As the prices of major cryptos like Bitcoin (BTC-USD) struggle again… What’s going on with the crypto projects themselves? Several of the biggest names are making moves to shore up their security, as we’ll see in today’s news roundup for the New Digital World.
Polygon Patches Bug In Its Deposit Manager Worth Billions
While many workers here in the United States were off yesterday due to the Presidents Day holiday, Polygon (MATIC-USD) was fixing a serious vulnerability on its network, thanks to the “white hat hackers” at Immunefi.
As more and more users pile into NFTs, metaverses, and DeFi, they need better scalability: faster, cheaper, and seamless Ethereum (ETH-USD) transactions. This is what Polygon provides… But it’s had to solve some security problems along the way. The most recent bug “could potentially have allowed an attacker to drain all funds from [Polygon’s] deposit manager, engage in unlimited withdrawals, DoS and more” if this attacker devoted enough money and time to the effort, reports Immunefi.
Luckily “the bug was not exploitable at the time of the report” (as Immunefi’s CTO told Crypto Briefing), Polygon added an additional check to avoid the situation, and rewarded Immunefi $75,000 for its efforts.
Polygon has been on high alert since December, when it had to hard-fork its network to foil a hacker who’d made off with $1.6 million worth of its MATIC crypto. Bigger vulnerabilities have been patched without incident: In October, Immunefi (again) had spotted a bug that could have cost $850 million. Instead, Polygon patched its bridge to Ethereum to avoid it – and paid Immunefi a $2 million reward on that one!
NFT Industry Fights Scam Projects and Phishing
OpenSea is working with 32 of its users to identify the mysterious attacker they all interacted with – who then stole $1.7 million worth of NFTs and ETH on Saturday.
This time (says OpenSea), it wasn’t a network vulnerability…it was a good old-fashioned phishing scam. Except when you get a phishing message on Facebook, they might just get your password – and when a phisher pretends to be OpenSea needing access to your crypto/NFT wallet… They can clearly get a lot more from you.
Phishing scams can be difficult to spot – but this one only works if you have your digital assets on an exchange, in the first place. This is why – instead of using these “hot wallets” for long – experts like Charlie Shrem of our Crypto Investor Network always recommend moving to “cold storage”: keep your crypto and NFTs offline, where they’re much harder to steal.
Celebrate Proof of Keys.
Take self-custody of your wealth. For the first time in history, you can safely custody your wealth without the need of a third part intermediary.
Not your keys, not your coins pic.twitter.com/SHCLf1mCHC
— Charlie Shrem (@CharlieShrem) January 3, 2022
What if the scammer simply advertises a collection of NFTs that were fake to begin with – and never intended to deliver the goods? This “rug pull” is what just happened on the other big NFT network, Solana (SOL-USD), where the Magic Eden marketplace is refunding users who bought NFTs from the scam collection Balloonsville.
Next time, it’ll be harder to pull any rugs on Magic Eden because the company is tightening its policies. Since privacy and empowerment are key values of these Web3 communities, they often operate anonymously, even in creating high-profile NFT collections. Now, Magic Eden will require all of its creators to “to sign a partnership agreement, like an actual contract. Team leads have to, at minimum, be privately doxed to us.”
In other words, Magic Eden is launching a “know-your customer” (KYC) policy: Provide identification and a “resume” of your prior NFT projects, plus a whitepaper if crypto tokens are involved, and only then can you sell your NFTs there.
Coinbase Plugs a Big Hole Ahead of the Super Bowl
Just two days before Coinbase (NASDAQ:COIN) became the #2 most downloaded app, thanks to its innovative QR-code ad at the Super Bowl… A white hat hacker who goes by Tree of Alpha spotted a major weakness in that app’s beta version.
Tree of Alpha was helping beta-test Coinbase’s new Advanced Trading features, when they noticed that they could play with the code, sell fake Bitcoin (BTC-USD)…and still collect the proceeds! Within a half hour of them reporting the bug, Coinbase locked it down, and gratefully paid Tree of Alpha $250,000 for the save.
Coinbase's "largest-ever bug bounty"
How a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them, and how Coinbase's reaction speed on a Super Bowl Friday averted a possible crisis.
Bounty: $250,000 pic.twitter.com/Y91M48pCcI
— Tree of Alpha (@Tree_of_Alpha) February 19, 2022
Following up in the above tweet thread this Saturday, Tree of Alpha described exactly what went down and thanked everyone who rushed to their aid, including Coinbase “for its reaction speed… While I sometimes have my beef with Coinbase, I am not sure I could have reached any other [exchange] that quickly in the same situation.”
As Coinbase, Polygon, the NFT marketplaces, and other key players in the New Digital World grow and mature, hackers and haters will always try to poke holes in the armor. These innovators’ success will depend on exactly how strong that armor turns out to be – and here at The New Digital World e-letter, I’ll keep you informed on the latest news and events.
Ashley Cassell
Contributing Editor, The New Digital World
P.S. Speaking of NFTs: If you’re looking to play the NFT gold rush, the best move has nothing to do with NFTs themselves… And everything to do with the incredible technology behind them, as Charlie Shrem will be the first to tell you. Click here for free access to Charlie’s new buy alert for the Crypto Investor Network.
On the date of publication, Ashley Cassell did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.
