Ep. 117 I am Peg
On this episode of the Unhashed Podcast, Ruben explains softchains, Russian hackers being Russian hackers at Livecoin, moar Ripple popcorn, and Blockstream launches a fully open-sourced hardware wallet. For the lightning round, what really is a sidechain, and how much would you pay to mindmeld with Bill Gates?
On Christmas Eve, Russian crypto exchange Livecoin lost control of its servers and hackers manually skyrocketed exchange rates by 10%-15% for various assets. After noticing the attack, Livecoin, still with partial control of its front end, managed to post the following warning on its homepage: [picture]. A few days later, Livecoin's homepage displayed a darker message: “Good try Livecoin. But no… You have 2 days left…” followed by a Bitcoin address. Several days later, after Livecoin evidently failed to satisfy ransom demands, the site was updated: “Oops! Time is over Livecoin…” According to ZDNet, several Livecoin users are now accusing the company of orchestrating the hack as an inside job. Livecoin claims they’ve notified local law enforcement to help resolve the matter. We will hopefully know more in the coming weeks and months.
A few days later, Livecoin's homepage displayed a darker message: “Good try Livecoin. But no… You have 2 days left…” followed by a Bitcoin address. Several days later, after Livecoin evidently failed to satisfy ransom demands, the site was updated: “Oops! Time is over Livecoin…” According to ZDNet, several Livecoin users are now accusing the company of orchestrating the hack as an inside job. Livecoin claims they’ve notified local law enforcement to help resolve the matter. We will hopefully know more in the coming weeks and months.
San Francisco-based blockchain company Ripple is now facing a lawsuit from Tetragon, a $2.32 billion investment firm headquartered in the U.K. that acts as its top stakeholder, Bloomberg reports. The plaintiff is seeking to redeem its stock in the troubled company after it got sued by the U.S. Securities and Exchange Commission last month over illegal XRP sales.On top of that, Tetragon is asking the court to issue a restraining order against Ripple to temporarily freeze its liquid assets. Tetragon was in charge of Ripple's $200 million Series-C funding round that propelled its valuation to a whopping $10 billion in late 2019.
Related: Delistings of XRP continue unabated, with Grayscale dropping it, as well as blockchain(dot)com. Globee, the crypto payments processor founded by Monero lead Fluffy Pony also discontinued processing payments using XRP.
A team of researchers from the University of Cambridge determined that microphones used in digital smart home devices like Amazon’s Echo are sensitive enough to record what someone is typing on a smartphone. That information can then be used to steal PINs and other sensitive data. The microphones can effectively be used to record the taps people make on a mobile device from up to a foot and a half away. According to the team: “Given just 10 guesses, five-digit PINs can be found up to 15 percent of the time, and text can be reconstructed with 50 percent accuracy.” The researchers noted that modern voice assistants use anywhere from 5-7 microphones capable of directional localization more accurate than human ears. In this specific attack vector, when those microphones are located close enough to a mobile device’s screen, they can hear screen vibrations and use them to successfully reconstruct the tap location.
Blockstream announced Blockstream Jade on January 3rd as its own take on what a Bitcoin hardware wallet should be. Fully open-source for both hardware and software, Blockstream Jade secures your keys offline in combination with Blockstream Green. It features “server enforced PIN protection” in lieu of a secure element, which means “when the mnemonic is generated, it is immediately encrypted using AES256 using a secret key that is computed through an encrypted and authenticated channel with a [remote] blind oracle server. The authentication involves ephemeral elliptic curve Diffie Hellman exchange with a known server key. The encrypted mnemonic is then stored on the encrypted flash of the Jade and protected by secure boot [v2]. The blind server is not aware of the actual PIN nor can brute force it. The blind server also is not associated with the users account (it is not associated with the per user derivation paths) If the PIN is entered incorrectly 3 times the server and Jade both delete the secret requiring a from scratch mnemonic restore on Jade. Neither the companion app nor any ISP/WiFi AP in the middle can inspect the data passed between Jade and the oracle, including being able to tell if the PIN is correct or wrong (other than potential timing attacks). The oracle is available via Tor and open source and in the future users will be able to run their own and point their Jade to it if they prefer.”
As reported by Coindesk, Federally regulated banks can use stablecoins to conduct payments and other activities, the Office of the Comptroller of the Currency (OCC) said Monday. The federal banking regulator published an interpretive letter addressing whether national banks and federal savings associations could participate in independent node verification networks (INVNs, otherwise known as blockchain networks) or use stablecoins. The letter said these financial institutions can participate as nodes on a blockchain and store or validate payments