Electrum critical vulnerability fixed

Vulnerability allowed attackers to get access to the resources of users through Javascript
09 January 2018   538

Electrum's bitcoin wallet team confirmed the existence of a critical vulnerability that allowed hackers to access the resources of users through Javascript. Urgently released updates are said to have solved this problem.

Malicious sites could steal the bitcoins when they visited, if the Electrum was launched at that time. Access to the tools was possible through the default JSON RPC interface, through which arbitrary console commands were transferred to hackers, including exporting keys.

Google researcher Tavis Ormandy drew attention to the bug on January 6, but there is evidence that he was aware of it, at least last year. Soon after the publication of Ormandy's message, the Electrum team began preparing the patch.

The most dangerous in this case were wallets without a password. A fairly complex password is supposed to guarantee relative security if the wallet owner did not make transactions at that time.

The vulnerability was partially corrected in version 3.0.4, and on Monday night, January 8, Electrum team posted version 3.05 of the purse, which is supposed to close the vulnerability more reliably.

In particular, the JSON RPC interface is disabled when the wallet graphical interface is running, and by default the password protection of the wallet is enabled.

Bakkt to be Launched in December

It is also reported that Goldman Sachs does not plan to create custodial cryptocurrency solutions based on the Bakkt infrastructure
19 October 2018   39

The expected launch of the Bakkt will take place on December 12 of this year. It is reported by The Block, citing informed sources.

Also, the material states that the investment bank Goldman Sachs does not plan to create custodial cryptocurrency solutions based on the Bakkt infrastructure. At the same time, the bank is considering the possibility of trading futures on a new platform.

In a recent Fortune interview with Bakkt, Kelly Lofler said that the cryptocurrency market is on the verge of a revolution comparable in size to the one that occurred on the energy market in the early 2000s.

Greater institutional participation in the digital asset markets requires secure and regulated custody solutions. We are impressed by BitGo’s product, unique services, and the management team. We view our investment in BitGo as an exciting opportunity to contribute to the evolution of this critical market infrastructure.

Rana Yared

Managing director, Goldman Sachs’ Principal Strategic Investments group

Bakkt is a cryptocurrency unit of the Intercontinental Exchange (ICE), which is the operator of the New York Stock Exchange. Giants such as Microsoft and Starbucks are taking part in creating of the new project, which is positioned as an “ecosystem for digital assets”.

The new platform will offer deliverable bitcoin futures to the market (unlike the settlement contracts for CBOE and CME, these are based on the underlying asset). The platform will support multiple fiat currencies.