Exploring the tech behind crypto one block at a time |
|
|
Hi, Bradley Keoun here, editor of The Protocol. In today’s issue, our Sam Kessler has an analysis of what was likely the biggest imbroglio in crypto over the past week – the admission by hardware wallet maker Ledger that the devices might not be as isolated as many users previously assumed. Also, we have exclusive details from the “Zuzalu” two-month gathering in Montenegro of crypto elites, including Ethereum co-founder Vitalik Buterin. (Cold plunges, anyone?) We also detail one security firm’s claim to have physically hacked the Trezor T wallet and highlight the race for dominance in the growing field of “smart accounts.” |
Ledger PR Gaffe Shows Importance of Managing Expectations |
Blockchain industry executives often say they idealize “decentralization,” “self-sovereignty” and “trustlessness” – espousing a vision for a future internet and financial ecosystem free of rent-seeking intermediaries and unreliable middlemen. But time and time again, major blockchain companies and projects come up short – with users surprised and angry to realize that they unknowingly placed their trust in shoddy code, centralized entities or security-challenged hardware. The latest example comes from Ledger, the Paris-based crypto hardware wallet company, which, following a public-relations firestorm last week, announced Tuesday that it would delay plans to release a controversial new wallet-recovery feature called Ledger Recover. When it revealed the proposed feature last week, Ledger inadvertently drew attention to the fact that the company could theoretically move wallet seed phrases off-device via user-approved firmware upgrades. Previously, the company left some users with the impression that its devices were engineered to avoid this specific scenario. |
Screen grab from video purporting to show a user smashing a hardware wallet with a hammer and then setting it ablaze with a blowtorch. (@oklahodl1/Twitter) |
Once the potential “backdoor” was revealed, outrage flooded Crypto Twitter, with posters panning Ledger for being out of touch with its own customer base – ostensibly self-sovereign types who want nothing but to be entirely in control of their own crypto. Ledger vehemently denied allegations that its capabilities amounted to a “backdoor.”
But the company’s initial response to the outrage – pointing out (in a now-deleted tweet) that users were always trusting Ledger not to extract user keys – only served to fuel the furor: One widely-circulated video appeared to show a user smashing a Ledger device with a hammer and then blowtorching it into flames. In a letter posted to Twitter on Tuesday, Ledger CEO Pascal Gauthier apologized to customers, promised to open-source “as much of the Ledger operating system as possible,” and said he’d delay the release of Ledger Recover. Delay or no, Ledger’s theoretical ability to move user keys via future software upgrades remains intact – mainly as a by-product of technical constraints with how Ledger and similar wallets are engineered. The fiasco served as a valuable crash course on the limitations of hardware wallets, generally considered the most secure way to hold crypto. It was also a reminder that the current state of crypto technology doesn’t always match up with the industry’s ideals – and a lesson on the importance of carefully managing expectations. |
|
|
Discussion circle at Zuzalu, with Ethereum co-founder Vitalik Buterin on the turquoise beanbag chair, listening to Asymmetry Finance's Hannah Hamilton. (Hannah Hamilton) |
Zuzalu is the crypto-friendly “pop-up city” in Montenegro that you probably weren’t invited to. But roughly 200 people, most notably Ethereum blockchain co-founder Vitalik Buterin, have spent the past couple months co-working in the marina town of Lustica Bay, staying in a five-star hotel, Airbnb or even onboard a catamaran – while taking in occasional discussions of zero-knowledge cryptography and longevity in a hemispherical structure known as the Dome filled with beanbag chairs. Daily rituals include taking “cold plunges” in the Adriatic Sea, and for some, measuring postprandial glucose levels. How people got invited, or who had the original idea to bug off for two months to the Balkans, remains a bit of a mystery, but our Margaux Nijkerk has a lot of details on the elite gathering, in case your Twitter feed isn’t already saturated with the images of attendees taking selfies with Buterin. Crypto recovery specialist claims it can physically hack into Trezor T wallet. In yet another reminder of the fact that complete security remains elusive in crypto, the firm Unciphered provided a demonstration for CoinDesk of how, if it has physical possession of the crypto wallet, a sophisticated hack is possible. It’s pretty technical, but the team documented the efforts in a video while declining to disclose details of its methods. A Trezor representative told CoinDesk that its team didn’t have enough details about the specific attack Unciphered performed to respond fully, but noted that it looked like a type of attack that the company had previously flagged as a risk, and said it was working on a fix. Commenting on the fact that this attack vector only works if the wallet is in the physical possession of the attacker, Nick Federoff, head of marketing at Unciphered, said that “the threat can often be coming from inside the house.”
Also: |
Here we highlight some of the latest blockchain tech upgrades: |
- Strike, Bitcoin-focused payments firm, is expanding app to more than 65 countries from the current base of the U.S. and El Salvador.
- Mangrove, decentralized exchange, launches on Polygon testnet.
- Shibarium, layer 2 network set to join ever-growing fray of Ethereum-based blockchains, crosses 10M transactions on test network ahead of planned mainnet launch later this year.
- Solana Labs has created an open-source reference implementation for a ChatGPT plugin; once plugins are available, users will be able to check wallet balances, transfer tokens and purchase NFTs directly from the AI tool.
- Osmosis, Axelar, Akash fund “mesh security” model for Cosmos ecosystem, according to The Block.
|
Want to showcase your project's latest development? |
|
|
- Sort, Web3 app development platform, raises $3.5M in seed funding. (Lemniscap, The General Partnership)
- FastLane Labs, maximal extractable value protocol for Polygon, raises $2.3M seed funding. (Multicoin Capital, Polygon Ventures, Shima Capital, Delphi Ventures and Everstake Ventures, a41 Ventures and Symbolic Capital)
- Num Finance, DeFi protocol, raises $1.5M, plans to expand stablecoin offerings in Latin America and Middle East. (Reserve, H20 Scouter Fund, Ripio Ventures, VC3 DAO)
|
|
|
There’s been a surge in development of so-called smart-contract wallets after the deployment earlier this year on Ethereum of a new feature known as “account abstraction.” Now, blockchain analysts are attempting to map out the taxonomy of the burgeoning crypto sub-sector. In a report last week, the Messari analyst Seth Bloomberg noted that some aspects of the work has “caught the attention of both crypto-native projects as well as traditional finance incumbents such as Visa.” According to the report, the current leader in the fast-growing space is the wallet maker Safe, spun out from Gnosis in 2022. Source: Messari. |
|
|
|