A ransom attack on Trezor's and KeepKey's passphrase handling
> As a consequence, a malicious wallet or a man-in-the-middle modifying data transferred via USB could send an arbitrary fake passphrase to the Trezor / KeepKey, and hold any coins received in this wallet hostage. The passphrase entered by the user could simply be ignored, and the actual passphrase used would be only known to the attacker.
> If that happens, the Trezor and the computer wallet load normally, and the user has no way of noticing that an attack is ongoing, even if they use the hardware wallet flawlessly, verifying all receive addresses according to best practices. Receive addresses in the computer wallet match the address shown on the device as usual, but the addresses do not belong to the user: the attacker can lock access to them by withholding the passphrase needed to spend from them.
original: https://benma.github.io/2020/09/02/trezor-keepkey-passphrase.html
archive: https://archive.vn/ZymEP
> As a consequence, a malicious wallet or a man-in-the-middle modifying data transferred via USB could send an arbitrary fake passphrase to the Trezor / KeepKey, and hold any coins received in this wallet hostage. The passphrase entered by the user could simply be ignored, and the actual passphrase used would be only known to the attacker.
> If that happens, the Trezor and the computer wallet load normally, and the user has no way of noticing that an attack is ongoing, even if they use the hardware wallet flawlessly, verifying all receive addresses according to best practices. Receive addresses in the computer wallet match the address shown on the device as usual, but the addresses do not belong to the user: the attacker can lock access to them by withholding the passphrase needed to spend from them.
original: https://benma.github.io/2020/09/02/trezor-keepkey-passphrase.html
archive: https://archive.vn/ZymEP
Trezor Model T v2.3.3 and Model One v1.9.3 released
- passphrase vulnerability patch
- tx fee hard limit
blog: https://blog.trezor.io/firmware-updates-for-trezor-model-t-version-2-3-3-and-trezor-model-one-version-1-9-3-c94f7a3b6fea
archive: https://archive.vn/vcuJ0
- passphrase vulnerability patch
- tx fee hard limit
blog: https://blog.trezor.io/firmware-updates-for-trezor-model-t-version-2-3-3-and-trezor-model-one-version-1-9-3-c94f7a3b6fea
archive: https://archive.vn/vcuJ0
FATF Compliance Effort Adds Huobi, Bitfinex and Tether to Governance Task Force
> Shyft, a well-known participant in the race to bring crypto in line with Financial Action Task Force (FATF) AML regulations, last year hired heavyweight advisers Rick McDonell (former FATF executive secretary) and Josee Nadeau (former head of the Canadian delegation to the FATF). The two will co-chair the governance task force.
original: https://www.coindesk.com/shyft-network-fatf-veriscope-huobi-bitfinex-tether
archive: https://archive.vn/7U6pr
> Shyft, a well-known participant in the race to bring crypto in line with Financial Action Task Force (FATF) AML regulations, last year hired heavyweight advisers Rick McDonell (former FATF executive secretary) and Josee Nadeau (former head of the Canadian delegation to the FATF). The two will co-chair the governance task force.
original: https://www.coindesk.com/shyft-network-fatf-veriscope-huobi-bitfinex-tether
archive: https://archive.vn/7U6pr
Are regulators poised to demand cryptocurrency address whitelisting? Probably not.
> Rumors are circulating that regulators will soon require exchanges to only allow cryptocurrency withdrawals to “whitelisted” addresses or, worse, that withdrawals to unhosted wallets won’t be allowed at all. These rumors are exaggerated, yet they’ve been persistent over the past few weeks, so we wanted to address them directly.
original: https://www.coincenter.org/are-regulators-poised-to-demand-cryptocurrency-address-whitelisting-probably-not/
archive: https://archive.vn/1E8lh
> Rumors are circulating that regulators will soon require exchanges to only allow cryptocurrency withdrawals to “whitelisted” addresses or, worse, that withdrawals to unhosted wallets won’t be allowed at all. These rumors are exaggerated, yet they’ve been persistent over the past few weeks, so we wanted to address them directly.
original: https://www.coincenter.org/are-regulators-poised-to-demand-cryptocurrency-address-whitelisting-probably-not/
archive: https://archive.vn/1E8lh
How Latin America Mitigates Economic Turbulence with Cryptocurrency
> Brazil accounts for by far the most cryptocurrency usage by on-chain volume of all Latin American countries. However, while Venezuela appears to be a distant second, its role becomes more pronounced when we look at P2P trading volumes. In fact, Venezuelans account for the third-highest number of transfers on LocalBitcoins and Paxful, two of the most popular worldwide P2P exchanges.
original: https://blog.chainalysis.com/reports/latin-america-cryptocurrency-market-2020
archive: https://archive.vn/t8T22
> Brazil accounts for by far the most cryptocurrency usage by on-chain volume of all Latin American countries. However, while Venezuela appears to be a distant second, its role becomes more pronounced when we look at P2P trading volumes. In fact, Venezuelans account for the third-highest number of transfers on LocalBitcoins and Paxful, two of the most popular worldwide P2P exchanges.
original: https://blog.chainalysis.com/reports/latin-america-cryptocurrency-market-2020
archive: https://archive.vn/t8T22
WVE–005 Responsible Disclosure & v4 Hard Fork
> Before the v4 Hard Fork, an attacker could have exploited the vulnerability to perform a DoS (denial-of-service) attack, in such a way that it was difficult to identify the attacker itself. Denial of Service means that the attacker would halt the entire CoinJoin process for all other participants and Wasabi rounds would no longer work. Given the fact that we have not observed any DoS attempts thus far, we assume that no Wasabi user has been affected by the vulnerability.
> It is important to specify that the attacker could neither steal users' funds nor deanonymize anyone. What they could have done was to prevent the completion of the CoinJoin process.
original: https://blog.wasabiwallet.io/responsible-disclosure-v4-hard-fork/
archive: https://archive.vn/kFZ5m
> Before the v4 Hard Fork, an attacker could have exploited the vulnerability to perform a DoS (denial-of-service) attack, in such a way that it was difficult to identify the attacker itself. Denial of Service means that the attacker would halt the entire CoinJoin process for all other participants and Wasabi rounds would no longer work. Given the fact that we have not observed any DoS attempts thus far, we assume that no Wasabi user has been affected by the vulnerability.
> It is important to specify that the attacker could neither steal users' funds nor deanonymize anyone. What they could have done was to prevent the completion of the CoinJoin process.
original: https://blog.wasabiwallet.io/responsible-disclosure-v4-hard-fork/
archive: https://archive.vn/kFZ5m
ARKInvest-Bitcoin-A-Novel-Economic-Institution.pdf
1.7 MB
Bitcoin: A Novel Economic Institution
> This paper lays out the case for Bitcoin. In Part 1, we describe how the Information Age gave rise to Bitcoin, a novel economic institution designed to challenge legacy financial systems. We explain how legacy financial institutions, which have evolved through a trust-based model, appear to have fallen short of the four economic assurances necessary for a predictable financial system. We then analyze Bitcoin’s behavior in relation to these four economic assurances and explain why we believe it is designed uniquely to satisfy them.
https://ark-invest.com/white-papers/bitcoin-part-one/
> This paper lays out the case for Bitcoin. In Part 1, we describe how the Information Age gave rise to Bitcoin, a novel economic institution designed to challenge legacy financial systems. We explain how legacy financial institutions, which have evolved through a trust-based model, appear to have fallen short of the four economic assurances necessary for a predictable financial system. We then analyze Bitcoin’s behavior in relation to these four economic assurances and explain why we believe it is designed uniquely to satisfy them.
https://ark-invest.com/white-papers/bitcoin-part-one/
Top Podcasts of the Week
Tales from the Crypt - Rabbit Hole Recap - https://anchor.fm/tales-from-the-crypt/episodes/Rabbit-Hole-Recap-Week-of-2020-08-31-ej3g46
Stephan Livera - Roasbeef - https://stephanlivera.com/episode/207/
Tales from the Crypt - Fabian Jahr - https://anchor.fm/tales-from-the-crypt/episodes/189-Fabian-Jahr-eivtk9
Stephan Livera - Luke Childs - https://stephanlivera.com/episode/206/
Stephan Livera - Specter - https://stephanlivera.com/episode/205/
Tales from the Crypt - Rabbit Hole Recap - https://anchor.fm/tales-from-the-crypt/episodes/Rabbit-Hole-Recap-Week-of-2020-08-31-ej3g46
Stephan Livera - Roasbeef - https://stephanlivera.com/episode/207/
Tales from the Crypt - Fabian Jahr - https://anchor.fm/tales-from-the-crypt/episodes/189-Fabian-Jahr-eivtk9
Stephan Livera - Luke Childs - https://stephanlivera.com/episode/206/
Stephan Livera - Specter - https://stephanlivera.com/episode/205/
Multisig Guide using specter and bitcoin core
- 1 Coldcard
- 1 CoboVault
- 1 paper wallet
guide: https://btcguide.github.io/
release thread: https://twitter.com/mflaxman/status/1301605083969392641
- 1 Coldcard
- 1 CoboVault
- 1 paper wallet
guide: https://btcguide.github.io/
release thread: https://twitter.com/mflaxman/status/1301605083969392641
Umbrel v0.2.9 released
- LND v0.11
- iOS Tor browser fix
- Backup status shown
https://github.com/getumbrel/umbrel/releases/tag/v0.2.9
- LND v0.11
- iOS Tor browser fix
- Backup status shown
https://github.com/getumbrel/umbrel/releases/tag/v0.2.9
Rudefox Burrow v0.0.5 released
blog: https://medium.com/@bjdweck/initial-release-of-rudefox-burrow-2718049ac157
download: https://git.rudefox.io/explore/repos
quick start guide: https://www.rudefox.io/burrow/quick-start.html
blog: https://medium.com/@bjdweck/initial-release-of-rudefox-burrow-2718049ac157
download: https://git.rudefox.io/explore/repos
quick start guide: https://www.rudefox.io/burrow/quick-start.html
Media is too big
VIEW IN TELEGRAM
Ministry of Nodes: Specter Desktop + Coldcard Windows Guide
> An easy way to use a hardware wallet on Windows with two pieces of software - Bitcoin Core and Specter Desktop.
youtube: https://youtu.be/4koKF2MDXtk
> An easy way to use a hardware wallet on Windows with two pieces of software - Bitcoin Core and Specter Desktop.
youtube: https://youtu.be/4koKF2MDXtk
LN Markets investment round
> LN Markets, a crypto derivatives exchange built on top of Bitcoin’s Lightning Network, has raised an undisclosed sum of money in a pre-seed round.
> The round saw participation from crypto exchange Bitfinex and investment firms Arcane Crypto and Fulgur Ventures.
original: https://www.theblockcrypto.com/linked/77137/bitfinex-invests-ln-markets-derivatives-bitcoin-lightning-network
archive: https://archive.vn/IEwDs
> LN Markets, a crypto derivatives exchange built on top of Bitcoin’s Lightning Network, has raised an undisclosed sum of money in a pre-seed round.
> The round saw participation from crypto exchange Bitfinex and investment firms Arcane Crypto and Fulgur Ventures.
original: https://www.theblockcrypto.com/linked/77137/bitfinex-invests-ln-markets-derivatives-bitcoin-lightning-network
archive: https://archive.vn/IEwDs
Chainalysis 2020 Global Crypto Adoption Index
> To do this, we weighted our index formula to measure cryptocurrency activity while also accounting for each country’s population and economy size. The intention is to highlight the countries where the most residents have moved the biggest share of their financial activity to cryptocurrency.
original: https://blog.chainalysis.com/reports/2020-global-cryptocurrency-adoption-index-2020
archive: https://archive.vn/Wg10l
> To do this, we weighted our index formula to measure cryptocurrency activity while also accounting for each country’s population and economy size. The intention is to highlight the countries where the most residents have moved the biggest share of their financial activity to cryptocurrency.
original: https://blog.chainalysis.com/reports/2020-global-cryptocurrency-adoption-index-2020
archive: https://archive.vn/Wg10l
Bitcoin Optech #114
- protocol for making routable coinswaps
- re-delegate absurd fee checking from mempool to clients
- infrastructure projects changes
original: https://bitcoinops.org/en/newsletters/2020/09/09/
archive: https://archive.vn/X3p6D
- protocol for making routable coinswaps
- re-delegate absurd fee checking from mempool to clients
- infrastructure projects changes
original: https://bitcoinops.org/en/newsletters/2020/09/09/
archive: https://archive.vn/X3p6D
CVE-2018-17145.pdf
141.7 KB
CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack
- Doesn't appear to have been exploited but could have been used to steal funds.
- Vulnerability introduced in Nov 2017.
- Discovered in June 2018.
- July 2018 release of Bitcoin Core v0.16.2 included fix.
Summary: https://invdos.net/
Full Paper: https://invdos.net/paper/CVE-2018-17145.pdf
- Doesn't appear to have been exploited but could have been used to steal funds.
- Vulnerability introduced in Nov 2017.
- Discovered in June 2018.
- July 2018 release of Bitcoin Core v0.16.2 included fix.
Summary: https://invdos.net/
Full Paper: https://invdos.net/paper/CVE-2018-17145.pdf
Suredbits Schnorr Applications Series
MuSig: https://suredbits.com/schnorr-applications-musig/
archive: https://archive.vn/i8shf
Scriptless Scripts: https://suredbits.com/schnorr-applications-scriptless-scripts/
archive: https://archive.vn/ni6j1
Batch Verification: https://suredbits.com/schnorr-applications-batch-verification/
archive: https://archive.vn/2S4X8
Threshold Signatures: https://suredbits.com/schnorr-applications-threshold-signatures/
archive: https://archive.vn/bPPco
MuSig: https://suredbits.com/schnorr-applications-musig/
archive: https://archive.vn/i8shf
Scriptless Scripts: https://suredbits.com/schnorr-applications-scriptless-scripts/
archive: https://archive.vn/ni6j1
Batch Verification: https://suredbits.com/schnorr-applications-batch-verification/
archive: https://archive.vn/2S4X8
Threshold Signatures: https://suredbits.com/schnorr-applications-threshold-signatures/
archive: https://archive.vn/bPPco
Belarus Non-Profit Helps Protestors With Bitcoin Grants
- BYSOL non-profit has raised $2M+
- Provides grants of $1500 per persion
- Distributed using bitcoin since fiat transfers into Belarus are being blocked
original: https://www.coindesk.com/belarus-dissidents-bitcoin
archive: https://archive.vn/qfNrO
- BYSOL non-profit has raised $2M+
- Provides grants of $1500 per persion
- Distributed using bitcoin since fiat transfers into Belarus are being blocked
original: https://www.coindesk.com/belarus-dissidents-bitcoin
archive: https://archive.vn/qfNrO
Square Announces Crypto Open Patent Alliance
> First, COPA members pledge never to use their crypto patents against anyone, except for defensive reasons, effectively making these patents freely available for all to use. Second, COPA creates a shared patent library where members pool all of their crypto patents together to form a collective shield of patents, allowing members to use each others’ patents to deter and defend against patent aggressors. This helps democratize patents for everyone, empowering even small companies with tools and leverage to defend themselves.
original: https://open-patent.org/
archive: https://archive.vn/PNX8Z
> First, COPA members pledge never to use their crypto patents against anyone, except for defensive reasons, effectively making these patents freely available for all to use. Second, COPA creates a shared patent library where members pool all of their crypto patents together to form a collective shield of patents, allowing members to use each others’ patents to deter and defend against patent aggressors. This helps democratize patents for everyone, empowering even small companies with tools and leverage to defend themselves.
original: https://open-patent.org/
archive: https://archive.vn/PNX8Z