Crypto Shuttle News

Month: April 2022

  • What are Bridges? Illicit use of bridges | by Coinbase | Apr, 2022

    What are Bridges? Illicit use of bridges | by Coinbase | Apr, 2022

    [ad_1]

    By Heidi Wilder, Special Investigations Manager & Tammy Yang, Blockchain Researcher

    Part 1: What are Bridges? Bridge Basics, Facts, and Stats

    Illicit actors are often attracted to the newest forms of technology, and bridges are unfortunately no exception to that rule. Illicit actors are defined as individuals or groups conducting illicit activity, such as scams, thefts, or other illegal activity, on the blockchain. In the previous section of this blogpost, we covered the Wormhole and Ronin bridge exploits.

    Analyzing the use of Ethereum bridges by illicit actors in January 2021 through April 2022, we find that Ronin, Wormhole, followed by Polygon and Anyswap have the most volume flowing through them.

    To date, Ronin bridge’s exploit that took place in late March is the largest hack in the DeFi space, totalling more than $540 million in funds stolen (as of the day of the bridging of funds). We discussed this exploit in more detail in our previous blockpost. Unsurprisingly, this hack makes up the largest illicit volume with the Ronin bridge.

    Wormhole’s Ethereum-Solana bridge was attacked in February 2022, leading to a loss of over $250m.

    Polygon’s bridge was primarily abused by Polynetwork’s exploiter (although funds were returned), the bZx hackers, and the AFK System rug pull. The bZx hackers appear to have literally gone back and forth between chains to decide which ones were best to consolidate funds. Ethereum won in the end.

    Anyswap BSC bridge was primarily used as a bridge by the Bunny Finance flash loan attackers, Squid Game rug pull and Vee Finance hackers.

    Why would illicit actors want to bother bridging at all?

    Illicit actors’ reasons for bridging funds between networks are both similar and different compared to the general population of bridge users. Possible reasons include:

    • Consolidation. Combining funds through bridging makes them easier to handle and to generally then launder onwards.
    • Obfuscation. Bridging over funds to other networks adds another layer of complexity to tracing funds on-chain. Tracing funds that travel through a bridge requires tracing capability on both networks and linking them through the bridge.
    • Faster and cheaper transactions and to use assets that are not native to the network. Bringing over funds to other faster and cheaper networks can aid illicit actors in transferring their funds more rapidly at a lower cost. The added ability to access assets that aren’t native to the network allow both licit and illicit actors to gain price exposure to a non native asset, while also enjoying the benefits of the other network.
    • To access a broader selection of dApps. As blockchain monitoring has become increasingly popular, so has scrutiny of illicit activity:

    a) Instead of immediately cashing out, some illicit actors will choose to bridge over funds and then yield farm with them for a period of time, which has the benefit of passing time and earning interest on their proceeds.

    b) Alternatively, illicit actors will also leverage certain DeFi protocols that help break the chain in order to obfuscate the true source of funds.

    But how are illicit actors employing these methods in practice? What happens after someone has bridged over funds to another chain? Can you track through a bridge to the other side?

    Because of the transparency of the blockchain and of many bridge protocols, we can trace through various bridges to identify the ultimate destination of funds.

    Below are some recent examples of how illicit actors are employing bridges and how we can trace through bridges to identify the ultimate destination of funds.

    Consolidation and obfuscation — as seen with an NFT phishing scheme

    NFT phishing scams are nothing new, but the scale at which NFT phishing scams are occurring on social media is rampant. In this particular case, we observed several Murakami Flower phishing scams, among other popular impending NFT releases.

    In this case, we observed that several of these scams bundled together their ill gotten ETH in a novel way.

    Instead of pooling their ETH together on Ethereum, they bridged over the funds to the Secret Network, which was likely an attempt to obfuscate the source and destination of funds.

    Although they may have bridged over funds to the Secret Network, they continued to bridge over to the same address over and over again. Consolidating funds from various phishing schemes allowed them to better get a grasp on their funds.

    Accessing a broader set of dApps — an example of using bridges to then yield farm with ill gotten gains with the Squid Game rug pull

    In November 2021, the Squid Game token rug pulled. Although the token was launched on Binance Smart Chain (BSC), funds were bridged over to Ethereum. While this was likely for obfuscation purposes, it was also to gain access to Ethereum-based dApps.

    In particular, once the attackers bridged over funds to Ethereum, they opted for two yield farming strategies, which allowed them to earn interest on their ill gotten gains.

    The first, was to swap funds to USDT and to supply liquidity to the ETH/USDT Uniswap pool (one of the deepest pools on Uniswap). The second was to take the ETH and to lend it on Compound.

    While the attackers have begun to cash out, they have not only waited out the heat but have also made some interest while doing so.

    Accessing a broader set of dApps — an example of using a bridge to access DeFi protocols to break the chain of traceability with a malware operation

    A malware and ransomware operation primarily sourced funds from victims in Bitcoin over the years. However, in the latter half of 2021, the operation began to bridge over funds to ETH using Ren.

    This allowed the attackers to mint renBTC. Using a particular protocol, Curve.Fi Adapter, the operators were able to immediately swap the newly minted renBTC for WBTC. Both renBTC and WBTC are BTC-backed tokens on the Ethereum blockchain. It’s important to note that the attackers specifically wanted WBTC though, which they could then deposit to Compound.

    Compound is a DeFi protocol that allows users to earn interest on their deposits. When a user deposits funds into Compound, such as ETH, they are provided with cETH or Compound ETH in return, which can be exchanged through Compound for the original ETH amount deposited plus interest earned. Alternatively, users can also use the cETH as collateral to then borrow other tokens.

    And that’s exactly what the malware operations did. They used cBTC as collateral to then borrow stablecoins from Compound, particularly USDT and DAI. And with those stablecoins they then cashed out at various exchanges.

    The idea here is that the malware operators were attempting to obfuscate the true source of their funds and to make it seem like they received funds directly from Compound.

    What can we do about this?

    Because of how public, traceable and permanent the blockchain is, we can leverage it to not only identify illicit actors bridging funds across blockchains but also to stop them. The primary mechanism for this is blockchain analytics.

    Here are some steps we can take as an industry to combat illicit actors’ bridging of funds:

    • Work with blockchain intelligence providers to identify cross-chain transactional flows to quickly identify when illicit funds have hopped from one network to another;
    • Block illicit actors addresses’ on both sides of a bridge;
    • Monitor inputs and outputs of protocols that are heavily abused by illicit actors who bridge over funds.

    Using these and other tools we aim to preserve the integrity of the ecosystem while also encouraging innovative concepts, like bridges, to expand the crypto economy.



    [ad_2]

    Source link

  • SIX Digital Exchange Inks Partnership with Daura

    SIX Digital Exchange Inks Partnership with Daura

    [ad_1]

    On Wednesday, SIX Digital Exchange (SDX), the world’s first fully regulated FMI digital asset  exchange  , announced a partnership with daura, a Swiss equity tokenization platform.

    According to the press release, daura companies will be able to issue digital equity securities in SDX’s regulated Central Securities Depository (CSD).

    SDX will provide daura’s SMEs with access to secondary liquidity through SDX’s centralized depository, allowing them to issue bankable private securities and manage their share registry and cap table through a consolidated workflow. As a result of SDX’s coordination of processes, companies will be able to increase investor visibility and reduce time-to-market.

    ‘Adding Another Building Block’ to the Swiss Crypto Ecosystem

    “This partnership with daura, represents a milestone shift in the way our industry functions. This approach builds on the relationship strengths of an organization like daura – where the digital securities are issued – and the separate, trusted and regulated strengths of SDX as a digital market infrastructure. This is another major step in establishing and developing the future ecosystem for the issuance, custody, and transfer of securities in private markets. We plan many more such partnerships as we build out our ecosystem,” David Hatton, Head of Product at SIX Digital Exchange, commented.

    Peter Schnürer, CEO of daura, pointed the following in a statement: “With this partnership between SDX and daura, we are adding another building block to the Swiss Digital Asset ecosystem: with SDX’s central custodian service and daura’s digital share register, a seamless End-to-End integration of SME and  start-up  shares into the banking system will be possible.” According to David Newns, Head of SDX, “The expansion of our equity ecosystem aims at establishing a robust infrastructure that supports companies on their funding journey from an early stage to IPO. By combining DLT capabilities within a regulated exchange and CSD environment, SDX will provide a safe and trustworthy venue for these assets enabling institutional investors to securely invest in them.”

    On Wednesday, SIX Digital Exchange (SDX), the world’s first fully regulated FMI digital asset  exchange  , announced a partnership with daura, a Swiss equity tokenization platform.

    According to the press release, daura companies will be able to issue digital equity securities in SDX’s regulated Central Securities Depository (CSD).

    SDX will provide daura’s SMEs with access to secondary liquidity through SDX’s centralized depository, allowing them to issue bankable private securities and manage their share registry and cap table through a consolidated workflow. As a result of SDX’s coordination of processes, companies will be able to increase investor visibility and reduce time-to-market.

    ‘Adding Another Building Block’ to the Swiss Crypto Ecosystem

    “This partnership with daura, represents a milestone shift in the way our industry functions. This approach builds on the relationship strengths of an organization like daura – where the digital securities are issued – and the separate, trusted and regulated strengths of SDX as a digital market infrastructure. This is another major step in establishing and developing the future ecosystem for the issuance, custody, and transfer of securities in private markets. We plan many more such partnerships as we build out our ecosystem,” David Hatton, Head of Product at SIX Digital Exchange, commented.

    Peter Schnürer, CEO of daura, pointed the following in a statement: “With this partnership between SDX and daura, we are adding another building block to the Swiss Digital Asset ecosystem: with SDX’s central custodian service and daura’s digital share register, a seamless End-to-End integration of SME and  start-up  shares into the banking system will be possible.” According to David Newns, Head of SDX, “The expansion of our equity ecosystem aims at establishing a robust infrastructure that supports companies on their funding journey from an early stage to IPO. By combining DLT capabilities within a regulated exchange and CSD environment, SDX will provide a safe and trustworthy venue for these assets enabling institutional investors to securely invest in them.”

    [ad_2]

    Source link

  • What are Bridges? Bridge Basics, Facts, and Stats | by Coinbase | Apr, 2022

    What are Bridges? Bridge Basics, Facts, and Stats | by Coinbase | Apr, 2022

    [ad_1]

    By Heidi Wilder, Special Investigations Manager & Tammy Yang, Blockchain Researcher

    Introduction

    Recent questions have been raised about how bridges and mixers work both for legitimate business purposes and illicit financial transactions.

    Although mixing services have been extensively analyzed for years, bridges are a newer concept that became popular in 2021. Bridges allow crypto holders to ‘move’ (or ‘bridge’) their assets between different blockchains. This allows them to hop from one chain to another and gain exposure to other networks.

    We observed a sharp increase in cross-chain activities from Ethereum beginning in April 2021. The daily number of deposit activities to Ethereum bridges reached its peak in the Summer of 2021 and the highest single-day record of over 60,000 transactions bridging from Ethereum occurred on September 12, 2021.

    This two-part blog post aims to explain what bridging is, why it has become so popular, and why bad actors are bridging over funds across networks.

    What is a bridge?

    A bridge is an application that uses cross-chain communication technology to enable transactions between two or more networks, which can be Layer 1s, Layer 2s, or even off-chain services. Simply put, a bridge allows crypto holders to transfer their assets from one network to another. For example, a USDC holder on Ethereum might want to transfer their USDC from Ethereum to Avalanche via a bridge application.

    However, a bridge doesn’t move an asset between chains, it links the asset on one network to its representation (i.e. a wrapped version) on the other network. The cross-chain transaction is achieved via ‘locking’, ‘minting’, and ‘burning’ that accounts for the link between the representations on different chains. We’ll discuss exactly what these terms mean in the following two examples.

    Let’s say Alice wants to bridge 100 ETH from Ethereum to another network called Network Other (a made up blockchain network) via a bridge application called Bridge (also made up):

    1. Alice deposits 100 ETH to the Bridge contract on Ethereum;
    2. The Bridge contract on Ethereum locks the assets and informs the other Bridge contract on Network Other; the asset cannot be accessed until the users requests a withdrawal;
    3. The Bridge contract on Network Other mints (creates) 100 tokens representing the locked ETH (i.e. wrapped ETH);
    4. The Bridge contract transfers the newly minted wrapped ETH to Alice’s address on Network Other:

    Alice now holds 100 wrapped ETH on Network Other. Later, she receives 10 wrapped ETH from someone else. Now, her address balance on Network Other increases to 110 wrapped ETH. She decides to withdraw all back to Ethereum:

    1. Alice sends 110 wrapped ETH to the Bridge contract on Network Other;
    2. The Bridge contract on Network Other burns (destroys) the 110 wrapped ETH and notifies the Bridge contract on Ethereum;
    3. The Bridge contract on Ethereum validates the withdrawal request (e.g. whether Alice really owns 110 wrapped ETH on Network Other). If all checks out, it unlocks 110 ETH to Alice’s address on Ethereum:

    How and when did bridging get so popular?

    Bridging took off in 2021. Especially after April 2021, we saw cross-chain traffic from Ethereum increased exponentially — both in daily number of transactions and unique addresses deposited to the Ethereum bridges. We believe this upward trend is likely driven by one of the reasons below:

    • Increase in the number of bridge applications. Wormhole launched the Ethereum-Solana bridge, Multichain (AnySwap) launched the Ethereum-Fantom bridge and Ethereum-Moonriver bridge, and Celer launched the cBridge in 2021.
    • Increase in the number of new networks that can connect with Ethereum. Avalanche, Ronin, Arbitrum One, Optimism, and Solana were launched in 2021.
    • Increase in the number of decentralized application (dApp) projects launching on chains other than Ethereum and incentivized usage of these systems.

    Why do users bother bridging at all?

    Normally, users want to bridge from one network to another because they want:

    • Faster and cheaper transactions. For example, alt-Layer 1s like Polygon, Layer 2s like Arbitrum One and Optimism are the well-known scaling solutions to Ethereum.
    • To use assets that are not native to the network. For example, users can gain price exposure to a currency like Bitcoin on Ethereum, with the help of bridge projects like Ren and Wrapped Bitcoin.
    • To access a broader selection of dApps. A user might want to bridge funds from Ethereum to the Ronin Network to access Ronin-specific applications, such as their gaming dApp; since some dApps aren’t deployed on Ethereum mainnet because of its limitation on transaction speed and block size.
    • To gain additional income from incentive programs. Many users choose to bridge because destination networks or projects on destination networks may send free tokens to members of their communities.

    What’s happened since 2021?

    A lot happened in 2021. Between July and November, many new dApps and new networks were launched. Bridging activities from Ethereum were at its peak during the time. Most of the bridges became quieter from Q4 in 2021. However, this was not the case for the Polygon PoS bridge — we saw strong and steady bridge traffic, in the number of deposit transactions, from Ethereum to the Polygon Network throughout 2021, which eventually led to Polygon PoS dominating cross-chain traffic in Q1 2022.

    Figure 1 below shows the daily number of deposit transactions to Ethereum bridges. We theorize that the sharp spike around September 11, 2021 was driven by the launch of Arbitrum One.

    Figure 1 Daily number of transactions deposited to Ethereum bridges since 2021.

    Let’s take a look at bridge dynamics in deposit and withdrawal volumes in USD. Figure 2 below shows the daily deposit and withdrawal volumes in USD in Q1 2022. We believe that some sharp spikes in volumes were event-driven (e.g. launch of a new project, airdrop, incentive program, whale activity, bridge exploits, etc.)

    • Top 3 in total deposit volume in Q1 2022 are AnySwap Fantom bridge (green, ~$8.4B), Avalanche bridge (pink, ~$7.8B), and Polygon PoS bridge (blue, ~$4B);
    • Top 3 in total withdrawal volume in Q1 2022 are Avalanche bridge (pink, ~$10.5B), AnySwap Fantom bridge (green, ~ $6B), and Polygon PoS bridge (blue, ~$3.8B);

    We also observed a very interesting fund movement pattern, especially with the AnySwap Fantom bridge, where large amounts of funds were moved to the Fantom network, and then withdrawn back to Ethereum mainnet after a very short period of time.

    Figure 2 Daily deposit volume in USD to Ethereum bridges in Q1 2022

    How safe are bridges?

    As with most new technology, there are some risks to consider. For example, there are risks that users’ funds can be stuck during the deposit and withdrawal process, or they can be victims of cyber theft. When users decide to bridge an asset, they should also be aware of the underlying risks so that they can make more risk-driven decisions.

    Theft Risk is the most common risk that can lead to bridge contracts losing part or all of the funds. Here are some problems that may lead to theft:

    • Bugs in smart contracts. Programming or logical errors can have a serious impact on bridge security, creating opportunities for attackers to steal the locked funds from the bridge contracts.

    The latest example is the Wormhole attack in February 2022 (details here). The attacker spotted a loop hole in the smart contract code, minted 120K Solana ETH without bridge approval and withdrew 80,000 ETH from Ethereum in Feb 02, 2022. Luckily, Jump Trading covered the gap by depositing 120K ETH back to the bridge contract on Ethereum.

    Figure 3 Daily deposit and withdrawal volume in USD to Wormhole bridges

    • Compromised custodians. Most of the bridge applications nowadays rely on external authorities to interact with the bridge and withdraw funds. They are the custodians of the locked funds — they can be trusted parties (e.g. AnySwap bridges) or a pool of validators bonded by stakes (e.g. Polygon PoS bridge and Ronin bridge). Then there is a risk that the custodians may be compromised or act maliciously.

    On March 23 2022, the Ronin attackers compromised all four validation nodes run by Sky Mavis. Sky Mavis is the company who created the Axie Infinity game, Ronin Network, and the Ronin bridge. Together with the fifth validator (run by Axie Dao), which whitelisted all messages sent by Axie Infinity at the time, attackers gained control over the majority of the validators (5 out of 9).

    The attacker then withdrew 173,600 ETH and $25.5 million USDC from the Ronin bridge on Ethereum without going through any verifications (more details here and here).

    Figure 4 Daily deposit and withdrawal volume in USD to Ronin bridges

    • Hostile Layer 1 miners/validators. If more than 50% of the Layer 1’s computing power or stakes are controlled by hostile miners or validators, they can attack bridges on chain and steal the locked funds. For example, they can revert a completed deposit transaction on Ethereum after assets are bridged to another network, which allows attackers to withdraw funds from the other network without depositing on Ethereum (more details here). Or, they can prevent bridge contracts getting updates from the other network, which may lead to major damage to user’s funds that are locked at the bridges.

    These scenarios are unlikely to happen, but not impossible. In a worst case scenario, if assets locked at an exploited bridge were already bridged over from another network and used in DeFi applications, this may lead to a cascading contagion over multiple blockchain networks.

    Bridge users should be aware that the loss by theft is usually not reversible.

    What do we expect for 2022?

    Given the explosion of bridges in 2021, we believe their popularity will continue to rise, especially as we are expecting to see developments in below areas:

    • Bridging demand. As more networks and bridges launch this year, we expect to see more users wanting to bridge between networks;
    • CEXs. More centralized exchanges (CEXs) will enable direct deposit and withdrawal to alt-Layer 1s and Layer 2s in 2022 (some already happened here, here and here).
    • Bridge security. As more users willing to bridge, more crypto assets will be locked at the bridge contract — creating a honeypot effect, increasingly attracting hackers.
    • Risk awareness. Many bridging decisions are cost-driven at the moment. We believe people have different risk appetites. However, there is a big difference between risk weighting choice of a bridge vs. choosing a cheap bridge solely because of the low fees.

    It will be interesting to see, with more information and discussions around bridge security becoming available, if more risk-driven decisions would be made when it comes to choosing a bridge in the future.

    Now that we understand what bridges are, why they’ve gained mass appeal, and what potential security concerns are with them, in our next blog post we’ll discuss the use of bridges by bad actors.



    [ad_2]

    Source link

  • How To Spot a Rising Cryptocurrency

    How To Spot a Rising Cryptocurrency

    [ad_1]

    A decade ago, the mass use of cryptocurrency sounded like a distant reality from a science fiction film. Only a handful of people believed in the financial revolution of cryptocurrencies. Many of the early Bitcoin investors sold their coins for dirt cheap in the early days as they never believed they would be accepted as a medium of transaction. Some early investors can’t even remember the passwords to the hard disks they used as cold wallets.

    Fast-forward to the present, and many businesses today accept Bitcoin and other cryptocurrencies as regular payment options. The online gambling industry especially is fully on board the crypto wagon. You can easily deposit and take out funds from your Casumo Online Casino account using several different cryptos.

    So how do you speculate on the next big cryptocurrency?

    The Data Always Backs a Promising Coin

    The early Bitcoin investors didn’t have much data to rely on. Having faith in the eventual popularity of Bitcoin was crucial to their success. Today, we have access to real-time data on the crypto markets. It’s relatively easier to scan for the next superstar among the numerous crypto underdogs in circulation.

    Learning the best methods for analyzing a crypto’s performance will help you greatly. A good analysis method will tell you more than where prices are going. You can learn what influences the prices of different coins and how the market perceives them. The most promising coin will grow in value organically and hold up its demand.

    A User-Friendly Coin Is a Good Bet

    Mainstream industries and companies accepting cryptocurrencies for payments are a good sign. Online crypto casinos pick coins based on usability and security. For an underdog to gain acceptance, it must be user-friendly.

    A crypto that is easy to use even by less tech-savvy people will rapidly grow in demand and rise in value. According to Blockchain experts investing in cryptos with a smartphone app is safer than buying web-based crypto.

    A Low Maximum Supply Cap

    No more coins can be produced when a cryptocurrency hits its supply limit. Miners will have to close operations, making it hard to come by. It’s important to identify the capping limit of a coin before investing. Buying early into a coin before it hits its limit could give you great returns.

    Cryptocurrencies like Bitcoin are produced gradually until they hit the cap limit, while other providers may opt to release all the coins at once. Newer blockchain providers choose to send cryptocurrencies to inaccessible wallets to boost their value. All these strategies ensure that the coins are not inflationary so they hold their value well.

    Ultimately the harder a crypto coin is to find, the higher its value and likely acceptance by major industries will be, including online bookmakers.

    [ad_2]

    Source link

  • Framework Ventures allocates half of $400M fund to Web3 gaming

    Framework Ventures allocates half of $400M fund to Web3 gaming

    [ad_1]

    Crypto-focused venture firm Framework Ventures has raised $400 million in new funding to invest in early-stage companies across the Web3, blockchain gaming and decentralized finance (DeFi) industries. 

    The completed raise will go towards “FVIII,” an oversubscribed fund worth $400 million, the company announced Tuesday. Approximately $200 million of that total will be allocated to the emerging blockchain gaming industry.

    The venture firm, which had early exposure to DeFi, now has over $1.4 billion in assets under management. Framework Ventures was an early investor in projects such as Chainlink, Aave and The Graph.

    Like DeFi in 2020, gaming and Web3 have been identified as the next major growth plays for the blockchain industry. Axie Infinity — a popular play-to-earn game constructed around collecting digital pet avatars called Axies —has provided a solid use case for this emerging paradigm. According to blockchain analytics platform Nansen, there are currently 2.8 million unique addresses holding 11.1 million Axies.

    As Cointelegraph reported, Web3 is also fostering the continued growth of the nonfungible token market by giving creators the ability to create NFTs with actual use cases inside virtual ecosystems.

    Related: An open invitation for women to join the Web3 movement

    Venture funds and other smart money investors have been keen to back Web3 development companies. On Tuesday, Cointelegraph reported that KuCoin ecosystem companies had launched a $100 million Web3 developer fund focusing on NFT projects. Separately, crypto exchange CoinDCX has raised $135 million to support India-based Web3 projects.

    Beyond the blockchain industry, it’s believed that the play-to-earn model could have a significant impact on the future of gaming. Myspace co-founder and former CEO Chris DeWolfe told Cointelgraph that the business model of play-to-earn gives players more control over their in-game experiences.