Skip to main content

MLB Team Washington Nationals Partners With Terra Blockchain Community, Ballpark Plans to Accept UST

On February 9, the American professional baseball team based in Washington, D.C., the Washington Nationals, announced the team has partnered with Terra, the open-source blockchain platform and decentralized autonomous organization (DAO). The Washington Nationals detail that the team is a “leading innovator” and is “consistently introducing new technologies to enhance the fan experience.” Washington Nationals Ink Long-Term Deal With Terra Major League Baseball (MLB) team the Washington Nationals has partnered with the blockchain platform and DAO Terra, according to an announcement published by the team on Wednesday. The deal with Terra follows a slew of sports-related deals with crypto firms, but the MLB team will be the first to partner with an open-source blockchain project. In addition to the partnership, the algorithmic stablecoin UST that’s issued on the Terra blockchain will be “accepted as a payment method at Nationals Park as early as next season.” “The Nationals continue t...
Post a Comment

This proof of concept NFT can swipe unsuspecting users' IP addresses

Turns out that some NFTs might be building collections of their own. Their target? Your private data.

Both OpenSea and Metamask have logged cases of IP address leaks associated with transferring nonfungible tokens (NFTs), according to researchers at Convex Labs and OMNIA protocol.

Nick Bax, head of research at NFT organization Convex Labs tested out how NFT marketplaces like OpenSea allow vendors or attackers to harvest IP addresses. He created a listing for a Simpsons and South Park crossover image, entitling it “I just right click + saved your IP address” to prove that when the NFT listing is viewed, it loads custom code that logs the viewer's IP address and shares it with the vendor.

In a Twitter thread, Bax admitted that he "does not consider my OpenSea IP logging NFT to be a vulnerability" because that is simply "the way it works." It's important to remember that NFTs are, at their core, a piece of software code or digital data that can be pushed or pulled. It is quite common for the actual image or asset to be stored on a remote server, while only the asset's URL is on-chain. When an NFT is transferred to a blockchain address, the receiving crypto wallet fetches the remote image from the URL associated with the NFT.

Bax further explained the technical details in a Convex Labs Medium post that OpenSea allows NFT creators to add additional metadata that enables file extensions for HTML pages. If the metadata is stored as a json file on a decentralized storage network, such as IPFS or on remote centralized cloud servers, then OpenSea can download the image as well as an “invisible image” pixel logger and host it on its own server. Thus, when a potential buyer views the NFT on OpenSea, it loads the HTML page and fetches the invisible pixel that reveals a user’s IP address and other data like geolocation, browser version and operating system.

Analyst Alex Lupascu, co-founder of the privacy node service OMNIA Protocol, conducted his own research with the Metamask mobile app with similar effects. He discovered a liability that allows a vendor to send an NFT to a Metamask wallet and obtain a user's IP address.  He minted his own NFT on OpenSea and transferred the ownership of the NFT via airdrop to his Metamask wallet, and concluded finding a "critical privacy vulnerability." 

Related: MetaMask’s new inbuilt multichain institutional custody feature

In a Medium post, Lupascu described the potential consequences of how a "malicious actor can mint an NFT with the remote image hosted on his server, then airdrop this collectible to a blockchain address (victim) and obtain his IP address." His concern is that if an attacker gathers a collection of NFTs, points all of them to a single URL and airdrops them to millions of wallets, then it could result in a large scale distributed denial-of-service, or DDoS attack. Having personal data leaked can also lead to kidpnapping, according to Lupascu. 

He also suggested a potential solution could be requiring explicit user consent when it comes to fetching the remote image of the NFT: Metamask or any other wallet would prompt the user that someone on OpenSea or another exchange is fetching the remote image of the NFT, and informing the user that his or her IP address may be exposed.

Dan Finlay, CEO of Metamask, responded to Lupascu on Twitter stating that even though "the issue has been known for a long time," they are now starting work to fix it and improve user safety and privacy.

That same day, even Vitalik Buterin recognized the challenges of off-chain privacy within Web3. On a recent UpOnly podcast episode, Buterin said that "the fight for more privacy is an important one. People are underestimating the risks of no privacy," adding that the "more crypto-y everything becomes," the more exposed we are.

https://ift.tt/3AENDR5
Labels:

Comments

Post a Comment

Popular posts from this blog

Blockchain Software Firm Consensys Acquires Mycrypto Ethereum Wallet

On February 1, the blockchain infrastructure firm Consensys has revealed it has acquired the Ethereum-based wallet Mycrypto and plans to merge the wallet into Metamask. The price Consensys paid for Mycrypto was not disclosed but the announcement notes that the acquisition will “further improve the security of all the products.” Consensys Obtains Mycrypto Ethereum Wallet, Plans to Merge With Metamask in the Future Consensys has acquired the Ethereum-based wallet Mycrypto for an undisclosed sum according to an announcement released on Tuesday. The deal aims to strengthen the company’s Ethereum wallet Metamask and “enhance Web3 experiences.” The eventual merger between the two Ethereum interfaces will “provide users with a heightened experience that is even more extensive and secure,” according to Consensys. Consensys is an Ethereum software company led by one of the Ethereum co-founders Joseph Lubin. The Web3 wallet Metamask, with 21 million monthly active users (MAUs) is owned by C...
Post a Comment
Read more

The Congolese Mountain of Gold: Surprise Discovery in Africa Shows Metal’s Scarcity Is Hard to Prove

A myriad of gold bugs like to compliment the yellow precious metal for its ostensible scarcity, as estimates say only 2,500 to 3,000 tons of new gold is produced annually. While new gold discoveries have seemingly slowed, investigative studies also show that in some areas, gold is being smuggled into the economy by the ton, and often never accounted for as far as per annum issuance estimates. Recently, reports show a whole mountain of gold was discovered in the Congo, as the Democratic Republic of the Congo is well known for being a region that sees tons of smuggled gold filtered into the global financial system unreported. Surprise Gold Deposits Continue to Crack the Precious Metal’s Scarcity Proposition It has always been said that the precious metal gold (Au) is scarce, and some reports even say that gold mining on earth will end by the year 2050 . Additionally, estimates also show that there’s roughly 2,500 to 3,000 tons of new gold that is accounted for and enters into the fin...
Post a Comment
Read more

Bitcoin Legal Tender in 3 Days but Survey Shows 7 Out of 10 Salvadorans Want Bitcoin Law Repealed

Bitcoin is becoming legal tender in El Salvador in three days. However, a nationwide survey conducted by the University Institute of Public Opinion (Iudop) shows that seven out of 10 Salvadorans want the government to repeal the Bitcoin Law. El Salvador’s Bitcoin Law Goes Into Effect in 3 Days The University Institute of Public Opinion (Iudop) in El Salvador conducted a study between Aug. 13 and Aug. 20 of how the public views the country’s upcoming Bitcoin Law. The institute is a research center of the José Simeón Cañas Central American University (UCA). El Salvador’s Bitcoin Law is set to go into effect on Sept. 7 , when BTC will be legal tender in the country alongside the U.S. dollar. A total of 1,281 respondents ages 18 and over participated in this national survey that “represents the entire adult population residing in the country,” according to the institute. Out of all the respondents, 62.4% said they were aware of the approval of the Bitcoin Law by the deputies of the ...
Post a Comment
Read more