Matchpool(GUP)

The Guppy Multiple Moving Average indicator is about to flash a red signal, indicating a strengthening of downward momentum.

The mainstreaming of AI means compute power is at a premium. Decentralized Physical Infrastructure Networks (DePINs) can fill a gap, says Shayon Sengupta, at Multicoin Capital.

Navin Gupta, managing director of South Asia, Middle East and North Africa (MENA) at Ripple, told Cointelegraph that education and introducing non-speculative use cases can help crypto companies navigate through varying regulations.

Polygon’s Mudit Gupta said that despite moving fast in theoretical security, the crypto space is “so far behind” when it comes to practical security.

The Poly Network has fallen victim to another exploit after hackers manipulated a smart contract function on the cross-chain bridge protocol. Poly Network confirmed the hack, adding that it would be temporarily suspending all services. 57 Crypto Assets Impacted The attack on Poly Network occurred on the 2nd of July, resulting in the hacker being able to issue billions of tokens seemingly out of thin air to generate a profit. Poly Network confirmed the attack through its official Twitter handle, stating that it had become the latest DeFi entity to fall victim to a hack, adding that it was temporarily suspending services. The update also stated that the exploit had impacted 57 crypto assets based on ten blockchains, including BNB Chain, Ethereum, Avalanche, Polygon, OKx, Heco, and others. While it isn’t clear how much has been stolen in the attack, PeckShield has reported that the attacker had transferred at least $5 million worth of crypto from the cross-chain bridge. In an update issued on the 3rd of July, the Poly Network team stated, “We have already initiated communication with centralized exchanges and law enforcement agencies and sought their assistance.” The team further advised token holders to withdraw liquidity and unlock their liquidity provider tokens. Poly Network Hack Breakdown According to DeFi security analyst @0xArhat, the exploit stemmed from a smart contract vulnerability that allowed the hackers to create a malicious parameter that contained a fake validator signature and block header. The smart contract accepted this malicious parameter, allowing the hacker to bypass the verification process and issue tokens from Poly Network’s Ethereum pool to their address on other chains such as BNB Chain, Polygon, and Metis. The same procedure was repeated for other chains, resulting in a massive pile-up of tokens. According to @0xArhat, the hacker’s wallet held over $42 billion worth of tokens at one point. However, the hacker could only convert and steal a fraction of the tokens. The attackers had minted 24 billion Binance USD (BUSD) and BNB on the Metis blockchain, 999 trillion Shiba Inu (SHIB) on the Heco blockchain, and millions of other tokens on other prominent networks such as Polygon and Avalanche. “This way, the hacker was able to mint billions of tokens on various blockchains that did not exist before and transfer them to their own wallet addresses.” Dedaub has dubbed the latest hack to hit Poly Network as the “34 billion Poly Network hack.” He also highlighted several weaknesses in the protocol’s multi-sig, adding that it only had a simple 3 of 4 multi-signature arrangement for over two years. “Getting to the bottom of the “34 billion” Poly network hack with a technical postmortem. TL;DR Poly network had a simple 3 of 4 multisig arrangement over 2 years! Looking at the final event, we found that the private keys to the addresses marked were compromised.” According to the blockchain security solutions provider, the attack was not complex, as no logic bugs were exploited. Poly Network itself was slow to respond, eventually costing the platform $5.5 million in stolen crypto. However, a lack of liquidity in a majority of the tokens in question prevented further significant losses. Binance, Polygon Reassure Users Following the attack on the Poly Network, Binance CEO Changpeng Zhao stated that the exploit does not impact Binance users, adding that it did not support deposits from the Poly Network. Polygon’s Mudit Gupta stated on Twitter, “Poly Network got rekt again, allegedly because of compromised hot keys. It’s going to keep happening until our industry changes our approach to security. Smart contract audits only scratch the surface. Ps Poly network has NOTHING to do with Polygon.” Poly Network’s Previous Hack This was the second time a major hack hit the Poly Network. In August 2021, the protocol was hit by attackers who managed to drain a then-record $600 million through the alleged leak of a private key that was used to sign a cross-chain message. As a result, the Poly Network lost $264 million in ETH, $250 million in BSC, and $85 million in MATIC. However, Poly Network later updated that the hacker had returned the stolen funds, with the hacker claiming the attack was orchestrated for fun, and even offered the anonymous hacker a job as the Chief Security Advisor to the protocol, adding that it won’t be pressing any charges. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Ledger has come under stinging criticism from its community over its latest seed phrase recovery idea, with members taking to social media to voice their disapproval. Ledger has pushed back against the criticism, stating that there are several inaccuracies. Ledger’s New Seed Phrase Recovery Service Ledger’s new seed phrase recovery service is called Ledger Recover and offers users added safeguards in case they misplace their seed phrase. The service was released in Ledger’s latest firmware wallet and is a subscription service that gives users an additional layer of protection for their private keys. Ledger Recover uses a technique that divides a user’s seed phrase into three encrypted fragments that are trusted with three custodians, namely Ledger, Coinover, and a third entity. A Ledger spokesperson elaborated on the same, stating, “Each fragment is stored by the parties on hardware security modules (HSMs) which are essentially super-powered Ledgers. It’s what we use for Ledger Enterprise. Each fragment is useless on its own and can only be decrypted on a Ledger. They are completely safe.” Users can reconstruct the original see phrase once the separate fragments are combined and decrypted. The company also stated that the service is optional and that Ledger users don’t have to use the service should they not wish to. “You don’t have to use it and can continue managing your recovery phrase yourself if that’s why you bought a Ledger.” So Where Is The Problem? While Ledger seems excited about the new update, the community reaction has been quite the opposite. This is because to use the service, users have to provide a national identity card or passport to use the service, and the users’ seed phrase would have to be trusted with “external custodians.” Several prominent crypto community members and Ledger wallet owners have taken to social media to criticize Ledger for what some users called a “disaster waiting to happen.” One Reddit user explained, “This is a disaster waiting to happen. I can’t actually believe what I’m reading; this seems absolutely crazy for a hardware wallet provider to encourage you to back up your seed phrase online AND give them your Passport/ID—especially one that has previously suffered a data breach!” Ledger suffered a serious data leak in 2020, which exposed the phone numbers and physical addresses of over 300,000 customers. The breach also included the email addresses of over a million users. Others, such as investor Chris Dunn and crypto investor DCinvestor also referenced the infamous data leak while criticizing Ledger’s new Seed Phrase Recovery Service. Dunn stated, “First, they exposed mailing addresses, phone numbers, and email addresses of their customers… And now they’ve put a back door into seed phrases. It’s time to say goodbye to @Ledger.” DCinvestor also did not hold back, stating, “Reminder that several years ago, Ledger leaked the name and home addresses for all of their customers via a data breach. [T]he absolute last thing you want on their servers is your private key.” Polygon chief information security officer Mudit Gupta called it a horrendous idea and urged Ledger to refrain from enabling the new feature. In a Twitter thread, Gupta explained that the encrypted keys would be sent to three corporations that could reconstruct the private keys, leading to major security issues. Binance CEO Changpeng Zhao replied to Gupta, adding, “So the seed can leave the device now? Sounds like a different direction than “your keys never leave the device.” Tech lead triager at ImmuneFi, Adrian Hetman, called the new feature a bad security posture, stating, “Exposing your seed phrase and then allowing anyone with your ID or Passport to regain access to the locked funds is a bad security posture. ID theft is common, and that would expose crypto users to a new form of attack.” Ledger Pushes Back Against Criticism Ledger has pushed back against the barrage of criticism against its new service, stating that there were “lots of inaccuracies” in the criticism it was facing and that there was no backdoor or security vulnerability. In response to Hetman, Ledger stated that the government ID is only one part of a complete process and does not pose a security risk. “We also have full liveness detection, where you use your camera, and it gives you randomized prompts that can’t be faked or pre-recorded. This is reviewed by technology and also by humans to ensure a match before the recovery process is initiated. So, someone stealing your ID will not be able to recover your [Secret Recovery Phrase] SRP.” Ledger called the new service a highly secure service that its Donjon team had tested. The Donjon team had previously detected breaches in a number of wallets, including TrustWallet. “If you want more peace of mind or find recovery phrase management a barrier, you now have a highly secure service, tested by our Donjon team, which exposed breaches in TrustWallet and many other wallets, both software and hardware.” The company also added that the new service is optional and that if a user does not wish to use it, they can choose not to enable it. It added that those wishing to use the service would have to initiate an approval process that uses the secure display of their Ledger wallet. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The much-awaited Shapella upgrade is live on the Ethereum mainnet. Let’s find out more about the upgrade and other noteworthy events that happened in crypto, blockchain, and the web3 space this week. Bitcoin Bitcoin and many of the top-performing cryptocurrencies are heading toward breakout zones. Will they break up or break down? Bitcoin has broken to the upside and is now establishing itself above the $30,000 level. Is this the beginning of the bull market? As the fiat monetary system flounders and cash in the bank buy less and less, more investors are flocking to Bitcoin, which might have started its bull market. Lightspark, a newly-founded crypto infrastructure firm, has officially launched its Bitcoin Lightning Network implementation designed for enterprise-grade use cases. Ethereum Ethereum activated the Shanghai hard fork on April 12 at 22:27:35 UTC combining key changes to the blockchain's Engine API, performance, and initialization improvements to the execution layer (in Shanghai), as well updates to the consensus layer (for Capella). Etherscan recently announced a new implementation that will no longer display token transfers without any value through its blockchain explorer interface. DeFi In the early hours of April 9, a bug in a smart contract on the decentralized finance protocol SushiSwap led to losses amounting to over $3 million. SushiSwap has revealed that it has managed to recover 100 ETH, worth around $186,000, following the exploit. In a big blow to Canadian users, dYdX announced that its decentralized derivatives exchange would no longer be accessible to users in Canada. Technology MetaMask, a decentralized wallet firm backed by ConsenSys, has announced the launch of a new fiat-to-crypto ramp for its Portfolio dApp. Business Coinbase has been awarded $470,000 in restitution in its insider trading lawsuit against the brother of a former employee. Coinbase’s head of exchange, Vishal Gupta, is reportedly leaving the company. Gupta plans to exit the crypto exchange but intends to remain in the crypto space. According to multiple reports, cryptocurrency exchange Gemini has received a $100 million loan from two of its co-founders, Tyler and Cameron Winklevoss. Regulation The Binance crypto exchange has decided to delist the TRON token ($TRX) 3 weeks after the SEC charged SEO Justin Sun and his companies. Both Robert F. Kennedy Jr. and Ron DeSantis have expressed their displeasure against the Federal Reserve’s upcoming payments system, FedNow. This year's G7 Summit, which will be held in Hiroshima, Japan, is set to discuss policy for crypto and digital assets, with a focus on the standards for global implementation of CBDCs. South Korean authorities have detained several staff members of the cryptocurrency exchange Coinone for breach of trust and other criminal acts. NFT The NFT collective Proof is launching a new collection, in partnership with artists like Beeple, exclusively for Moonbird collectors. Reddit has launched its third-generation (Gen 3) NFT collection, featuring more artists working on the theme of futuristic realities. Solana has recently announced the introduction of state compression technology to significantly reduce the storage costs associated with NFTs on its network. Web3 Gaming hardware firm Razer has announced the establishment of zVentures Web3 Incubator (ZW3I), a new initiative aimed at funding Web3 gaming projects and bringing them to mainstream audiences. Bluzelle, a blockchain for GameFi, has just released Capella, an NFT marketplace tailored to blockchain-based web3 games. Security South Korean cryptocurrency exchange GDAC was the target of hackers on April 9, with the platform losing nearly $13 million during the attack. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Vishal Gupta, Coinbase’s head of exchange, is reportedly leaving the company. Gupta plans to exit the crypto exchange but intends to remain in the crypto space. Bloomberg reports Gupta, a Goldman Sachs veteran who was most recently Coinbase’s senior director of product management, is departing the firm to start work on a new project. According to someone familiar with the matter, the focus of Gupta’s latest effort is unclear, but he reportedly remains in the crypto space. Gupta took to Twitter to share the news of his departure. 1/6 After an amazing 2.5 years at @Coinbase, I’ve decided it's time for me to move on. As Head of Exchange/Markets @Coinbase, I'm proud of the accomplishments we achieved together — Vishal K. Gupta (@vishalkgupta) April 10, 2023 He said: I’m leaving a lot behind at Coinbase. I’m particularly fond of the experience of launching $USDC with this team while I was at @Circle It was a privilege to help launch and grow the stablecoin that has become an industry standard. Before joining the team at Coinbase, Vishal Gupta was the head of USD Coin for stablecoin issuer Circle. Coinbase The Subject of Regulatory Scrutiny The largest crypto exchange in the US has become the subject of increased regulatory scrutiny as watchdogs step up their crypto policing efforts. Coinbase was recently served with a Wells Notice from the United States Securities and Exchange Commission (SEC), which signals enforcement action plans against the company. Coinbase disclosed that it was served the “Wells notice” over an unspecified portion of its listed digital assets, its staking service Coinbase Earn, Coinbase Prime, and Coinbase Wallet. The crypto exchange responded to the SEC’s action calling the regulator’s approach “unfair and unreasonable.” The Coinbase team said: We continue to think rulemaking and legislation are better tools for defining the law for our industry than enforcement actions. But if necessary, we welcome the opportunity for Coinbase and the broader crypto community to get clarity in court. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Before joining Coinbase in September 2020, Vishal Gupta had been the head of USD Coin at Circle and a vice president at Goldman Sachs.