Accidental MetaMask Ban from Google Chrome Highlights Wallet Security Issues

MetaMask Ban

A couple of days ago the popular wallet and in-browser Ethereum gateway MetaMask was accidentally removed from Google’s Chrome store. The incident left users being re-directed to an imposter version of the software. Luckily, the Ethereum community was quick in detecting the problem and the situation was resolved within six hours.

However, this was just another in a series of incidents highlighting the fact that wallet security and private key management is a weak link in the cryptocurrency ecosystem. There have been countless incidents of phishing scams, imposter wallets, and trojan horses.

It seems that the higher the security of the underlying cryptographic model, the more likely it is for incidents to occur. If we think about this from a usability perspective, this is not overly surprising, as more complex models usually involve more complex management on the user’s side providing more options for mistakes. An example of this is IOTA’s quantum proof cryptography, which has led to quite a few incidents of users being tricked into mistakes and losing their funds.

Wallet Security

Wallets and keys can be compromised in a number of ways.  First of all, keys are long numbers and typical wallets use several of them. This means that keys cannot be remembered by users and need to be backed up in some way. Many wallets use mnemonic code schemes such as BIP39 to generate keys deterministically from a list of seed words. However, seed words also need to be written down or backed up. Users are known to use shortcuts for convenience.

For a wallet to be useful, it needs to be connected to the internet. Cold wallets are much safer, but inconvenient. Even hardware wallets are much less convenient than a smartphone app with a simple pin or password. Unfortunately, this type of hot wallets is also more vulnerable. Many users even use web wallets that store keys on some company’s server, the weakest wallet security model.

The biggest risk is probably not the actual wallet being hacked, but the above-mentioned phishing scams and imposter wallets that trick users into using alternative software with backdoors and other security leaks.

Phishing
  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn

Additional MetaMask Risks

MetaMask is a great product. It provides the most convenient way to connect to the Ethereum network. Being much more than a wallet, the browser extension injects JavaScript code into web pages allowing decentralized applications to communicate directly with public Ethereum nodes, send transactions and interact with smart contracts. This makes the tool incredibly powerful but also introduces a number of dangers. For example, any website, open in any browser tab has access to the JavaScript code and can monitor transactions. An open webpage might generate transactions at a convenient time, for example when the user expects to have to confirm a transaction, generate a confirmation pop up and trick the user into sending funds to a different recipient.

Getting it Right

Even seasoned cryptocurrency users can get key management wrong. It is, therefore, best to diversify the risk and use a varies wallets. Web wallets should be a temporary measure, to be used only when an exchange has to be used. Once the currency conversion is complete, funds should be removed immediately. Similarly, a MetaMask wallet should hold just enough funds to interact with DApps. Larger amounts should be stored on hardware or cold wallets. It does make sense to keep a reasonable amount on a smartphone wallet for daily use.

Apart from this wallet diversification, users must, of course, take the necessary precautions to protect themselves from phishing and other scams.

  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn

Previous ArticleNext Article
Dr. Stefan Beyer
Dr. Stefan Beyer is editor-at-large at BlockTelegraph and a Blockchain consultant and smart contract auditor. He graduated from the University of Manchester in 2001 with a degree in Computer Science and obtained a Ph.D. in 2004 from the same university with the title “Dynamic Configuration of Embedded Operating Systems”. Since then he has worked in computer science research in distributed systems, fault tolerance, ubiquitous computing and cyber security. He is currently working as head of research and development for a medium-sized cyber security company in Spain.

Leave a Reply

Your email address will not be published. Required fields are marked *

Börse Stuttgart Unveils New ICO Platform to Help Blockchain Start-ups

Stock exchange charts

Navigating the Regulatory Minefield

Blockhain-crypto start ups are here to stay, and while most of them are eager to play by the rules, they need a helping hand or two from organizations with expertise in regulatory matters. This regularity environment must walk a tightrope of clarity, best practices, and an aversion to overzealous oversight that risk throttle the industry. We’ve seen the fruits of such a beneficial environment already in Malta, which has formed the vanguard of crypto-friendly countries in Europe, and Estonia, which has designs on a “digital republic“.

However, financial and securities regulations aren’t easy to understand. Very often, start-ups interpret their offering in one way, only to find that regulators have interpreted it rather differently. Take, for instance, the dim view the US Securities and Exchange Commission (SEC), has taken of so-called utility tokens. Numerous start-ups believed their tokens did not fall under the definition of a security due to their ‘utility’ on the platform.

The SEC, following a principle of “Substance over form”, reviewed the aggressive marketing of these tokens and noticed the vast majority of people were buying the utility tokens with the expectation of a future profit. This classification from on high has led to a scramble among ICOs and a full scale swing to Security Tokens, which start-ups hope will avoid regulatory carpet bombing.

This is where Börse Stuttgart, Germany’s no. 2 stock exchange, enters the picture.

Gavel and law books
  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn
ICOs need outside help to avoid the long arm of the SEC. Image credit: succo / Pixabay

 

An Integrated Platform

Börse Stuttgart is developing an integrated service offering for digital currencies, which, they hope, will remove the grey areas that often plague ICO sales. The company will allow blockchain start-ups to conduct their ICOs over their new platform in a transparent manner. The platform offers services in a centralized manner so that the start-ups can work with a single integrated service provider. Börse Stuttgart is also developing a secondary market for the ICO tokens sold over their platform. A secondary market are important for most blockchain-crypto projects, since brings in the much needed ‘network effect‘.

Börse Stuttgart is a well-established player in Germany with their floor-based stock exchange. Retail investors can trade in various products here — equities, securities derivatives, exchange-traded funds (ETFs), and bonds, to name a few. Founded in 1860, and based out of Stuttgart, the company lays claim to broad expertise in various kinds of trading as well as regulation, all of which will come handy for ICO token issuers who use their new ICO platform.

The company is also developing a crypto trading app, named ‘Bison’, which they plan to release in September 2018. Their new ICO platform will follow the release of Bison. Alexander Hoptner, their CEO, is upbeat about the project which sits well with their strategy of promoting digital currencies in a transparent and regulated manner.

Börse Stuttgart isn’t the only stock exchange serious about blockchain and crypto; “SIX”, the company that owns and manages Switzerland’s stock exchange, is building “SIX Digital Exchange” (SDX), an integrated market for cryptocurrencies. Increasingly, it looks like Europe is taking the lead in blockchain and cryptocurrency technology. Time will tell if other global financial powers can keep pace.

 

 

  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn

A New Survey Provides Insight into Blockchain Adoption in Advertising

blockchain advertising survey results

Advertiser Perceptions Reports on Survey Results

Advertiser Perceptions, an intelligence company in the advertising industry, recently reported the results of a survey commissioned by XCHNG, a blockchain based digital advertising platform. To complete the report, Advertiser Perceptions surveyed 300 advertising decision-makers. The focus of the survey was to determine how these decision-makers feel about blockchain technology, specifically media solutions related to it, including advertising.

One of the primary highlights of the survey is the finding that just 11 percent of advertising executives have bought ads utilizing blockchain technology. Considering the prevalence of blockchain, this is a particularly interesting figure. After all, this figure indicates that just over 1 out of 10 executives have utilized blockchain technology in ads. Despite the low level of execution, interest is high.

In fact, when questioned, almost half of those responsible for making decisions in advertising indicated that they see strong potential for blockchain technology. Specifically, the report found that these decision makers feel that blockchain may help them overcome issues such as inaccuracies across the supply chain and a lack of transparency. Since both of those factors currently negatively impact 70 percent of advertisers’ return on investment, according to the survey, the potential for using blockchain is there.

While the survey indicated positivity toward the potential applications of the blockchain in advertising, it also pinpointed some of the issues holding back widespread adoption. Two-thirds of the professionals surveyed by Advertiser Perceptions indicated that they are skeptical about solutions for media involving blockchain. The report found that this skepticism is the result of the mixed and negative information regarding cryptocurrency.

In addition to capturing overall sentiments regarding blockchain advertising as a whole, the survey also asked some targeted questions to those who have already discussed potential solutions with a blockchain provider. Of those who have taken this key step toward execution, the majority do plan to buy data via blockchain technology within the next two years.

xchng blockchain advertising
  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn
Image Credit: XCHNG/xchng.io

XCHNG’s Interest in the Survey

As mentioned, XCHNG commissioned this survey and report. XCHNG is a unified and open-source blockchain-based framework that is specifically designed to work in the ecosystem for digital advertising. Kochava, whose CEO, Charles Manning, is also the XCHNG CEO, designed and deploys the XCHNG framework. With XCHNG, advertisers can target as well as activate audiences, take advantage of a next-generation record system, enhance the transparency and efficiency of advertising spending, and allow for tokenization of the framework.

As such, XCHNG has a great deal at stake based on the interest in blockchain technology used for advertising. An indication of high interest in the adoption of blockchain tech for advertising helps to show the potential of the XCHNG framework. XCHNG can use the interest levels indicated in the report to indicate its value to contributors and partners. At the same time, it can utilize the concerns mentioned in the report, such as the hesitation to adopt blockchain technology due to the occasional negativity surrounding crypto, to determine areas that it must improve upon. Simply put, the report provides XCHNG with valuable insight into the specific industry it hopes to target.

  • Facebook
  • Twitter
  • Buffer
  • reddit
  • LinkedIn

Join Our Mailing List

Keep up with the latest in FinTech, Blockchain, and Crypto.

You have Successfully Subscribed!