wallets

Safe Wallet scammer steals $2M through 'address poisoning' in one week

A malicious actor behind at least $5 million in crypto theft through “address poisoning” significantly ramped up attacks against Safe Wallet users in the last week.

A crypto hacker specializing in “address poisoning attacks” has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21. 

On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov.

According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.

Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but “luckily” only lost $400,000 of it. 

Address poisoning is when an attacker creates a similar-looking address to the one a targeted victim regularly sends funds to — usually using the same beginning and ending characters.

The hacker often sends a small amount of crypto from the newly-created wallet to the target to “poison” their transaction history.

Cointelegraph has reached out to Safe Wallet for comment on the matter.

Read more

Bank collapses are spurring interest in self-custody startups

The implosions of Signature Bank and Silicon Valley Bank are giving self-custody startups an opportunity to prosper.

The collapses of Signature Bank and Silicon Valley Bank have left many people in disbelief, with skeptics questioning the stability of the traditional financial system. 

Cryptocurrency, sadly, did not do much to capitalize on that skepticism, considering Bitcoin (BTC) tanked at the first sign of trouble for USD Coin (USDC), which briefly lost its peg to the dollar.

Still, the crisis also provided a golden opportunity for the crypto industry to demonstrate its resilience and offer viable alternatives. As faith in the traditional banking system wanes due to SVB causing “a crisis in confidence,” venture capital (VC) firms and startups are increasingly embracing self-custody solutions for digital assets, ensuring that individuals maintain full control over their funds.

The shift toward self-custody and decentralized finance (DeFi) systems is indicative of a larger trend that sees more people embracing cryptocurrencies and the principles of financial sovereignty. This increased interest in decentralized solutions is fueling innovation and investment in the space, which is ultimately good for both the crypto ecosystem and the broader financial landscape.

Related: Let First Republic and Credit Suisse burn

Some readers may find the notion of celebrating a bank’s collapse objectionable, arguing that it undermines the credibility and importance of established financial institutions. Additionally, others may argue that the promotion of cryptocurrencies and self-custody can be viewed as opportunistic, capitalizing on a crisis to advance a particular agenda.

The current financial landscape is undergoing a major transformation, with many people expressing distrust in traditional financial institutions. A recent survey revealed that 85% of “US institutions account for 85% of Bitcoin buying.” This preference for digital assets is not only evident among institutional investors but also among retail investors. A 2022 survey by the Economist found that 85% of investors “agree there is a need for open-source digital currencies as a diversifier in a portfolio or treasury account.”

The growth of Bitcoin and other cryptocurrencies has been accompanied by the rise of DeFi, which offers users decentralized financial services such as lending, borrowing and asset management. DeFi protocols have attracted billions of dollars in investments, providing people with financial services that are free from the constraints of traditional banks. The bank collapse has only served to highlight the merits of these decentralized systems, which offer users more control over their funds and greater transparency.

As a response to the growing demand for decentralized financial solutions, VC firms are increasingly investing in startups focused on self-custody and DeFi — e.g., more decentralized infrastructure. Such investments demonstrate the commitment of VC firms to support innovation in this burgeoning field.

The shift toward self-custody solutions also has the potential to transform the way people manage their digital assets. By offering individuals full control over their cryptocurrencies, self-custody wallets eliminate the need for intermediaries and empower users to take responsibility for their own funds. This could lead to the emergence of new business models and decentralized applications that cater to the needs of an increasingly digital-savvy population.

Bank collapses present a challenge, but they also serve as an important catalyst for change. This crisis has prompted people to reconsider their reliance on traditional financial institutions and explore alternative solutions, such as cryptocurrencies and self-custody. By embracing these emerging technologies, VC firms and startups are not only helping to shape the future of finance but also creating a more resilient and inclusive financial system for all.

Related: Collapse of Silvergate and Silicon Valley Bank represents a challenge for crypto

With an influx of capital and innovation in the crypto space, it is evident that the bank collapse has inadvertently bolstered the growth and adoption of cryptocurrencies. As more people embrace self-custody solutions and decentralized financial services, the stage is set for a new era of financial sovereignty that challenges the status quo and redefines our understanding of money.

By investing in self-custody startups and decentralized financial services, crypto users can increase the security and visibility of their digital assets. This makes it less likely that Bitcoin will collapse when another bank fails or if another black swan event occurs, such as another huge bank run.

Jan Strandberg is the CEO of Acquire.Fi. His tenure in the crypto industry goes back to Paxful, where he served as chief growth officer. He also served as the chief growth officer and co-founder of the Yield App.

This will inevitably create a more resilient financial system, one that is secure and inclusive for all, one where you don’t have to worry about losing your money overnight, but instead, you will be able to store your money in a secure digital vault just like a bank.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph

Is BTC price about to retest $20K? 5 things to know in Bitcoin this week

Bitcoin looks like it is treading on thin ice as February fails to match the gains of last month.

Bitcoin (BTC) starts the second week of February in a newly bearish mood as multimonth highs fail to hold.

In what may yet bring vindication to those predicting a major BTC price come down, BTC/USD is back under $23,000 and making lower lows on hourly timeframes.

Feb. 6 trading may not yet be underway in Europe or the United States, but Asian markets are already falling and the U.S. dollar is gaining — potential further hurdles for Bitcoin bulls to overcome.

With some macroeconomic data to come from the Federal Reserve this week, attention is mainly focused on next week’s inflation check in the form of January’s Consumer Price Index (CPI).

In the build-up to this event, the results of which are already hotly contested, volatility may gain a fresh foothold across risk assets.

Add to that those concerns mentioned above that Bitcoin is long overdue for a more significant retracement than those seen in recent weeks, and the recipe is there for difficult but potentially lucrative trading conditions.

Cointelegraph looks at the state of play on Bitcoin this week and considers the factors at play in moving the markets.

BTC price disappoints with weekly close

It is very much a tale of two Bitcoins when it comes to analyzing BTC price action this week.

BTC/USD has managed to retain the majority of its spectacular January gains, totaling almost 40%. At the same time, signs of a comedown are on the cards.

While comparatively strong at just under $23,000, the weekly close still failed to beat the previous one and represented a rejection at a key resistance level from mid-2022.

“BTC is failing its retest of ~$23400 for the time being,” popular trader and analyst Rekt Capital summarized about the topic on Feb. 5.

An accompanying weekly chart highlighted the support and resistance zones in play.

“Important BTC can Weekly Close above this level for a chance at upside. August 2022 shows that a failed retest could see BTC drop deeper in the blue-blue range,” he continued.

“Technically, retest still in progress.”

BTC/USD annotated chart. Source: Rekt Capital/ Twitter

As Cointelegraph reported over the weekend, traders are already betting on where a potential pullback may end up — and which levels could act as definitive support to further buoy Bitcoin’s newfound bullish momentum.

These currently center around $20,000, a psychologically significant number and the site of Bitcoin’s old all-time high from 2017.

BTC/USD traded at around $22,700 at the time of writing, data from Cointelegraph Markets Pro and TradingView showed, continuing to push lower during Asia trading hours.

“Some bids were filled on this recent push down (green box) but most of the remaining bids below have been pulled (red box),” trader Credible Crypto wrote about order book activity on Feb. 5.

“If we continue lower here eyes still on 19-21k region as a logical bounce zone.”

For a quietly confident Il Capo of Crypto, meanwhile, it is already crunch time when it comes to the trend reversal. A supporter of new macro lows throughout the January gains, the trader and social media pundit argued that breaking below $22,500 would be “bearish confirmation.”

“Current bear market rally has created the perfect environment for people to keep buying all the dips when the current trend reverses,” he wrote during a Twitter debate.

“Perfect scenario for a capitulation event in the next few weeks.”

BTC/USD 1-day candle chart (Bitstamp). Source: TradingView

Fed officials to speak as market eyes CPI

The week in macro looks decidedly calm compared to the start of February, with less data and more commentary set to define the mood.

That commentary will come courtesy of Fed officials, including Chair Jerome Powell, with any hint of policy change in their language potentially to shifting markets.

The week prior saw just such a phenomenon play out, as Powell used the word “disinflation” no fewer than fifteen times during a speech and questions and answer session accompanying the Fed’s move to enact a 0.25% interest rate hike.

Ahead of new key data next week, talk in analytics circles is on how and when the Fed might transition from a restrictive to an accommodative economic policy.

As Cointelegraph reported, not everyone believes that the U.S. will pull off the “soft landing” when it comes to lowering inflation and will instead experience a recession.

“Don’t be surprised if the term “soft-landing” remains around for a while before the rug being pulled in Q3 or Q4 this year,” investor Andy West, co-founder of Longlead Capital Partners and HedgQuarters, concluded in a dedicated Twitter thread at the weekend.

In the meantime, further analysis argues that it may be a case of business as usual, with smaller rate hikes after Powell’s “mini victory lap” over declining inflation.

“Personally, my belief is that the Fed will most likely raise by +0.25% in the upcoming two meetings (March and May),” Caleb Franzen, senior market analyst at CubicAnalytics, wrote in a blog post on Feb. 4.

“Of course, all future actions by the Fed will be dependent on the continued evolution of inflation data & broader macroeconomic conditions.”

Franzen acknowledged that while recession was not currently an apt description of the U.S. economy, conditions could still worsen going forward, referencing three such cases in past years.

Closer to home, next week’s CPI release is already on the radar for many. The extent to which January’s data supports the waning inflation narrative should be key.

“Post-FOMC, we have a heap of 2nd tier data releases including the important ISM services and NFP,” trading firm QCP Capital wrote in forward guidance mailed to Telegram channel subscribers last week.

“However the decider will be the Valentine’s Day CPI – and we think there are upside risks to that release.”

U.S. Consumer Price Index (CPI) chart. Source: Bureau of Labor Statistics

Miner “relief” contrasts with BTC sales

Turning to Bitcoin, network fundamentals currently offer some stability amid a turbulent environment.

According to current estimates from BTC.com, difficulty is stable at all-time highs, with only a modest negative readjustment forecast in six days’ time.

This could well end up positive depending on Bitcoin price action and a look at hash rate data suggests that miners remain in fierce competition.

Bitcoin miner net position change chart. Source: Glassnode

A countertrend comes in the form of miners’ economic behavior. The latest data from on-chain analytics firm Glassnode shows that sales of BTC by miners continue to increase, with their reserves dropping faster over 30-day periods.

Reserves correspondingly totaled their lowest in a month on Feb. 6, with miners’ balance at 1,822,605.594 BTC.

BTC miner balance chart. Source: Glassnode

Overall, however, current price action has provided “relief” for miners, Philip Swift, the co-founder of trading suite Decentrader, said.

In a tweet last week, Swift referenced the Puell Multiple, a measure of the relative value of BTC mined, which has left its “capitulation zone” to reflect better profitability.

“After 191 days in capitulation zone, the Puell Multiple has rallied. Showing relief for miners via increased revenue and likely reduced sell pressure,” he commented.

Bitcoin Puell Multiple annotated chart. Source: Philip Swift/ Twitter

NVT suggests volatility will kick in

Some on-chain data is still surging ahead despite the slowdown in BTC price gains.

Of interest this week is Bitcoin’s network value to transaction (NVT) signal, which is now at levels not seen in nearly two years.

NVT signal measures the value of BTC transferred on-chain against the Bitcoin market cap. It is an adaption of the NVT ratio indicator but uses a 90-day moving average of transaction volume instead of raw data.

NVT at multiyear highs may be cause for concern — network valuation is relatively high compared to value transferred, a scenario which may prove “unsustainable,” in the words of its creator, Willy Woo.

Bitcoin NVT signal chart. Source: Glassnode/ Twitter

As Cointelegraph reported late last year, however, there are multiple nuances to NVT which make its various incarnations diverge from one another to provide a complex picture of on-chain value at a given price.

“Bitcoin’s NVT is showing indications of value normalization and the start of a new market regime,” Charles Edwards, the CEO of crypto investment firm Capriole, commented about a further tweak of NVT, dubbed dynamic range NVT, on Feb. 6.

“The message is the same further through history and more often than not it is good news in the mid- to long-term. In the short-term, this is a place we typically see volatility.”

Bitcoin dynamic range NVT ratio chart. Source: Charles Edwards/ Twitter

Small Bitcoin wallet show “trader optimism”

In a glimmer of hope, on-chain research firm Santiment notes that the number of smaller Bitcoin wallets has ballooned this year.

Related: Bitcoin, Ethereum and select altcoins set to resume rally despite February slump

Since BTC/USD crossed the $20,000 mark once more on Jan. 13, 620,000 wallets with a maximum of 0.1 BTC have reappeared.

That event, Santiment says, marks the moment when “FOMO returned” to the market, with the subsequent growth in wallet numbers meaning that these are at their highest since Nov. 19, 2022.

“There have been ~620k small Bitcoin addresses that have popped back up on the network since FOMO returned on January 13th when price regained $20k,” Twitter commentary confirmed on Feb. 6.

“These 0.1 BTC or less addresses grew slowly in 2022, but 2023 is showing a return of trader optimism.”

Bitcoin wallet addresses vs. BTC/USD annotated chart. Source: Santiment/ Twitter

A look at the Crypto Fear & Greed Index, meanwhile, shows “greed” still being the primary description of market sentiment.

On Jan. 30, the Index hit its “greediest” since Bitcoin’s November 2021 all-time highs.

Crypto Fear & Greed Index (screenshot). Source: Alternative.me

The views, thoughts and opinions expressed here are the authors’ alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

‘Blockchain Bandit’ reawakens: $90M in stolen crypto seen shifting

The hacker accumulated as much as $90 million worth of crypto from wallets with weak private keys during a six-year thieving spree.

A hacker dubbed the “Blockchain Bandit” has finally woken from a six-year slumber and has started to move their ill-gotten gains.

According to Chainalysis, around $90 million in crypto pilfered from the attacker’s long-running string of “programmatic theft” since 2016 has started moving over the past week.

This included 51,000 Ether (ETH) and 470 Bitcoin (BTC) — worth a total of around $90 million — leaving the bandit’s address for a new one. Chainalysis noted:

“We suspect that the bandit is moving their funds given the recent jump in prices.”

The hacker was dubbed the “Blockchain Bandit” due to being able to empty Ethereum wallets protected with weak private keys in a process termed “Ethercombing.”

The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals across the globe since the first attacks were perpetrated six years ago.

In 2019, Cointelegraph reported that the Blockchain Bandit managed to amass almost 45,000 ETH by successfully guessing those frail private keys.

A security analyst said he discovered the hacker by accident while researching private key generation. He noted at the time that the hacker had set up a node to automatically filch funds from addresses with weak keys.

The researchers identified 732 weak private keys associated with a total of 49,060 transactions. It is unclear how many of those were exploited by the bandit, however.

“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to,” he said at the time.

Blockchain Bandit crypto movements. Source: Chainalysis

Chainalysis produced a diagram depicting the flow of the funds, however, it did not specify the target address, only labeling them as “intermediary addresses.”

To avoid having weak private keys, Chainalysis advised users to use well-known and trusted wallets and consider moving funds to hardware wallets if large amounts of cryptocurrency are involved.

Related: Hackers keeping stolen crypto: What is the long-term solution?

Also in 2019, a computer researcher discovered a wallet vulnerability that issued the same key pairs to multiple users.

BitKeep CEO says some users’ private keys remain at risk after exploit

The blockchain executive urged users who downloaded the BitKeep 7.2.9. APK malware to transfer their assets immediately.

According to a letter posted on Chinese blockchain news publisher Odaily.com on Dec. 27, Kevin Como, the anonymous CEO of BitKeep, warned that users’ private keys are still at risk after a security incident on Dec. 26 led to over $13 million in losses at the time of publication. BitKeep is one of the more popular noncustodial, decentralized finance multichain wallets with over 6 million users. Specifically, Como wrote:

“This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker, and as a result, some users already installed the APKs that were planted malware by the hackers, leading to a leak of users’ private keys.”

Como urged users who had already downloaded the Android APK 7.2.9. to transfer their digital assets to a new wallet. “It is probable that [these wallets] already had their private keys leaked,” the crypto executive wrote.

In terms of progress, Como explained that the BitKeep team has already been in contact with blockchain security firms, such as SlowMist, to trace the stolen funds. “We have actively collected information about users’ stolen assets, made a complete recollection of hacking procedures and timeline, and have collected evidence of the Android 7.2.9 APK malware,” he stated.

Web3 data analytics firm OKLink first reported yesterday that the attacker set up several fake BitKeep websites that contained an APK file that looked like version 7.2.9 of the BitKeep wallet. Users who downloaded and interacted with the malicious file then had their private keys or seed words stolen and sent to the attacker. 


Exchange outflows hit historic highs as Bitcoin investors self-custody

Confidence in centralized exchanges appears to be waning as Bitcoin flows into self-custody wallets at near-record levels.

Bitcoin (BTC) investors have been increasingly moving their holdings to self-custody solutions following the collapse of the world’s second-largest crypto exchange last week.

On-chain exchange flow data is showing a surge in withdrawals to self-custody wallets, according to analytics provider Glassnode.

In a Nov. 13 post on Twitter, Glassnode reported that Bitcoin exchange outflows had hit near historic levels of 106,000 BTC per month.

It added that this has happened only three other times — in April 2022 and November 2020, as well as in June/July 2022. It also reported that the number of Bitcoin wallets receiving the asset from exchange addresses surged to around 90,000 on Nov. 9.

Exchange outflows are usually a bullish sign that BTC is being hodled for the long term. However, in this scenario, it appears to be the result of loundering confidence in centralized crypto exchanges.

Glassnode commented that outflows have resulted in “positive balance changes across all wallet cohorts, from shrimp to whales,” before adding:

“The failure of FTX has created a very distinct change in #Bitcoin holder behavior across all cohorts.”

Since Nov. 6, when the FTX fiasco began, balance changes have increased across all BTC wallet sizes, with “shrimps” that have less than one coin increasing by 33,700 BTC. Whale wallets with more than 1,000 coins have seen an increase of 3,600 BTC, indicating that the self-custodian push is happening across the board.

Industry leaders are now starting to advocate self-custody solutions as the phrase “not your keys, not your coins” bears more weight than ever before.

On Nov. 13, Ethereum educator Anthony Sassano said that crypto holders shouldn’t be storing their assets on centralized exchanges unless their actively trading large amounts.

MicroStrategy’s Michael Saylor told Cointelegraph in an interview that self-custody prevents centralized third parties from abusing their power.

Related: $740M in Bitcoin exits exchanges, the biggest outflow since June’s BTC price crash

Glassnode also reported that stablecoins, many of which destabilized last week, have been flowing onto exchanges at increased rates over the past week.

Nov. 10 saw more than $1 billion in stablecoins arriving on centralized exchanges. The total stablecoin reserve across all exchanges it tracks reached a new all-time high of $41.2 billion, it added.

“The echos of the FTX collapse will likely act to reshape the industry across many sectors, and shift the dominance, and preference for trustless vs centrally issued assets,” it concluded.

Wallets like MetaMask need to become more user-friendly

Most wallets feel like they were created for developers. That’s becoming a bigger problem in terms of both practicality and security as crypto adoption increases.

After Ethereum’s long-awaited Merge, it’s an ideal time to think about how we can also improve smart contracts. Essentially apps that run on blockchains, smart contracts are a vital component of our Web3 applications. But interacting with them remains quite dangerous, especially for non-developers. Many of the incidents where users lose their crypto assets are caused by buggy or malicious smart contracts.

As a Web3 app developer, this is a challenge I think about often, especially as waves of new users keep onboarding into various blockchain applications. To fully trust a smart contract, a consumer needs to know exactly what it’s going to do when they make a transaction — because unlike in the Web2 world, there’s no customer support hotline to call and recover funds if something goes wrong. But currently, it’s nearly impossible to know if a smart contract is safe or trustworthy.

Related: Liquid staking is key to interchain security

One solution is to make wallets themselves smarter. For instance, what if wallets could tell us if a smart contract is safe to interact with? It’s probably impossible to know that with 100% certainty, but wallets could, at minimum, aggregate and display a lot of the signals that developers already look for. This would make the process simpler and safer, especially for non-developers.

Here’s a deeper look at the advantages and disadvantages of smart contracts, why they seem like the Wild West now, and how we might improve the UX for using them.

The promise and peril of smart contracts

For developers, using a smart contract as the backend for their app has enormous potential. It also increases the potential for bugs and exploits. It’s great that smart contracts can be created by developers without asking anybody for permission, but that can also expose users to considerable risk. We now have apps transacting hundreds of millions of dollars with no safety guarantees. As it stands, we simply have to trust that these apps are bug-free and do what they promise.

Many non-developers aren’t even aware of the safety issues involved and don’t take the appropriate precautions when interacting with blockchain-based apps. The average user might sign a transaction thinking it’s going to do one thing, only to discover the smart contract does something else entirely. It’s why malicious smart contracts are a primary attack vector for bad actors.

Why are smart contracts the Wild West?

When a Web3 app makes a smart contract call, you don’t know exactly what the transaction will do until you actually do it. Will it mint your nonfungible token (NFT), or will it send your money and tokens to a hacker? This unpredictability is true of any online application, of course, not just Web3 apps; predicting what code will do is very hard. But it’s a bigger issue in the Web3 world since most of these apps are inherently high stakes (they’re built for handling your money), and there’s so little protection for consumers.

The App Store is largely safe due to Apple’s review process, but that doesn’t exist in Web3. If an iOS app starts stealing users’ money, Apple will take it down right away to mitigate losses and revoke the account of its creator.

Related: Latin America is ready for crypto — Just integrate it with their payment systems

Malicious smart contracts, on the other hand, can’t be taken down by anybody. There’s also no way to recover stolen assets. If a malicious contract drains your wallet, you can’t simply dispute the transaction with your credit card company. If the developer is anonymous, as is generally the case with malicious contracts, there often isn’t even an option to take legal action.

From a developer’s perspective, it is much better if the code for a smart contract is open source. Popular smart contracts do typically publish their source code — a huge improvement over Web2 apps. But even then, it’s easy to miss what’s really going on. It can also be very difficult to predict how the code will run in all scenarios. (Consider this long, scary Twitter thread by an experienced developer who almost fell for a complex phishing scam, even after reading the contracts involved. Only upon a second closer inspection did he notice the exploit.)

Compounding these problems, people are often pressured to act quickly when interacting with smart contracts. Consider an NFT drop promoted by influencers: Consumers will be worried about the collection quickly selling out, so they’ll often try to make a transaction as fast as they can, ignoring any red flags they might encounter along the way.

In short, the very same features that make smart contracts powerful for developers — such as permissionless publishing and programmable money — make them quite dangerous for consumers.

I don’t think this system is fundamentally flawed. But there is a ton of opportunity for Web3 developers like me to provide better guardrails for consumers using wallets and smart contracts today.

The UX of wallets and smart contracts today

In many ways, wallets like MetaMask feel like they were created for developers. They display a lot of deep technical details and blockchain minutiae that are useful when building apps.

The problem with that is that non-developers also use MetaMask — without understanding what everything means. Nobody expected Web3 to go mainstream so quickly, and wallets haven’t quite caught up with the needs of their new user base.

Related: Learn from Celsius — Stop exchanges from seizing your money

MetaMask has already done a great job of rebranding the “mnemonic phrase” to “secret phrase” to prevent consumers from unwittingly sharing it with hackers. However, there’s plenty more room for improvement.

Let’s take a look at MetaMask’s user interface (UI), followed by a couple of mock-ups I created outlining some potential improvements that could guide consumers into the “pit of success.” (By the way, MetaMask here serves as a reference since it’s heavily used across the Web3 world, but these UI ideas should also apply to pretty much any wallet app.) Some of these design tweaks could be built today, while others might require technical advances on the smart contract side.

The image below displays what the current MetaMask smart contract transaction window looks like.

We see the address of the smart contract we’re interacting with, the website that initiated the transaction, and then a lot of details about the funds we’re sending to the contract. However, there’s no indication of what this contract call does or any indicator that it’s safe to interact with.

Potential solutions to improve smart contracts

What we’d really like to see here are signals that help us as end users to determine whether we trust this smart contract transaction or not. As an analogy, think about the little green or red lock in the address bar of modern web browsers, which indicates whether the connection is encrypted or not. This color-coded indicator helps guide inexperienced users away from potential dangers, while power users can easily ignore it if preferred.

As a visual example, here are two quick user experience (UX) design mock-ups of MetaMask transactions — one that’s likely to be safe, and one that’s less certain.

Here are a few of the signals in my mock-up:

  • Is the contract source code published? Open-source contracts are generally more trustable because any developer can read them to find bugs and malicious code. MetaMask already includes various links to Etherscan, so this would be a simple and convenient signal to add.
  • Audit score. A third-party audit is another signal that can determine trustworthiness. The main implementation question here is how to determine this score. Are there any accepted standards for this already? If not, a simple way could be to use Etherscan, which supports uploading audits. MetaMask, in this example, could also maintain its own list of auditors, or rely on a list of third parties. (From what I can tell, MetaMask already does this for NFT APIs and token detection.) In the future, it’s easy to imagine a decentralized autonomous organization for determining audit scores in a more decentralized way.
  • What can this transaction do? Can it call external contracts, and if so, which ones? This would be very difficult to determine perfectly, but I wonder if a simple version for open-source contracts would be feasible. There are already plenty of automated smart-contract vulnerability scanners out there. If this isn’t possible for Solidity, I wonder if we could design a smart contract programming language that does allow this level of static analysis. Perhaps individual functions could declare the permissions they need, and the compiler could guarantee conformance.
  • Security tips and education. If a smart contract doesn’t have many signals of trustworthiness (see mock-up above on the right), the UI could recommend an appropriate set of precautions to take, such as checking if the contract address is correct and using a different account. These are suggestions made in the orange text, as opposed to red, since a lack of signals isn’t necessarily dangerous; here, we’re simply recommending that users opt to be a bit more cautious about their next steps.

Like many existing features in MetaMask, these proposed features could be turned off in the settings.

Toward a safer future

In the future, there will likely be many safety-focused tools built on the primitive components that blockchains provide. For instance, it’s likely we’ll see insurance protocols that protect users from buggy smart contracts become commonplace. (These exist already, but they’re still fairly niche.)

Related: What will drive crypto’s likely 2024 bull run?

However, consumers are already using Web3 apps, even in these early days, so I’d love to see the dev community add more protections for them now. Some simple improvements to wallets could go a long way. Some of the aforementioned ideas would help protect inexperienced users while simultaneously streamlining the transaction process for Web3 veterans.

From my perspective, anything outside of trading crypto assets on Coinbase (or other big companies) is still far too risky for the average consumer. When friends and family ask about setting up a self-custody crypto wallet to use Web3 apps (let’s face it — usually, in order to buy NFTs), always start by warning them of the risks. This scares some of them away, but the more determined people want to use them anyway. When our wallets are smarter, we’ll be able to feel much better about onboarding the next wave of new users to Web3.

Devin Abbott (@dvnabbott) is the founder of Deco, a startup acquired by Airbnb. He specializes in design and development tools, React and Web3 applications, most recently with The Graph.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

DeFi platform Oasis to block wallet addresses deemed at-risk

Users report that their sessions were disconnected when trying to interact with Oasis with allegedly high-risk wallets.

According to a new community Discord post on Thursday, decentralized finance (DeFi) platform Oasis.app says that sanctioned addresses will no longer be able to access the application. As a result of the change to the terms of service, wallets flagged as high risk are prohibited from using Oasis.app to manage positions or withdraw funds. Instead, such a category of users must interact directly with the relevant underlying protocol where funds are stored or find another service.

In explaining the decision, Oasis.app team member Gabriel said:

“We’ve recently needed to update the Terms of Service of the Oasis.app front-end to comply with the relevant laws and regulations. In line with the latest regulations, Oasis.app has an updated Terms of Service. Any sanctioned addresses will no longer be able to access Oasis.app functionality.”

Raising a $6 million Series A in 2020, Oasis has grown to become a popular platform for DeFi borrowing and lending. The protocol has processed $4.6 billion worth of transactions in the past 30 days and manages $3.42 billion in deposits. 

At the time of publication, it is not immediately clear which tools Oasis is using to identify wallets deemed to be high risk. Similar to Oasis, decentralized exchange (DEX) Uniswap recently began to block wallets allegedly associated with illicit activities by using TRM Labs’ data. TRM Labs helps entities detect and investigate crypto-related financial crime via on-chain analysis. Thus far, feedback regarding Oasis’ new measure has been mostly negative. One Discord user, Eagles#2541, claims:

“I’m actually just interacting with Oasis with an account that has had direct exposure to Tornado Cash. I can’t reproduce the issue that others are getting, so it’s probably just that the team is incompetent and has applied some very wide net with arbitrary holes in it.”