Security

‘Victims of Ankr exploit’ group unhappy with 50% reimbursement

The group claims they are being discriminated against because they are liquidity providers for rival coins.

A group calling itself “Victims of Ankr Exploit” have claimed that its members lost over 13,000 BNB liquid staking coins (over $4 million worth at the time of writing) as a result of the Dec. 2 Ankr exploit, but have not been adequately reimbursed by the Ankr company.

According to a Jan. 19 statement from the group received by Cointelegraph, affected members alleged that they have only received half of the amount they lost. The group has called on Binance’s Chanpeng Zhao (also known as “CZ”) to put pressure on Ankr to get the funds released.

Ankr CEO Ryan Fang responded to the allegations in a Telegram conversation with Cointelegraph. He stated that both the Stadr and pSTAKE teams agreed to a 50% reimbursement plan, which he said were signed by representatives from both companies. “This amount is basically signed off by projects,” he said. “We did basically what affected project asked us to do.”

The group specifically claimed that a reimbursement plan posted by Ankr on Dec. 20 has been unfair to liquidity providers at Wombat exchange. Under this plan, Ankr proposed to “partially cover the loss of stkBNB liquidity providers on Wombat.” Ankr argued that a full reimbursement would be unfair because “the nature of the mixed liquidity pools” on Wombat made it hard to determine how much liquidity providers had lost.

The Ankr exploit victim group admitted that Ankr compensated them with 50% of the BNB lost in the attack, but insisted that it should have compensated them 100%.

The group argued that Ankr has refused to compensate them fully because the stkBNB and BNBx liquid staking tokens lost were competitors to Ankr’s own ankrBNB tokens:

“It is obvious that there is a segregation and discrimination of victims that is unjustifiable. And [a] fact that out of X protocols impacted, only two of them (Stader and pSTAKE), direct competitors of Ankr, see their users discriminated as victims.”

Citing a tweet from ZachXBT, they argued that Ankr has the ability to compensate them fully because it recovered 1,559 ETH (approximately $2.4 million worth at the time of writing) from Huobi Global after the attacker tried to use it to cash out.

Related: Uniswap considers launching on BNB Chain

The Ankr BNB staking protocol was hacked on Dec. 2, 2022, and the attacker was able to obtain $5 million in crypto from the attack. On Dec. 21, the company announced that the attack had been carried out by an ex-employee. In the same announcement, it vowed to shore up its security practices and reimburse victims.

Update: This article has been updated with comments and clarifications by Ankr CEO Ryan Fang

‘Victims of Ankr exploit’ group unhappy with 50% reimbursement

The group claims they are being discriminated against because they are liquidity providers for rival coins.

A group calling itself “Victims of Ankr Exploit” have claimed that its members lost over 13,000 BNB liquid staking coins (over $4 million worth at the time of writing) as a result of the Dec. 2 Ankr exploit, but have not been adequately reimbursed by the Ankr company.

According to a Jan. 19 statement from the group received by Cointelegraph, affected members alleged that they have only received half of the amount they lost. The group has called on Binance CEO Chanpeng “CZ” Zhao to put pressure on Ankr to get the funds released.

Ankr COO Ryan Fang responded to the allegations in a Telegram conversation with Cointelegraph. He stated that both the Stader and pSTAKE teams agreed to a 50% reimbursement plan. “This amount is basically signed off by projects,” he said. “We did basically what affected project asked us to do.”

Stader Labs has denied making the agreement with Ankr, stating that “we could not reach an agreement & Ankr has unilaterally decided to move forward with a 50% refund to BNBx LP holders.”

At the time of publication, Cointelegraph was not able to independently confirm whether this agreement had been signed by all parties.

The group specifically claimed that a reimbursement plan posted by Ankr on Dec. 20 has been unfair to liquidity providers at Wombat exchange. Under this plan, Ankr proposed to “partially cover the loss of stkBNB liquidity providers on Wombat.” Ankr argued that a full reimbursement would be unfair because “the nature of the mixed liquidity pools” on Wombat made it hard to determine how much liquidity providers had lost.

The Ankr exploit victim group admitted that Ankr compensated them with 50% of the BNB lost in the attack, but insisted that it should have compensated them 100%.

The group argued that Ankr has refused to compensate them fully because the stkBNB and BNBx liquid staking tokens lost were competitors to Ankr’s own ankrBNB tokens:

“It is obvious that there is a segregation and discrimination of victims that is unjustifiable. And [a] fact that out of X protocols impacted, only two of them (Stader and pSTAKE), direct competitors of Ankr, see their users discriminated as victims.”

Citing a tweet from noted blockchain sleuth ZachXBT, they argued that Ankr has the ability to compensate them fully because it recovered 1,559 ETH (approximately $2.4 million worth at the time of writing) from Huobi Global after the attacker tried to use it to cash out.

Related: Uniswap considers launching on BNB Chain

The Ankr BNB staking protocol was hacked on Dec. 2, and the attacker was able to obtain $5 million in crypto from the attack. On Dec. 21, the company announced that the attack had been carried out by an ex-employee. In the same announcement, it vowed to shore up its security practices and reimburse victims.

This article was updated on January 26, 2023 to include comments and clarifications by Ankr COO Ryan Fang and by a representative of Stader Labs.

What are hierarchical deterministic (HD) crypto wallets?

A hierarchical deterministic wallet uses a single seed to create an infinite number of addresses, allowing users to recover funds using a master key.

Are HD wallets safe?

HD wallets are as secure as the medium (physical or digital) on which they are stored.

BIP-32 enables an HD wallet to produce a tree-like hierarchical structure of private keys from the seed. As a result, if a device is lost or destroyed, the seed backup can be used to restore the wallet along with all of the tree’s private keys.

Hierarchical deterministic wallets offer enhanced security and privacy compared to non-deterministic wallets. They are secure because a new address is issued for every new transaction. Therefore, hacking them is a challenging and intricate process. Additionally, an indefinite number of public addresses can be created for the purpose of collecting payments, ensuring users’ financial anonymity.

However, if either private keys or master keys are not safely stored, they can expose users’ funds to malicious actors. Therefore, the chosen seed phrases in HD wallets should be unrelated to users’ names or any other personal details that attackers will find simpler to compromise.

What are the benefits and drawbacks of using an HD wallet?

With hierarchical deterministic wallets, users’ privacy is improved because they can share their master public key with others without putting their money in jeopardy. Similarly, HD wallets are secure since funds are diversified over numerous addresses. However, there is a substantial chance of money being lost if the master key or private keys get revealed to the public.

Due to the hierarchical structure of deterministic wallets, every private key generated by the seed has the potential to be utilized as a master private key, which can then be used as a deterministic wallet to generate further keys.

Also, the changing addresses offer enhanced privacy, as one cannot find out the exact wallet balance from the public ledger. However, anyone who has access to the extended private keys can steal users’ funds, which is why they shouldn’t be shared with non-trusted parties.

Related: Private, public and consortium blockchains: The differences explained

Along with improved privacy, deterministic wallets offer great security, as access to a number of different private keys will be required to gain access to all of the users’ crypto assets because they have spread their funds across several addresses. Furthermore, the coins that are controlled by other private keys remain unaffected if one private key is compromised. However, if the seed is compromised, all funds may be stolen by hackers.

How does a hierarchical deterministic wallet work?

To increase security and privacy, an HD wallet creates a fresh key pair from a master key pair (consisting of an extended private key and an extended public key) for each cryptocurrency transaction.

With BIP-32, HD wallets become the de facto standard for Bitcoin. BIP-32 is the Bitcoin Improvement Proposal (BIP) that introduced the development of a wallet structure that resembled a hierarchical tree.

In an HD wallet like MetaMask, a single master key is derived from the wallet seed, which is then used to generate child keys, each of which is capable of generating its own children. A seed, often represented as a mnemonic phrase, is a piece of information that can be used to produce both the wallet’s public and private keys.

A master key pair consisting of an extended private key (XPRIV) and an extended public key (XPUB) is typically present in HD wallets for Bitcoin. Additionally, a child private key is created pseudorandomly from a master private key, and the matching child public keys can be generated by anybody who knows the master public key.

The XPRIV produces all of the child private keys, and the XPUB may display the balances of all the child public keys in the wallet. Moreover, the need for storing multiple key pairs is eliminated, as HD wallet addresses can be generated from the master key or seed.

The same tree of keys will be generated by the master key, allowing users to back up a single seed rather than hundreds of keys in the case of non-deterministic wallets. Furthermore, XPUB keys allow users to receive Bitcoin directly into a cold storage wallet and keep their private keys offline because they allow users to generate new addresses using online extended public keys.

A web retailer that creates new public keys for each sale is an inspiring use case for HD crypto wallets. Using a deterministic wallet, the merchant can quickly produce and save only the public keys on a risky internet server while keeping all of the related private keys secure in offline storage. Additionally, the retailer can use HD wallets’ hierarchical feature to keep only the public keys required to process consumer payments, which might improve the privacy of the user.

What are deterministic and non-deterministic wallets?

A hierarchical deterministic wallet generates public and private keys from a master key, allowing users to create a new wallet and retrieve all addresses and keys, given that they have access to the seed. On the contrary, non-deterministic wallets randomly generate wallet addresses and private keys, restricting users’ ability to recover addresses and keys if the wallet’s details are lost.

Typically, digital signatures and pairs of private and public signing keys are used in blockchain-based cryptocurrencies. That said, users spend their money by signing a transaction with the private key, and other users (recipients) can use the public key to confirm the signature’s validity. Private keys can be used to generate public keys, but not the other way around.

For instance, a user’s Bitcoin wallet comprises a set of private keys that enable the owner to spend any Bitcoin (BTC) linked to those keys. When the user needed them, Bitcoin wallets would randomly generate BTC addresses and private keys. Such types of digital wallets are called non-deterministic wallets (ND).

However, since the keys are not generated in any pattern, users must make a backup of each key whenever a new one is generated. That said, if the wallet’s details are lost, all of the addresses and keys would also be lost.

This type of Bitcoin wallet is also known as a “just-a-bunch-of-keys” (JBOK) wallet, as it produces unrelated keys and requires users to keep track of their transactions every time they buy and sell their cryptocurrencies. So, what are hierarchical deterministic (HD) wallets?

Hierarchical deterministic wallets took the place of JBOK wallets since users could back up HD wallets using a single seed and greatly benefit from extended keys. Therefore, a wallet that generates its public and private keys from a seed is referred to as a hierarchical deterministic wallet.

These wallets can be used for a variety of intriguing things, such as trustless auditing, online shopping and departmental funding distribution by the treasurer. For instance, an individual might disclose their master public key to external auditors, who could then use that key to view any future transactions made using BTC. In this case, the user’s funds are secure because the private keys linked to those funds are never revealed.

The summary of differences HD vs. non-HD wallets is listed in the table below:

Image_0

SEC leaked crypto miners’ personal information during investigation: Report

The financial regulator reportedly unintentionally included 650 names and email addresses in communications with blockchain firm Green as part of an investigation.

The United States Securities and Exchange Commission, or SEC, has reportedly leaked the names and email addresses of many crypto miners connected to the blockchain firm Green.

According to a Jan. 17 report from the Washington Examiner, the SEC unintentionally included 650 names and email addresses in an email communication with Green as part of an investigation, leaving the blockchain’s nodes vulnerable to hacks. The financial regulator had reportedly been reaching out to Green users regarding their purchase of the firm’s products.

“The Privacy Act of 1974 […] prohibits the disclosure without consent of information about individuals that the federal government maintains in a system of records,” the SEC website says. “If we store information about you in a system of records from which we retrieve that information by personal identifier […] we will safeguard your information in accordance with the Privacy Act.”

Hackers have often targeted centralized crypto exchanges to obtain information about users, but alleged unintentional leaks by government officials are less common. In October, the U.S. Justice Department announced charges against two Chinese intelligence officers who allegedly bribed a double agent with Bitcoin (BTC).

Related: LBRY says it ‘will likely be dead’ following SEC loss

The SEC has also executed several crackdowns on crypto firms in 2022 in what many critics have called the agency taking a “regulation by enforcement” approach. In December, the financial regulator added its name to the list of federal agencies charging former FTX CEO Sam Bankman-Fried, alleging violations of the anti-fraud provisions of securities laws.

App-specific blockchains remain a promising solution for scalability

Building an interoperable network of blockchains dedicated to a specific purpose appears to be a viable alternative to layer-2 scalability solutions.

App-specific blockchains, or appchains, are specifically designed to support the creation and deployment of decentralized applications (DApps). In an appchain, each app runs on its separate blockchain, linked to the main chain. This allows for greater scalability and flexibility, as each app can be customized and optimized for its specific use case.

Appchains are also an alternative solution for scalability to modular blockchains or layer-2 protocols. Appchains present similar characteristics to modular blockchains, as it is a type of blockchain architecture that separates the data, transaction processing and consensus processing elements into distinct modules that can be combined in various ways. These can be thought of as “pluggable modules” that can be swapped out or combined depending on the use case.

This separation of functions is why there’s greater flexibility and adaptability to appchains compared to traditional, monolithic blockchain architectures, where these functions are all built into one program. They allow for the creation of customized, sovereign blockchains — tailored to meet specific needs and use cases — where users can focus on specific tasks while offloading the rest to other layers. This can be beneficial regarding resource management, as it allows different parties to specialize in different areas and share the workload.

The scalability of blockchain technology is a key factor for its future success. Due to the scalability issues in layer-1 blockchain architecture, there has been a shift toward using modular blockchains or layer-2 protocols, which offer solutions to the limitations of monolithic systems.

Technology, Security, Cybersecurity, Scalability
Scalability is one side of the blockchain trilemma facing developers.

As a result, the adoption of layer-2 networks is increasing, as they provide a way to address scalability and other issues in current blockchain networks, particularly for a layer-1 like Ethereum. Layer-2 protocols offer lower transaction fees, fewer capacity constraints and faster transaction speeds that paved the way for its growing adoption, catching the attention of 600,000 users.

Appchains vs. monolithic chains

Appchains are not entirely different from monolithic chains. Monolithic chains, like appchains, follow the fat-protocol thesis where a single chain handles most decentralized finance (DeFi) activity and settles everything on one layer with a valuable token. However, layer-1 blockchains are hard to scale. Appchains don’t currently have the same limited space issues as monolithic chains, but they can use modular solutions in the future if necessary.

“The fundamental value proposition of appchains is sovereign interoperability,” explained Stevie Barker, a researcher at Osmosis Labs, a decentralized trading protocol on the Cosmos ecosystem. He told Cointelegraph: 

“Appchains are sovereign because they have precise control over their entire stack and any other area of blockchain structure and operations they want to customize. And they are interoperable because appchains can freely interact with each other.”

Appchains can optimize for user experience and make execution faster, easier and more efficient. They can also secure their chain by recruiting validators to implement code, produce blocks, relay transactions and more. Alternatively, they can borrow the security from another set of validators, interchain security, or combine both options to share security among the entire interchain.

Related: US federal agencies release joint statement on crypto asset risks and safe practices

Osmosis has developed a new take on proof-of-stake called “superfluid staking” that aims to improve both security and user experience. This approach allows liquidity providers to stake the tokens in their liquidity pool (LP) shares to help secure the chain. In return, they will receive staking rewards in addition to their LP rewards, which can help increase their capital efficiency. This can be a more seamless and integrated approach to staking, as liquidity providers can simultaneously earn rewards for their LP and staking activities.

With current advancements, the entire interchain will be able to use its staked assets for DeFi activities without risking centralization or compromising chain security, as is often the case with traditional liquid staking derivatives. This will allow users to take advantage of DeFi opportunities while maintaining the security and decentralization of their staked assets. Valentin Pletnev, CEO and co-founder of Quasar, a decentralized appchain designed for asset management, told Cointelegraph:

“Owning the entire stack from top to bottom allows for easy value generation and purpose for the token — it also allows for higher efficiency as chains can be designed around a specific use case and optimized for it.”

Appchains also can effectively manage Maximal Extractable Value (MEV), which refers to the profits obtained by those who have the power to decide the order and inclusion of transactions. MEV has been a problem for DeFi users across various ecosystems. However, appchains can more quickly implement on-chain solutions that significantly reduce malicious MEV and redirect healthy arbitrage profits from third parties to the appchain itself. This can help improve the user experience and reduce the potential for exploitation in the DeFi ecosystem.

Appchains allow for radical blockchain experiments to be carried out quickly. While Tendermint and the Cosmos SDK are remarkable technologies that enable apps to spin up inter-blockchain communication (IBC) protocol-ready blockchains quickly, the whole Cosmos stack is not necessary to become an IBC-connected appchain. Barney Mannerings, a co-founder of Vega Protocol, an application-specific blockchain for trading derivatives, told Cointelegraph:

“As the space is moving toward a multichain and multi-layered world — in which assets can be moved between chains and specific scaling layers — a distribution of an application on multiple hubs can make sense.”

Appchains offer a path for the new communication standard of blockchains. Native token transfer between ecosystems eliminates bridges and allows for native token transfer cross-chain.

App-specific blockchains also offer several valuable benefits that make them attractive for developers and users alike. Their ability to improve applications’ scalability, performance, security and interoperability makes them a valuable tool for building the next generation of software. As the technology continues to evolve, we will likely see more and more developers adopting app-specific blockchains for their applications.

Related: Blockchain Interoperability, Explained

However, the use of multiple appchains can make them more complex and difficult to manage compared to other types of blockchain technology. Since each app runs on its blockchain, managing and maintaining multiple blockchains can be resource-intensive and time-consuming. Integrating different app chains can be challenging due to potential compatibility issues.

Overall, the benefits and drawbacks of app chains depend on the specific use case and requirements of the DApps under development. In some cases, app chains may provide the ideal solution for building and deploying DApps, while other types of blockchain technology may be more suitable in others.

How to keep your crypto safe in 2023: A few tips from an analyst

James Check, the Lead on-chain analyst at Glassnode, explains why self-custodying your private keys has become more important than ever and how to do it in a few simple steps.

There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to Glassnode lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user. 

“If you have gold in your vault, if you have cash in your wallet, it’s the same concept: You need to exercise a level of responsibility,” said Check in an interview with Cointelegraph.

Check argued that while third-party custody and semi-custodial solutions such as collaborative custody may appear more user-friendly for the average user, they also have their own, even bigger, risk vectors.

To the analyst, when it comes to custody, “there are no solutions, only trade-offs.” His position is that being in full control of one’s own crypto and eliminating third-party risk is well worth the effort of learning how to keep a wallet’s 12-word seed phrase safe.

Cast your vote now!

Ultimately, Check believes that the amount of time and effort put into learning self-custody should be scaled proportionally to the size of one’s holdings. 

“If you’re not willing to put more than five minutes into it, then don’t put more than $5 into it. If you’re willing to do 100 hours now, you can start talking about doing your significant sums of savings,” he said. 

To find out more about Check’s approach to self-custody, check out the full interview on Cointelegraph’s YouTube channel, and don’t forget to subscribe!

DeFi-type projects received the highest number of attacks in 2022: Report

A new Web3 security report from Beosin revealed that of the 167 major security exploits DeFi projects saw the most, at 113 attacks.

It’s no secret that in 2022 the world of Web3 and decentralized finance (DeFi) experienced a slew of major exploits and attacks. From the Ronin bridge attack to the Nomad hack, the top 10 exploits alone saw over $2 billion lost.

In the Beosin Global Web3 Security Report 2022, it revealed that of 167 major security incidents over the last year those rooted in DeFi were the most vulnerable. DeFi projects were attacked 113 times, which accounted for approx. 67.6% of recorded attacks.

This is followed by attacks on exchanges, nonfungible token (NFT) projects, cross-chain bridges and wallets in that order.

According to the report, DeFi projects came in second in terms of monetary losses with a total of $950 million in losses. This follows the $1.89 billion lost in cross-chain bridge exploits in the last year.

In total 2022 saw $3.6 billion lost from all attacks on all project types. This is an increase of 47.4% from the previous year’s total of $2.4 billion lost in security exploit related-incidents.

Related: Magic Eden to refund users after fake NFTs sold due to exploit

Already alarm bells are going off for DeFi project to be wary of even more exploits in this upcoming year as well.

Experts say that a combination of the amount of DeFi projects that spring up, the lack of security testing prior to going live and the value these projects attract are reasons hackers are inclined toward the space.

Additionally blockchain security companies are urging users to hold on to their private keys, as funds lost to private key compromises in 2023 will be due to poor management thereof.

2023 has already seen exploit incidents. On Jan. 3, hackers stole $3.5 million worth of digital assets from GMX whale.

Nonetheless, 2022 ended with December seeing the lowest value of exploited funds from DeFi, with $62 million worth of exploits.

Using blockchain technology to combat retail theft

Blockchain technology may be a solution when it comes to anti-theft measures for retailers.

The retail industry is one of the most important sectors of the United States economy. Unfortunately, the COVID-19 pandemic has left the trillion-dollar retail sector vulnerable to in-store theft. 

Findings from the National Retail Federation’s 2022 Retail Security Survey show that retail losses from stolen goods increased to $94.5 billion in 2021, up from $90.8 billion in 2020. Some retailers also have to lock away certain products to prevent theft, which may lead to decreased sales due to consumers’ inability to access goods.

Retailers look toward blockchain to solve retail theft

Given these extreme measures, many innovative retailers have started looking toward technology to combat retail theft. For example, Lowe’s, an American home improvement retailer, has recently implemented a proof-of-concept called Project Unlock, which uses radio frequency identification (RFID) chips, Internet of Things sensors and blockchain technology. The solution is currently being tested in several Lowe’s stores in the United States.

Josh Shabtai, senior director of ecosystem practice at Lowe’s Innovation Labs — Lowe’s tech wing that developed Project Unlock — told Cointelegraph that Project Unlock aims to explore emerging technology to help curb theft while creating better customer experiences.

Recent: What is institutional DeFi, and how can banks benefit?

To accomplish this, Shabtai explained that RFID chips are used to activate specific Lowes’ power tools at the point of purchase. “So if a customer steals a power tool, it won’t work,” he said.

Shabtai noted that RFID chips are a low-cost solution that many retailers use to prevent theft. According to the National Retail Federation’s 2022 Retail Security Survey, 38.6% of retailers already implement or plan to implement RFID systems. However, Shabtai explained that combining RFID systems with a blockchain network can provide retailers with a transparent, tamper-proof record to track in-store purchases. He said:

“Through Project Unlock, a unique ID is registered and assigned to each of our power tools. When that product is purchased, the RFID system activates the power tool for use. At the same time, the transaction can be viewed by anyone, since that information gets recorded to a public blockchain network.”

Mehdi Sarkeshi, lead project manager at Project Unlock, told Cointelegraph that Project Unlock is based on the Ethereum network. Sarkeshi elaborated that each product under Project Unlock is tied to a pre-minted nonfungible token (NFT), or a digital twin, that will receive a status change upon purchase.

“A product’s NFT undergoes a status change when it is either sold by Lowe’s, if it has been stolen, or if the status is unknown. All of this information is publicly visible to customers and resellers since it’s recorded on the Ethereum blockchain. We have essentially built a purchase authenticity provenance for Lowes’ power tools,” he said.

While the concept behind Project Unlock is innovative for a large retailer, David Menard, CEO of asset verification platform Real Items, told Cointelegraph that his firm has been exploring a similar solution. “Traditionally, RFID tags prevent theft, so this problem has already been solved,” he said. Given this, Menard noted that Real Items combines digital identity with physical products to ensure that stolen items can be accounted for. He said:

“If physical items are paired with digital twins, then retailers can know exactly what was stolen, from where and from which product batch. Retailers can understand this with more clarity versus information generated by RFID systems.”

According to Menard, Real Items currently has a memorandum of understanding with SmartLabel, a digital platform that generates QR codes for brands and retailers to provide consumers with detailed product information. He shared that Real Items plans to implement “digital product passports” with SmartLabel products in the future. “We view digital product passports as the foundation for storing information about a product throughout a product’s life cycle,” he said.

Menard further explained that Real Items uses the Polygon network to store product information. It’s important to point out that this model differs from Project Unlock since a blockchain network is only used here to record information about a certain item. “We use a product’s digital twin — also known as its NFT — for engagement. It can be tied to anti-theft, but it’s more about providing retailers with useful data.”

While the solutions being developed by Lowe’s Innovation Labs and Real Items could be a game-changer for retailers, the rise of the metaverse may also help curb retail theft. According to McKinsey’s “Value Creation in the Metaverse” report, by 2030, the metaverse could generate $4 trillion to $5 trillion across consumer and enterprise use cases. The report notes that this includes the retail sector.

Marjorie Hernandez, managing director of LUKSO — a digital lifestyle Web3 platform — told Cointelegraph that designer brands like Prada and Web3 marketplaces like The Dematerialised, where she is also CEO, are already using NFT redemption processes.

Hernandez explained that this allows communities to purchase a digital good in a metaverse-like environment, which can then be redeemed for a physical item in store. She said:

“This redemption process allows retailers to explore new ways to authenticate products on-chain and provide a more sustainable production process with made-to-order demand. This also creates a new and direct access channel between creators and consumers beyond point of sale.”

Hernandez believes that more retailers will explore digital identities for lifestyle goods in the coming year. “This allows brands, designers and users to finally have a transparent solution for many of the problems facing the retail industry today, like counterfeit goods and theft.”

Will retailers adopt blockchain solutions to combat theft?

Although blockchain could help solve in-store theft moving forward, retailers may be hesitant to adopt the technology for several reasons. For instance, blockchain’s association with cryptocurrency may be a pain point for enterprises. Recent events like the collapse of FTX reinforce this. 

Yet, Shabtai remains optimistic, noting that Lowe’s Innovation Labs believes that it’s important to consider new technologies to better understand what is viable. “Through Project Unlock, we have proven that blockchain technology is valuable. We hope this can serve as a proof point for other retailers considering a similar solution,” he remarked. Shabtai added that Lowe’s Innovation Labs plans to evolve its solution beyond power tools moving forward.

Recent: Redeeming physical NFTs: Easier said than done?

While notable, Sarkeshi pointed out that it may be challenging for consumers to understand the value of using blockchain to record transactions. “For instance, if I’m a customer buying a second-hand product, why should I care if it was stolen,” he said. Given this, Sarkeshi believes that a shift in customer mindset must occur for such a solution to be entirely successful. He said:

“It’s a culture building challenge. Some customers will initially not feel good about buying a stolen product, but we need this to resonate across the board. We want customers to know that when a product is stolen, everyone across the supply chain gets hurt. Building that culture may be challenging, but I believe this will happen in the long term.”

Crypto companies aim to build trust within future products and services

Companies are taking new approaches to building trust within Web3 and crypto products.

The cryptocurrency ecosystem underwent a turbulent year in 2022. Criticism inside and outside of the crypto industry was fueled following the collapse of FTX, Celsius, Three Arrows Capital and the Terra ecosystem. 

A number of losses have been recorded from these events. Blockchain analytics firm Chainalysis released a report in December of last year, which noted that the depegging of Terra’s stablecoin, Terra USD Classic (USTC), saw weekly-realized losses peak at $20.5 billion. Findings further show that the subsequent collapse of Three Arrows Capital and Celsius in June 2022 saw weekly-realized losses reach $33 billion.

While these events may have resulted in a loss of trust within the crypto ecosystem, it’s important to point out that blockchain technology and cryptocurrency have not failed. To put this in perspective, Dan Morehead, chief operating officer at ​​Pantera Capital — an American hedge fund specializing in cryptocurrency — stated in a Dec. 19, 2022 letter to investors:

“The narrative that blockchain skeptics and some regulators and politicians are pumping out misses the point. The collapse of FTX had nothing to do with blockchain technology. It’s not crypto that failed. Bitcoin and all the other protocols worked perfectly.”

To Morehead’s point, companies within the crypto and blockchain sector continue to build and release products, despite recent events. In fact, a number of projects are focused more than ever before on instilling trust within products.

Companies aim to ensure trust 

Paul Brody, global blockchain leader at EY and an Enterprise Ethereum Alliance board member, told Cointelegraph that he senses a renewed respect for the value of rules, regulations and the idea that the rule of law has a role to play within the crypto sector. “The narrative that ‘code is law’ doesn’t seem to come up so much anymore in discussions,” he said.

Given this, Brody believes that auditors, regulators and mathematical proofs will play a critical role in building trust with transparency within the crypto sector:

“I think we can look forward to a future where not only will code be published, but firms will publicly appoint external auditors and welcome regulatory inspections. I think there’s also a role for more standardization of how firms in this industry report their data.”

To Brody’s point, a number of crypto companies have started placing an emphasis on audits and data reporting. For example, Jordan Kruger, co-founder of Vesper Finance and head of decentralized finance (DeFi) at Web3 infrastructure layer Bloq, told Cointelegraph that her firm has been subject to a number of audits since launching in 2021.

“It has undergone more than fifty independent audits across the multiple smart contracts that comprise its pools and strategies,” she said.

Recent: What is institutional DeFi, and how can banks benefit?

Kruger noted that while this has been important for Vesper’s users, regular audits should be viewed as a contribution to the DeFi ecosystem as a whole. “Our focus on software quality means that when other DeFi protocols integrate with us, they can partially draft behind Vesper’s significant investments in auditing.” This is an important point, as DeFi protocols witnessed some of the largest hacks and scams in 2022. Regular smart contract audits may have prevented some of these from occurring.

In addition to audits performed on DeFi protocols, the nonfungible token (NFT) sector is starting to implement audits, particularly when it comes to the phygital offerings, or physically-backed NFTs. For example, Jake Spinowitz, head of community at Courtyard — an NFT marketplace that enables collectors to trade and store physical collectibles — told Cointelegraph that Courtyard arranges third-party audits of its custodied items to ensure trust and transparency.

Moreover, Spinowitz explained that Courtyard is working with the security provider Brinks to safeguard physical assets that are tied to digital twins. “When tasked with safeguarding someone’s prized physical possessions, there should ideally be a proven ability to securely vault, handle, and transport those assets (to mitigate risk further, all physical collectibles we vault are insured at market value),” he said.

The combination of audits, along with using a legacy security institution, may serve as a successful model for phygital projects moving forward. This could certainly be useful, as a number of phygital platforms have expressed concerns regarding the redemption and storage process of physical NFT assets. 

While auditing and data reporting may become standards within the cryptocurrency ecosystem, protecting user data will also become critical. Sandy Carter, senior vice president and channel chief at Web3 domain provider Unstoppable Domains, told Cointelegraph that her firm is allowing domain owners to control the information they share.

“For example, our login feature gives you the option to share off-chain profile data to earn rewards from your favorite DApps or display your domain on a leaderboard. The data you share is completely opt-in,” she explained. Moreover, Carter noted that Unstoppable Domains recently changed the way domains are minted. “All domains will now be automatically minted on the blockchain, as opposed to Unstoppable’s database,” she said.

Chris Castig, co-founder of Console.xyz — a Web3 chat platform — told Cointelegraph that Web3 principles focused on trust must ensure a minimum impact that any one human, group, or institution can have on the users of the app. As such, he explained that platforms like Console allow users’ social graphs, which include their followers, network and more, to live on the blockchain. He elaborated:

“We use smart contract and NFT integrations so that social graphs live outside of our app and on the blockchain. That means that if your community ever wanted to leave Console, it’s easy to find a new home somewhere else. You own your community, not us.” 

Castig further noted that his company uses Ethereum Name Services (ENS) for identity rather than user names. “ENS names (.eth) or any equivalent decentralized identity like (.btc, .tez, etc) can be used to replace usernames and passwords on your site,” he said. In turn, an additional layer of user privacy and trust is achieved. 

“On a social site where I’m interacting with other people, my ability to use a consistent username across sites communicates trust to other users. Using my own ENS name also means I own my identity, not the humans behind the app,” Casting said.

Will crypto ideals remain with additional trust built in? 

While regular audits, data reporting and transparent privacy measures may become the norm for many crypto projects moving forward, some could be wondering if this will impact the trustless nature of cryptocurrency

Although this is a legitimate concern, Brody explained that the trustless nature of crypto is no longer feasible. “It was somewhat achievable in the early days of pure crypto when you could self-custody and everything you needed to know was on-chain. Yet, the moment we moved past pure crypto into real-world assets and complex smart contracts, that became impossible,” he said.

Recent: Redeeming physical NFTs: Easier said than done?

Brody added that now the cryptocurrency ecosystem should be aiming “not for ‘trustless’ crypto and blockchain, but rather decentralized and regulated crypto.” If implemented correctly, Brody believes that all of the benefits promised by crypto will still be achievable. He said:

“Decentralization means that there’s no single firm that can become a gatekeeper or monopolist. Regulation means that we can see, understand, and compare between firms and partners and figure out who is worthy of our trust.”

Balancer warns some LPs to remove liquidity ASAP because of a ‘related issue’

The team did not disclose what the issue is, but stated that it “cannot be mitigated by the emergency DAO.”

In a Jan. 6 tweet, DeFi protocol Balancer warned certain liquidity providers to remove their LPs “ASAP” due to an ongoing issue related to some of the service’s pools. Some pools have had their fees set to zero by the balancer emergency multisig, but the team indicated that not all effects of the still unknown issue could be mitigated in this way.

Balancer listed the pools that need to be withdrawn to include DOLA / bb-a-USD on Ethereum, It’s MAI life and Smells Like Spartan Spirit on Optimism, and Tenacious Dollar on Fantom.

At 2:03 a.m. UTC on January 6, Balancer took to Twitter to announce an “issue” with liquidity pools on the platform. It stated that protocol fees have been set to zero to mitigate the issue, and that more details “will be publicly disclosed in the near future.”

Balancer has stated if a pool’s transaction fees have been set to zero by the emergency multisig, no further action is needed on the part of LPs. The pools will continue to accumulate fees, but Balancer itself will not take its cut.

Balancer is the sixth largest decentralised exchange (DEX) by trading volume, handling over $52 million in crypto trades each day, according to analytics platform DefiLlama.

Initial responses from the community have noted the vagueness of Balancer’s messages, leading some to assume to the worst:

Back in December, the Raydium DEX was targeted by a fee exploit where the attacker used an admin key to change pool parameters, tricking the pool smart contract into behaving as if the entire pool consisted of accumulated admin fees.