Security

Ledger hardware wallets hit by the FTX earthquake — CTO

Some Ledger users weren’t able to process withdrawals using Ledger Live on Wednesday, according to social media reports.

Hardware-based cryptocurrency wallet provider Ledger has experienced some issues due to massive outflows from crypto exchanges amid the FTX bloodbath, according to its chief technology officer.

Ledger saw a “massive usage” of their platforms and suffered a “few scalability challenges” on Nov. 9, Ledger chief technology officer Charles Guillemet reported in a statement on Twitter.

Guillemet reasoned Ledger’s issues by the outcomes of the ongoing crisis of a major global cryptocurrency exchange, FTX. The chief technology officer said that crypto investors have been increasingly offloading their holdings from crypto exchanges to Ledger, stating:

“​​​​After the FTX earthquake, there’s a massive outflow from exchanges to Ledger security and self sovereignty solutions.”

According to Guillemet, Ledger should have resolved the outages as of 5:30 am UTC.

Ledger first reported the wallet issues on Nov. 9 at around 11:00 pm UTC, officially announcing that its hardware wallet interface application Ledger Live was experiencing downgraded server performance.

“Specific issues may vary, including connecting to the My Ledger tab and performing a Genuine Check,” Ledger said in a tweet, adding that the client’s assets were safe.

The hard wallet company subsequently took to Twitter to announce that it fixed the server outage about one hour after detecting the issue. “Our server outage has been resolved and all systems are operational,” Ledger said, adding that their server outage was resolved and all systems were operational.

Previously, Ledger Support also announced that it also temporarily paused FTX and FTX.US swaps on Ledger Live. Ledger launched the swap integration with FTX in July 2022.

According to Ledger’s Twitter thread, the outages caused some users to be unable to send any transactions using Ledger Live, including withdrawals.

The crypto community was quick to react to the issues despite many staying confident about Ledger’s operations amid the larger market issues. Some industry observers criticized Ledger for choosing the wrong wording to communicate with their customers amid the ongoing issues at FTX. People apparently got triggered by Ledger’s wording “assets are safe” as FTX founder Sam Bankman-Fried made a similar statement on Twitter on Nov. 7, only to delete it a day after.

“FTX is fine. Assets are fine,” Bankman-Fried declared in his tweet, just hours before the exchange stopped all crypto withdrawals after becoming unable to process such transactions.

The recent issues on Ledger Live came as Ledger saw one of its “highest traffic days ever,” Ledger’s chief technology officer told Cointelegraph. “Traffic has increased significantly over time, even without major industry events,” he noted, adding that Ledger also previously saw plenty of traffic spikes after Celsius bankruptcy, the Solana hack as well as the FTX bank run.

Guillemet also said that Ledger Live had an “unusual load on the device manager service,” which is likely to be attributed to users updating their device for the first time in a while or using a brand new device for the first time. “It was quickly resolved and the team is already working on improving automatic detection and restoration,” he added.

Related: FTX and Binance’s ongoing saga: Everything that’s happened until now

A major rival cold wallet provider, Trezor, has not recorded any issues due to the FTX issues so far, Trezor executive Josef Tětek told Cointelegraph. “The only way to avoid these massive blow-ups is to understand self-custody as a necessity,” the exec stated. “Not an option; a true necessity,” he emphasized.

Despite self-custody being associated with its own set of risks, many crypto people, including Tether and Bitfinex chief technology officer Paolo Ardoino, still recommend users “always to self custody in cold storage” if they want to hold their Bitcoin (BTC) and crypto.

Judge rules LBRY video platform’s token is a security in case brought by the US SEC

The court was unmoved by LBRY’s objections that the regulator’s claims were unfounded and it was not given the chance to operate in compliance with SEC requirements.

A United States District Court ruled in favor of the Securities and Exchange Commission (SEC) on Nov. 7 in its case against blockchain-based file-sharing and payment network LBRY. The court granted the SEC’s request for a summary judgment filed on May 5. The SEC sued developer LBRY, Inc. in March 2021 — after the agency had brought similar charges against Ripple — claiming that its LBRY Credit token (LBC) was sold as a security under the 1933 Securities Act. 

According to the SEC, LBRY raised more than $11 million in U.S. dollars, Bitcoin (BTC) and services from investors between 2016 and 2021 without filing a registration statement containing “the information required for such an offering to the public.” LBRY did not hold an initial coin offering, and the SEC did not allege fraud in the case.

LBRY operates the decentralized video-sharing platform Odysee, which offers viewers the opportunity to earn cryptocurrency for watching videos while creators earn LBC for their work. LBRY denied that LBC was a security and claimed the SEC spurned its efforts to settle with it. According to the website for a petition addressed to the SEC defending LBRY:

“The LBRY Credit […] allows individuals to create an identity, tip creators, and publish, purchase, and boost content in a decentralized way. Millions of people have used it this way, and many were using it well before we sold any tokens to anyone. […] We’ve acted in extremely good-faith, attempted to follow all the rules, and complied with the SEC at every turn.”

However, Judge Paul Barbadoro of the District of New Hampshire found:

“No reasonable trier of fact could reject the SEC’s contention that LBRY offered LBC as a security, and LBRY does not have a triable defense that it lacked fair notice.”

The ruling means the case will not go to trial. The company stated, “Even if LBRY Inc is shut down by the SEC as a result of this lawsuit, the LBRY network will continue to function and grow through the effort of the distributed LBRY community.” LBRY founder Jeremy Kauffman is currently running to represent New Hampshire in the U.S. Senate as a member of the Libertarian Party.

Related: Former SEC official predicts regulator ‘will lose on the merits’ of case against Ripple

LBRY, Inc. did not respond to a Cointelegraph request for comment by press time.

Deribit hackers move stolen Ether to Tornado Cash crypto mixer

The Deribit hot wallet hacker has transferred 1,610 ETH (over $2.5 million) to Tornado Cash, according to data from the Ethereum block explorer Etherscan.

In the aftermath of the $28 million Deribit hack, the unknown exploiter is moving stolen funds using the decentralized cryptocurrency mixer, Tornado Cash.

The Deribit hot wallet hacker has transferred a total of 1,610 Ether (ETH), or around $2.5 million, to Tornado Cash, according to data from the Ethereum block explorer Etherscan.

The funds were transferred in 17 transactions, with the first outgoing transaction occurring on Nov. 5 —just a few days after Deribit suffered the hack.

The amount of funds moved to Tornado Cash is just a fraction of all stolen ETH on the hacker’s address, as its balance amounts to 7,501 ETH ($11.8 million) at the time of writing. The hacker initially sent 9,080 ETH to the address on Nov. 2.

The blockchain analytics platform PeckShield initially reported on the outgoing Tornado Cash transactions on Nov. 5. At the time, the amount of funds leaving the hacker’s ETH wallet was just about $350,000.

Deribit officially announced that its platform suffered a hot wallet hack on Nov. 2, losing a total of $28 million in several cryptocurrencies, including Bitcoin (BTC), ETH and USD Coin (USDC). The exchange had to halt all withdrawals in order to ensure proper security in the aftermath of the hack, promising to cover all the losses.

The platform subsequently resumed regular withdrawals for BTC, ETH and USDC on Nov. 2, migrating all hot wallets to the digital asset security platform Fireblocks. Deribit stressed that users should not send funds to their previous BTC, ETH and USDC addresses and use new Fireblocks deposit addresses instead.

Related: Fireblocks records $100M+ revenue in subscriptions amid bear market

The news comes amid the ongoing uncertainty over Tornado Cash and other cryptocurrency mixers after authorities in the United States restricted the mixer. The Office of Foreign Assets Control of the United States Department of the Treasury blacklisted Tornado Cash in August 2022, making it illegal for citizens, residents and companies to receive or send money through the service.

In October, the crypto advocacy group Coin Center filed a complaint against OFAC, Treasury Secretary Janet Yellen and OFAC director Andrea Gacki, alleging that sanctioning Tornado Cash was “unprecedented and unlawful.”

Future of Web3 security with Immunefi and Brave CEOs: The Bug House 2022

Web3 security’s not only about money; it’s about the culture and values that the community protects, which brings out the need for education, points out Cointelegraph’s Kristina Cornèr.

Celebrating the myriads of accomplishments earned by the crypto ecosystem, Immunefi, Electric Capital, Bitscale Capital and MA Family together hosted The Bug House — a party for bringing together the global Web3 community. 

In a panel hosted by Cointelegraph, editor-in-chief Kristina Lucrezia Cornèr sat with Mitchell Amador, founder and CEO at Immunefi, and Brendan Eich, founder and CEO of Brave browser, to discuss the evolution of Web3 and its future trajectory.

(From left to right) Kristina Cornèr, Mitchell Amador and Brendan Eich during The Bug House. Source: Cointelegraph (José Valero Ballesteros)

“There’s a lot of Web2 in Web3. That’s a problem right now,” began Eich when asked about the ongoing Web2 to Web3 transition. From using trusted servers to sub-custody wallets, Amador believed that such Web2 sites could be full of adversaries. He also pointed out the recent EIP-5593 proposal, which aims to prevent man-in-the-middle attacks.

In Web2, there is a common practice of implementing security features post-launch through patches and antiviruses, which can be inherited by Web3 apps using such services. In addition, security concerns in Web3 stem from the centralization through decentralized application (DApp) sites.

Speaking about the security concerns in Web3, Amador stated that hackers in Web3 are very different from Web2 hackers. According to him, there are two types of hackers. In Web3, hackers are found to be young, typically under the age of 35 and most under the age of 30.

In relation to the second type of hacker, Amador highlighted the influx of older tech-savvy individuals — “which many blockchain hackers lack” — that have spent a few years understanding Web3 and are able to break into the systems. He added:

“We’ve seen a number of these guys, including several of the top 10 hackers now; they just storm the leaderboard with their skills. They just need to get good enough.”

Supporting this stance, Eich added that, during the bull run era of 2021, he noticed the rise of reentrancy attacks. Brave has been using HackerOne to protect its in-house crypto wallets and has tripled its bug bounty to eradicate the wallet’s security concerns.

Eich further highlighted that Brave has total control over the browser and crypto wallets, which helps them fend off phishing attacks on the users. Brave has amassed a wide demography of users that prefer privacy, crypto or both, currently serving 20 million daily users, which, when compared to last year, has doubled.

When it comes to protecting the Web3 community, Amador believes it boils down to ethos:

“To wish for, fight for, and create a better world for which their most sinister and capricious behaviors simply won’t work and won’t be allowed. If we do that successfully, we will draw these expert security talents, their best executives, their best leaders over to our side and neuter them by destroying the base of their ability to work.”

Cornèr agreed with the duo as she stated that in Web3 security, it’s not only about money; it’s about the culture and values that the community protects, which brings out the need for education.

While Amador further revealed the efforts of Immunefi, Brave and other partners to work with the governments trying to make Web3 more accessible, adding:

“We’re in a position where we need to heavily lobby and ask for the support and graces of various other power players precisely because what we’ve built today is not good enough, not valuable enough and not safe enough.”

Eich, on the other hand, highlighted the need to develop better programming languages and tools to safeguard the systems. He called for a need to segregate the world of ethos from the world of bad programming. “Education sounds prim and proper. But if it doesn’t have incentives, it’s not gonna work,” he concluded.

As a bug bounty platform, Immunefi created trust and legitimacy in the industry by solving the problem related to projects not willing to pay up bug bounties after successful bug discovery. They did this by providing an impartial, third-party service that can mediate that interaction and make sure both sides come to the task.

Related: Solana unveils Google partnership, smartphones, Web3 store at Breakpoint

Immunefi recently released a Whitehat Leaderboard for listing the top 20 most elite white hats in Web3.

“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer,” Amador noted in a statement.

Web3 Foundation makes bold claim to SEC: ‘DOT is not a security. It is merely software’

According to CLO Daniel Schoenberger, the team developed a “workable theory of how token morphing may be achieved” for DOT based on the SEC’s concerns and federal securities laws.

The entity supporting research and development of Polkadot as well as overseeing fundraising efforts for the blockchain has argued that the United States Securities and Exchange Commission should not consider the DOT token a security under its regulatory purview.

In a Nov. 4 blog post, the Web3 Foundation Team’s chief legal officer Daniel Schoenberger said Polkadot’s native token (DOT) had “morphed” and was “software” rather than a security. Schoenberger said the claim was “consistent with the views” it had shared with the SEC following discussions it began in November 2019.

“While the Polkadot vision had not contemplated that the blockchain’s native token would be a security, we understood that the SEC’s view was likely to be that the to-be-delivered token would be a security, at least at the time of delivery,” said Schoenberger. “Whatever it took in order for DOT, the native token of the Polkadot blockchain to be — or to become — a non-security, we were willing to do it.”

The CLO said the Web3 Foundation had met regularly with the SEC’s fintech wing, FinHub, as part of chair Gary Gensler’s long-standing offer to crypto firms to “come in and talk.” According to Schoenberger, the team developed a “workable theory of how token morphing may be achieved” for DOT based on the SEC’s concerns and U.S. federal securities laws.

Though the fundraising entity said it “shared this theory many times with the SEC” on DOT not qualifying as a security, it’s unclear whether the federal regulator will respond to the claims seemingly infringing on their purview. The SEC has often used enforcement actions as a basis for regulation — in July, the regulator specifically identified nine tokens as “crypto asset securities” in a case against a former product manager at Coinbase.

Related: Polkadot hits all-time high in development activity

Schoenberger’s outright claim that the DOT token should be considered outside much of the regulatory control of the SEC mirrors that of many XRP (XRP) advocates. Ripple is currently engaged in a legal battle with the SEC over allegations the firm, co-founder Christian Larsen, and CEO Brad Garlinghouse raised more than $1 billion through unregistered securities sales using XRP. Ripple’s supporters have argued that the token was not a security and criticized the SEC for overreaching its authority.

Web3 Foundation makes bold claim to SEC: ‘DOT is not a security. It is merely software’

According to CLO Daniel Schoenberger, the team developed a “workable theory of how token morphing may be achieved” for DOT based on the SEC’s concerns and federal securities laws.

The entity supporting research and development of Polkadot, as well as overseeing fundraising efforts for the blockchain, has argued that the United States Securities and Exchange Commission should not consider the Polkadot (DOT) token a security under its regulatory purview.

In a Nov. 4 blog post, the Web3 Foundation Team’s chief legal officer Daniel Schoenberger said Polkadot’s native token had “morphed” and was “software” rather than a security. Schoenberger said the claim was “consistent with the views” it had shared with the SEC following discussions it began in November 2019.

“While the Polkadot vision had not contemplated that the blockchain’s native token would be a security, we understood that the SEC’s view was likely to be that the to-be-delivered token would be a security, at least at the time of delivery,” said Schoenberger. “Whatever it took in order for DOT, the native token of the Polkadot blockchain to be — or to become — a non-security, we were willing to do it.”

The chief legal officer said the Web3 Foundation had met regularly with the SEC’s fintech wing, FinHub, as part of chair Gary Gensler’s long-standing offer to crypto firms to “come in and talk.” According to Schoenberger, the team developed a “workable theory of how token morphing may be achieved” for DOT based on the SEC’s concerns and U.S. federal securities laws.

Though the fundraising entity said it “shared this theory many times with the SEC” on DOT not qualifying as a security, it’s unclear whether the federal regulator will respond to the claims seemingly infringing on their purview. The SEC has often used enforcement actions as a basis for regulation — in July, the regulator specifically identified nine tokens as “crypto asset securities” in a case against a former product manager at Coinbase.

Related: Polkadot hits all-time high in development activity

Schoenberger’s outright claim that the DOT token should be considered outside much of the regulatory control of the SEC mirrors that of many XRP (XRP) advocates. Ripple is currently engaged in a legal battle with the SEC over allegations that the firm, co-founder Christian Larsen and CEO Brad Garlinghouse raised more than $1 billion through unregistered securities sales using XRP. Ripple’s supporters have argued that the token was not a security and criticized the SEC for overreaching its authority.

Immunefi launches scoring system for Web3’s elite white hats

The top 10 white hats in Immunefi’s community have generated over $42 million in total earnings since 2020 by disclosing critical vulnerabilities.

Bug bounty platform Immunefi has released its Whitehat Leaderboard — a scoring system that showcases the top 20 most elite white hats in Web3. The rank will measure a given white hat’s skills and status amid Immunefi’s security community, said the company at the Web Summit on Nov 4. 

A white hat hacker is someone who identifies security vulnerabilities by testing an organization’s information technology security. In Immunefi’s community, the top 10 white hats alone have generated over $42 million in total earnings by disclosing critical vulnerabilities that have led to big bounty payments in the software industry.

In the leaderboard, white hats will be daily classified by the number and severity of paid reports, as well as total earnings made. The hackers in Immunefi’s community reviews projects’ blockchain and smart contract code, disclosing vulnerabilities and being paid for it. The rewards are based on the severity of the vulnerability discovered.

Mitchell Amador, founder and CEO at Immunefi, noted in a statement:

“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer.”

Related: Team Finance hacker returns $7M to associated projects after exploit

According to the company, white hats who rank on the leaderboard will also be selected to earn further rewards, all-expenses-paid trips, exclusive merch, and speaking opportunities on a regular basis. Created in 2020, Immunefi claimed to have saved over $25 billion in user funds and paid out over $62 million in bounties. The platform currently supports 300 projects across multiple crypto sectors, helping the industry players save funds stored in smart contracts. 

Amid the top bounties paid for white hats in the past two years, Immunefi facilitated payment for the discovery of a critical bug in the Wormhole core bridge contract on Ethereum, which led to the record-breaking bug bounty of $10 million for a white hat identified as satya0x, as well as the critical infinite spend bug found in Aurora Engine with a $6 million payout for white hat pwning.eth.

Security vulnerabilities had been among the challenges in the crypto industry this year. On Oct. 11, a hacker manipulated the value of the Mango Markets’s native token, MNGO, to achieve higher prices. The attacker took out significant loans against the inflated collateral, draining Mango’s treasury. After a proposal on Mango’s governance forum was approved, the hacker was allowed to keep $47 million as a “bug bounty,” while $67 million was sent back to the treasury.

Deribit crypto exchange halts withdrawals amid $28M hot wallet hack

Crypto exchange Deribit halted withdrawals following a hot wallet hack where hackers got away with $28 million in stolen funds.

Major cryptocurrency derivatives exchange​​ Deribit has halted withdrawals after suffering a $28 million hot wallet hack.

Deribit exchange got its hot wallet compromised before midnight UTC on Nov. 1, the firm reported on Twitter.

The exchange emphasized that client funds are safe as losses are covered by Deribit’s reserves, stating:

“Client assets, Fireblocks or any of the cold storage addresses are not affected. It’s company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events.”

As part of the ongoing security checks, Deribit had to halt withdrawals, including custodians Copper Clearloop and Cobo, until the exchange is 100% confident about security following the hack. “Deposits already sent will still be processed, and after the required number of confirmations, they will be credited to accounts,” the firm added.

According to the information on Deribit’s Telegram chat, trading on Deribit is operating as usual. “Due to our hotwallet policy we were able to limit loss of user funds,” a Deribit support person noted.

Deribit’s insurance fund will not be affected by the hack, as the exchange will pay the loss for it as well. “Deribit remains in a financially sound position and ongoing operations will not be impacted,” the statement notes.

A spokesperson for Deribit told Cointelegraph that the company is aiming to resume withdrawals as soon as possible and is now checking “all security measures.” The platform is also working on a full incident review at the moment to provide more details about the vulnerability that could have caused the issue, the person added.

The hack was the first time for Deribit to experience such an attack and losses since the company’s launch, the representative said.

Founded in 2016, Deribit is one of the largest crypto derivatives exchanges in the world, allowing users to trade crypto futures and options. At the time of writing, Deribit’s daily trading volume amounts to $280 million, according to data from CoinGecko.

Related: Scary stats: $3B stolen in 2022 as of ‘Hacktober,’ doubling 2021

At the time of writing, some of Deribit’s website sections also appear to be nonoperating. Deribit Insights, the firm’s crypto data hub, is not available at the time of writing, showing a “critical error on this website.” In the meantime, Deribit’s trading website is intact. According to a Deribit representative, the website issue and the hack are not related.

Can internet outages really disrupt crypto networks?

While some security issues do exist, major internet outages like the one witnessed across the EU recently cannot really threaten cryptocurrencies or their associated networks.

In the wee hours of Oct. 18, several parts of Europe, America and Asia were left without any internet due to several undersea internet cables being “cut,” causing a chain reaction of connectivity problems across the globe. France, Italy and Spain, in particular, were faced with significant outages, with many experts claiming that vandals were to be blamed for the same.

According to Jay Chaudhary, CEO of Zscaler — an American cloud security company — there is no doubt that nefarious third-party agents were to be blamed for the cut cables that resulted in packet data losses as well as latency for various websites and applications, adding that despite their best efforts authorities have been unable to pin down the individuals responsible for the attacks.

Furthermore, it bears mentioning that over the last couple of days, there has been a slew of cut internet cables in and around the United Kingdom. For example, on Oct. 20, an underwater submarine cable was slashed near the coast of northern Scotland. While several reports have suggested foul play from rival government agencies — with the tense geopolitical situation in Europe amid the Russian-Ukrainian war — there is no hard evidence to substantiate these claims.

That being said, it is worth delving into the question of how events like these can potentially affect cryptocurrencies, especially from a network resiliency and security perspective.

Internet cuts and their effects on digital assets

To understand how internet outages, such as the one highlighted above, can affect cryptocurrencies, Cointelegraph reached out to Nikolay Angelov, head of blockchain for cryptocurrency lending institution Nexo. 

He started off by saying that the regions affected by recent cable disruptions (primarily France) account for just over 3% of Bitcoin nodes globally and just under 3% of Ethereum validators, adding that the decentralized nature of these two largest digital asset networks counters the effects of such attacks since the flow of transactions streams to nodes with internet access and connection to the blockchain. He then added:

“Not to undermine the seriousness of the incident, but such localized events cannot have a lasting effect on cryptocurrencies, as blockchain transactions can still be validated by other active nodes. In other words — almost every single Bitcoin node has to lose internet connection for the Bitcoin blockchain to seize. Admittedly, it’s been a massive inconvenience, but a temporary one at that.”

On a somewhat similar note, Nukri Basharuli, founder and CEO of SuperProtocol — a trustless and permissionless cloud infrastructure — told Cointelegraph that while people need to understand that decentralization is not a silver bullet: If you pull the plug, you’ll feel the consequences. Web3, by its very design, is highly resistant to breakdowns emanating from cable cuts. He pointed out that applications hosted on a decentralized network along with their users won’t even notice if some of their nodes go offline.

“Such scenarios happen all the time where nodes constantly switch on and off while the data stored remains intact and fully accessible. The network will automatically reconfigure itself in order to provide the highest quality service possible,” he added.

Some concerns do exist

According to Victor Ionescu, co-founder and chief technical officer at decentralized exchange Hashflow, when analyzing incidents like these, the main thing to worry about is the decentralization of the infrastructure versus the decentralization of the network’s stakeholders. 

Recent: Happy Halloween: The five spookiest stories in crypto in 2022

To elaborate, he noted that as adoption scales up, many software companies will continue to utilize reusable infrastructures for running nodes, providing blockchain data feeds and other related tasks. He added:

“These companies consolidating their infrastructures could spur a centralization of their networks. For example, if all Ethereum validators were to run in one AWS region, the region going down could take down the network. This problem is less prominent in Bitcoin, but I expect mining hubs to become targets over time.”

Daniel Nagy, chief scientist and vice president for Swarm Foundation — the organization behind the Swarm decentralized storage and communication system — told Cointelegraph that such events might only be consequential for high transaction-density blockchains such as Solana. “The majority of networks below 100 TPS have enough redundancy not to be affected in any way by the loss of one cable in the internet backbone infrastructure,” he noted.

That said, it is worth highlighting that we currently live in a technologically advanced era, one where vulnerabilities associated with cable internet connections could soon become a thing of the past thanks to the advent of innovations like Starlink, which stand to counter acts of vandalism.

Safety implications of outages on digital assets

Herbert Sim, an adviser at Solidus AI Tec — an AI infrastructure provider — told Cointelegraph that the only way major outages can have an effect on a digital asset is if a large mass of computers that make up the network are affected at the same time, something that is extremely rare and hard to pull off, adding:

“Major blockchains have millions of users around the world. What this means, in essence, is that unless this sort of outage simultaneously affects millions of computers in different parts of the world at once, it does not have a chance of affecting the safety of digital assets.”

Similarly, Angelov believes that these outages present safety risks to crypto networks, primarily in theory rather than in practice, since most blockchains are capable of adjusting their performance to reflect geographical power and/or internet outages by lowering their mining difficulty when the number of active nodes decreases because of said outages. 

“This, in turn, can pose risks to network security, as transaction verification is executed by less nodes or validators, but as mentioned above, a great many nodes must be affected for this to happen, which is not the case currently. Transaction processing times are less likely to be impacted as in Bitcoin’sinstance, its blockchain is designed to decrease mining difficulty when the hash power lowers to maintain a steady number of transaction blocks,” he said.

Providing a technical take on the matter, Basharuli claims that when it comes to security, connectivity issues such as the one mentioned above could potentially open an attack angle for malicious actors, one where they could imitate the behavior of the nodes that went off the grid and convince others that some transactions are valid. “Then again, making such an attack impossible is part of the design 101 rulebook for decentralized networks,” he added.

To counter such issues, Basharuli claims that developers could leverage the latest technologies available in the market (such as IntelSGX) designed to make confidential computing possible. He closed out by saying:

“Confidential computing protects the data in the very moment it’s being processed, which leaves no entry point for the malicious actor to somehow temper with it, or even get a glimpse of what’s going on inside the system.”

Ionescu believes that as a result of these outages, being able to attack a statistically significant number of validators could pose problems for specific networks. One concerning factor is the fact that a majority of infrastructure for several projects lies in the cloud, and the cloud provider space is split among two or three major players. Among these players, some locations are generally preferred by developers due to their proximity to the development hub. 

Recent: 14 years since the Bitcoin white paper: Why it matters

For example, United States east coast developers tend to prefer servers in Virginia. The usage of cloud data centers thus tends to be distributed in correlation with the locations of the development teams. Moreover, network partitions at scale are not something that developers have in mind when devising systems. “Network connectivity has been a luxury that we have been taking for granted. In reality, we need truly decentralized cloud infrastructure, but the technology isn’t there yet,” he said.

The future is decentralized, and rightly so

One of the more fascinating aspects of blockchain technology is that it corrects some of the most significant flaws of traditional computer networks, i.e., a lack of decentralization. In this regard, Sim believes that as long as we continue to have the power of different networks concentrated in a few computers, outages will always have an effect on them. “Because the blockchain is distributed across so many computers worldwide, it is immune to it. That is why you rarely, if ever, hear of a blockchain collapsing,” he concluded.

Therefore, as we head into a future potentially being affected by internet outages and other such issues, it stands to reason that more and more developers will continue to understand the true potential of blockchain technology and move in a decentralized direction.

SBF: FTX to filter assets it thinks are securities from US listings until registration in place

In a long blog post full of proposed standards to guide the industry in the absence of regulations, Sam Bankman-Fried says FTX US will not list assets its lawyers think may be securities.

Sam Bankman-Fried (SBF) has written a set of suggested standards for the crypto industry “while waiting for full federal regulatory regimes,” which were posted on the FTX Policy blog on Oct. 19. The post covers many of the questions facing regulators and operators, with specific reference to the United States at points. In particular, SBF outlined a plan for treating assets in the U.S. in regard to their status as securities or commodities. FTX will implement his plan, SBF wrote.

In the United States, SBF wrote, the FTX legal team will analyze assets using the Howey test, case law and guidance to determine whether an asset is a security or commodity. Non-security assets will be classed as commodities by default. Moreover:

“If we do find an asset to potentially be a security, we will not list it in the US unless/until there is a process for properly registering it.”

In addition, SBF supported the tokenization of equities in the traditional finance market on practical grounds. He also devoted considerable space to the need for customer protection and argued for knowledge-based investor qualification, as opposed to the income/asset-based qualifying system now in place.

Excluding assets that the exchange judges to be securities is no guarantee of peace with the U.S. Securities and Exchange Commission (SEC), however, as Coinbase discovered. When that exchange came under the scrutiny of law enforcement due to alleged insider trading, the SEC added securities trading violations to the charges against the accused. Coinbase chief legal officer Paul Grewal denied the exchange-listed securities, saying “Coinbase has a rigorous process to analyze and review each digital asset before making it available on our exchange — a process that the SEC itself has reviewed.”

FTX is currently under investigation in Texas for securities law violations.

Related: ‘Secretly circulating’ draft crypto bill could be a ‘boon’ to DeFi

While his entire blog post is a reaction to the lack of regulation in the crypto industry, SBF remained upbeat about future developments. “I’m optimistic, for instance, that the Stabenow-Boozman bill would protect customers while also protecting economic freedom; and that federal regulators are making progress towards thoughtful frameworks,” he wrote in the tweet devoted to the document.