Electrum critical vulnerability fixed

Vulnerability allowed attackers to get access to the resources of users through Javascript
09 January 2018   803

Electrum's bitcoin wallet team confirmed the existence of a critical vulnerability that allowed hackers to access the resources of users through Javascript. Urgently released updates are said to have solved this problem.

Malicious sites could steal the bitcoins when they visited, if the Electrum was launched at that time. Access to the tools was possible through the default JSON RPC interface, through which arbitrary console commands were transferred to hackers, including exporting keys.

Google researcher Tavis Ormandy drew attention to the bug on January 6, but there is evidence that he was aware of it, at least last year. Soon after the publication of Ormandy's message, the Electrum team began preparing the patch.

The most dangerous in this case were wallets without a password. A fairly complex password is supposed to guarantee relative security if the wallet owner did not make transactions at that time.

The vulnerability was partially corrected in version 3.0.4, and on Monday night, January 8, Electrum team posted version 3.05 of the purse, which is supposed to close the vulnerability more reliably.

In particular, the JSON RPC interface is disabled when the wallet graphical interface is running, and by default the password protection of the wallet is enabled.

SEC to Accuse Veritaseum ICO of Fraud

SEC believes that project's tokensale, thru which it raised $14.8M back in 2017-2018 had a signs of scam and company misled the investors
14 August 2019   213

The U.S. Securities and Exchange Commission (SEC) has sued New Yorker  and Veritaseum-related companies that have been caught by the agency in conducting an unregistered ICO with signs of fraud. It is reported by Cointelegraph.

According to documents published on the network, the SEC intends to hold Reggie Middleton accountable and immediately freeze the assets of Veritaseum Inc. and Veritaseum LLC.

The Commission claims that the defendants raised about $ 14.8 million through an initial coin offering (ICO) in 2017 - early 2018. At the same time, many investors were misled, as the company distorted information about the conditions of the token sale and deliberately hid some significant details.

The American regulator claims that the project still has about $ 8 million of illegally raised funds. According to the SEC, these assets must be frozen immediately.

Amid this news, the Veritaseum (VERI) rate has fallen by 70%. Now the coin is trading near the $ 5 mark, although at the beginning of 2018 its rate was approaching $ 500.

Veritaseum was created as a financial p2p platform, involving the movement of capital without traditional intermediaries. Also, VERI was positioned as a utility token for use in consulting services and access to various research works.

In 2017, Veritaseum blockchain startup fell victim to hackers, having lost $ 8.4 million from ICO investors.