Official Tron wallet criticized for weak encryption

Jean-Philippe Aumasson, the security director of Taurus, a digital asset infrastructure company, claims the TronLink wallet for the Tron blockchain is vulnerable. “These are defects at a basic level that any competent auditor would notice,” he told Decrypt.

According to him, Tron Link uses weak encryption methods for mnemonic phrases used to restore access to the wallet. “It looks like the official Tron wallet uses AES-ECB to encrypt a 12-word mnemonic phrase,” added Aumasson. He explained that ECB mode does not allow effective data encryption. “The ECB mode treats each block of data separately, while there must be some correlation between the blocks to ensure high security," the expert said.

This encryption method has been criticized by many cybersecurity researchers. "ECB is the simplest and most popular encryption method, but it is also quite weak," says NotSoSecure. The vulnerability can only be exploited on the user's device. This is because the problem does not manifest itself at the blockchain level, which can be accessed from anywhere. A successful attack will allow a hacker to withdraw cryptocurrency assets to their wallet. “This is not a niche app that 15 people would use,” Aumasson said. - I recommend that Tron holders: a) make sure the issue is fixed in the next release; b) make sure you have a strong password; c) consider an alternative wallet application. "

Chinese BSN platform adds support for Tezos

The Tezos project has joined the list of blockchains supported by the Chinese national platform Blockchain Service Network (BSN). According to a blog post on Medium, the Chinese government-backed Blockchain Service Network has announced the integration of the Tezos blockchain. Tezos has entered the "first batch of blockchains" to be integrated into BSN International, a global platform that provides access to public network services at BSN.

Through the integration, developers around the world can now access the Tezos protocol using BSN's global public nodes and portals. According to the article, all three global public city nodes in Hong Kong, California and Paris are integrated with the Tezos blockchain in both the main and test network.

To deploy and manage controlled blockchains at BSN International, developers must create an account on the official website. With access to Permissionless Services, developers can create their own projects on the Tezos mainnet or testnet. BSN states that all APIs provided by Tezos are available in BSN in a similar way, while maintaining the original data format.

The BSN platform was launched on April 25 with the support of the Chinese government, and in July, the developers announced that the platform will support over 100 open blockchains. In September BSN added support for Algorand, ShareRing and Solana, and earlier Chainlink and Cosmos.

NuCypher has raised over $ 125 million for the protocol and announced a mainnet launch date.

The startup helps developers of decentralized applications store, transfer and manage personal data of users on the public blockchain. American blockchain startup NuCypher has completed the distribution of its own NU token to more than 2,000 potential node operators, who donated over $ 125 million in Ethereum (ETH) for the protocol in September. It is planned that the main network of the project will become operational on October 15. NuCypher is a graduate of the Y Combinator Business Incubator. The startup entered the market in 2015 and aims to help developers of decentralized applications (dApps) store, transfer and manage user personal data on a public blockchain.

Last October, the startup raised $ 10.67 million through the sale of SAFT contracts. The lead investor back then was the hedge fund Polychain Capital, with the aforementioned Y Combinator and the mining company Bitmain among the investors. The NuCypher infrastructure is based on two technologies: Umbral PRE and NuFHE. The first is a proxy re-encryption method that keeps the data encrypted and protects it from third parties, but at the same time is available for transmission by an approved sender under certain conditions. The second is a kind of full homomorphic encryption that allows encrypted data to be processed without having to decrypt it.

NuCypher network node operators are rewarded for maintaining the blockchain. To affect the operation of the protocol, nodes must participate in the placement of NU tokens. The startup needed to distribute tokens to organizations that it could reasonably expect to participate in once the mainnet was launched. This is why the WorkLock mechanism was launched. WorkLock is a special smart contract designed to distribute nodes after the main network starts up. The essence of the mechanism is that users deposit ETH to the address of the smart contract, which is blocked for six months from the moment the miner is launched. In return, they receive NU tokens that can be used to manage nodes on the network. After six months, program participants can choose to return the deposited tokens back or continue to participate in NU staking. However, if they decide to exit early or act maliciously, they will have to forfeit their ETH.

Research: 43% of enterprise blockchains are used in finance.

The University of Cambridge published the results of the second enterprise blockchain comparative study, which collected data from surveys of more than 200 enterprises, startups, central banks and other public sector institutions in 59 countries from July 2018 to June 2019. One of the sections of the survey was devoted to corporate projects on the blockchain. After analyzing 67 operating networks, the researchers came to the conclusion that in 43% of cases, blockchains are used in financial projects, for example, for cleaning and reconciling records.

At the same time, the researchers found that most projects have been developed for a long time. On average, it takes about 25 months from proof of concept to deployment, and larger networks can take more than four years to build. Enterprise blockchains are much more centralized than their open counterparts. This means that instead of thousands of anonymous nodes and miners securing the blockchain, one or more nodes agree on the content of the new blocks and the existing chain.

Managed blockchains, which provide greater control over networks and a high level of privacy, are important in industries where data is a trade secret. However, this raises concerns that centralization will allow leading organizations to gain an unfair advantage and potentially block others from accessing aggregate results. Cambridge researchers found that over 80% of enterprise projects used just one blockchain deployment service to launch nodes and mine. 48% of the projects reviewed are based on the IBM Hyperledger Fabric blockchain, and 15% are based on R3 Corda.

