Tag: Multisig

Ethereum’s Buterin advocates multisig, says Shamir backup is ‘way easier to screw up’

[ad_1]

Ethereum co-founder Vitalik Buterin publicly favored multisig over Shamir backup, saying the latter is “way easier to screw up” for ordinary users.

In an X discussion among crypto enthusiasts, worries about the security risks linked to cold wallets have taken center stage, prompted by Ethereum co-founder Vitalik Buterin‘s raised concerns regarding their potential pitfalls.

Peter Watts, the founder of NFT marketplace Reservoir, went on X to caution about the dangers of using hardware wallets, mentioning the risk of losing seed phrases or hastily moving assets stored in a bank’s safety deposit box, especially during unexpected events like the COVID-19 pandemic.

Counterpoint: when using a hardware wallet, the biggest risk becomes yourself. Beware of the footguns:
– Someone finds your stashed seed
– You hide the seed so well you forget
– You put the seed in a bank safety deposit then hastily move overseas due to covid 😬 https://t.co/UzAV13wzPB

— Peter | Reservoir (@ptrwtts) April 30, 2024

The conversation took a new turn when Vitalik Buterin joined it, advocating for the use of multisignature (also known as multisig) solutions for securing personal funds. Buterin didn’t reject the idea of cold wallets but highlighted decentralizing security, preferring multisig setups where multiple keys are required for transactions, emphasizing the importance of security in crypto.

The above is why I use a multisig (@safe) for >90% of my personal funds 🙂

M-of-N, some keys held by you (but not enough to block recovery), the rest held by other people you trust. Don’t reveal who those other people are, even to each other.

Decentralize your own security.

— vitalik.eth (@VitalikButerin) May 1, 2024

He emphasized the need for a “M-of-N” configuration, where some keys are held by the user and others by trusted individuals, without disclosing their identities even to each other.

In response to Buterin’s suggestion, Ethereum investor Tobby Kitty proposed Shamir, a backup method for splitting cryptographic keys or passwords into multiple parts called “shares.” While acknowledging the benefits of Shamir, Buterin cautioned that it’s “way easier to screw up” compared to multisig, as it depends on carefully handling and storing many parts of the secret. If any of these parts are lost or handled incorrectly, it could be impossible to put the secret back together.

[ad_2]

Denis Omelchenko

Source link

May 1, 2024
L2 Blast on multi-sig debate: Security exists on spectrum, nothing is fully secure

[ad_1]

Paradigm-backed network Blast addressed skepticism surrounding its blockchain model following a swift rise to over $300 million in market cap and promises of a token airdrop.

Blast Bridge, an L2 network on Ethereum, pushed back on security concerns espoused by some in the crypto community due to the protocol’s smart contract architecture which safeguards assets using a multi-signature build.

There are often misunderstandings when it comes to security. Security exists on a spectrum (nothing is 100% secure) and it’s nuanced with many dimensions. There’s smart contract security, browser security, physical security. Each dimension has separate attack vectors.

— Blast (@Blast_L2) November 24, 2023

On Nov. 24 via an X thread, the project said no contract code security is completely airtight and that each smart contract design has its associated vulnerability. Blast pointed to other layer-2 blockchains like Arbitrum and Polygon that use multi-sig wallets to hold funds, adding that this option holds benefits if executed correctly.

You want to make sure that each signing key of a multi-sig is independently secure. This helps make the multisig antifragile. Each key should be in cold storage, managed by an independent party, and geographically separated.

Blast L2 via X

Blast stressed that veteran technical engineers comprise the five signatories for its multi-sig wallet. The project also shared plans to further bolster resilience and mitigate black swan events by initiating an upgrade to the underlying hardware wallet provider leveraged for its contentious multi-sig structure.

This will ensure that no single hardware wallet type is used 3-of-5 times, maintaining safety even in an unprecedented hardware wallet compromise scenario.

Blast L2 via X

Blast captured attention as Tieshun Roquerre, aka Pacman, co-founder of NFT marketplace Blur, announced the L2 network after raising $20 million from investors like Paradigm. The deposit-only protocol offers native yield to users, promising an airdrop for early supporters and a mainnet launch in the near future.

The one-way bridge zoomed to a market cap above $300 million as of press time following massive inflows into Blasts’s contract address. Additionally, Blast’s asset portfolio provided by DeBank showed millions held in Lido’s staked Ether (stETH) and Maker’s DAI, a defi stablecoin.

Follow Us on Google News

[ad_2]

Naga Avan-Nomayo

Source link

November 24, 2023
BNBChain unveils secure multi-signature wallet

[ad_1]

BNBChain has launched its safe multi-signature wallet service, BNB SafeWallet. It is based on the Gnosis Safe protocol and runs on the BSC network and opBNB.

According to BNBChain’s blog post, the launch of Gnosis Safe Multisig on the Binance Smart Chain is a milestone in enhancing security for the BSC network and beyond.

Gnosis Safe, a smart contract wallet, boasts core multisig functionality, enabling advanced execution logic, access management, and high security.

The protocol supports various wallets controlled by one or multiple owners for wallet security. BNBChain’s Safe multi-signature wallet service, utilizing the Gnosis Safe protocol, provides a storage solution for digital assets.

Users can define owner accounts and a database threshold number of confirmations required for transactions, ensuring security measures. To access the BNB Chain multi-signature wallet service, users must initially create a Safe, the team says.

Gnosis Safe is a decentralized custody protocol and asset management platform across Ethereum (ETH), EVM, Ethereum Mainnet, BNB Smart Chain, Optimism, Arbitrum, zkSync, and Polygon networks. The Safe Wallet, a web3-friendly tool, streamlines interaction with the defi and web3 ecosystem, enhancing asset security and enabling shared asset management.

The number of required signatures for a transaction can vary based on the wallet setup, typically ranging from two to three. However, users have the flexibility to opt for more signatures if desired.

BNBChain security breaches

The BNBChain network has faced various hacks and attacks in recent times, with notable incidents including the Vyper Copycat Exploit on BSC in July 2023. During this attack, the BNB Smart Chain (BSC) experienced copycat attacks due to a vulnerability in the Vyper programming language, resulting in the theft of approximately $73,000 worth of cryptocurrencies across three exploits.

Additionally, in October 2022, a significant hack targeted Binance (BNB), where hackers exploited a vulnerability in the BNB network, leading to an estimated $570 million being compromised. The attackers managed to create 2 million BNB tokens due to a bug in the smart contract, allowing them to forge transactions and transfer funds into their wallets.

Furthermore, in September 2023, the hackers responsible for the $41 million Stake casino hack shifted an additional $328,000 million worth of Polygon (MATIC) and BNB (BNB) tokens, as reported.

Follow Us on Google News

[ad_2]

Ogwu Osaemezu Emmanuel

Source link

October 28, 2023
Trusted Third Parties Continue To Be Security Holes

[ad_1]

The below is a direct excerpt of Marty’s Bent Issue #1283: “Trusted third parties are security holes.” Sign up for the newsletter here.

The contagion event that has dragged on for the better part of 2022 seems to be materially affecting Genesis Trading and its parent company, Digital Currency Group (DCG). It has become apparent that Genesis didn’t have the best due-diligence process when issuing loans to counterparties because they had to write down two nine-figure loans to zero this year after lending out money to Three Arrows Capital and Alameda Research.

The hole these bad loans left in Genesis’ balance sheet forced the company to halt withdrawals and the legitimacy of the Grayscale Bitcoin Investment Trust (GBTC) — a Genesis sub-company — is beginning to be called into question. To make matters worse, it seems that Genesis lent out $1.1 billion to DCG via a previously undisclosed promissory note. Many believe that Genesis and DCG are now both in danger of going under. This would explain why DCG has been scrambling to raise $1 billion in emergency funds over the last few days. Things seem pretty dire.

If DCG and its sub-companies go under we’ll likely be back in the dark corner of the internet discussing the downfall of companies who went under because of their exposure to Genesis and reliance on DCG as a capital backer. The contagion event continues!

This ongoing slow-motion train wreck provides anyone who is able to look away the opportunity to internalize a very important lesson: Trusted third parties are security holes. Anyone who has been around Bitcoin long enough has had this lesson explained to them in great detail. It is the reason Bitcoin exists in the first place. The trust problem is the first problem Satoshi Nakamoto explains after sharing a link to v0.1 of the Bitcoin software in the email he wrote to the P2P Foundation mailing list when he launched the project in 2009.

“The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. We have to trust them with our privacy, trust them not to let identity thieves drain our accounts. Their massive overhead costs make micropayments impossible.” — Satoshi Nakamoto

It’s incredible that a whole industry based on trust has been erected around a tool that was created to completely remove it from the equation. The contagion event from this year makes it obvious that many people have not heeded Nakamoto’s warning. Many people, your Uncle Marty included, have been warning others as vehemently as possible to not interact with centralized exchanges that claim to be able to keep your bitcoin safer than you can, lenders who promise to provide you yield if you allow them to lend out your bitcoin and financial products that market themselves as great ways to get bitcoin exposure without the “hassle” of having to actually interact with the protocol. That’s why this rag exists; “Marty’s Bent” started as a way to educate you freaks about how Bitcoin works, why it’s important and what you can do to realize the power of this revolutionary technology by using it correctly.

Many have taken the advice to heart, but many others have not — as is evidenced by the popularity of BlockFi, FTX, Genesis, GBTC and the like. Not heeding the warning has led to tens of billions of dollars worth of perceived value being evaporated in the span of a couple of weeks. People are now waking up to discover that the bitcoin they thought they owned either never existed or was squandered away by a third party they trusted — a very expensive lesson.

The dust is currently still whirling around winds that seem to be getting more turbulent, but it will eventually settle. When it does, I believe the winners who come out the other end are those who have heeded the warning that “trusted third parties are security holes” and implement trustless-ness into their product stack. Particularly those who would like to offer financial services and products with bitcoin. The winning companies will be those who learn to leverage Bitcoin’s native properties, particularly the ability to construct multisig wallets. The era of giving your bitcoin to a company providing you bitcoin-centric financial services without multisig solutions should be coming to an end. There is no reason for Bitcoiners to interact with the black-box solutions that have dominated the market to date.

The future of financial products on a bitcoin standard is multisig quorums that distribute risk among stakeholders who control different keys. Companies already exist that have provided the market with the standard for secure and responsible products that leverage multisig quorums. Bitcoiners need to have certainty that if they are using their bitcoin as collateral to receive dollar liquidity via a loan product, they are actually going to get their bitcoin back when they pay off their loan. Multisig quorums that allow the person taking out the loan to hold a key in the quorum provide this certainty. Since the borrower holds a key in the 2-of-3 multisig quorum, they have visibility into the wallet that is escrowing their collateral. They can know for sure that their sats are not being rehypothecated and that they will be there at the end of the loan when everything is paid off and their collateral is set to be released back into their custody. This is a beautiful thing. More than that, it’s revolutionary.

This is the future of finance. It’s not the vision of “DeFi” as put forth by the degenerates creating a token-bartering economy in the land of shitcoins. It’s distributed risk among different counterparties that provide certainty to users and eliminate single points of failure. The companies who internalize this and bring about this future are going to win.

[ad_2]

Marty Bent

Source link

November 22, 2022