Regulatory Pressure Sees Binance Cease Card Offering in the Middle East

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.

North Gyeongsang Province launches metaverse platform to become digital hubNorth Gyeongsang Province has officially launched its integrated metaverse platform Metaport, which aims to expand access to the metaverse — a key component of the digital economy — for the region’s citizens. It also serves to showcase the region’s cutting-edge technologies and establish it as a hub for emerging industries.Photo by Mimi Thian on Unsplash“We will focus on a strategy to solidify our position not only as a metaverse capital but also as a global digital hub,” said the province’s Governor Lee Cheol-woo.Offering a hybrid metaverse experienceTouted as the nation’s first scalable hybrid metaverse platform, Metaport utilizes Web3 technology to provide both web and app services. In particular, it leverages open APIs to integrate features such as login and avatars into one service, which allows users to enjoy metaverse content provided by local governments, public institutions, businesses, schools and more.Bridge to the futureThe platform also connects reality and the virtual realm with a virtual model of the Daegu-Gyeongbuk Integrated New Airport as the main space within the realm. The Daegu-Gyeongbuk Integrated New Airport is a joint military-civilian airport that is set to be built by 2030 in the Uiseong and Gunwi counties.Users can access MetaPort through a website without downloading a separate program. The mobile app is also available for Android smartphones on the Google Play Store.

Korean Assembly Mandates Crypto Disclosure Amidst Lawmaker’s ScandalThe Korean National Assembly’s plenary session passed amendments to a couple of acts today that mandate lawmakers and senior government officials to report their cryptocurrency assets, according to news agency News1.Photo by Tingey Injury Law Firm on UnsplashAmendments to two actsIn an afternoon session, the National Assembly passed two amendments: one to the National Assembly Act and another to the Public Service Ethics Act.The amendment to the National Assembly Act, which had been approved by the Special Committee on Political Reform on Monday, specifically addresses the issue of cryptocurrencies and their potential conflict of interest for lawmakers. Likewise, the amendment to the Public Service Ethics Act, which had been approved by the Public Administration and Security Committee on Monday, imposes a requirement on lawmakers and high-level civil servants to disclose their cryptocurrency holdings.Mandatory crypto disclosureConsequently, starting from the 22nd National Assembly, lawmakers will be obligated to disclose their cryptocurrency assets. Additionally, the current 21st National Assembly will be required to disclose the cryptocurrencies they held and traded between the beginning of their term and May 31 of this year, with the disclosure deadline set for the end of June.A lawmaker’s crypto scandalThese legislative actions were prompted by allegations surrounding lawmaker Kim Nam-kuk, who was purportedly in possession of 800,000 WEMIX tokens from January to February of last year, potentially valued at up to 6 billion KRW (around $4.5 million). Concerns were raised regarding possible insider trading and conflicts of interest due to Kim’s ownership of these tokens.