AsiaNext Secures Market Operator License from Singapore’s MAS

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.

Worldcoin, the startup co-founded by OpenAI CEO Sam Altman, has encountered setbacks in its eye-scanning initiatives just six months after its international expansion. A recent report by TechCrunch indicates that the company’s signature orb eye-scanner is no longer available to users in the Indian market. According to that report, the Worldcoin Foundation clarified that its activities have also been suspended in France and Brazil. The company clarified that its offerings in those markets were only intended to be limited-time product previews as opposed to long-term roll-outs.Photo by Big G Media on UnsplashTemporary service haltIn India, the World App is experiencing widespread adoption, but the orb-verified proof of personhood services has been temporarily halted. The pause aims to allow the protocol to develop and implement a bespoke, safe and orderly process to meet the growing demand. The setback comes after Tools for Humanity, the organization behind Worldcoin, announced the expansion of World ID, its digital identity program linked to iris scans, in July. The startup had ambitious plans, intending to make 1,500 orbs available in over 35 cities globally. Recently, the company unveiled a program offering $5 million in grants to developers utilizing its eye-scanning technology. Regulatory investigationsSam Altman and his co-founders established Worldcoin in 2020 to help individuals prove their digital identity amidst the rise of AI. Over the years, Worldcoin has secured $250 million in funding from notable venture capitalists, including Andreessen Horowitz. However, the startup has faced regulatory challenges, including investigations by French and German regulators and an Argentinian government agency. Altman, himself, has navigated recent challenges. In November, the OpenAI board temporarily removed him as CEO, reinstating him two weeks later. More recently, Fortune reported that Altman quietly received $75 million from the University of Michigan for a new venture capital fund, raising questions about transparency, particularly following the launch of OpenAI’s signature product, ChatGPT. Asian tourIn recent weeks, the project development team behind Worldcoin had engaged in a tour of Asia. The objective of that mission was to gather market feedback prior to engaging in greater efforts to expand the reach of its World ID verification system within the region. To gauge market receptiveness to its product offering, the tour included meetups in major Asian cities such as Hong Kong, Seoul, Singapore and Tokyo. Up until mid-November, the Asian region accounted for 1.4 million World App sign-ups.The introduction of World ID 2.0 by the company on Dec. 13 led to a surge in the price of WLD. Over the course of the 48 hours that followed, it jumped from $2.47 to $4.23, a 71% increase. At the time of writing, the token unit price stood at $3.66. As Worldcoin navigates these challenges, the cryptocurrency industry will closely monitor developments, recognizing the broader implications for the startup’s innovative approach to digital identity verification.

Upbit procures ISO 22301 certificationDunamu, the blockchain and fintech firm that operates South Korea’s largest crypto exchange Upbit, announced Wednesday (local time) that Upbit has obtained the ISO 22301 certification, an international standard for security and resilience that evaluates a company’s business continuity management system (BCMS) based on its ability to protect against and respond to disruptive events. The firm disclosed that it acquired the certification from the U.S. International Accreditation Service (IAS) on Nov. 6.Photo by John Salzarulo on UnsplashNavigating risk managementMore specifically, the ISO 22301 certification evaluates a company’s ability to maintain uninterrupted and stable business operations through the prevention, response and recovery in the event of accidents, man-made or natural disasters and more. It offers several benefits for companies, such as proof of compliance with legal requirements, which serves as a marketing advantage, and the prevention of large-scale damage.To obtain the certification, companies must prepare in advance for unexpected disruptions by analyzing the level of impact that such events can have on business operations and the amount of time needed to recover, then put relevant policies in place to facilitate recovery. To maintain the certification, enterprises must also undergo an annual follow-up audit and a renewal audit every three years.Commitment to business resilience“We obtained the certification to protect user assets and provide safe services that do not stop in the face of external influences,” Dunamu said, emphasizing its commitment to enhancing service reliability and protecting investors. “We will not stop our efforts to become the most trusted cryptocurrency exchange.”Upbit has previously acquired other ISO certifications, such as the ISO 27001 for information security; the ISO 27017 for information security in cloud computing; and the ISO 27701 for privacy management. The exchange also obtained ISMS-P in 2021, a certificate administered by Korea’s Ministry of Science and ICT and Personal Information Protection Commission for information security and personal information management.