Software wallet stores private key in plain text, Sleep-to-earn and much more!

Aug 07, 2022 min read
Software wallet stores private key in plain text, Sleep-to-earn and much more!

gm 👋

Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe.

Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.

Sharing our newsletter with your friends earns you the status of OG supporter, so if you want to be one of the OGs of Cypherock, please help us share our newsletter with more people curious about everything web3 and security - https://www.cypherock.com/newsletters

If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!

Have an awesome week ahead!

Team Cypherock

Security Digest

Got your keys? Still not your crypto - Solana private keys compromised, NEAR next?

Flash_Loan_Attack.jpeg

If there is one point we try to get across through this newsletter, it’s that crypto is not perfect. With innovations occurring on a daily basis, margins of error will naturally be large. However, some hacks are significantly worse than others, and this one is the absolute worst. Over this past week, over 9,000 Solana wallets were hacked with nearly $4.5M drained. This was not a usual suspect where a bridge smart contract was exploited, or individuals were phished, but all the wallets that were compromised had their private keys exposed leaving them with absolutely no course of action.

The attack was targeted towards Slope Finance users - Slope is a software wallet. In a recreation of the attack by Craig (Cpt. Scruffy), Craig was able to identify that the private key and mnemonic phrase was being sent to a Sentry server in plain text. This server is commonly used for error logging, but for some reason was also storing private key details. Now, why in the world would this ever be the case is a question we are yet to answer, but for now what remains to be seen is whether this was an insider job from Slope finance, or if the Sentry account was compromised.

If Solana being exploited wasn’t bad enough, a similar exploit existed on NEAR protocol as well. Hacxyk. in a thread mentioned that they had discovered a bug that was compromising mnemonics to Mixpanel for users who had chosen ‘email’ as a seed phrase recovery option. So, anyone with access to the Mixpanel access log, or account would be able to gain access to compromised wallets. Luckily this bug was logged and fixed.

The first intuition of anyone into crypto is to bash on centralized exchanges, but it seems that even software wallets are not able to keep investor money safe. A major belief in the world of security is that convenience and security are on two ends of a seesaw, and software wallets tend to compromise security for convenience. So, if you needed yet another reminder to buy a hardware wallet, here it is.

Instead of a laundry list of reasons, here are our top 2 reasons that hardware wallets are the best option in crypto security:

Hardware wallet private key generation and storage is not on an internet connected device like a phone or computer. When you plug in your hardware wallet to your computer and create different accounts to store bitcoin, ethereum etc. your private keys are generated by the device and stored locally on a secure chip within the device. The information stored on the secure chip at no point is exposed to any application. Cypherock for example, generates the private key, and then distributes it within 5 components - the X1 device and 4 X1 cards. Even with a secure chip within the device, Cypherock is not taking any chances by keeping the private key entirely in one single location.

Hardware wallets act as 2FA for the world of web3. If you have ever tried signing a contract or making a purchase with a hardware wallet, you know you have to accept the terms of agreement on the device itself before the transaction goes through. Cypherock takes security an extra step where once a signature has been confirmed on the device, the user has the option of setting an alphanumeric pin as well as a third step to make sure that they want to go ahead with the transaction.

Dapp News

Sleep-to-Earn with Sleepagotchi

sleepagotchi.png

SLEEP? IN THIS ECONOMY? All jokes aside, Sleepagotchi gives you an NFT when you wake up every morning and 2 NFTs if you slept well. Sleepagotchi works in tandem with your Apple Health application along with any wearables that you may own. An android version will also be releasing soon. Users create a virtual bedroom called a MetaRoom in which each item within the room is tradeable - beds, curtains etc. Sleepagotchi will also be introducing the mechanics of a token called $SHEEP. Additionally, you will be able to compete in challenges, and also see who sleeps the best through a leaderboard.

Sleep tracking has attracted a lot of innovators to the space, and wearable technology helps drive deeper insight. What all this is leading to is up for debate, but if you love NFTs and sleeping, here is an interesting project for you to check out.

Twitter Tales

If the security digest has you rattled, here is a megathread on resources talking about the Solana hack.

Check out the thread here.

Reddit Reads

Interested in crypto cards in the EU? Here is a detailed analysis of crypto cards available in the EU by u/Trifusi0n

Crypto cards in the EU from r/CryptoCurrency

Updates from Cypherock

With pre-orders shipping out to our customers, we wanted to highlight two of our customers who went over and beyond and left us a note on Twitter talking about their experience using the X1 wallet, and giving their feedback.

Check out what smartytrader.crypto and afroz.eth had to say about Cypherock X1

Is Your Crypto Safe? Take the Cypherock Quiz and find out!

Is your crypto safe

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

Here’s some alpha 🚀

Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!

Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 25% off on their purchase and you make $50 per sale!

Sign up to become a Cypherock Affiliate!

Have questions regarding our product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.