Skip to main content

MLB Team Washington Nationals Partners With Terra Blockchain Community, Ballpark Plans to Accept UST

On February 9, the American professional baseball team based in Washington, D.C., the Washington Nationals, announced the team has partnered with Terra, the open-source blockchain platform and decentralized autonomous organization (DAO). The Washington Nationals detail that the team is a “leading innovator” and is “consistently introducing new technologies to enhance the fan experience.” Washington Nationals Ink Long-Term Deal With Terra Major League Baseball (MLB) team the Washington Nationals has partnered with the blockchain platform and DAO Terra, according to an announcement published by the team on Wednesday. The deal with Terra follows a slew of sports-related deals with crypto firms, but the MLB team will be the first to partner with an open-source blockchain project. In addition to the partnership, the algorithmic stablecoin UST that’s issued on the Terra blockchain will be “accepted as a payment method at Nationals Park as early as next season.” “The Nationals continue t...
Post a Comment

This proof of concept NFT can swipe unsuspecting users' IP addresses

Turns out that some NFTs might be building collections of their own. Their target? Your private data.

Both OpenSea and Metamask have logged cases of IP address leaks associated with transferring nonfungible tokens (NFTs), according to researchers at Convex Labs and OMNIA protocol.

Nick Bax, head of research at NFT organization Convex Labs tested out how NFT marketplaces like OpenSea allow vendors or attackers to harvest IP addresses. He created a listing for a Simpsons and South Park crossover image, entitling it “I just right click + saved your IP address” to prove that when the NFT listing is viewed, it loads custom code that logs the viewer's IP address and shares it with the vendor.

In a Twitter thread, Bax admitted that he "does not consider my OpenSea IP logging NFT to be a vulnerability" because that is simply "the way it works." It's important to remember that NFTs are, at their core, a piece of software code or digital data that can be pushed or pulled. It is quite common for the actual image or asset to be stored on a remote server, while only the asset's URL is on-chain. When an NFT is transferred to a blockchain address, the receiving crypto wallet fetches the remote image from the URL associated with the NFT.

Bax further explained the technical details in a Convex Labs Medium post that OpenSea allows NFT creators to add additional metadata that enables file extensions for HTML pages. If the metadata is stored as a json file on a decentralized storage network, such as IPFS or on remote centralized cloud servers, then OpenSea can download the image as well as an “invisible image” pixel logger and host it on its own server. Thus, when a potential buyer views the NFT on OpenSea, it loads the HTML page and fetches the invisible pixel that reveals a user’s IP address and other data like geolocation, browser version and operating system.

Analyst Alex Lupascu, co-founder of the privacy node service OMNIA Protocol, conducted his own research with the Metamask mobile app with similar effects. He discovered a liability that allows a vendor to send an NFT to a Metamask wallet and obtain a user's IP address.  He minted his own NFT on OpenSea and transferred the ownership of the NFT via airdrop to his Metamask wallet, and concluded finding a "critical privacy vulnerability." 

Related: MetaMask’s new inbuilt multichain institutional custody feature

In a Medium post, Lupascu described the potential consequences of how a "malicious actor can mint an NFT with the remote image hosted on his server, then airdrop this collectible to a blockchain address (victim) and obtain his IP address." His concern is that if an attacker gathers a collection of NFTs, points all of them to a single URL and airdrops them to millions of wallets, then it could result in a large scale distributed denial-of-service, or DDoS attack. Having personal data leaked can also lead to kidpnapping, according to Lupascu. 

He also suggested a potential solution could be requiring explicit user consent when it comes to fetching the remote image of the NFT: Metamask or any other wallet would prompt the user that someone on OpenSea or another exchange is fetching the remote image of the NFT, and informing the user that his or her IP address may be exposed.

Dan Finlay, CEO of Metamask, responded to Lupascu on Twitter stating that even though "the issue has been known for a long time," they are now starting work to fix it and improve user safety and privacy.

That same day, even Vitalik Buterin recognized the challenges of off-chain privacy within Web3. On a recent UpOnly podcast episode, Buterin said that "the fight for more privacy is an important one. People are underestimating the risks of no privacy," adding that the "more crypto-y everything becomes," the more exposed we are.

https://ift.tt/3AENDR5
Labels:

Comments

Post a Comment

Popular posts from this blog

Bitcoin Legal Tender in 3 Days but Survey Shows 7 Out of 10 Salvadorans Want Bitcoin Law Repealed

Bitcoin is becoming legal tender in El Salvador in three days. However, a nationwide survey conducted by the University Institute of Public Opinion (Iudop) shows that seven out of 10 Salvadorans want the government to repeal the Bitcoin Law. El Salvador’s Bitcoin Law Goes Into Effect in 3 Days The University Institute of Public Opinion (Iudop) in El Salvador conducted a study between Aug. 13 and Aug. 20 of how the public views the country’s upcoming Bitcoin Law. The institute is a research center of the José Simeón Cañas Central American University (UCA). El Salvador’s Bitcoin Law is set to go into effect on Sept. 7 , when BTC will be legal tender in the country alongside the U.S. dollar. A total of 1,281 respondents ages 18 and over participated in this national survey that “represents the entire adult population residing in the country,” according to the institute. Out of all the respondents, 62.4% said they were aware of the approval of the Bitcoin Law by the deputies of the ...
Post a Comment
Read more

Bitcoin breaking new highs in Q4 will ‘temporarily turn alts to dust’ — Analyst

Things will get exciting in quarter four, but not before a convincing floor is put in across crypto, analysts say this week. Bitcoin ( BTC ) was busy losing its overnight gains on Sept. 27 as resistance continued to prove too much for bulls.  BTC/USD 1-hour candle chart (Bitstamp). Source: TradingView Analyst on Bitcoin: “Right now, we’re stuck” Data from Cointelegraph Markets Pro and TradingView  showed BTC/USD dropping to around $1,000 below overnight highs of $44,400 on Bitstamp on Sept. 27.  The move constitutes a rejection at a “critical” zone to break, Cointelegraph contributor Michaël van de Poppe explained, with $42,000 now the key level to hold for a higher low. Bitcoin is acting in an increasingly narrow range, he summarized in his latest YouTube update. “Right now, we’re stuck,” he said, pointing to $47,000 as next should the $44,600 zone be reclaimed. On the downside, the zone between $38,000 and $40,000 remains valid for a bounce, while a co...
Post a Comment
Read more

Blockchain Software Firm Consensys Acquires Mycrypto Ethereum Wallet

On February 1, the blockchain infrastructure firm Consensys has revealed it has acquired the Ethereum-based wallet Mycrypto and plans to merge the wallet into Metamask. The price Consensys paid for Mycrypto was not disclosed but the announcement notes that the acquisition will “further improve the security of all the products.” Consensys Obtains Mycrypto Ethereum Wallet, Plans to Merge With Metamask in the Future Consensys has acquired the Ethereum-based wallet Mycrypto for an undisclosed sum according to an announcement released on Tuesday. The deal aims to strengthen the company’s Ethereum wallet Metamask and “enhance Web3 experiences.” The eventual merger between the two Ethereum interfaces will “provide users with a heightened experience that is even more extensive and secure,” according to Consensys. Consensys is an Ethereum software company led by one of the Ethereum co-founders Joseph Lubin. The Web3 wallet Metamask, with 21 million monthly active users (MAUs) is owned by C...
Post a Comment
Read more