Jack Dorsey’s Payments Startup Square Open-Sources Bitcoin Cold Storage Solution

San Francisco-based mobile payments firm Square announced it is open-sourcing its Bitcoin cold storage solution, which is now available on Github.
Mobile Payments Startup Square Open-Sources Hardware Security Modules (HSMs) and Wallet Auditing Tool
The company founded by Jack Dorsey, who is also CEO of Twitter, has built out its cryptocurrency infrastructure when it started offering Bitcoin payments with Cash App in late 2017.
The documentation, code, and tools for “Subzero” – the HSM-backed solution designed to protect the startup and users from internal and external threats – can now be found here.
Square’s FIPS certified Hardware Security Modules (HSMs) are already in use for other payments-related needs.
“Funds can be sent from online systems to the cold storage at any time. Moving funds out of cold storage requires a multi-party signing ceremony. In addition, the offline HSMs are able to enforce business logic rules, for instance we only allow sending funds to Square-owned addresses. Such a scheme is usually called defense in depth or an onion model. We maintain the online/offline isolation by importing transaction metadata and exporting signatures using QR codes.”
The modules’ ability to share key material enables Square to store backups in encrypted form and restore a wallet at any location. The startup warns that the source code is only useful for coders with the exact same hardware setup, but they are open to contributions enabling support for alternative vendors. Square is also open-sourcing its auditing tool Beancounter, security engineer Alok Menghrajani announced.
“Finally, we wrote a tool, Beancounter, to audit our wallet balances. The tool is written in Go and addresses needs that aren’t fulfilled by existing wallet software, such as the ability to compute the balance at any given date in the past, and the ability to handle wallets with very large number of transactions. Beancounter also has some other useful features, such as mapping dates to block numbers.”
Square intends to share the work in order to help others fulfill their security needs and to promote innovation and security in the cryptocurrency space. Over the long run, the startup will attempt to standardize some of the code.
The payments firm reported $37 million in revenue from Bitcoin, having spent $36.6 million to offer it on their Cash App, leading to a tight profit of $420,000. Square saw tremendous stock performance coinciding with their additions to the Cash App. Many investors see it as a better way to acquire Bitcoin than cryptocurrency exchanges, as the payments service allows for feeless trading while operators can charge fees higher than four percent.
Featured image from Shutterstock.
The post Jack Dorsey’s Payments Startup Square Open-Sources Bitcoin Cold Storage Solution appeared first on NewsBTC.
Source: New feedNewsBTC.com

Monero [XMR] wallets compromised as hackers target MEGA Chrome extension

On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.
Latest version of MEGA Chrome extension was hacked | Source: Twitter
The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.
Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.
In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,
“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:

Latest version of MEGA Chrome extension was hacked | Source: Twitter
SamsungGalaxyPlayer spotted the issue and stated:
“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”
Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.
MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.
PWPersian commented on Reddit:
“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”
Gattacus an enthusiastic Redditor commented:
“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github https://github.com/meganz/chrome-extension There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. pure speculation though”
The post Monero [XMR] wallets compromised as hackers target MEGA Chrome extension appeared first on AMBCrypto.
Source: AMB Crypto

Investor Buy Signal to ‘Make a Killing’ is the Next Bitcoin Death

An investment analyst has predicted the ‘death of Bitcoin’ articles will show the key moment to invest in Bitcoin. Following the ‘bubble popping’ over the last year, the analyst claims that this will be the buy signal for him and others to invest.

No Such Thing as Bad Press

Bitcoin has ‘died’ countless times according to the media. 99Bitcoins puts the figure at 306 deaths with quotes from each publication that has called it over for the digital currency. These articles often occur after temporary market crashes, including the Mount Gox hack where Bitcoin ‘died’ at $658 according to articles such as ‘Bitcoin is Dead’ by the Weekly Standard.

In the article, Jonathan Last said: “The speculators may not realize it yet, but you can stick a fork in bitcoin. It’s done.”

Now, CEO of stocks and investment website ADVFN, Clem Chambers, has claimed that these death reports are excellent buy signals for investors. He said that investors can ‘make a killing’ if they buy at the bottom, in a similar way to those who invested following the dotcom bubble. Chambers said:

“I want to see headlines saying “Bitcoin is dead” after a final leg down. This will signal a bottom as it has on many previous occasions. “The Death of Bitcoin” as a MSM headline will be the point I will be serious about loading up.”

‘Bitcoin is dead’ searches on Google hit an all-time high this year between February 4 and February 10 when the price of Bitcoin dropped to $6,048. That’s almost ten times higher than when Bitcoin died in 2014. Bitcoin has fallen to around this price an additional two times this year but searches have remained low.

Price of Bitcoin over the last year


Google search volume for ‘Bitcoin is dead’ over the past year

Chambers expects one more drop this year which will lead to the definitive death of Bitcoin for 2018. From looking at the charts, he sees ‘another final leg to fall’ but admits that’s just his opinion. After 2014, it took two years for the price to stabilise and start reaching higher. However, recent news on Bitcoin ETFs may help to accelerate the progress this time around.

Bitcoin ‘Purge’ to Help Growth?

An ICO advisory firm has released a study showing over 80% of ICO projects were scams. This definition included projects that didn’t follow their roadmap or were deemed to be scams by community members. Three per cent ‘died’, meaning they were not listed on exchanges and had no contributions in Github for quite some time.

The data showed that investors have a good eye as the 80% of ICOs only received 11% of total funding. Yet it has been argued that removing some of the ‘unsuccessful’ coins could help to revitalise the market which has lost over $500 billion of its market cap this year. As cryptocurrencies are decentralized, this purging of coins would have to be voluntary but it could help to stimulate growth.


Image from Shutterstock

The post Investor Buy Signal to ‘Make a Killing’ is the Next Bitcoin Death appeared first on NewsBTC.

Source: New feedNewsBTC.com