hot wallet

Trust the best strategy in crypto bear market — Trust Wallet CEO

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen to talk about how Web3 can become a better experience for everyone.

Bringing the global crypto and blockchain communities together in Istanbul, Turkey, the Binance Blockchain Week 2023 was a clear indicator that the Web3 ecosystem continues to grow regardless of price movements. 

Despite being a Binance event, the conference housed several key players from the crypto industry.

Among them was Trust Wallet, a decentralized Web3 wallet provider acquired by Binance back in 2018. Since its acquisition, Trust Wallet has been widely seen as “the wallet arm of Binance.” This is why the Binance Blockchain Week visitors were caught off-guard when the crypto exchange announced its own Web3 wallet.

Trust Wallet CEO Eowyn Chen — a former vice president at Binance — clarified that “Binance focuses on the centralized, while Trust Wallet works toward the decentralized ecosystem,” adding that Trust Wallet has a neutrality that can serve and partner with anyone in the crypto industry.

“We think that keeping that independence and distance is the best way to keep the culture and the talents running for its own mission.”

Trust Wallet was born in 2017 during the initial coin offering craze due to the need for an accessible mobile wallet, Chen said.

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen during Binance Blockchain Week Istanbul. Source: Cointelegraph

“Recently, we became a sister company of Binance rather than operating under Binance because we can have a better playing field,” Chen explained.

“Scammers provide better customer support”

Compared to fixing the user experience, solving the security issues across Web3 is trickier, according to Chen.

Read more

Crypto exchange Bitrue suffers $23M hack due to hot wallet exploit

Bitrue executives promised to fully compensate all the identified users affected by the hot wallet hack that accounted for 5% of all funds on the exchange.

Bitrue cryptocurrency exchange has suffered a hot wallet exploit, allowing attackers to withdraw various crypto assets worth nearly $23 million.

Announcing the news on April 14, Bitrue said that it had to temporarily suspend all withdrawals due to a “brief exploit” of its hot wallet. The firm expects to reopen withdrawals on April 18, 2023, after conducting additional security checks.

Bitrue stressed that it was able to address the matter quickly, which allowed the platform to prevent the further draining of funds. “We take this matter seriously and are currently investigating the situation,” Bitrue stated, adding that the affected hot wallet only accounted for less than 5% of the exchange’s overall funds. The firm wrote:

“The rest of our wallets continue to remain secure and have not been compromised. We are conducting a thorough security review and will update you as we make progress.”

Bitrue executives promised to fully compensate all the identified users affected by the incident. According to the announcement, the affected currencies on the exploited hot wallet included Ether (ETH), Shiba Inu (SHIB), Quant (QNT), Gala (GALA), Holo (HOT) and Polygon (MATIC).

Related: South Korean crypto exchange GDAC hacked for nearly $14M

As previously reported, hackers have been increasingly opting for decentralized finance (DeFi) hacks over the past few years, slightly moving away from traditional centralized exchanges. In the first three months of 2022, crypto exchange hacks accounted for just 3% of all crypto stolen, while 97% was taken from DeFi protocols, according to data from Chainalysis.

Percentage of value stolen by type of victim, 2020-2022 Q1. Source: Chainalysis

Founded in Singapore in 2018, Bitrue is a major centralized cryptocurrency exchange, trading nearly $2 billion in crypto per day on average, according to data from CoinGecko. The company has been hacked in the past, losing nearly $5 million in Cardano (ADA) due to a hot wallet hack in 2019.

Magazine: Asia Express: US and China try to crush Binance, SBF’s $40M bribe claim

MetaMask addresses privacy concerns with new features for enhanced control

The new features allow a user to manage which servers are able to receive their IP address.

Web3 wallet app MetaMask has introduced a number of new features aimed at enhancing privacy and giving users more control, according to a March 14 blog post by the developer. The new features come after MetaMask had previously been criticized for allegedly intruding on users’ privacy.

Previously, MetaMask used its Infura RPC node to connect to Ethereum automatically, whenever a user first set up the wallet. Although the user could change the settings later, this still meant that the user’s public address was transmitted to Infura before they had a chance to change their node, according to a report from Ethereum node operator Chase Wright.

Infura is owned by MetaMask’s parent company, Consensys.

Under the new version of Metamask extension, labeled “10.25.0,” users are prompted with the option to use an “advanced configuration” during setup. Choosing this option reveals a number of settings that can be configured, including one that allows the user to choose a different RPC node than the default Infura one.

In addition to letting the user enter their own node details, the “advanced configuration” dialogue box also allows them to turn off incoming transactions, phishing detection and enhanced token detection. These features require data to be sent to third parties, such as Etherscan and jsDeliver, according to the app’s UI. Users concerned about privacy can now turn off these features during setup if they want to.

According to the post, the new mobile version of MetaMask also includes privacy enhancements. Previously, the app did not allow users to connect one account to a Web3 app while leaving another account disconnected. The user only had the option of connecting all of them or none at all.

However, the new version allows users to select which particular accounts they want to connect to an app, without disclosing the other addresses they control.

In its post, Metamask stated that it has always intended to preserve privacy for users and that it believes these new features align with these values, stating:

“Data exploitation goes against MetaMask core values. Instead, we believe in equipping our community with the founding principles that guide our development — true ownership and privacy […] We are committed to protecting the privacy of our users so that you will not, and ultimately, cannot be exploited by yet another centralized entity.”

On November 23, MetaMask became heavily criticized in the crypto community for releasing a privacy policy that stated it would collect IP addresses from users. ConsenSys responded to the criticism on Nov. 24, saying that RPC nodes have always collected IP addresses and that the substance of the privacy policy was not new, although the language used in it had changed. On Dec. 6, ConsenSys announced that IP addresses collected through Infura would no longer be stored for more than 7 days.

MetaMask rolls out NFT portfolio value tracker with new partnership

Through a recent partnership with NFTBank, a new MetaMask wallet utility will allow users to track the value of their NFT collections.

MetaMask users will now have the ability to track the value of their nonfungible token (NFT) portfolio through its latest product. The wallet provider announced a new feature on Nov. 2 tha will bring updated pricing information for the over 5,000 NFT collections held by MetaMask users.

The new utility comes as a result of a partnership with NFTBank, an NFT portfolio management tool and valuation engine. To create its predictions, NFTBank uses machine learning algorithms which update users with price estimates for individual NFTs within a collection.

According to the announcement, the algorithm takes into consideration parameters such as floor price, rarity and bid-ask distribution when calculating a price value. The tool allegedly offers around 90-plus percent accuracy in price predictions.

Daniel Kim, CEO of NFTBank, said the current state of the market and volatility make understanding pricing even more crucial:

“The need for understanding the appropriate price of NFTs has become ever more clear with many learning the dramatic volatility of NFT markets the hard way.”

The new portfolio value product comes as MetaMask continues to expand its capabilities in the Web3 space.

Related: How blockchain technology is changing the way people invest

Recently, news broke that blockchain software company ConsenSys plans to commit $2.4 million every year to help launch the MetaMask Grants decentralized autonomous organization. The DAO will be led by MetaMask employees and issue grants to external developers to build within the ecosystem.

MetaMask also unveiled another wallet feature for institutions, just weeks before the announcement of the portfolio tracker. In collaboration with Cobo, it unveiled new custodial features for institutional NFT investors.

In a previous interview with Cointelegraph, MetaMask Institutional said it is also exploring improving education and information available to users before interacting with the platform.

Deribit crypto exchange halts withdrawals amid $28M hot wallet hack

Crypto exchange Deribit halted withdrawals following a hot wallet hack where hackers got away with $28 million in stolen funds.

Major cryptocurrency derivatives exchange​​ Deribit has halted withdrawals after suffering a $28 million hot wallet hack.

Deribit exchange got its hot wallet compromised before midnight UTC on Nov. 1, the firm reported on Twitter.

The exchange emphasized that client funds are safe as losses are covered by Deribit’s reserves, stating:

“Client assets, Fireblocks or any of the cold storage addresses are not affected. It’s company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events.”

As part of the ongoing security checks, Deribit had to halt withdrawals, including custodians Copper Clearloop and Cobo, until the exchange is 100% confident about security following the hack. “Deposits already sent will still be processed, and after the required number of confirmations, they will be credited to accounts,” the firm added.

According to the information on Deribit’s Telegram chat, trading on Deribit is operating as usual. “Due to our hotwallet policy we were able to limit loss of user funds,” a Deribit support person noted.

Deribit’s insurance fund will not be affected by the hack, as the exchange will pay the loss for it as well. “Deribit remains in a financially sound position and ongoing operations will not be impacted,” the statement notes.

A spokesperson for Deribit told Cointelegraph that the company is aiming to resume withdrawals as soon as possible and is now checking “all security measures.” The platform is also working on a full incident review at the moment to provide more details about the vulnerability that could have caused the issue, the person added.

The hack was the first time for Deribit to experience such an attack and losses since the company’s launch, the representative said.

Founded in 2016, Deribit is one of the largest crypto derivatives exchanges in the world, allowing users to trade crypto futures and options. At the time of writing, Deribit’s daily trading volume amounts to $280 million, according to data from CoinGecko.

Related: Scary stats: $3B stolen in 2022 as of ‘Hacktober,’ doubling 2021

At the time of writing, some of Deribit’s website sections also appear to be nonoperating. Deribit Insights, the firm’s crypto data hub, is not available at the time of writing, showing a “critical error on this website.” In the meantime, Deribit’s trading website is intact. According to a Deribit representative, the website issue and the hack are not related.

Solana-hacked crypto could be claimed as a tax loss: Experts

Australian, Canadian & U.K. crypto investors may potentially claim hacked crypto as a tax loss, but U.S. investors will miss out, according to tax experts.

For unlucky crypto investors looking to turn lemons into lemonade — it turns out that digital assets lost during an exploit or hack can potentially be claimed as a tax loss, provided you live in the right country, experts told Cointelegraph. 

Following the news that more than 8,000 Solana wallets had been compromised and that an estimated $8 million dollars in crypto had been stolen due to a security breach in Web3 wallet provider Slope’s network, this may be some much-needed consolation.

In correspondence with Cointelegraph, Shane Brunette, the CEO of Australia-based CryptoTaxCalculator confirmed that crypto lost via a hack or an exploit could be declared as a loss for tax purposes in certain jurisdictions. 

“This means the original amount you paid for the asset(s) can be used to offset other capital gains.”

When asked whether there are similar provisions in other tax jurisdictions other than Australia, the country in which the tax software provider is based, Brunette, replied:

“Many countries have a provision to allow for these types of tax deductions […] however, you should work closely with a local tax professional and make sure you keep adequate proof of the loss.”

Danny Talwar, head of tax at Koinly confirmed the same with Cointelegraph, stressing however that in Australia, one must demonstrate evidence that the crypto lost was under their control at the time it was stolen.

“To claim a capital loss for hacked crypto, you’ll need to demonstrate evidence to the Australian Tax Office (ATO) that the crypto is lost and it was under your control.”

Talwar also stated it was critical that the tax authority has enough evidence that crypto is unretrievable, suggesting the use of blockchain explorer tools like Etherscan and Solscan to legitimate evidence on the destination address of the hacker — which may also provide proof of a large pool of hacked funds.

Under Australian tax laws, any evidence of a hack needs to also include dates as to when private keys were acquired or lost and all of the associated wallet addresses.

Related: Solana wallets ‘compromised and abandoned’ as users warned of scam solutions

Unfortunately for United States-based crypto investors, claiming hacked crypto as a tax loss is no longer possible due to tax reform introduced in 2017, according to a blog post by CryptoTaxCalculator. 

For those living in the United Kingdom and Canada, things are a little more complicated but a tax loss claim is possible if investors are willing to go through the unique steps set out by each country’s taxation office.

Approximately $2.6 billion in digital assets has been lost to hackers and nefarious actors this year alone, with cross-chain bridge attacks accounting for 69% of the total amount lost.