Circle introduces Circle Mint with zero-fee USDC minting

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.

Terraform Labs Co-Founder Daniel Shin Denies Wrongdoing in LUNA CollapseShin Hyun-seong, popularly known as Daniel Shin, has refuted accusations against him related to the $40 billion collapse of the stablecoin TerraUSD and its companion token, LUNA, according to a report by local news outlet Newspim. He presented this defense during his initial trial at the Seoul Southern District Court on October 30 (local time).Shin co-founded Terraform Labs, the company responsible for issuing TerraUSD and LUNA. His co-founder, Do Kwon, is currently serving a four-month prison sentence in Montenegro for passport forgery.Photo by Tingey Injury Law Firm on UnsplashProsecution’s allegationsKorean prosecutors allege that since 2018, Shin and his colleagues have concealed the fabricated nature of the “Terra project.” By manipulating trades and releasing misleading information, they purportedly misled investors into thinking the project was successful. It’s believed they sold off their tokens before the LUNA crash in May 2022, earning KRW 462.9 billion ($343.3 million) from these activities. They are suspected of personally taking KRW 376.9 billion from this amount.Prosecutors are focusing on Shin as the potential orchestrator of the LUNA crash. They speculate he began selling LUNA tokens around when Terraform Labs launched the Anchor Protocol in March 2021. This DeFi protocol increased the popularity and value of LUNA tokens. Before the crash, Shin is alleged to have gained at least KRW 154.1 billion.Defense argumentHowever, Shin’s legal team countered by asserting that Shin had cut ties with Kwon in 2020. They argued the decline of TerraUSD and LUNA was due to Kwon’s mishandling of the Anchor Protocol and an external attack, neither associated with Shin. Regarding the exploit, Terraform Labs has pursued legal action in the United States Southern District of Florida, claiming that American market maker Citadel Securities played a part in undermining TerraUSD in May 2022.Defending Shin, his lawyers emphasized that at the inception of the Terra project, there were no legal guidelines specifically for cryptocurrency transactions. Additionally, unlike Do Kwon who kept fleeing abroad, Shin willingly came back to Korea and has been cooperating with the investigation. They also noted he received only 32% of the 70 million LUNA tokens initially promised. Regarding classification, they stated LUNA isn’t legally recognized as a security.Shin’s lawyers further argued the prosecution hasn’t clearly identified victims or adequately outlined the components of fraud in this case. They said the prosecution’s case hinges on viewing LUNA as a security. However, Shin’s legal representatives maintained that under the Korean Capital Markets Act, LUNA isn’t a security, making its trades non-fraudulent.To counter a US court ruling the prosecution presented — that a token is a security — Shin’s defense highlighted that the verdict is from a lower court and remains contested. Earlier, prosecutors had cited a ruling from the United States Southern District Court of New York, which classified the XRP tokens sold to institutional investors as securities.

Xangle and CertiK Team Up to Promote Mass Adoption of Web3CrossAngle, the operator of the virtual asset data analysis platform Xangle, announced on Wednesday that it has teamed up with CertiK, a global blockchain security ranking platform, to promote the mass adoption of Web3 technologies and contribute to the formation of a secure and transparent blockchain ecosystem.Photo by Shubham’s Web3 on UnsplashStrengthening security and data insightsCertiK is a security-focused ranking platform for analyzing and monitoring blockchain protocols and DeFi projects. Through this new partnership, Xangle will gain access to Skynet, CertiK’s Web3 security analysis platform that monitors and visualizes on-chain and off-chain data with cutting-edge technology, along with other API data. In turn, CertiK will receive access to Xangle’s cryptocurrency reference price API and on-chain data analyses.CertiK’s industry analysis reports will also be regularly featured on Xangle’s research platform. Xangle’s research reports are well-regarded throughout the industry and have been featured on local and international financial information platforms such as Bloomberg Terminal, CoinMarketCap, Yonhap Infomax, and FnGuide.Positive outlooks“We are delighted to partner with CertiK, a global leader in Web3 security. We are already anticipating great synergy with our strong capabilities in on-chain data analysis,” said Jake Lim, Chief Business Development Officer (CBDO) of Xangle. “We believe that this collaboration between our two companies will accelerate the mass adoption of Web3 technologies.”Jason Jiang, Chief Business Officer (CBO) of CertiK, added that the partnership is expected to not only enhance security and transparency in the blockchain ecosystem but also help set new industry standards.This partnership between CertiK and Xangle reflects the growing importance of security and data analysis in the rapidly evolving Web3 landscape, as both companies work together to drive its widespread adoption.