chain

Jump Crypto unveils critical vulnerability on Binance’s BNB Chain

The security flaw would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team.

Web3 infrastructure firm Jump Crypto has discovered a vulnerability in the BNB Beacon Chain, which would allow the mint of an unlimited amount of arbitrary tokens. The issue was privately disclosed to the BNB team, enabling a patch to be developed and deployed within 24 hours.

In a blog post from Feb. 10, Jump Crypto disclosed a detailed report about the vulnerability found two days earlier, which could “have led to a large loss of funds.“

As per the report, the BNB Chain comprises two blockchains: The Ethereum Virtual Machine-compatible Smart Chain, based on a fork of go-ethereum and the Beacon Chain, built on top of Tendermint and Cosmos SDK.

However, the Beacon Chain uses a BNB fork hosted on GitHub with several BNB-specific changes. “It deviates from the Cosmos SDK upstream in several ways, motivating us to take extra care in reviewing the differences,” notes Jump Crypto, which recently started a broad research effort dedicated to discovering and patching vulnerabilities across projects via coordinated disclosure.

The vulnerability would allow an attacker to mint an almost unlimited amount of BNB tokens via a malicious transfer, meaning that destination accounts would receive a much larger number of BNB tokens than the sender initially provided. Jump Crypto noted:

“Bugs that allow infinite minting of native assets are some of the most critical vulnerabilities in Web3. As such, this finding is proof that we all must stay vigilant and collaborate to elevate security assurances across all projects. “

The BNB team fixed the issue by switching to overflow-resistant arithmetic methods for the SDK coin type. The patch will result in a golang panic and a transaction failure if the coin calculation overflows.

BNB Chain is the native blockchain behind the crypto exchange Binance. The company CEO, Changpeng Zhao, thanked Jump Crypto’s team for reporting the bug on Twitter:

In October 2022, the BNB Chain was briefly suspended after a cross-chain exploit compromised nearly $80 million worth of cryptocurrency. The genesis of the breach took place on the BSC Token Hub, eventually resulting in the creation of an “extra BNB,” shows an official post on Reddit. 

88x Finance partners with Axelar Network for cross-chain yield aggregator

The startup is one of the projects participating in the Axelar Ecosystem Startup Funding Program.

The crypto bear market may be lasting longer than expected, but some Web3 startups see it as the perfect opportunity to build solutions and infrastructure that will welcome users and institutions when the next wave of adoption arrives.

Cross-chain yield aggregator 88x Finance claims that the emergence of general message passing and true composability between blockchains is an opportunity to provide services both to retail and professional investors.

Roughly six months after starting to build the platform, the protocol is now participating in the Axelar Ecosystem Startup Funding Program, a $60 million startup funding program dedicated to accelerating Web3 protocols, backed by Axelar and a group of 15 blockchain investors

“We started working on cross-chain yield aggregation because it seems like the natural evolution of bridges/general message passing protocols, etc.,” Nick Avramov, co-founder of the crypto startup, told Cointelegraph.

Related: Security and interoperability, the challenges ahead of Web3 mass adoption

Yield aggregators combine multiple smart contracts protocols and strategies to maximize return on investment. They use smart contracts to invest crypto assets in yield-paying products and services through automated strategies. They are similar to having a fund manager in charge of a crypto portfolio, providing the best decentralized finance, or DeFi, crypto staking opportunities.

Georgios Vlachos, co-founder at Axelar, explained to Cointelegraph that since crypto is becoming increasingly decentralized, with a growing number of blockchain networks and DeFi platforms operating independently of one another, cross-chain yield aggregation will be an important aspect of DeFi in the coming years. He also noted:

“Cross-chain yield aggregation can also help to diversify risk and increase returns. By combining yield-generating strategies across multiple blockchain networks, investors can potentially reduce the impact of market fluctuations on their overall portfolio.”

88x said it intends to provide vault automation strategies and diversification through predefined investment strategies running across multiple blockchains. “Within a single interface, users can enjoy yield farming opportunities on Ethereum, BNB Chain, Avalanche, Polygon and many more networks — without the need to switch between wallets,” Will Kamalov, co-founder of 88x Finance, told Cointelegraph.

Even with the market crisis, Web3 projects attracted $30 billion in 2021 and $36 billion in 2022, data from Cointelegraph Research shows. Among one of the first rounds of funding this year, blockchain development platform QuickNode closed a $60 million funding round intended to onboard more Web3 users and developers worldwide.

Bridge attacks will still pose major challenge for DeFi in 2023 — Security experts

Hackers have stolen over $2.5 billion through vulnerabilities on cross-chain bridges in the past two years.

Security has been a critical challenge for decentralized finance (DeFi) and its evolution. Between 2020 and 2022, hackers stole over $2.5 billion through vulnerabilities on cross-chain bridges, Token Terminal data shows. This is a substantial amount compared with other security breaches.

Issues with bridges have a root cause: All of them have an “inherent vulnerability,” Theo Gauthier, founder and CEO of Toposware, told Cointelegraph. According to Gauthier, no matter how secure a bridge is on its own, it is “entirely reliant on the security of the chains it connects,” meaning any breach or bug within one of the two bridged chains makes the overall bridge vulnerable.

Briefly, bridges are used to connect different blockchains and aim to address the lack of standards between protocols. Interoperability between blockchains is considered to be a critical goal for enhancing the end-user experience and promoting broader crypto adoption.

Solutions for interoperability and security in the crypto industry are gaining traction despite the bear market. One of the major technologies available is zero-knowledge proofs (ZKPs), which allow data to be verified and proven as accurate without revealing further information, unlike typical interoperability solutions that require networks to disclose their states.

Related: Industry execs voice confidence in DeFi adoption despite security flaws

Through ZKPs, it is also possible to create a ZK-powered Ethereum Virtual Machine (EVM), noted Polygon’s chief information security officer, Mudit Gupta. This would allow developers to launch scalable and completely private Ethereum-compatible smart contracts. Gupta also noted:

“We believe in the old crypto adage of ‘don’t trust, verify.’ With ZK-powered solutions, this is absolutely possible. The zkEVM has shown that it can maintain privacy, decentralization, speed and scalability. With this, there is no need to sacrifice anything that has made the crypto space what it is, and in fact, it improves it.”

For bridges, the solution would be auditing and real-time monitoring standards, noted Gustavo Gonzalez, solutions developer at Open Zeppelin. Bridges’ smart contracts “should be audited, ideally by multiple third parties, before being released ‘into the wild.’ New audits should happen anytime updates are made, and all results should be transparently shared with the community.”

Machine learning technology could also be used to flag potentially suspicious patterns of activity with advanced security monitoring, detecting an attack before it actually happens, said Gonzalez.

Combining security software solutions with blockchain protocols could make the entire space more secure for users and investors. A Bitcoin (BTC) maximalist would say “Just use Bitcoin, and you won’t have these issues at all.” While smart contracts for Bitcoin are in the works, DeFi players will be tasked with building trust within their respective ecosystems amid ongoing security concerns.

Serum exchange rendered ‘defunct’ following the collapse of Alameda and FTX

The project shared that “a community-wide effort to fork Serum is going strong,” however.

Solana-based decentralized exchange (DEX) Project Serum has notified its community that the collapse of its backers — Alameda and FTX — has rendered it “defunct”.

The team behind the project shared that “there is hope” in spite of its ongoing challenges because of the option available to “fork” Serum

According to the announcement, “A community-wide effort to fork Serum is going strong.” OpenBook, the community-led fork of the Serum v3 program, is already live on Solana with over $1 million daily volume, supported by continuous efforts to expand it and grow its liquidity.

“With Openbook’s existence, Serum’s volume and liquidity has dropped to near-zero,” Project Serum tweeted. Users and protocols are safer using OpenBook given unspecified security risks associated with the “old Serum code” which was compromised in the FTX hack

When it comes to its SRM token, the DEX shared that the “future of SRM is uncertain,” with community members apparently divided on the subject. Some believe it should be used “for discounts,” while others say it should not be used at all given its exposure to FTX and Alameda.

Related: BlockFi bankruptcy filing triggers a wide range of community reactions

On Nov. 12, Cointelegraph reported that FTX was hacked, with wallets tied to FTX and FTX US drained of $659 million.

Following the FTX hack, ​​Solana’s developers forked the widely used token liquidity hub, Serum, after it was compromised in a series of unauthorized transactions. On Nov. 12, Solana co-founder Anatoly Yakovenko tweeted that developers who depend on Serum were forking its code after its upgrade key was compromised, adding that many “protocols depend on serum markets for liquidity and liquidations.”

Polkadot incentivizes its community to fight scams through an “anti-scam bounty”

Polkadot said it rewards community members in a consistent manner with bounties paid in USDC.

Polkadot, a protocol that connects blockchains, has announced its latest initiative to help its ecosystem fight scams. 

According to the company, relying on security-minded individuals within its community to fight scams has proven to be an effective method of safeguarding its ecosystem. To incentivize the members of its community to continue to do the work, Polkadot consistently rewards them with bounties paid in USD Coin (USDC). 

Polkadot shared that its bounty is currently managed by the general curators, which for now, consists of three community members and two people from the W3F Anti-Scam department. However, in the long term, Polkadot hopes that the bounty will be eventually managed exclusively by the community. 

As part of the community-led anti-scam initiative, community members are tasked with finding and taking down scam sites, fake social media profiles and phishing apps, as well as protecting its Discord servers from raids. Additionally, the community will create educational materials for users as well as an Anti-Scam Dashboard to act as the central hub for all anti-scam activities in its ecosystem.

Overall, the initiative encourages participating members to come up with ideas for expanding anti-scam activities to other areas. By decentralizing its anti-scam efforts, the Web3 Foundation and Parity have shifted their decision-making process to the community. 

Related: Polkadot co-founder Gavin Wood steps down as CEO of Parity

Polkadot appears to be making the necessary strides to grow and strengthen its ecosystem. On Oct 17, Cointelegraph reported that Polkadot hit an all-time high in development activity. Project developers reported that 66 blockchains are now live on Polkadot and its parachain startup network Kusama.

Since its inception, over 140,000 messages have been exchanged between chains via 135 messaging channels. Together, the Polkadot and Kusama treasuries have cumulatively paid out 9.6 million Polkadot (DOT) and 346,700 Kusama (KSM) ($72.8 million total) to fund spending proposals in the ecosystem.

Casper Association launches $25M grant to support developers on its blockchain

To complement the launch of its grant program, Casper said it will provide education to support developers and innovators on its network.

Scalable blockchain network Casper announced the launch of its new Casper Accelerate Grant Program on Nov. 23, created to support developers and innovators who are building apps to support infrastructure, end-user applications, and research innovation on its blockchain.

The Casper Network is a proof-of-stake (PoS) enterprise-focused blockchain designed to help businesses to build private or permissioned applications aimed at accelerating businesses and the adoption of blockchain technology. The network also boasts of solving the “scalability trilemma,” which revolves around “security, decentralization, and high throughput.” It also features upgradeable smart contracts, relatively lower gas fees compared to other layer-1 blockchains, and developer-friendly features to make it easier for the protocol to evolve as businesses expand their use.

To complement the launch of its grant program, Casper said it is creating a new digital portal to support developers and innovators on the network with practical tools and code, to help build their products. The developer portal is scheduled to go live in the first quarter of 2023. 

Related: zkSync developer Matter Labs raises $200M, commits to open-sourcing platform

Despite being in a bear market, projects still appear to be raising and investing funds to improve the Web3 ecosystem and the adoption of blockchain technology. On Nov 23, Cointelegraph reported that Onomy, a Cosmos blockchain-based ecosystem, raised millions from investors for the development of its new protocol, a project that seeks to merge decentralized finance (DeFi) and the foreign exchange market. 

On Oct. 18, Celestia Foundation also announced that it had raised $55 million in funding for building a modular blockchain architecture with the goal of solving challenges inherent to deploying and scaling blockchains. The company shared that it intends to build infrastructure that will make it easy for anyone with the technical know-how to deploy their own blockchain at minimal expense.

Crypto Twitter reacts to Binance CEO’s deleted tweet about Coinbase’s Bitcoin Holdings

Coinbase CEO Brian Armstrong indirectly addressed CZ’s tweets as “FUD.”

Coinbase was trending on Twitter on Nov. 22 after Binance CEO Changpeng Zhao, known also as CZ, sent out a tweet that appeared to question Coinbase’s Bitcoin (BTC) holdings.

In the since-deleted tweet, CZ referenced a yahoo finance article that alleged that “Coinbase Custody holds 635,000 BTC on behalf of Grayscale.” CZ added, “4 months ago, Coinbase (I assume exchange) has less than 600K,” with a link to a 4-month-old article from Bitcoinist. The Binance CEO made it clear that he was simply quoting “news reports,” and not making any claims of his own. However, his tweet was not received well by the crypto community. 

A screenshot of CZ’s since-deleted tweet.

Shortly after, Coinbase CEO Brian Armstrong indirectly responded to CZ in a series of tweets, stating, “If you see FUD out there – remember, our financials are public (we’re a public company),“ with a link to Coinbase’s Q3 shareholder letter. He clarified that his company holds “~2M BTC. ~$39.9B worth as of 9/30 (see our 10Q).”

CZ deleted his tweet shortly afterward, stating: “Brian Armstrong just told me the numbers in the articles are wrong. Deleted the previous tweet. Let’s work together to improve transparency in the industry.”

Given recent market events and Binance’s perceived role in instigating them, some have called out CZ for the insinuations. To recap, FTX’s liquidation crunch, which led to an overall spiral in the market over the past two weeks, is believed by many to have been initially triggered by the Binance CEO after his tweets caused panic and a bank run on FTX.

Will Clemente, co-founder of digital asset research firm Reflexivity Research, shared on Twitter; “That latest tweet CZ made about Coinbase’s Bitcoin holdings that he just deleted wasn’t a great look. I get the argument that he’s trying to protect the industry but CZ is more than smart enough to know that exchange and custody wallets are separate.”

Mario Nawfal, founder and CEO of IBCgroup.io, shared on Twitter: “Is CZ implying Coinbase custody does NOT hold 1 to 1 BTC on behalf of Grayscale Trust???? See his latest tweet. This is a concern I never had til now. This is a VERY serious question (implied accusation?) to ask.”

Analyst, trader, and investor 360_trader shared: “CZ just proved today he’s all about one thing… his empire. He IS NOT here to look out for the industry … he deleted the tweet… But now … as I already expected … He’s exposed himself as a villain.”

Trader and investor BobLoukas called out CZ for his lack of due diligence before tweeting. He shared: “CZ ‘Let’s work together to improve transparency in the industry.’ Also CZ – Let me tweet to millions some random FUD in the middle of a bear market major liquidity event before maybe just reaching out to confirm.”

Related: Binance CEO denies report firm met with Abu Dhabi investors for crypto recovery fund

On Nov 18, Cryptocurrency investment product provider Grayscale Investments shared that all digital assets that underlie Grayscale’s digital asset products are stored under the custody of Coinbase Custody Trust Company, LLC. Although the company has refused to provide on-chain proof of reserves or wallet addresses to show the underlying assets, citing “security concerns.” At the time of publication, Coinbase (COIN) had experienced a $5.3% increase in price. 

Blockchain interoperability goes beyond moving data from point A to B — Axelar CEO Sergey Gorbunov

Axelar’s co-founder shared his views on blockchain infrastructure and adoption at Converge22 in San Francisco.

Cross-chain communication between blockchains is more than just moving data from point A to B, but how it can connect applications and users for enhanced experiences and fewer gas fees in Web3, outlined Sergey Gorbunov, Axelar Network co-founder and CEO, speaking to Cointelegraph’s business editor Sam Bourgi on Sept. 28 at Converge22 in San Francisco. 

As the crypto industry has developed over the past few years, blockchain interoperability has seen a surge in demand, attracting venture capital and welcoming players, such as Axelar, which reached unicorn status in February. According to Gorbunov, the company, founded in 2020, started with a premise that cross-chain and multichain capabilities would come to define the crypto space. “The idea is not just to talk about how to connect A to B, but how to connect many to many, right? How to connect everybody with everyone else. And that includes applications and includes users,” he explained. 

Interoperability is a buzzword in the crypto industry that refers to the ability of many blockchains to communicate, share digital assets and data, and work together, thereby sharing economic activity. As an infrastructure, interoperability is crucial for broader adoption of the technology, as Gorbunov explained:

“We need an ability for the user to execute one call on one chain, and that transaction actually taking place on other chains without them having to go and get a native token of that chain, pay gas, execute themselves and move it back and forth.”

Axelar’s CEO highlighted that, beyond better experiences for users, interoperability also means higher economic outcomes, as interoperable chains can have unified liquidity and thus spend less on gas fees for transactions. “Our Web2 experience is a lot simpler, and we have to get to the same level in Web3 with simpler experiences, and that is what cross-chain enables us to do, to help build those simple experiences.”

Related: Circle Product VP: USDC chain expansion part of ‘multichain’ vision

At Converge22, Axelar was announced as one of the networks set to integrate with Circle, the financial technology company behind the USD Coin (USDC) and Euro Coin (EUROC). Circle is launching a new cross-chain transfer protocol to help developers build frictionless experiences for sending and transacting USDC natively across blockchains.

Earlier this week, Axelar disclosed a partnership with Mysten Labs, the infrastructure company behind the Sui blockchain, to deliver cross-chain communication for developers through General Message Passing and advance the prospect of a so-called “super DApp.”

Writer and editor Sam Bourgi contributed to this story.

Axelar, Mysten Labs partner on cross-chain communication for super DApps

Integration will roll out before the end of 2022, enabling General Message Passing on Sui blockchain.

The proof-of-stake (PoS) blockchain Axelar and the infrastructure company behind Sui blockchain, Mysten Labs, disclosed a partnership on Sept. 27 to deliver cross-chain communication for developers through General Message Passing, aiming to advance the prospect of a “super DApp.” Integration is expected to be completed before the end of the year.

The collaboration will enable DApps created in Move — Mysten’s programming language — to call any function on any external chain. According to the companies, developers will be able to provide users with the ability to “’tap in’ with whatever token, wallet, and blockchain they desire, with no need to bridge or swap to access features.” The companies also stated that theuse cases range from incorporating liquidity into Web3 games to leveraging digital assets as collateral for multichain lending and borrowing.

Speaking to Cointelegraph, Sergey Gorbunov, Axelar CEO and co-founder, explained:

“The permissionless, open nature of Web3 gives it an advantage that hasn’t yet been tapped. In Web2, super apps are based on monopolies or oligopolies. In Web3, developers can compose at will – but until now, this composability has been constrained within the limits of existing ecosystems. General Message Passing, combined with the power of the Move programming language and the Sui blockchain, gives developers a set of tools unequaled even in Web2.”

Cross-chain technology facilitates data interchange among distributed ledger technology (DLT) designs or external systems, thus helping in achieving interoperability, which can improve the security of designs, and boost flexibility and performance. In a nutshell, cross-chain communication eliminates the need for developers to identify the chain with the most users or the most liquidity. 

Gorbunov claimed that the partnership will also accelerate the migration of developers from the Web2 industry to blockchain, as it allows them to connect features to their applications from other blockchains and assets to the Sui network. Web3 development saw unprecedented growth in the crypto space last year, with over 34,000 new developers contributing to code Web3 projects.

The Axelar Network achieved unicorn status in February after closing a $35 million Series B funding round. Participants included Dragonfly Capital, Polychain Capital and North Island Ventures. Its blockchain connects Web3 ecosystems such as Avalanche and Polkadot.

Recently, Mysten Labs announced a $300 million Series B investment round to speed up the adoption of its Sui blockchain ecosystem, a proof-of-stake (PoS) layer-1 blockchain that uses a feature called “transaction parallelization” to achieve high throughput, low latency transactions and low transaction fees.

Tornado Cash saga left a void, says Chainalysis chief scientist: Finance Redefined

A new report suggests the Ethereum staking ecosystem could become a formidable industry impacting a wider crypto economy.

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week.

Chainalysis chief scientist shared his views on the Tornado Cash saga and said that the incident has left a void for illicit fund mixing services, but the real impact of the sanctions could be determined in the long run.

The staking ecosystem of Ethereum post Merge could have a significant impact on the crypto economy, according to a new report. Institutional lending platform Mapple Finance launched a $300 million lending pool for Bitcoin mining farms.

The Tribe DAO, a decentralized autonomous organization, voted in favor of repaying affected users of the $80 million exploit on DeFi platform Rari Capital’s liquidity pools. BNB Chain launched a new community-led security initiative called Avenger DAO.

Top-100 DeFi tokens by market cap have a mixed week in terms of price action, where many tokens traded in red while a few others showed weekly gains.

Tornado Cash left a void, time will tell what fills it — Chainalysis chief scientist

The sanctions on cryptocurrency mixer Tornado Cash have left a vacuum for illicit fund mixing services, but more time is needed before we’ll know the full impact, according to Chainalysis’ chief scientist.

During a demo of Chainalysis’ recently launched blockchain analysis platform Storyline, Cointelegraph asked Chainalysis chief scientist Jacob Illum and country manager for Australia and New Zealand Todd Lenfield about the impact of the Tornado Cash ban.

Continue reading

Tribe DAO votes in favor of repaying victims of $80M Rari hack

After months of uncertainty, the Tribe DAO has passed a vote to repay affected users of the $80 million exploit on DeFi platform Rari Capital’s liquidity pools.

Following several rounds of voting and governance proposals, Tribe DAO, which consists of Midas Capital, Rari Capital, Fei Protocol and Volt Protocol, took the decision to vote on Sunday with the intent to fully reimburse hack victims.

Continue reading

Staking providers could expand institutional presence in the crypto space: Report

The Ethereum blockchain’s carbon footprint is expected to reduce by 99% following last week’s Merge event. By positioning staking as a service for retail and institutional investors, the upgrade could also have a significant impact on the crypto economy, according to a report from Bitwise on Tuesday.

The company said it projects potential gains of 4%–8% for long-term investors through Ether (ETH) staking, while J.P. Morgan analysts forecast that staking yields across PoS blockchains could double to $40 billion by 2025.

Continue reading

Maple Finance launches $300M lending pool for Bitcoin mining firms

On Sept. 20, institutional crypto lending protocol Maple Finance and its delegate Icebreaker Finance announced that they would provide up to $300 million worth of secured debt financing to public and private Bitcoin mining firms. Qualified entities meeting treasury management and power strategies standards located throughout North America, as well as those in Australia, can apply for funding.

On the other hand, the venture seeks to deliver risk-adjusted returns in the low teen percentages (up to 13% per annum) to investors and capital allocators. The pool is only open to accredited investors who meet substantial income and/or net worth qualifications within a jurisdiction.

Continue reading

BNB Chain launches a new community-run security mechanism to protect users

BNB Chain, the native blockchain of Binance, has launched AvengerDAO, a new community-driven security initiative to help protect users against scams, malicious actors and possible exploits.

The security-centric DAO has been developed in association with leading security firms and popular crypto projects such as Certik, TrustWallet, PancakeSwap and Opera, to name a few.

Continue reading

DeFi market overview

Analytical data reveals that DeFi’s total value locked registered a minor dip from the past week. The TVL value was about $50.64 billion at the time of writing. Data from Cointelegraph Markets Pro and TradingView show that DeFi’s top 100 tokens by market capitalization had a mixed week, with many tokens making a recovery toward the end of the week while a few others traded in red on the weekly charts.

Compound (COMP) was the biggest gainer, registering a 15% gain over the past seven days, followed by PancakeSwap (CAKE) with an 8.8% gain. Theta Network (THETA) was another token in the top 100 to post a 5% weekly gain.

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us next Friday for more stories, insights and education in this dynamically advancing space.