Security

Celestia Foundation raises $55M for modular blockchain architecture

The company claims that the technology will solve the challenges inherent when deploying and scaling blockchains.

Celestia Foundation announced on Oct. 18 that it had raised $55 million in a funding round led by Bain Capital Crypto, Polychain Capital, Placeholder, Galaxy, Delphi Digital, Blockchain Capital, NFX, Protocol Labs, Figment, Maven 11, Spartan Group, FTX Ventures and Jump Crypto, as well as angel investors Balaji Srinivasan, Eric Wall and Jutta Steiner.

Celestia is building a modular blockchain architecture with the hope of solving challenges inherent when deploying and scaling blockchains. The company suggested that it intends to build infrastructure that will make it easy for anyone with the technical know-how to deploy their own blockchain at minimal expense.

The company indicated that its modular blockchain architecture will focus on improving scalability, shared security and sovereignty issues, making it easier for developers to freely choose their own execution environments, such as EVM, Solana VM and more. In addition, it claimed that its specialized chains are less constrained and break the rigidity of monolithic chains into flexible components, promising greater scale, security, and decentralization.

Mustafa Al-Bassam, co-founder of Celestia, said:

“Web3 cannot scale within the constraints of a monolithic framework. We envision a blockchain ecosystem with modular data availability layers and execution environments that all integrate together. We believe modular blockchains are the next generation of scalable blockchain architectures.”

Projects within Celestia’s current ecosystem include Eclipse, Constellation, dYmension and 26 projects from Celestia’s fellowship — a program that supports and mentors modular builders.

In May, Celestia launched its testnet, Mamaki, with an upgrade scheduled for late October 2022.

Related: M31 Capital launches $100M in Web3 investment fund with $50M in commitments

Despite the ongoing crypto winter, venture capitalists appear to have an insatiable appetite for the Web3 industry. According to Cointelegraph Research, venture firms invested $14.67 billion into the sector in the second quarter of 2022, effectively matching first-quarter commitments.

Crypto hacks are set to hit all-time highs in 2022, analyst explains

Kim Grauer, Director of Research at Chainalysis, explains why the amount of crypto stolen in hacks is surging and what could be done to invert this dangerous trend.

Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. 

As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance.

“This can’t go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. 

Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols have proved to be vulnerable to exploits mainly due to the open source code they are based on. 

“Anyone can parse over this open source code and look for code vulnerabilities that they can exploit”, Grauer explained. 

Still, the researcher doesn’t think that vulnerability to hacks is an intrinsic problem of decentralized finance, but rather a consequence of the fact that not enough resources have been invested in security on the code level.

“There are contracts that have proven that they can remain secure”, she pointed out.

Grauer believes that once enough resources will be invested in making the code “perfect”, decentralized protocols could become more secure than their centralized equivalents. 

Check out the full interview on our YouTube channel and don’t forget to subscribe!

Texas investigates FTX for securities violations after objecting to Voyager auction

The Texas State Securities Board enforcement director downloaded an FTX Trading app — not an FTX US app — in Texas using his own information and was able to earn interest on it.

The Texas State Securities Board, or SSB, and the Texas Department of Banking filed a supplemental declaration on Oct. 14 in the Voyager Digital case stating that the SSB is investigating FTX Trading and FTX US and their principals, including co-founder and CEO Sam Bankman-Fried, for allegedly offering unregistered securities in the United States. FTX US won the auction for the remaining Voyager Digital assets on Sept. 26. 

The supplemental declaration from the Texas regulators is attached to an objection to the sale of Voyager Digital assets to FTX filed by the Office of the Texas Attorney General also on Oct. 14. In that objection, the state claims that Voyager Digital and FTX are not in compliance with Texas law and that “the proposed sale, or order approving the sale, attempts to limit the Debtors’ liability for unlawful […] conduct for which state-regulatory fines and penalties may apply.” Specifically, according to the objection, Voyager Digital conducted unlicensed money transmissions, as it was not registered as a securities dealer in Texas.

The director of the SSB enforcement division, Joseph Rotunda, stated in the declaration that he was able to download the FTX Trading app to his smartphone and create a yield-bearing account using his own name and Austin, Texas address. FTX Trading does not conduct business in the United States. Nonetheless, Rotunda stated:

“The FTX Trading App now shows that I am earning yield on the ETH. The yield is valued at 8 percent APR. Based upon my earning of yield and an ongoing investigation by the Enforcement Division of the Texas State Securities Board, the yield program appears to be an investment contract.”

Rotunda concluded, “FTX US should not be permitted to purchase the assets of the debtor unless or until the Securities Commissioner has an opportunity to determine whether FTX US is complying with the law.”

Voyager Digital declared bankruptcy in July. Its case is now being heard in the United States Bankruptcy Court of the Southern District of New York. FTX co-founder and chief technology officer Gary Wang and FTX director of engineering Nishad Singh are also mentioned in the declaration.

In happier news for the crypto exchange, Bankman-Fried announced on Twitter on Oct. 17 that the company has been registered by Dubai’s Virtual Asset Regulatory Authority. Its FZE subsidiary received a Minimal Viable Product license in July.

BNB Chain responds with next steps for cross-chain security after network exploit

The BNB Chain team released its official statement on Oct. 7 regarding the hack and stolen funds, and a second statement on Oct. 11 on network decentralization.

BNB Chain, the native blockchain of Binance Coin (BNB) and the Binance crypto exchange, has been subject to security-related developments over the last month.

On Thursday, Oct. 6 the network experienced a multi-million dollar cross-chain exploit. The incident caused BNB Chain to temporarily suspend all withdrawal and deposit activity on the network.

Initially, the announcement of the network outage cited “irregular activity” with an update stating it was “under maintenance.” As rumors were confirmed the CEO of Binance, Changpeng Zhao tweeted out an apology for any inconvenience to the BNB Chain community.

However the suspension was brief, as the BNB Chain Team announced the network was back online early on Oct. 7, just hours after the attack. As the network regained activity its validators confirmed their location and were asked to upgrade the community infrastructure.

Later the same day, BNB Chain released its first official statement thanking the community for its support during the incident, along with the next steps for ensuring future network security.

In the statement, the BNB Chain Team owned up to the exploit and apologized to users. They also expressed gratitude to how quickly the issue was identified and resolved by the community.

During the Oct. 6 exploit the hacker was able to withdraw a total of 2 million BNB, which is roughly $568 million at the time of writing. This number was confirmed in the official statement released by the team.

It also reported 26 active validators on the BNB Smart Chain during the incident, with 44 in total in different time zones.

Related: BNB Chain launches a new community-run security mechanism to protect users

In addition to official numbers related to the incident, the BNB Chain highlighted its next steps to ensure future network security against potential exploits.

An on-chain governance vote will decide what to do with hacked funds, whether they should be frozen and if BNB Auto-Burn should be implemented to cover the remaining exploited funds.

The community will also vote on a bounty for catching hackers and a white-hat program for future bugs found which could be $1 million for each.

Prior to the official statement being released, Zhao tweeted his amazement at the swift response and transparency of the BNB Chain team.

In August a report from Chainaylsis revealed that $2 billion in crypto was stolen from cross-chain bridges in the last year alone. This includes major exploits such as the $190 million Nomad Bridge incident.

Michael Lewellen, head of solutions architecture at OpenZeppelin, told Cointelegraph that in an instance where a “project team retains some level of administrative control” in their decentralized ecosystem some type of monitoring should be implemented.

“They should have comprehensive security monitoring to ensure they can use those powers swiftly when needed.”

While community initiatives are productive, such as the ones BNB Chain proposed as a follow up, Lewellen said real-time security monitoring is a tool that can, “put-out fires before they have a chance to spread.”

“Ultimately, the end user can follow good security practices, but without the integration of real-time monitoring and incident response by the developers, users remain at their mercy.”

According to Lewellen, real-time, ongoing security monitoring can watch over the processes that make up the decentralized space without affecting or impinging upon them. Researchers are also considering reversible crypto transactions as a viable solution to fight crime in the industry.

In a subsequent statement, BNB Chain spoke on the decentralization of their network, as many Twitter critics surfaced in light of the exploit.

One user tweeted that the network may seem decentralized to the “untrained eye” but it is indeed not:

BNB Chain responded with the statement that “decentralization is journey” and while it’s currently less decentralized than the Ethereum blockchain, it is “more decentralized than many others.”

The update went on to detail the components of the blockchain and the role Binance plays in the ecosystem. According to the post, anyone can become a network validator if enough BNB is put forward and that:

“Nobody can control the decisions taken here, least of all Binance.”

However, the debate rages on between Twitter users, with some commending the team for a swift response and others posting centralization-themed memes about the network.

Zhao also hopped into the debate, posting his thoughts on centralization vs decentralization, echoing sentiments from a similar piece he wrote three years ago:

Within less than a week of the BNB Chain exploit, the space saw another exploit with $100 million taken from the Solana decentralized finance platform Mango Markets. The Solana network is also often touted for being too centralized.

Regardless of the hack and the centralization debate, the network pushed out its latest testnet upgrade v1.1.16 on Oct. 12.

Industry exec explains why NFT fraud protection falls on brand and not marketplaces

Brands that issue NFTs should hold the greatest responsibility to protect themselves and potential investors from fraud, an NFT security executive suggested.

Nonfungible token (NFT) marketplaces should commit to combat fraudulent NFTs, but brands are far more responsible for protecting NFT investors, according to one industry executive.

Brands that issue NFTs should be taking the first step to protecting themselves and potential investors from fraud, BrandShield CEO Yoav Keren said in an interview with Cointelegraph on Oct. 12.

According to Keren, it’s more straightforward for a brand to recognize NFTs that were not released by the company itself rather than marketplaces like OpenSea or Rarible. NFT marketplaces usually have fewer insights into which brands are creating NFTs when they are launching and other details, the CEO noted.

Although marketplaces should not be negligent of the reality of NFT fraud, it’s still a must for brands to keep their audience publicly and transparently updated about any NFT offerings, Keren hinted, stating:

“Brands should understand the legal implications of misuse of their image, and should take action to protect their customers across all platforms, websites and marketplaces.”

The CEO went on to say that counterfeits and copyright infringements have emerged as the two most common forms of NFT fraud so far.

Counterfeit NFT fraud implies unauthorized replicas that are sold despite the existence and sale of an original NFT drop by its creator or authorized party. Copyright and trademark infringements refer to fraudsters hijacking a brand’s likeness or image to create and sell NFTs without prior authorization.

Both types of NFT fraud occur across some of the largest NFT marketplaces, including OpenSea, Rarible and Nifty Gateway, Keren noted.

“We conducted a scan on OpenSea and found 41,500 suspicious NFT listings using unauthorized likenesses or images associated with prominent celebrities who’ve promoted NFTs or cryptocurrency,” Keren said. In these cases, fraudsters utilized copyright or trademark infringements to defraud consumers, he added.

One of the ways to eliminate NFT fraud is for platforms to encourage more reporting of fake listings when a suspicious listing is discovered by a user of the platform. “Ideally, brands and marketplaces should work together on solutions,” Keren stated, adding that attacking a problem from multiple angles is the fastest way to an effective solution.

Related: French police use Crypto Twitter sleuth’s research to catch scammers

Despite encouraging brands and marketplaces to do their best to protect NFT investors, theBrandShield CEO emphasized that it’s still important for consumers to do their own research while investing in NFTs. It is important to not only double-check the website of the NFT marketplace’s domain but also go for only verified NFT sellers and avoid suspicious shortened links.

“Work to verify an NFT before purchasing because by the time marketplaces catch on to these abuses, it’s oftentimes too late,” Keren added.

The rise of NFTs and metaverse has created yet another way for fraudsters to mislead investors into falling for scams and counterfeits. According to data from crypto risk management firm Elliptic, NFT investors became victims of more than $100 million worth of NFT scams and thefts related to NFTs in a period from July 2021 to July 2022.

Samsung uses blockchain-based security for devices in its network

Samsung’s Knox Matrix uses blockchain technology backing to increase security for all personal smart devices of a user connected to the network.

Tech giant Samsung announced it will utilize blockchain technology to upgrade security protocols for all of its smart devices.

Knox Matrix is its new blockchain-based security solution for “cross-device experiences.” This means the security layer covers all Samsung devices, from smartphones to home appliances, within the network.

Samsung said Knox Matrix will work as an individual’s “own private blockchain system,” with all of one’s interconnected devices equipped with the blockchain multilayered monitoring. This includes electronics such as smartphones but also smart TVs and air conditioners.

The new security upgrade is intended to protect users from exploits of their credentials, while simultaneously making logins more simple.

According to the announcement, all Samsung devices will utilize Knox Matrix and receive a unified SDK, whether they are based on Android, Tizen or another OS.

This comes alongside the company’s announcement of its new collaboration with Google to improve multi-smart device experiences in the home.

Samsung has been active in expanding its footprint in the Web3 space.

A blog post from Blockdata on Aug. 16 revealed the company has been the most active investor in blockchain-related ventures since September 2021. According to the post, Samsung participated in 13 funding rounds within the industry after a nine-month period.

Related: Security and interoperability, the challenges ahead of Web3 mass adoption

It recently backed an upcoming Web3 gaming studio, along with Samsung’s Asset Management division launching a blockchain exchange-traded fund in Hong Kong. 

The managing director of Samsung Next also spoke out on the importance of building and investing in the Web3 space at this time. 

BNB Chain back online after suspension due to a cross-chain exploit

After a brief network suspension as the result of a cross-chain hack, the activity on the BNB Chain is back online.

BNB Chain, the native blockchain behind the Binance crypto exchange, is up and running as of Oct. 7 according to an update from the network. Activity on the network was briefly suspended after confirmed rumors of a cross-chain exploit. 

The blockchain reported that network validators are “confirming their status,” as well as upgrading community infrastructure.

A few hours prior to resolving the network suspension, BNB Chain updated the community on Twitter, saying validators are working to stop hacker accounts and asking node runners to update their versions.

Initial estimates of compromised funds were as high as $100 million worth of cryptocurrency. However, hours into the situation, the network announced current estimates of exploited funds to be around $70–80 million, with $7 million successfully frozen.

The genesis of the compromise took place on the BSC Token Hub, which in the end created “extra BNB,” according to an official post on Reddit. 

Related: Reversible blockchain transactions are key to fighting crime in crypto

Changpeng Zhao, the founder and CEO of Binance, also Tweeted about the incident saying that in the midst of the network suspension, validators were asked to temporarily suspend BSC in order to contain the issues.

Zhao also assured users their suspended funds were secure.

Internet sleuths on Twitter actively looked into the issue and the stolen funds, with some estimating that the hacker has around $400 million in assets frozen on the BNB Chain network.

Tether also posted that it blacklisted the hacker’s wallet address.

This hack comes a few weeks after BNB Chain launched a community-powered security effort to secure users on its network. The AvengerDAO serves to fight against scams, malicious actors and potential exploits. 

There was no mention of the AvengerDAO in relation to the recent incident on the network.

Security and interoperability, the challenges ahead of Web3 mass adoption

Analysts forecast a market size of $81.5 billion for Web3 by 2030, but the growth comes with obstacles along the way.

By 2030, Web3 is expected to reach a market size of $81.5 billion, according to Emergen Research, but the industry still has challenges to overcome, including security and interoperability, said players interviewed by Cointelegraph.

Interoperability, in short, provides communication between blockchains, aiming to offer a similar experience to users as Web2, hiding infrastructure complexity away and ensuring they don’t have to know what solution is powering the mobile app they use, explained Derek Yoo, CEO of PureStake, a development team for the layer-1 blockchain Moonbeam.

However, interoperability also brings more moving parts to any system, and security is one of the greatest challenges. Justin Hulog, chief studio officer at Immutable, explained:

“Basically, the more links there are in a chain, the higher chances are that one of them will break. One of such links when it comes to interoperability is the need for “bridges” that facilitate transfers of assets between blockchains — and often get attacked by hackers.”

In fact, across 13 cross-chain bridge hacks, Chainalysis estimated that $2 billion in cryptocurrency has been stolen until August 2022. Bridge attacks account for 69% of total funds stolen this year. In one of the biggest recent cases, hackers drained $612 million from the Ronin bridge and Katana Dex by faking private keys to forge withdrawals.

Major steps have been taken to bring interoperability and security solutions to the crypto space this year, specifically with cross-chain general message passing systems, including the ones introduced by Cosmos IBC, Polkadot XCM, Axelar, LayerZero and Wormhole, noted Yoo.

The functionality addresses common problems in the crypto space and, thus, would unlock broader adoption. In the case of nonfungible tokens (NFTs), for instance, platforms hosting assets from multiple chains could allow users to buy NFTs minted on another chain without moving anything.

In the case of DeFi, users would be able to pool liquidity in multiple assets or chains on a single chain, enabling unified liquidity, explained Sergey Gorbunov, Axelar co-founder and CEO in an interview with Cointelegraph at Converge22. Axelar is a proof-of-stake (PoS) blockchain founded in 2020 that achieved unicorn status this year. In September, the company partnered with Sui blockchain to deliver cross-chain communication through general message passing, enabling developers to build on one chain and call any function on another.

In the gaming sector, interoperability could also increase the value of in-game assets, such as NFTs. At Immutable, Hulog oversees a partnership between The Sandbox and the game Guild of Guardians that allows users to play some characters across both universes. By focusing on players’ experience and engagement, the partnership achieves cross-game interoperability that many projects are working to achieve as the industry unfolds.

Security concerns still remain in the short term, but in the long run, interoperability would lead to “more specialized chains that try to do less, are simpler, and should result in more secure environments,” stated Yoo.

XRP price could rally by 50% based off comments from a former SEC director

XRP investors are hopeful that a potential court victory against the SEC could send the altcoin price at least 50% higher.

XRP is hoping that the token could see a massive price rally in 2022 based off the fingers-crossed assumption that Ripple will win its long-running legal battle against the U.S. Securities and Exchange Commission (SEC).

Hinman documents to save XRP bulls?

On Sept. 29, the district court judge in the case, Judge Analisa Torres, ordered the commission to release the documents penned by William Hinman, the former director of the corporation finance division at the SEC. 

Hinman may have written about Ether (ETH), the native token of the Ethereum blockchain, not being a security in the concealed documents, believes Ripple. That is primarily because Hinman had proclaimed the same in his speech at the Yahoo Finance All Markets Summit in June 2018.

Ripple’s defense could use Hinman’s writing as evidence that its blockchain’s native token, XRP, should not be treated as a security, which is the opposite of what the SEC claimed in the lawsuit filed in December 2020.

XRP has since been ousted from many regulated crypto exchanges, including Coinbase and Bitstamp. As a result, it is now among the only top cryptocurrencies that have neither reclaimed nor established a record high during the 2020–2021 crypto market boom, reflecting caution from investors.

Some might argue, that from the vantage point of technical analysis, XRP price remains undervalued compared to other top-ranking cryptocurrencies. And a Ripple win might change that, given the token rallied 20% in a day after Judge Torres’s order.

Related: CFTC commissioner proposes office focused on retail crypto investors

Resistance and confluence

From a technical standpoint, XRP is one breakout away from posting a 50% price rally.

Notably, the token now tests a resistance confluence of one multi-year descending trendline resistance, a flipped support bar and a Fibonacci line — all pivoting near $0.57. A Ripple win could help XRP break decisively above this confluence.

XRP/USD weekly price chart. Source: TradingView

Such a breakout could have XRP eye a run-up toward the next Fib line near $0.72, up over 50% from Oct. ‘s price. Conversely, a pullback could crash XRP to its previous support level of $0.31, down 35% from the current price levels.

“$XRP is basically a court case play,” noted independent market analyst DonAlt, adding:

“If they win the whole case $XRP giga pumps. if they lose it’ll be a nice -50% candle. Also, an $XRP loss would make other cryptos more vulnerable to attack, so you better cheer them on.”

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.

California files order against Nexo interest account, says it’s 8th state to take action

The state Department of Financial Protection & Innovation says the crypto-interest account is an unqualified security; Nexo has limited the accounts since the BlockFi settlement with the SEC.

The California Department of Financial Protection & Innovation (DFPI) has filed a desist and refrain order against crypto lending platform Nexo as part of its ongoing investigation of companies offering interest-bearing crypto assets accounts. The agency claims it is joining regulators from seven other American states in taking action against the company. The other states involved are Kentucky, New York, Maryland, Oklahoma, South Carolina, Washington and Vermont, according to CNBC.

The DFPI claimed in the filing that Nexo’s Earn Interest Product was an unqualified security, that is, a security that has not been cleared by the government for sale in the form of an investment contract. The product had offered up to 36% interest annually.

The product has not been available to new users in the United States since Feb. 19, and existing U.S. account holders were unable to make new deposits into their accounts in the wake of the $100-million fine imposed on BlockFi by the Securities and Exchange Commission after it found the BlockFi Interest Account to be an unregistered security. However, the DFPI filing claims that Nexo account holders with automatic renewal continued to receive interest payments.

Related: Amid crypto winter, Nexo commits additional $50M to buyback program

The DFPI announced in July that it would begin investigating companies that offered so-called crypto-interest accounts. DFPI Commissioner Clothilde Hewlett said in a statement announcing the action against Nexo:

“These crypto interest accounts are securities and are subject to investor protections under the law, including adequate disclosure of the risk involved.”

Nexo told Cointelegraph in a statement, “We have been working with U.S. federal and state regulators and understand their urge, given the current market turmoil and bankruptcies of companies offering similar products, to fulfill their mandates of investor protection by examining past behavior of providers of earn interest products. […] As the recent months have clearly underlined, Nexo is a very different provider of earn interest products, as showcased by the fact that it did not engage in uncollateralized loans, had no exposure to Terra (LUNA)/TerraUSD (UST), did not have to be bailed out or needed to resort to any withdrawal restrictions.

The DFPI issued a consent order against Celsius Network on Aug. 8, claiming the company and its CEO Alex Mashinsky made misrepresentations and omissions in its offerings of crypto interest accounts. Celsius filed for bankruptcy on July 14.

The DFPI also filed a desist and refrain order against Voyager Digital on June 3, about a month before that company filed for bankruptcy. California Governor Gavin Newsom vetoed a bill to establish a state licensing and regulatory framework for digital assets on Sept. 23, calling the move “premature.”