Financial Industry News
The Lightning Network is a young protocol, and it’s going through some technical growing pains as its tech stack grows and its network expands. While most of the vulnerabilities (covered in part one of this series) are neither protocol-breaking nor easy to exploit, they’re still reminders that improvements come with trade-offs – and that security […]
Continue ReadingThis is the first article in our two-part series on existing vulnerabilities in Bitcoin’s Lightning Network. Part one details the outstanding vulnerabilities and their risk factors. Part two will examine why these weak spots have never been exploited, what changes may be made to fix them and the developing trade-offs that come from balancing user-friendly […]
Continue ReadingA vulnerability in LND versions 0.10.x and below has been disclosed to the Lightning Labs team, according to engineer Conner Fromknecht in the Lightning Network developer channel Thursday. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible.
Continue ReadingA “high severity vulnerability” was found and patched in Ethereum wallet Argent, according to leading white-hat hackers OpenZeppelin. Disclosed Friday, OpenZeppelin security researcher Alice Henshaw discovered a vulnerability within Argent that would have allowed user funds to be drained from wallets that did not have Argent’s “guardian” feature. According to an OpenZepplin blog post and […]
Continue ReadingA popular payments network running atop the bitcoin blockchain suffered from a long-standing code vulnerability – one where attackers could drain users’ of their money. While initially flagged to the public on Aug. 30 by bitcoin developer Rusty Russell, the full disclosure detailing how this vulnerability could be exploited by an attacker was released Friday. […]
Continue ReadingFumbleChain makes breaking blockchains a sport. Demonstrated for the first time last Thursday at the Black Hat infosec event, the deliberately flawed technology is meant to act as an educational tool for crypto developers. “Basically, this what people call CTF, or ‘capture the flag,’” explained Nils Amiet, a senior security engineer at Kudelski and one […]
Continue ReadingA critical vulnerability on the programmatic lending platform MakerDAO could have made user funds irretrievable, according to security audit firm Zeppelin. Discovered in the last few weeks, MakerDAO issued Monday an urgent plea to token holders of the MakerDAO platform, writing on Reddit: “In partnership with Coinbase and Zeppelin, the Maker Foundation has been participating […]
Continue Reading