Connect with us

Stocks

Major Security Efforts Underway for Polygon, NFTs, Coinbase

As the prices of major cryptos like Bitcoin (BTC-USD) struggle again… What’s going on with the crypto projects themselves? Several of the biggest names are making moves to shore up their security, as we’ll see in today&rsqu…

As the prices of major cryptos like Bitcoin (BTC-USD) struggle again… What’s going on with the crypto projects themselves? Several of the biggest names are making moves to shore up their security, as we’ll see in today’s news roundup for the New Digital World.

Source: Who Is Danny/Shutterstock.com

Advertisement

Polygon Patches Bug In Its Deposit Manager Worth Billions

While many workers here in the United States were off yesterday due to the Presidents Day holiday, Polygon (MATIC-USD) was fixing a serious vulnerability on its network, thanks to the “white hat hackers” at Immunefi.

As more and more users pile into NFTs, metaverses, and DeFi, they need better scalability: faster, cheaper, and seamless Ethereum (ETH-USD) transactions. This is what Polygon provides… But it’s had to solve some security problems along the way. The most recent bug “could potentially have allowed an attacker to drain all funds from [Polygon’s] deposit manager, engage in unlimited withdrawals, DoS and more” if this attacker devoted enough money and time to the effort, reports Immunefi.

Advertisement

Luckily “the bug was not exploitable at the time of the report” (as Immunefi’s CTO told Crypto Briefing), Polygon added an additional check to avoid the situation, and rewarded Immunefi $75,000 for its efforts.

Polygon has been on high alert since December, when it had to hard-fork its network to foil a hacker who’d made off with $1.6 million worth of its MATIC crypto. Bigger vulnerabilities have been patched without incident: In October, Immunefi (again) had spotted a bug that could have cost $850 million. Instead, Polygon patched its bridge to Ethereum to avoid it – and paid Immunefi a $2 million reward on that one!

Advertisement

NFT Industry Fights Scam Projects and Phishing

OpenSea is working with 32 of its users to identify the mysterious attacker they all interacted with – who then stole $1.7 million worth of NFTs and ETH on Saturday.

This time (says OpenSea), it wasn’t a network vulnerability…it was a good old-fashioned phishing scam. Except when you get a phishing message on Facebook, they might just get your password – and when a phisher pretends to be OpenSea needing access to your crypto/NFT wallet… They can clearly get a lot more from you.

Advertisement

Phishing scams can be difficult to spot – but this one only works if you have your digital assets on an exchange, in the first place. This is why – instead of using these “hot wallets” for long – experts like Charlie Shrem of our Crypto Investor Network always recommend moving to “cold storage”: keep your crypto and NFTs offline, where they’re much harder to steal.

Celebrate Proof of Keys.

Advertisement

Take self-custody of your wealth. For the first time in history, you can safely custody your wealth without the need of a third part intermediary.

Not your keys, not your coins pic.twitter.com/SHCLf1mCHC

Advertisement

— Charlie Shrem (@CharlieShrem) January 3, 2022

Advertisement

What if the scammer simply advertises a collection of NFTs that were fake to begin with – and never intended to deliver the goods? This “rug pull” is what just happened on the other big NFT network, Solana (SOL-USD), where the Magic Eden marketplace is refunding users who bought NFTs from the scam collection Balloonsville.

Next time, it’ll be harder to pull any rugs on Magic Eden because the company is tightening its policies. Since privacy and empowerment are key values of these Web3 communities, they often operate anonymously, even in creating high-profile NFT collections. Now, Magic Eden will require all of its creators to “to sign a partnership agreement, like an actual contract. Team leads have to, at minimum, be privately doxed to us.”

Advertisement

In other words, Magic Eden is launching a “know-your customer” (KYC) policy: Provide identification and a “resume” of your prior NFT projects, plus a whitepaper if crypto tokens are involved, and only then can you sell your NFTs there.

Coinbase Plugs a Big Hole Ahead of the Super Bowl

Just two days before Coinbase (NASDAQ:COIN) became the #2 most downloaded app, thanks to its innovative QR-code ad at the Super Bowl… A white hat hacker who goes by Tree of Alpha spotted a major weakness in that app’s beta version.

Advertisement

Tree of Alpha was helping beta-test Coinbase’s new Advanced Trading features, when they noticed that they could play with the code, sell fake Bitcoin (BTC-USD)…and still collect the proceeds! Within a half hour of them reporting the bug, Coinbase locked it down, and gratefully paid Tree of Alpha $250,000 for the save.

Coinbase’s “largest-ever bug bounty”

Advertisement

How a flaw in the new Advanced Trading feature would have allowed a malicious user to sell BTC or any other coin without owning them, and how Coinbase’s reaction speed on a Super Bowl Friday averted a possible crisis.

Bounty: $250,000 pic.twitter.com/Y91M48pCcI

Advertisement

— Tree of Alpha (@Tree_of_Alpha) February 19, 2022

Advertisement

Following up in the above tweet thread this Saturday, Tree of Alpha described exactly what went down and thanked everyone who rushed to their aid, including Coinbase “for its reaction speed… While I sometimes have my beef with Coinbase, I am not sure I could have reached any other [exchange] that quickly in the same situation.”

As Coinbase, Polygon, the NFT marketplaces, and other key players in the New Digital World grow and mature, hackers and haters will always try to poke holes in the armor. These innovators’ success will depend on exactly how strong that armor turns out to be – and here at The New Digital World e-letter, I’ll keep you informed on the latest news and events.

Advertisement

Signature:Ashley Cassell

Ashley Cassell
Contributing Editor, The New Digital World

P.S. Speaking of NFTs: If you’re looking to play the NFT gold rush, the best move has nothing to do with NFTs themselves… And everything to do with the incredible technology behind them, as Charlie Shrem will be the first to tell you. Click here for free access to Charlie’s new buy alert for the Crypto Investor Network.

Advertisement

On the date of publication, Ashley Cassell did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.

More From InvestorPlace

  • Stock Prodigy Who Found NIO at $2… Says Buy THIS Now
  • Man Who Called Black Monday: “Prepare Now.”
  • #1 EV Stock Still Flying Under the Radar

The post Major Security Efforts Underway for Polygon, NFTs, Coinbase appeared first on InvestorPlace.

Advertisement

InvestorPlace | Stock Market News, Stock Advice & Trading Tips

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.