue to do so on their existing digital asset balances only,” the firm said, explaining:

“Top-ups to your Nexo Wallets made after today will not earn interest until the restructuring of the Earn Interest Product and the registration process with the relevant regulatory bodies are complete, as per the recently received guidance. Once complete, all new accounts will be transferred to the Earn Interest Product 2.0 and the new top-ups will earn interest. Please note that if you withdraw any of the assets in your current balance, you won’t be able to earn interest on them even upon their subsequent return.”

For new accounts, “Nexo’s Earn Interest Product in its current form will not be available for new clients, until the restructuring of the Earn Interest Product and the registration process with the relevant regulatory bodies are finalized, as per the recently received guidance.”

“The current changes only affect Nexo’s Earn Interest Product in the U.S. and have no impact on any other Nexo products,” the statement continued. “Non-U.S. clients are are not subject to the SEC’s guidance and remain unaffected by any of these changes.”

The timing is notable given the SEC’s evolving oversight of the crypto lending space. Earlier this week, crypto lender BlockFi settled with the SEC and state securities regulators to the tune of $100 million. The firm also plans to register its BlockFi Yield product as a security.

SEC chair Gary Gensler has highlighted the crypto lending sector as one area in which federal officials are scrutinizing. 

In October, Nexo appeared to have been the subject of scrutiny in the US state of New York, along with crypto lending firm Celsius, according to unredacted letters that became available at the time. 

Nexo did not immediately respond to a request for comment. 

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.