Check out the biggest breaking crypto market updates for today:
Coinbase’s Base Mainnet Officially Opens To The General Public
Yesterday, crypto exchange Coinbase announced that its new Base blockchain has officially opened to the general public. The launch features the first time a publicly listed company launched its own blockchain network. At launch, Base features over 100 dApps and service providers as part of its ecosystem.
Jesse Pollak, Coinbase’s head of protocols, stated,
“Historically, the aperture of what people can do with crypto has been relatively limited, mostly speculation. In order for Coinbase and crypto and this work that we’re doing to have the impact that we all want, we need to move from the place where this is speculation to a place where this is integrated into every part of someone’s day-to-day existence.”
Since its testnet debut in February and the subsequent developer-only release in July, Base has integrated with a myriad of crypto projects, including DeFi protocols, wallets, bridges, oracles, and both analytics and infrastructure providers.
Base, developed on Optimism’s software stack known as the OP Stack, operates a rollup network. Base is a scaling solution that processes transactions off the main Ethereum blockchain, thereby providing a more affordable network for dApps.
Moreover, this Layer 2 solution is anticipated to become the default network for Coinbase’s on-chain products.
Coinciding with Base’s public mainnet rollout, it has started what it calls an “onchain summer” event. Spanning several weeks, this event emphasizes promoting Base’s mainnet partner dapps in the realms of digital art, music, and gaming. Users wil have the option to mint a unique “Base, Day One” NFT in celebration of the Base mainnet’s opening.
In the lead-up to this launch, both developers and users have already transferred assets valued at over $100 million to the network.
Fireblocks Discloses ‘Zero Day’ Vulnerabilities Impacting Leading MPC Wallets
Digital asset infrastructure firm Fireblocks has disclosed a set of vulnerabilities (collectively referred to as “BitForge”) that reportedly impacts over 15 widely-used crypto wallet providers that use multi-party computation (MPC) technology.
Fireblocks has classified BitForge as a “zero-day” vulnerability – meaning that the vulnerabilities had not previously been identified by the projects.
Fireblocks has stated that Coinbase, ZenGo, and Binance have already worked with the firm to remediate their exposure to potential exploits. Fireblocks also stated that it has reached out to other teams that might be impacted in accordance with the “industry-standard 90-day responsible disclosure process.”
Even though the particular vulnerabilities may have been patched in major wallets, the episode raises potentially alarming questions about just how safe these supposedly ultra-safe MPC wallets really are.
“If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor,” Fireblocks said in a statement shared with CoinDesk.
While Fireblocks says that attacks exploiting the vulnerabilities would have been “practical,” the firm believes their complexity made them difficult to discover in advance of Wednesday’s disclosure.
“The chances that someone – some malicious actor from, let’s say, North Korea figured it out months before we figured it out and disclosed it to wallet providers – I would say that the likelihood of that is very, very, very low,” Fireblocks CEO Michael Shaulov said.
If MPC wallet users want to know whether they might be using a vulnerable wallet, Shaulov said they can reach out to Fireblocks or fill out a form that will be posted to its website.
What Is Multi-Party Computation?
In the context of crypto wallets, “MPC technology was primarily designed to make sure that you don’t have a single point of failure – a private key is not sitting on a single server or on a single device,” explained Shaurov.
Wallets that use MPC encrypt a user’s private key and split it across several different parties – typically some combination of a wallet user, a wallet provider, and a trusted third party. In theory, no single one of these entities can unlock the wallet without help from the others.
According to Fireblocks, the BitForge vulnerabilities would have “allowed a hacker to extract the full private key if they were able to compromise only one device,” undermining the whole “multi-party” aspect of MPC.
How It Worked
Fireblocks outlined technical details of the BitForge vulnerabilities in a set of technical reports released Wednesday.
Generally, for an attacker to take advantage of the BitForge vulnerabilities, they would need to compromise the device of a wallet user or break into the internal systems of someone else with a piece of the user’s encrypted private key – either the wallet service or one of those third-party custodians.
The steps from there would depend on the wallet. The BitForge vulnerabilities were present in several popular research papers that describe how to build MPC systems, and different wallet providers will have implemented this research differently.
Coinbase says its main user-facing wallet service, Coinbase Wallet, was not impacted by the bugs, whereas Coinbase Wallet-as-a-Service (WaaS) – which companies can use to power their own MPC wallets – was technically vulnerable before Coinbase implemented a fix.
According to Coinbase, the Fireblocks-discovered vulnerabilities would have been “nearly impossible to exploit” in its case – requiring a “malicious server inside Coinbase infrastructure” to trick users into “initiating hundreds of fully authenticated signing requests.”
“It is extremely unlikely that any customer would be willing to go through that tedious and manual process hundreds of times before contacting us for support.”
SEC Seeks To Appeal Ruling That Ripple XRP Isn’t A Security
The US Securities and Exchange COmmission (SEC) has reportedly filed a letter with Judge Analisa Torres of the Southern District of New York seeking leave for an interlocutory appeal of the summary judgement order in the agency’s case against Ripple Labs. The letter asked the Judge to put the case on hold during the appeal, stating that there are multiple other pending court cases that could be affected depending on the allea’s outcome.
The SEC stated,
“Interlocutory review is warranted here. THese two issues involve controlling questions of law on which there is substantial ground for differences of opinion as reflected by an intra-district split that has already developed.”
The SEC said an appeal could also affect its suit accusing crypto exchange Binance Holdings Ltd. and its CEO Changpeng ‘CZ’ Zhao of violating securities laws, mishandling customer funds and misleading investors and regulators.
Because Torres’s ruling didn’t end the Ripple case, the SEC needs her permission to seek immediate review from the appeals court. The agency will have to persuade the judge that the decision involves “a controlling question of law,” that there is “substantial ground for difference of opinion” and that an immediate appeal may speed up the litigation.
The SEC noted that one judge in the same courthouse expressly rejected the approach taken by Torres. In the regulator’s case against Terraform Labs and its co-founder, Do Kwon, US District Judge Jed Rakoff ruled that the company’s Terra USD token may indeed be a security when sold to retail investors.
An appeal could postpone a potential trial in the Ripple case by months, though the SEC argued it would be quicker to resolve the legal issues now rather than after a final decision in the trial court.
XRP fell as much as 4.3% before paring some of the drop to trade at about 64 us cents as of 10:17 am in Singapore on Thursday.