Crypto Shuttle News

Tag: Coinbase

  • Be web3-ready in a few clicks with Coinbase Pay | by Coinbase | Mar, 2022

    Be web3-ready in a few clicks with Coinbase Pay | by Coinbase | Mar, 2022

    [ad_1]

    By Prakash Hariramani, Senior Director, Product Management, and Bipul Sinha, Senior Product Manager

    Today, we are introducing Coinbase Pay, the easiest way for Coinbase users to fund their Coinbase Wallet from the Chrome browser extension and explore web3.

    Over the past year, DeFi, NFTs, and other web3 services have seen tremendous adoption. However, a key step in being able to access and use these services — funding a self-custody wallet — is a cumbersome process that involves multiple steps, switching between apps, and manual transfers.

    Coinbase Pay eliminates these steps, and makes it easy and intuitive for anyone to participate in DeFi or purchase NFTs, in just a few clicks.

    Cash. Click. Crypto.

    Before Coinbase Pay, users who wanted to add funds to their Coinbase Wallet from the browser extension needed to navigate to Coinbase.com, sign in to their account, copy-paste their wallet address, and manually transfer funds from their Coinbase account.

    The process was not only cumbersome, but also left the user vulnerable to user error. For example, if funds were accidentally sent to the wrong wallet address, they would be irretrievable.

    Coinbase Pay makes the process faster, easier, and more secure than ever before. All you need to do is select “Add crypto with Coinbase Pay” when you want to add crypto to your Coinbase Wallet extension.

    Next, you simply select the currency you want to add to your wallet, specify the amount, confirm the transaction–and that’s it. No more switching between apps, copy-pasting addresses, and manually transferring funds.

    Coinbase users based in the US and Canada can currently use their debit cards and bank accounts for transfers, with more payment options enabled globally soon.

    First-time users of Coinbase Wallet will need to link their self-custody wallet to their Coinbase account before being able to use Coinbase Pay.

    Making it even easier to access the world of DeFi, NFTs, and more

    At Coinbase, our mission is to increase economic freedom in the world. A key part of realizing this mission is building crypto products and services that are easy-to-use and accessible. Coinbase Pay makes it even easier for users to get web3-ready with Coinbase Wallet.

    With the Coinbase Wallet extension, your Chrome browser can securely interact and engage with all manner of web3 applications. Kickstart your NFT collection, earn yield through DeFi lending protocols, and grow your crypto portfolio with hundreds of thousands of tokens supported via decentralized exchanges (DEXes).

    And now you can engage with dapps with greater peace of mind, knowing that your payment credentials remain safely stored within Coinbase.

    Looking forward

    We are continuing to build new features into Coinbase Wallet to make it the most user-friendly and accessible self-custody wallet in the world, making it easier for more users to enter the world of web3. We will also continue to expand Coinbase Pay to bring the benefits of seamless fiat onramp to the crypto ecosystem. Stay tuned for more updates.

    Make sure to follow us on Twitter for the latest news about Coinbase Wallet and Coinbase Pay.

    Coinbase Wallet is a self-custody wallet providing software services subject to Coinbase Wallet Terms of Service and Privacy Policy. Coinbase Wallet is distinct from Coinbase.com, and private keys for Coinbase Wallet are stored directly by the user and not by Coinbase. Fees may apply. You do not need a Coinbase.com account to use Coinbase Wallet.



    [ad_2]

    Source link

  • Helping dapp developers reach users on any device with Coinbase Wallet | by Coinbase | Mar, 2022

    Helping dapp developers reach users on any device with Coinbase Wallet | by Coinbase | Mar, 2022

    [ad_1]

    Coinbase

    Expand your dapp’s reach with just a few lines of code

    By Sid Coelho-Prabhu, Product Management Director, Wallet

    Millions of people choose Coinbase Wallet to use dapps, earn yield with DeFi, trade more than hundreds of thousands of assets, and hold their NFTs. In just minutes you can integrate Coinbase Wallet in your dapp, expanding your reach to users on all of their devices — and open your dapp up to the multichain Coinbase ecosystem of over 89M users across 85 countries, on whatever device they prefer.

    With just a few lines of code, you can open up access to your dapp to Coinbase Wallet users across the iOS and Android mobile apps as well as the Wallet browser extension on Chrome.

    Coinbase Wallet SDK takes just 5 minutes to integrate and doesn’t require you to deploy any additional infrastructure. You can learn how to integrate with Coinbase Wallet in our technical documentation, read our post on using web3-react to connect, or watch the Coinbase Wallet SDK demo.

    We are dedicated to making the benefits of crypto and the entire web3 ecosystem accessible to all — regardless of network or blockchain, country or currency, crypto savvy or crypto skeptical. We’re building Coinbase Wallet to reflect that commitment. With support for all EVM-compatible chains, including Avalanche, BNB Chain, Polygon, and many more, you can access millions of users for your dapp across the most popular ecosystems.

    We also know that security is top-of-mind for anyone building in the web3 ecosystem. By offering integration with the most trusted and secure name in crypto, you can help put your users at ease while they explore your dapp, confident that their crypto and data are safe.

    The built-in trust offered by Coinbase Wallet shows: As of February 2022 it’s the most downloaded mobile dapp wallet in the United States. Integrating your dapp with Coinbase Wallet can immediately unlock access to 12M Wallet users, with the potential to reach the full Coinbase ecosystem of over 89M users in 85 countries.

    We see Coinbase Wallet SDK as a critical way to expand access to dapps, which is why we want this experience to be available to everyone in the crypto community. To make that possible, Coinbase Wallet SDK is open-source, making it available for any dapp developer that wants to integrate it into their product.

    Crypto is just getting started, and Coinbase Wallet is your key to what’s next. For developers, Coinbase Wallet is the best self-custody wallet to integrate with, as it’s the most trusted name in crypto and offers unparalleled reach to 89M users across the entire Coinbase ecosystem. Coinbase Wallet also offers the most user-friendly self-custody experience, unlocking the entire world of crypto, including collecting NFTs, earning yield on your crypto, accessing play-to-earn games, engaging in DeFi, participating in DAOs, and more. To learn more, visit our website.

    Disclaimer:

    Coinbase Wallet is a self-custody wallet providing software services subject to Coinbase Wallet Terms of Service and Privacy Policy. Coinbase Wallet is distinct from Coinbase.com, and private keys for Coinbase Wallet are stored directly by the user and not by Coinbase. Fees may apply. You do not need a Coinbase.com account to use Coinbase Wallet.

    [ad_2]

    Source link

  • Improved clarity and guardrails for new assets on Coinbase | by Coinbase | Mar, 2022

    Improved clarity and guardrails for new assets on Coinbase | by Coinbase | Mar, 2022

    [ad_1]

    Coinbase

    By Ishan Wahi, Product Manager

    We started our journey in 2012 by offering the safest and easiest platform to buy and sell Bitcoin. Fast forward to 2022, and we now offer over 150 tradable assets and our customers still enjoy Coinbase as the safest and easiest platform to use. But, this is just the beginning. Today, we’re excited to share some of our efforts to bring you more transparency and information for newly tradable assets, and how we’re introducing more tools and protections to elevate your trading experience on Coinbase.

    More transparency and information than ever

    As we expand our asset offerings, we will be bringing on more, often newly created assets or lesser known tokens that could come with additional trading risks, including higher price swings and increased order cancellations.

    Our goal is to be as transparent as possible with our customers regarding trading risks, so we are introducing a new experimental label on asset pages and a disclosure when executing trades for some assets. Customers will now begin noticing this label and other transparency initiatives across Coinbase today. Learn more about experimental assets in our Help Center.

    At Coinbase, your trust is our top priority. We want to help you trade more assets while keeping your account protected. We’re aiming to add even more assets and expand our coverage around the globe in the coming months, so stay tuned for more updates.

    [ad_2]

    Source link

  • Using Crypto Tech to Promote Sanctions Compliance | by Coinbase | Mar, 2022

    Using Crypto Tech to Promote Sanctions Compliance | by Coinbase | Mar, 2022

    [ad_1]

    Using Crypto Tech to Promote Sanctions Compliance

    By Paul Grewal, Chief Legal Officer

    Coinbase is committed to building a safe and responsible financial system that promotes economic freedom around the world. We strive to be the most trusted platform for buying, selling, and exchanging digital assets, helping everyday people to participate in the crypto economy. We earn that trust by working hard to ensure the integrity of all transactions supported by our platform, and a critical part of that goal is our compliance with economic sanctions.

    Coinbase is committed to complying with sanctions

    In the past few weeks, governments around the world have imposed a range of sanctions on individuals and territories in response to Russia’s invasion of Ukraine. Sanctions play a vital role in promoting national security and deterring unlawful aggression, and Coinbase fully supports these efforts by government authorities. Sanctions are serious interventions, and governments are best placed to decide when, where, and how to apply them.

    No compliance program is perfect, including ours. But to play our part in these critical economic sanctions, Coinbase implements a multi-layered, global sanctions program. We take steps to:

    • Block access to sanctioned actors. During onboarding, Coinbase checks account applications against lists of sanctioned individuals or entities, including those maintained by the United States, United Kingdom, European Union, United Nations, Singapore, Canada, and Japan. To open a Coinbase account, individuals and entities must provide identifying information, including their name and country of residence. We screen this information via an independent vendor before permitting an individual to transact. If a customer lives in a sanctioned country or region, or if they are identified as a sanctioned individual or entity, they cannot open an account on our platform. Similarly, we use geofencing controls to prevent access to the Coinbase website, as well as our products and services, by anyone using an IP address in a sanctioned geography (e.g., Crimea, North Korea, Syria, and Iran). We routinely subject our sanctions compliance program to internal testing and independent audits by third-parties.
    • Detect attempts at evasion. Coinbase regularly updates the global sanctions lists that we use for screening. If someone has opened a Coinbase account and is later sanctioned, we use this ongoing screening process to identify that account and terminate it. Because sanctions evaders often try to mask their identities, Coinbase also proactively works to map transactions beyond the entities and individuals specifically flagged by governments. This allows us to identify potentially related parties and block accounts associated with prohibited actors.
    • Anticipate threats. Coinbase maintains a sophisticated blockchain analytics program to identify high-risk behavior, study emerging threats, and develop new mitigations. For example, we have methods for identifying accounts held by sanctioned individuals outside of Coinbase, even if we don’t have direct access to their personal information. For example, when the United States sanctioned a Russian national in 2020, it specifically listed three associated blockchain addresses. Through advanced blockchain analysis, we proactively identified over 1,200 additional addresses potentially associated with the sanctioned individual, which we added to our internal blocklist. This is just one example. Today, Coinbase blocks over 25,000 addresses related to Russian individuals or entities we believe to be engaging in illicit activity, many of which we have identified through our own proactive investigations (Note: this figure isn’t specific to the time period since the invasion of Ukraine, most of these addresses we identified prior to the invasion, and we have not seen a surge in sanctions evasion activity in the post-invasion context). Once we identified these addresses, we shared them with the government to further support sanctions enforcement.

    Crypto technology enhances sanctions compliance efforts

    The benefits of digital assets for sanctions enforcement extend beyond these initiatives. Digital assets have properties that naturally deter common approaches to sanctions evasion.

    Ordinary fiat currency laundered through traditional financial institutions remains one of the most common mechanisms for sanctions evasion and money laundering. As the United States Treasury noted of sanctions against Iran, the “Iranian regime has long used front and shell companies to exploit financial systems around the world” to evade sanctions.

    An entire money laundering industry has emerged to hide assets in ordinary fiat currency using these techniques. By transacting through shell companies, incorporating in known tax havens, and leveraging opaque ownership structures, bad actors continue to use fiat currency to obscure the movement of funds. In this way, they leave complex financial trails that are difficult to trace, requiring investigators to separately request information from many different financial institutions, and follow a trail across multiple countries (some of which refuse to cooperate or take years to produce records).

    By contrast, digital asset transactions are traceable, permanent, and public. As a result, digital assets can actually enhance our ability to detect and deter evasion compared to the traditional financial system.

    • Public. Public blockchains offer unprecedented visibility into the details of transactions, including information about the date and time of each transaction, the type of virtual asset transacted, the amount, the wallet addresses involved, and the unique transaction identifier. Suspicious transaction activity can be traced without needing to gather information from multiple financial institutions. These advantages for investigation and enforcement simply do not exist with cash transactions or transactions across multiple countries.
    • Traceable. When applied to public blockchain data, analytics tools offer law enforcement additional capabilities. In many cases, law enforcement can trace the transaction history of a wallet from the very first transaction, follow transactions in real time, and group transactions according to risk level based on interactions with other wallets. Other techniques can help authorities to follow transactions between chains or through intermediaries. For example, Coinbase’s proactive on-chain analysis identified more than 16,000 addresses possibly associated with Iranian exchanges, many of which had not yet been identified by others. We used this analysis to strengthen our compliance systems and inform law enforcement in order to enhance industry-wide awareness.
    • Permanent. Once recorded on the blockchain, transactions remain immutable. No one (not crypto companies, not governments, not even bad actors) can destroy, alter, or withhold information to evade detection.

    In addition to these technical advantages, adoption of digital assets is still nascent, making their use for widespread sanctions evasion — the kind that robs sanctions of their impact — unlikely, a fact recently noted by a national security expert.

    For example, the Russian government and other sanctioned actors would need virtually unobtainable amounts of digital assets to meaningfully counteract current sanctions. The Russian central bank alone holds over $630 billion in largely immobilized reserve assets. That’s larger than the total market capitalization of all but one digital asset, and 5–10x the total daily traded volume of all digital assets. As a result, trying to obscure large transactions using open and transparent crypto technology would be far more difficult than other established methods (e.g., using fiat, art, gold, or other assets). This doesn’t mean that bad actors can’t try, but circumventing restrictions on this scale would require massive purchases that would be prohibitively expensive and detectable, as this buying activity would likely lead to price spikes.

    We are always working to build trust in the crypto industry

    These are just some of the ways that industry best practices and crypto technology help to support sanctions compliance. Of course, no traditional or crypto business can guarantee that its sanctions controls are completely airtight. Malicious individuals may find ways around even the strongest barriers.

    The transparency of the blockchain is a formidable tool for law enforcement, and platforms like Coinbase work very hard to partner with law enforcement to root out bad actors. There is also a legitimate interest in protecting the privacy of individuals — a public policy principle long recognized in the traditional financial system. We believe we can balance these interests by continuing to support law enforcement efforts while promoting policy frameworks that respect individual privacy.

    Coinbase helps everyday people to protect, build, and share their wealth through crypto technology. At the same time, we vigorously work to promote security, safety, and transparency on our platform, including through our commitment to sanctions compliance. We welcome public scrutiny of the crypto industry, and will continue working to enhance our overall compliance program and industry compliance standards. This is an integral part of our ongoing commitment to remaining the trusted platform that we, our customers, and the public expect.



    [ad_2]

    Source link

  • Coinbase provides institutions with trusted access and storage for DeFi tokens | by Coinbase | Mar, 2022

    Coinbase provides institutions with trusted access and storage for DeFi tokens | by Coinbase | Mar, 2022

    [ad_1]

    Coinbase

    By Sonia Pinto, Senior Product Marketing Manager and Alexis Hamel, Product Manager, Custody

    Coinbase Prime offers custody and trading for more than 50 DeFi coins and tokens, across a wide range of segments, including DEXs, lend, and borrow.We facilitate governance for a growing number of tokens including UNI, COMP, and MKR. This gives our customers the opportunity to directly participate in the governance of DeFi projects.

    Asset managers, like Grayscale and Bitwise, are increasingly stepping into DeFi beyond Bitcoin and Ethereum. FinTechs are also expanding their DeFi offerings to cater to growing demand. Venture capital funding for blockchain startups reached $25 billion last year, up 713% from $3.1 billion in 2020. Coinbase Ventures, A16Z and Paradigm are some of the VCs doubling down on DeFi.

    As one of the most trusted names in the industry, Coinbase offers access to a broad range of assets, customized account support, and a rapidly growing number of capabilities for our clients to participate in DeFi.

    DeFi Opportunities

    While Bitcoin or Ethereum are the currency of the blockchains, Defi tokens are built on top of the blockchain and represent a wide range of new opportunities for institutions. As of January 2022, nearly $200 Billion was deposited through smart contracts across major blockchains. This measure is referred to as the Total Value Locked (TVL). Ethereum-based projects alone account for 60% of DeFi TVL.

    Defi offers a global, open alternative to financial services consumers utilize today — including savings, loans, trading, and insurance — creating a financial system that is automated, accessible 24/7, permissionless and more transparent. DeFi protocols with the highest adoption rates include Compound and Aave for lending, Curve for stablecoins swap, Uniswap for token swaps, or DYDX for derivatives.

    Where do I start?

    Gain access to our prime broker by navigating to coinbase.com/prime. Click “Get started” and fill in the required information to apply for a Coinbase Prime account. For our existing clients who have a Coinbase Custody, or Coinbase Exchange account, please contact your account manager or PrimeOps@coinbase.com.

    [ad_2]

    Source link

  • Ventures’ Takeaways from ETH Denver | by Coinbase | Mar, 2022

    Ventures’ Takeaways from ETH Denver | by Coinbase | Mar, 2022

    [ad_1]

    Coinbase

    The last time ETH Denver was held in person, ETH’s market cap stood at $30B, DeFi hadn’t had its breakout summer, and few people outside of the 6,000 attendees knew what an NFT was. Fast forward to 2022 and a 10x in ETH’s market cap, the rise of NFTs, a DAO resurgence, and a year where Ethereum did more transactional volume than Visa, a record crowd of 12,000 in Colorado were met with an entirely different energy.

    What had historically been an event for hackers and coders received an infusion of artists and creatives, as well as a governor, a former presidential candidate, and a heavy dose of EDM — a reflection of Ethereum and crypto’s growing awareness within the mainstream.

    Despite the new faces, ETH Denver retained its authentic quirky disposition, complete with bright neon colors and Vitalik dressed as a “Bufficorn”. Beyond a lone Doge Lambo, the main event was mostly free of flash and still felt authentically Ethereum.

    Attendee sentiment

    Even amidst a 50% market drawdown from late November highs and multi-hour long check-ins in the frigid cold, builder energy was sky high. Where Ethereum was still finding its footing during last ETH Denver, this year’s event featured heavy discussion across all of the new verticals thriving today: DeFi, NFTs, DAOs, gaming, and more.

    It was also apparent just how much private capital is still flowing into crypto, undeterred by macro market headwinds: with seed stage deals raising at a minimum $50M and seed token rounds going for $100M+ (no shipped code needed), one might argue too much. In either case, it’s clearly a builders market.

    Real Politik

    In addition to investor and builder excitement, there was also a noticeable presence from mainstream politicians: most notably, Colorado Governor Jared Polis and the Forward Party’s Andrew Yang. With crypto and Web3’s growing popularity, it seems many in government are seeing the upside to embracing this emerging constituency.

    In addition to posing with Vitalik, Gov. Polis announced during the conference that Colorado will accept crypto as payment for taxes in addition to making Colorado, “the first digital state” with favorable regulations for the crypto economy. This mirrors the positions of other crypto-forward governors like Miami’s Francis Suarez and New York’s Eric Adams.

    Photo credit: Westword

    In a surprise appearance, Andrew Yang took the stage with Bankless’s David Hoffman, sharing his thoughts on why Web3 represents “the biggest anti-povery opportunity of our time.” His appearance came on the heels of his Lobby3 initiative, which will advocate for thoughtful regulation in Washington to support crypto innovation.

    All of the while, Biden’s executive order on crypto regulation loomed large (however if you bumped into CoinCenter’s Neeraj he would have told you that the EO is nothing to panic over). Either way, it’s clear that crypto has entered the fore of the American political discussion.

    NFT Mania

    Beyond the bullish builder sentiment, private investor froth, and political participation, NFTs were everywhere in Denver. NFT art installations, musicians performing with their NFTs on display, and some events even requiring NFTs to gain entry (shoutout ecodao).

    POAP (Proof of Attendance Protocol) NFTs, which give people digital mementos commemorating attendance of a particular event by scanning a QR code, were particularly pervasive. The inventive ways different projects found to engage via POAPs suggests that they may be the next mainstream crypto community use case.

    If you were mingling at any of the NFT centric events, odds are you bumped into a former FAANG employee newly entering the NFT space. A sign that despite the macro market downturn, NFT mania is still in full swing and the brain drain from Web2 to Web3 continues.

    Signs of DAObt

    Following a year that saw ConstitutionDAO capture global attention, DAOs have regained much of the crypto limelight. Conference booths were packed with projects building DAO infrastructure and discussions on how decentralized autonomous can rewire the world were prevalent.

    While DAO enthusiasm was evident, many noted that DAO participants were starting to show signs of fatigue with many DAOs struggling to retain contributors. Joseph Delong, former CTO of SushiSwap who notably left the decentralized project, gave a memorable talk on why DAOs simply need more structure to be effective (also discussed in our recent podcast with Orca Protocol’s Julia Rosenberg).

    With over 1B in startup equity for DAO tooling and under 200 DAOs, it begs the question: is there enough DAO to go around?

    The long term outlook of DAOs seems to be bright, but the industry is still grappling with how exactly DAOs should function. Given that there’s no standardization around DAO operation, it’s hard to know what tools they actually need. As such, the DAO infrastructure sector will likely see a lot of turbulence over the near to medium term.

    The Merge

    After years in the making, experts stated that Ethereum’s transition to proof-of-stake is expected to happen in Q2 or Q3 this year. As a quick refresh, Ethereum’s PoS chain (the beacon chain) has been operational since December 2020, however all applications still live on the proof of work chain. The merge basically consists of migrating these applications to the PoS chain.

    As such, the merge was a major point of discussion for devs this year. If all goes well, ETH holders won’t have to do anything, but developers and infrastructure providers are in preparation mode. This includes running testnets and conducting dry runs in anticipation for the real thing.

    The Ethereum ecosystem is making a big bet on PoS in conjunction with layer 2 scaling solutions (rollups). In a post-merge world, Ethereum will transition to become a settlement layer for large transactions while most user activity is pushed to layer 2. This will create an environment where all EVM compatible layer 1s compete with ETH L2s for users and developer mindshare.

    Also prepping for the merge, is Coinbase Cloud, which powers a portion of Coinbase’s ETH staking product as well as node infrastructure for many players in the space. Cloud developers showed up in force hosting a hackathon, a variety of panels, workshops, and a party for over 500 attendees. Learn more about how Coinbase Cloud is thinking about client diversity ahead of the merge here.

    A builders market

    In the days since ETH Denver wrapped, the market drawdown intensified as Russia escalated the situation in Ukraine. While crypto has rebounded, markets will likely remain shaky given the uncertainty of the current geopolitical situation. Regardless, teams building the next generation of Ethereum and Web3 remain well funded and the building will continue.

    As evident by the increased diversity of both projects and participants at this year’s conference, what gets built on Ethereum will keep venturing out in a myriad of new exciting directions.



    [ad_2]

    Source link

  • WEFUZZ, a fully decentralized, crowdsourced security audit and bug bounty solution | by Coinbase | Feb, 2022

    WEFUZZ, a fully decentralized, crowdsourced security audit and bug bounty solution | by Coinbase | Feb, 2022

    [ad_1]

    Coinbase

    This report updates on what WEFUZZ, Coinbase Crypto Community Fund grant recipient, has been working on over the first part of their year-long Crypto development grant. This specifically covers their work on a decentralized, crowdsourced security audit and bug bounty solution.

    By WEFUZZ, Coinbase Crypto Community Fund grant recipient

    WEFUZZ implements a fully decentralized, crowdsourced security audit and bug bounty solution: a set of smart contracts that allow developers and companies to get their smart contracts, blockchains, websites, etc., audited by the auditors and hackers community. With this work, WEFUZZ aims to become the *Hacker DAO*.

    Crowdsourcing is a sourcing model in which individuals or organizations obtain goods or services — including ideas, voting, micro-tasks etc., from a large, relatively open, and rapidly evolving group of participants. Companies like Uber, Gitcoin and GoJek already use this model. Crowdsourcing model offers improved costs, speed, quality, flexibility, scalability, and diversity.

    The traditional crowdsourcing system consists mainly of three roles: requesters, workers (auditors in our case), and a centralized system. Requesters submit tasks to be completed through the crowdsourcing system. A set of auditors complete this task and submit solutions to the crowdsourcing system. Requesters will then select a proper solution (usually the first or the best one that solves the task) and reward the corresponding worker

    This makes centralized systems vulnerable. User’s sensitive information (e.g. name, email address etc.,) and vulnerability reports are saved in the database of these centralized systems, which has the inherent risk of privacy disclosure and data loss. Centralized choke points are not only attack vectors for leaks and hacks, but also for outages.

    Crowdsourcing companies are keen on maximizing their benefits and require requesters paying for services, which in turn increase user’s costs. Most crowdsourcing systems demand a 10–25% service fee.

    All these issues add up to the already existing concerns of smart contract and multi-chains owners and developers (the audit requesters), freelance auditors’ and ethical hackers’ concerns. Some of these concerns are:

    • Ensuring their assets are safe from cyber theft, data hacks or any other risk that can result in a loss of funds and compromised data
    • Being able to get audits done in a cost-effective way — be it private or public security audits
    • Making sure the smart contracts are audited by multiple auditors
    • Hackers do not want to share sensitive personal data
    • Hackers and auditors and developers need complete transparency

    WEFUZZ is a fully decentralized, crowdsourced audit and bug bounty platform aiming to be the Hacker DAO. WEFUZZ aims to provide reliability, fairness, security and low service fees by design.

    The decentralized platform has many advantages such as higher user security, service availability, and lower costs. Smart contracts running on a chosen blockchain are used to perform the whole process of crowdsourcing tasks which contains posting audit and bounty campaigns, submitting audit and bug reports, bounty assignment, etc.

    WEFUZZ solution offers numerous added benefits to users:

    • Data Security: Reports are encrypted with auditors’ and target developers’ public key, so that the bug reports only gets read by who it is intended for. Files are encrypted and stored on the decentralized network storage. No more data breaches, hacks, password leaks or any other risk affecting existing cloud based audit and bug bounty platforms.
    • Cost Effectiveness: Allowing smart contract developers, multi-chain developers, and companies to get audits performed in a cost-effective way directly by the auditors and hacker crowd on the WEFUZZ platform. This helps the developers and companies avoid huge fees and congestion issues affecting the traditional bug bounty platforms.
    • Flexible anonymity: Auditors and hackers can choose to remain anonymous while submitting reports, protecting their privacy, and still getting paid.
    • Communication Security: No centralized data storage, complete anonymity, no data transfers, no moderators and complete end-to-end encryption. All the data resides encrypted on the Solana blockchain and all the files reside on the IPFS blockchain.

    Audit Requestors: Developers, companies or any individual can request audits or start a private/public bug bounty campaign.

    Auditors: Auditors can be anyone from ethical hackers to audit firms who can perform the requested audits or participate in bug bounty campaigns.

    Judges: Judges are community members who are either elected by the community or have been raised to the Judge category through reputation.

    Currently, we are working on the conceptualization, technical architecture, and system design of WEFUZZ, besides building our MVP on Solana and Polygon blockchains, and testing the optimal chain for our project.

    Please join our Discord and follow us on our Twitter and Medium to keep track of the progress. We are going to release the code and other tools we build as part of the research and development in this Github account.



    [ad_2]

    Source link

  • Explore web3 confidently with Coinbase Wallet and Ledger | by Coinbase | Feb, 2022

    Explore web3 confidently with Coinbase Wallet and Ledger | by Coinbase | Feb, 2022

    [ad_1]

    Coinbase

    By Adam Zadikoff, Senior Product Manager

    Since launching the Coinbase Wallet browser extension as a standalone self-custody option in November, we’ve seen incredible adoption. Wallet extension makes it even easier to explore web3 by bringing the world of decentralized apps (dapps) to more devices. Today, we’re adding support for Ledger hardware wallets to Coinbase Wallet extension, providing an additional layer of security and greater peace of mind for our users.

    Ledger is an industry leader in hardware wallets, with more than 4 million people putting their trust in Ledger to keep their crypto safe. To celebrate today’s launch, we have partnered with Ledger to release the Nano X Coinbase Edition, which is available for a limited time in Ledger’s online store.

    Building the most user-friendly self-custody experience in crypto means giving our users more ways to keep their crypto secure while they access web3 and the world of crypto. And today’s launch is just the beginning — we will continue to build out support for more hardware wallets across all of our users’ devices.

    Coinbase Wallet is your passport to collecting NFTs, participating in DeFi, joining a DAO, and so much more. As you start to live more of your life on the blockchain, it’s more important than ever to keep your assets safe.

    Fortunately, there are many steps you can take to keep you and your assets safe as you explore web3. It all starts with your recovery phrase, backing it up in a secure location, and making sure to never share it with anyone. And as a reminder, Coinbase will never ask you for your recovery phrase.

    Coinbase Wallet offers additional layers of security for our users. For users of Wallet browser extension, we recommend adding a password to keep your assets safe. And in the Coinbase Wallet mobile app, you can use biometrics or a PIN to secure your Wallet.

    Today, we are adding support for Ledger hardware wallets in the Coinbase Wallet browser extension, introducing an additional security option for our users. Hardware wallets are physical devices that store the private keys to your crypto wallet offline. Because every transaction on the blockchain requires both a user’s public and private keys, a hardware wallet ensures that only the user who holds the physical device can complete a transaction.

    Using a hardware wallet is a lot like using two factor authentication to secure a website login, but instead of a six digit code that is sent as an SMS or generated in an authenticator app, your hardware wallet is used to physically confirm transactions with the press of a button.

    Whether you are a first-time hardware wallet user or already have a Ledger it is easy to use Coinbase Wallet to connect to the ever-growing world of NFTs, dapps, and DeFi. All you need to do is download the Coinbase Wallet browser extension, connect your Ledger to your computer, and follow the on-screen instructions.

    While today’s launch brings support for Ledger devices to the Wallet extension, we have ambitious plans to support more types of hardware wallets not only in Coinbase Wallet extension, but with our mobile apps as well. We will soon also add support for users with multiple active wallet addresses on a single Ledger device to select which address they want to use with Coinbase Wallet.

    We want to empower everyone to use dapps and access web3, and that requires building the easiest-to-use and most accessible self-custody wallet in the ecosystem. Today’s release solves another set of important user needs, including the ability to use a hardware wallet for enhanced security.

    You can experience the latest enhancements for yourself by downloading Coinbase Wallet for free from the App Store on iOS, Google Play on Android, or the Chrome web store. Make sure to follow us on Twitter @CoinbaseWallet for the latest Wallet-related news.

    Coinbase Wallet is a self-custody wallet providing software services subject to Coinbase Wallet Terms of Service and Privacy Policy. Coinbase Wallet is distinct from Coinbase.com, and private keys for Coinbase Wallet are stored directly by the user and not by Coinbase.com. Fees may apply. You do not need a Coinbase.com account to use Coinbase Wallet.

    Ledger and the Ledger logo are registered trademarks of Ledger SAS. Purchase of the Ledger Nano X Coinbase Edition can be made on Ledger’s website and subject to Ledger Sales Terms and Conditions and Privacy Policy. Subject to availability.



    [ad_2]

    Source link

  • Retrospective: Recent Coinbase Bug Bounty Award | by Coinbase | Feb, 2022

    Retrospective: Recent Coinbase Bug Bounty Award | by Coinbase | Feb, 2022

    [ad_1]

    Coinbase

    At Coinbase, our number one priority is ensuring that we uphold our security commitments to our customers. On February 11, 2022, we received a report from a third-party researcher indicating that they had uncovered a flaw in Coinbase’s trading interface. We promptly mobilized our security incident response team to identify and patch the bug, and resolved the underlying system issue without any impact to customer funds.

    This blog post provides a deeper look into the timeline of events surrounding the bug report, as well as an explanation of the bug itself and the steps we took to resolve it and ensure it cannot happen again.

    (note, all events occurred on February 11, 2022, and all times are in PST)

    • 10:16 AM: A member of the crypto community tweets that they have uncovered a serious flaw in the Coinbase trading interface, and requests contacts in the Coinbase Security team.
    • 11:00 AM: Based on limited initial information provided by intermediaries, Coinbase Security declares an incident and mobilizes engineering resources to begin testing all trading interfaces to determine the validity of the alleged bug.
    • 11:21 AM: The crypto researcher files a vulnerability report via HackerOne, Coinbase’s bug bounty platform, indicating that the flaw resides in a specific API for Retail Advanced Trading. Coinbase engineers also complete a review of all other user interfaces and Coinbase Exchange APIs and determine that they are not impacted.
    • 11:42 AM: Coinbase engineers are able to reproduce the bug, and the Retail Advanced Trading platform is placed into cancel-only mode, disabling new trades.
    • 4:01 PM: A patch is validated and released, resolving the incident.

    The underlying cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account. This API is only utilized by our Retail Advanced Trading platform, which is currently in limited beta release.

    To give an example:

    • A user has an account with 100 SHIB, and a second account with 0 BTC.
    • The user submits a market order to the BTC-USD order book to sell 100 BTC, but manually edits their API request to specify their SHIB account as the source of funds.
    • Here, the validation service would check to determine whether the source account had a sufficient balance to complete the trade, but not whether the source account matched the proposed asset for submitting the trade.
    • As a result, a market order to sell 100 BTC on the BTC-USD order book would be entered on the Coinbase Exchange.

    There were mitigating factors that would have limited the impact of this flaw had it been exploited at scale. For example, Coinbase Exchange has automatic price protection circuit breakers, and our trade surveillance team continuously monitors our markets for health and anomalous trading activity.

    Thanks to the researcher who responsibly disclosed this issue, Coinbase was able to fix this bug in a matter of hours, and conclusively determine that it has never been maliciously exploited. We have also implemented additional checks to ensure that it cannot happen again.

    Coinbase strongly supports independent security research, and when those researchers uncover serious issues, we want to ensure that they are rewarded accordingly. As a result, we are paying our largest-ever bug bounty for this finding: $250,000.

    We welcome future submissions from this researcher and others via our HackerOne program: https://hackerone.com/coinbase.

    [ad_2]

    Source link

  • Introducing the Travel Rule Universal Solution Technology (“TRUST”) | by Coinbase | Feb, 2022

    Introducing the Travel Rule Universal Solution Technology (“TRUST”) | by Coinbase | Feb, 2022

    [ad_1]

    Coinbase

    Coinbase is proud to announce the launch of the Travel Rule Universal Solution Technology (TRUST), an industry-driven solution designed to comply with a requirement known as the Travel Rule while protecting the security and privacy of our customers. TRUST is a platform that allows cryptocurrency exchanges to securely send information legally required by the Travel Rule. The solution is named TRUST because that’s what we seek to instill in our customers when they use our products and services.

    The current U.S. TRUST membership includes the following: Anchorage, Avanti, BitGo, bitFlyer, Bittrex, BlockFi, Circle, Coinbase, Fidelity Digital Assetsˢᵐ, Gemini, Kraken, Paxos, Robinhood, Standard Custody & Trust, Symbridge, TradeStation, Zero Hash, and Zodia Custody. And we are soon expanding to other global jurisdictions.

    Why is TRUST necessary?

    The Travel Rule requires financial institutions to share certain basic information about their customers when sending funds over a certain amount to another financial institution. Custodial cryptocurrency exchanges (like other financial institutions) have to satisfy this rule, which was written before crypto even existed. To do this, a leading group of crypto exchanges came together to create a solution in the crypto space, while continuing to protect the security and privacy of our customers’ personal information. This unprecedented effort led to a jointly designed solution, TRUST, which we hope will soon become the industry standard for complying with these requirements.

    What was the goal in designing the TRUST solution, and how was it achieved?

    The core goal in designing TRUST was to achieve top-tier compliance with the Travel Rule, while fully honoring customers’ expectations over how their information is handled. To do this, important safeguards were incorporated as part of the TRUST solution:

    1. No central store of personal data: We never centrally store sensitive customer information where it could be targeted by an attacker or misused by a third party. The required information is only directly sent from one TRUST member to another, through end-to-end encrypted channels, and the receiver is required to safeguard it.

    Now that TRUST has launched, what are the next steps?

    The next step is adding new members, so that TRUST can provide comprehensive compliance across the crypto industry. The Travel Rule’s reach is expanding internationally, and so must the TRUST solution. TRUST is focused on expanding to many other jurisdictions this year.

    The launch of TRUST resoundingly demonstrates that top-tier compliance can go hand-in-hand with a core industry value — robust protection of customer privacy and security.

    To learn more about joining TRUST, click here.

    [ad_2]

    Source link