• bitcoinBitcoin (BTC) $ 53,881.00
  • ethereumEthereum (ETH) $ 2,262.68
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 491.34
  • solanaSolana (SOL) $ 126.72
  • usd-coinUSDC (USDC) $ 0.999587
  • xrpXRP (XRP) $ 0.524041
  • staked-etherLido Staked Ether (STETH) $ 2,263.22
  • dogecoinDogecoin (DOGE) $ 0.094768
  • tronTRON (TRX) $ 0.151261
  • the-open-networkToncoin (TON) $ 4.62
  • cardanoCardano (ADA) $ 0.323266
  • wrapped-stethWrapped stETH (WSTETH) $ 2,666.86
  • avalanche-2Avalanche (AVAX) $ 21.65
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 53,902.00
  • shiba-inuShiba Inu (SHIB) $ 0.000013
  • wethWETH (WETH) $ 2,263.65
  • chainlinkChainlink (LINK) $ 9.96
  • bitcoin-cashBitcoin Cash (BCH) $ 297.66
  • polkadotPolkadot (DOT) $ 4.06
  • daiDai (DAI) $ 1.00
  • leo-tokenLEO Token (LEO) $ 5.40
  • uniswapUniswap (UNI) $ 6.39
  • litecoinLitecoin (LTC) $ 61.72
  • nearNEAR Protocol (NEAR) $ 3.63
  • wrapped-eethWrapped eETH (WEETH) $ 2,370.41
  • kaspaKaspa (KAS) $ 0.146885
  • internet-computerInternet Computer (ICP) $ 7.00
  • moneroMonero (XMR) $ 165.32
  • pepePepe (PEPE) $ 0.000007
  • aptosAptos (APT) $ 5.80
  • ethena-usdeEthena USDe (USDE) $ 0.998713
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 1.05
  • stellarStellar (XLM) $ 0.088402
  • ethereum-classicEthereum Classic (ETC) $ 17.53
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997624
  • suiSui (SUI) $ 0.882952
  • okbOKB (OKB) $ 35.65
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.368563
  • blockstackStacks (STX) $ 1.39
  • crypto-com-chainCronos (CRO) $ 0.075659
  • filecoinFilecoin (FIL) $ 3.33
  • immutable-xImmutable (IMX) $ 1.17
  • aaveAave (AAVE) $ 124.45
  • render-tokenRender (RENDER) $ 4.69
  • hedera-hashgraphHedera (HBAR) $ 0.047981
  • mantleMantle (MNT) $ 0.537235
  • arbitrumArbitrum (ARB) $ 0.498456
  • bittensorBittensor (TAO) $ 234.21
  • matic-networkPolygon (MATIC) $ 0.368629
  • optimismOptimism (OP) $ 1.41
  • vechainVeChain (VET) $ 0.020007
  • injective-protocolInjective (INJ) $ 15.89
  • whitebitWhiteBIT Coin (WBT) $ 10.67
  • dogwifcoindogwifhat (WIF) $ 1.47
  • cosmosCosmos Hub (ATOM) $ 3.65
  • makerMaker (MKR) $ 1,530.65
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,263.25
  • heliumHelium (HNT) $ 8.02
  • bitget-tokenBitget Token (BGB) $ 0.934466
  • arweaveArweave (AR) $ 19.52
  • the-graphThe Graph (GRT) $ 0.131418
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,539.32
  • thorchainTHORChain (RUNE) $ 3.50
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,358.13
  • flokiFLOKI (FLOKI) $ 0.000117
  • theta-tokenTheta Network (THETA) $ 1.11
  • bonkBonk (BONK) $ 0.000016
  • fantomFantom (FTM) $ 0.383774
  • solv-btcSolv Protocol SolvBTC (SOLVBTC) $ 53,909.00
  • algorandAlgorand (ALGO) $ 0.120363
  • gatechain-tokenGate (GT) $ 7.25
  • jupiter-exchange-solanaJupiter (JUP) $ 0.691898
  • pyth-networkPyth Network (PYTH) $ 0.253157
  • kucoin-sharesKuCoin (KCS) $ 7.73
  • paypal-usdPayPal USD (PYUSD) $ 0.996530
  • sei-networkSei (SEI) $ 0.264270
  • bitcoin-svBitcoin SV (BSV) $ 43.93
  • jasmycoinJasmyCoin (JASMY) $ 0.017958
  • quant-networkQuant (QNT) $ 59.53
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,301.47
  • ondo-financeOndo (ONDO) $ 0.572857
  • celestiaCelestia (TIA) $ 3.91
  • ronin-bridged-weth-roninRonin Bridged WETH (Ronin) (WETH) $ 2,266.17
  • lido-daoLido DAO (LDO) $ 0.907867
  • fasttokenFasttoken (FTN) $ 2.44
  • flowFlow (FLOW) $ 0.512058
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,262.84
  • notcoinNotcoin (NOT) $ 0.007513
  • coredaoorgCore (CORE) $ 0.834336
  • bittorrentBitTorrent (BTT) $ 0.00000078
  • starknetStarknet (STRK) $ 0.425757
  • usddUSDD (USDD) $ 0.998654
  • klay-tokenKlaytn (KLAY) $ 0.125376
  • mantra-daoMANTRA (OM) $ 0.861119
  • galaGALA (GALA) $ 0.018385
  • eosEOS (EOS) $ 0.460698
  • sats-ordinalsSATS (Ordinals) (SATS) $ 0.00000033
  • based-brettBrett (BRETT) $ 0.068221
  • flare-networksFlare (FLR) $ 0.014390
  • elrond-erd-2MultiversX (EGLD) $ 24.49
  • fraxFrax (FRAX) $ 0.997039
  • tokenize-xchangeTokenize Xchange (TKX) $ 8.05
  • neoNEO (NEO) $ 9.04
  • axie-infinityAxie Infinity (AXS) $ 4.24
  • msolMarinade Staked SOL (MSOL) $ 153.97
  • tether-goldTether Gold (XAUT) $ 2,492.66
  • beam-2Beam (BEAM) $ 0.011804
  • tezosTezos (XTZ) $ 0.602444
  • ordinalsORDI (ORDI) $ 28.12
  • ecasheCash (XEC) $ 0.000029
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,313.04
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 53,860.00
  • worldcoin-wldWorldcoin (WLD) $ 1.33
  • the-sandboxThe Sandbox (SAND) $ 0.238329
  • akash-networkAkash Network (AKT) $ 2.26
  • conflux-tokenConflux (CFX) $ 0.125641
  • dydx-chaindYdX (DYDX) $ 0.851674
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,263.54
  • ethereum-name-serviceEthereum Name Service (ENS) $ 15.85
  • dogs-2Dogs (DOGS) $ 0.000997
  • nexoNEXO (NEXO) $ 0.922635
  • wormholeWormhole (W) $ 0.194781
  • roninRonin (RON) $ 1.43
  • true-usdTrueUSD (TUSD) $ 0.997263
  • apecoinApeCoin (APE) $ 0.727298
  • popcatPopcat (POPCAT) $ 0.491788
  • decentralandDecentraland (MANA) $ 0.252956
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 2,440.95
  • pax-goldPAX Gold (PAXG) $ 2,496.25
  • mina-protocolMina Protocol (MINA) $ 0.397019
  • chilizChiliz (CHZ) $ 0.050082
  • apenftAPENFT (NFT) $ 0.00000045
  • l2-standard-bridged-weth-blastL2 Standard Bridged WETH (Blast) (WETH) $ 2,263.62
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000075
  • pendlePendle (PENDLE) $ 2.68
  • frax-etherFrax Ether (FRXETH) $ 2,260.78
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.59
  • zcashZcash (ZEC) $ 27.76
  • aioz-networkAIOZ Network (AIOZ) $ 0.368985
  • havvenSynthetix Network (SNX) $ 1.26
  • dexeDeXe (DEXE) $ 7.05
  • iotaIOTA (IOTA) $ 0.117559
  • usdbUSDB (USDB) $ 0.985165
  • bridged-usdc-polygon-pos-bridgeBridged USDC (Polygon PoS Bridge) (USDC.E) $ 1.00
  • book-of-memeBOOK OF MEME (BOME) $ 0.005715
  • ethenaEthena (ENA) $ 0.207735
  • xdce-crowd-saleXDC Network (XDC) $ 0.026344
  • axelarAxelar (AXL) $ 0.495875
  • raydiumRaydium (RAY) $ 1.43
  • livepeerLivepeer (LPT) $ 10.93
  • zksyncZKsync (ZK) $ 0.100866
  • gnosisGnosis (GNO) $ 142.68
  • safepalSafePal (SFP) $ 0.755507
  • astarAstar (ASTR) $ 0.051208
  • binance-peg-busdBinance-Peg BUSD (BUSD) $ 0.997830
  • layerzeroLayerZero (ZRO) $ 3.27
  • mx-tokenMX (MX) $ 3.69
  • beldexBeldex (BDX) $ 0.053961
  • cat-in-a-dogs-worldcat in a dogs world (MEW) $ 0.004014
  • bitcoin-goldBitcoin Gold (BTG) $ 20.42
  • compound-governance-tokenCompound (COMP) $ 40.74
  • nervos-networkNervos Network (CKB) $ 0.007841
  • theta-fuelTheta Fuel (TFUEL) $ 0.052572
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 2,268.12
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.05
  • wemix-tokenWEMIX (WEMIX) $ 0.827616
  • oasis-networkOasis Network (ROSE) $ 0.049400
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.795188
  • safeSafe (SAFE) $ 0.685476
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,263.58
  • staked-frax-etherStaked Frax Ether (SFRXETH) $ 2,475.90
  • swethSwell Ethereum (SWETH) $ 2,413.68
  • 1inch1inch (1INCH) $ 0.250238
  • aerodrome-financeAerodrome Finance (AERO) $ 0.512875
  • blurBlur (BLUR) $ 0.164573
  • curve-dao-tokenCurve DAO (CRV) $ 0.255461
  • kavaKava (KAVA) $ 0.278854
  • echelon-primeEchelon Prime (PRIME) $ 6.41
  • iotexIoTeX (IOTX) $ 0.031183
  • amp-tokenAmp (AMP) $ 0.003584
  • bitcoin-avalanche-bridged-btc-bBitcoin Avalanche Bridged (BTC.b) (BTC.B) $ 54,023.00
  • dashDash (DASH) $ 23.44
  • mog-coinMog Coin (MOG) $ 0.00000076
  • justJUST (JST) $ 0.027891
  • superfarmSuperVerse (SUPER) $ 0.604444
  • aevo-exchangeAevo (AEVO) $ 0.312952
  • stader-ethxStader ETHx (ETHX) $ 2,346.52
  • kusamaKusama (KSM) $ 17.50
  • stepnGMT (GMT) $ 0.110357
  • sun-tokenSun Token (SUN) $ 0.026882
  • holotokenHolo (HOT) $ 0.001469
  • constitutiondaoConstitutionDAO (PEOPLE) $ 0.050539
  • dymensionDymension (DYM) $ 1.27
  • aelfaelf (ELF) $ 0.348267
  • golemGolem (GLM) $ 0.252727
  • quantixaiQuantixAI (QAI) $ 71.22
  • woo-networkWOO (WOO) $ 0.136139
  • osmosisOsmosis (OSMO) $ 0.364725
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 54,004.00
Bitcoin

Some white hat hacker behavior is ‘weird,’ Ledger CTO says

By admin
0 37

Some white hat hacker behavior is ‘weird,’ Ledger CTO says

  blockworks.co 5 h

Some white hat hacker behavior is ‘weird,’ Ledger CTO says

The back and forth between CertiK and Kraken this week left more questions than answers.

So to get some potential answers — and to pick his brain — Blockworks chatted with Ledger Chief Technology Officer Charles Guillemet.

Outside of the use of Tornado Cash by the US-based CertiK, he also highlighted the withdrawal of XMR — a privacy coin on Monero, in case you’ve skipped some of Empire’s previous segments — as suspicious because, well, it’s a privacy coin.

Add ChangeNow, a self-styled non-custodial exchange, into the mix. In Guillemet’s experience, ChangeNow is generally one of the top picks for attackers who are trying to hide crypto. It’s often used by bad actors because it doesn’t require proper KYC checks before facilitating swaps from one token to another.

It was also weird that there were video calls between CertiK and Kraken. And don’t even get him started on the millions withdrawn (he maintains you can exploit as little as $5 to prove the bug and then report it for a bounty).

However, the five-day time period in which the researchers were testing the exploit isn’t that strange.

“So the five day period is not suspicious, per se. But what is suspicious is what they did during the meantime,” he told Blockworks.

The silver lining in this is the speed in which Kraken assessed the issue (47 minutes, according to Kraken’s Chief Security Officer Nick Percoco) and investigated the issue.

“Kraken had everything in place in order to verify what happened on their platform and to find out that the vulnerability was actually exploited several times, by three accounts and not only by one,” he added.

Guillemet was in the security world before swapping over to crypto in 2017.

With that experience, he said that the “behavior that we see in blockchain and crypto when it comes to white hat [hacking] is really weird from my standpoint.”

Read more from our opinion section: We need to talk about the dangers of custody on exchanges

“Sometimes you have a white hat, supposedly, who finds a vulnerability on some smart contract. It completely drains the smart contract and then gives back like 90%, choosing its reward [of] 10%. This kind of behavior, for me, is extortion. It seems to be okay. It seems to be white hat behavior,” Guillemet continued.“But I completely disagree with this. When you do security research, you don’t choose your reward.”

“In crypto, it’s not always the case, and it’s a bit disturbing for me, and it’s also disturbing for other security guys in the field.”

CertiK said it wasn’t trying to exploit or “extort” funds from the exchange, unlike claims made by Percoco. On Thursday, Kraken confirmed it received the funds back sans a bit lost to fees.

The simplest way to improve the space is obviously investing in security, but the more difficult path forward is for security teams to stay humble, Guillemet said.

“Attackers will get better and better and we as an ecosystem must be humble and always raise the bar for security because this is a cat-and-mouse game and the stakes are getting higher.”

A shorter version of this article appeared in Friday’s Empire Newsletter. Sign up here to never miss an issue.

Source

admin 7470 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.