Week 6 - 2020 News Recap
Critical Flaw Identified in Trezor Hardware Wallets by Kraken
Kraken Security Labs decided to disclose the details to extracting seeds from Trezor hardware wallets, which included two different types of wallets from the leader in the industry, Trezor Model T and Trezor One. This was at the same time the first case of fully revealing the details to the attack, while the attack was purposefully directed to testing the security of Trezor hardware wallets.
According to the report made by Kraken Security Labs, it took around 15 minutes to physically access the device and reach the funds kept on the hardware wallet. The research required previous knowledge in extracting the encrypted seed, while the team used equipment worth only around several hundred dollars. The researches also came to a conclusion that the attackers could easily produce equipment for breaching the security of hardware wallets that would cost less than 100$ and no more than 75$, while the equipment could be created to be user-friendly – basically, that would allow anyone to launch an illicit attack on Trezor hardware wallets at low cost. The encrypted seed is protected by a PIN that has 1-9 digits and is not able to withstand brute force. Since there are inherent flaws in the microcontroller used for the wallets, the attacker takes advantage of these flaws to breach the physical security. Trezor would need to perform a hardware redesign in order to correct this flaw. Until the matter is settled and Trezor is able to redesign the devices so that the physical security of the wallet is improved, users can protect themselves by not allowing physical access to their wallets, while in addition enabling a BIP39 passphrase through Trezor Client.
Antonopoulos Joins an Ongoing Argument in the Case of Bitfinex Manipulation with BTC
One of the biggest names in the sector of blockchain and cryptocurrency, Andreas Antonopoulos, is joining a lawsuit against Bitfinex in the case of manipulation with BTC together with their affiliates. According to the lawsuit, manipulations made by the exchange Bitfinex and paired with their affiliates led to the major surge in the price of Bitcoin back in December 2017 when BTC reached the value of nearly 20,000$ per one Bitcoin unit. Antonopoulos appears as support with his affidavit on the side of legal team Liebowitz, on January 27th, 2020, where he is vouching for the expertise of the legal team with the idea to prove that Bitfinex was indeed responsible for the manipulation.
In his affidavit, Antonopoulos is specifically commanding Kyle Roche, claiming that Mr. Roche has shown a deep understanding of how Bitcoin, blockchain and cryptocurrencies work. In the meantime, Bitfinex, alongside its related companies iFinex and Tether, has seen four different class-action complaints filed against the companies, all accusing Bitfinex and its affiliates of market manipulation. The allegations originated from the research made by Amin Shams and John Griffin who published their research in 2018, showcasing their theory that a single whale trading Tether (USDT) manipulated the price of Bitcoin, while Bitfinex and Tether publicly denied all of these allegations.
Payswap Against the Blockchain Analysts’ Breaking of Privacy
You don’t need to look closely to realize that the initial idea proposed in Bitcoin’s whitepaper by Satoshi Nakamoto was to enable privacy to users who are operating with Bitcoin in any way. However, blockchain analysts often place that idea in jeopardy, revealing transaction amounts of Bitcoin users, that way breaking their privacy – this is only a single example of how privacy of users can be jeopardized by blockchain analysis. To prevent such privacy breaches, a new solution was proposed on the Bitcoin dev mailing list, suggesting inversion in the relation between the payment sender and payment receiver. The concept is called Payswap and it was suggested by one of Bitcoin and Lightning developers, who goes by the pseudonym “ZmnSCPxj”. Payswap would work in disguising the true information on active transactions, which means that the system would prevent blockchain analysts from infringing the privacy of Bitcoin users.
The system would function by sending two inputs of transactions instead of a single input for a single transaction, where both parties would need to create transaction requests. For this process, different BTC addresses would be used, so blockchain analysts could never tell for sure whether the two transactions described in using two outputs instead of one, were all directed towards the same address. However, while the privacy of the sender and receiver is protected, another problem appears – how will the sender and receiver trust each other that each of the parties will do their part. If party A sends a transaction first, who can guarantee that party B won’t take advantage of that and refuse to send their own output, which would then result in party A losing their funds. To resolve this problem, the team would need to use a form of atomic swap, CoinSwap. In this case, Payswap would use unequal amounts for transactions, where the difference would constitute payments, all while preserving privacy of BTC users.
The Importance of DeFi’s 1-Billion Dollar Milestone
DeFi, or decentralized finance sector, was worth around 700 million dollars in December 2019, while the entire sector took off to reach a one-billion-dollar milestone in February, 2020. As DeFi reported the recently reached capitalization that breached one billion dollars includes all cryptocurrencies withheld in projects that in any way abstract, hedge, end, swap or make bets through the use of Ethereum-powered smart contracts.
The amount shouldn’t be mistaken for the amount made by DeFi, but it rather shows how much crypto have been committed to various projects, that way marking an important milestone for the decentralized finances. Most enthusiasts believe that the milestone of one billion dollars is a clear sign that there will be more great things installed for crypto in the future, although the figure dropped back to 993 million dollars after reaching one billion dollars. The creator of DeFi leader MakerDAO, Rune Christensen, claims that the number proves that people around the world are looking to gain access to more efficient and less biased money.