Satowallet Team to be Suspected of Scam

Users of a cryptowallet, targeted at Africa, are facing withdrawal issues for almost a half year
26 September 2019   617

The developers of the Satowallet cryptocurrency wallet, allegedly, have appropriated more than $ 1 million, each time finding new reasons not to pay users their funds, writes Finance Magnates.

Satowallet was founded in May 2017 and, according to official information, is based in Dubai and also has a representative office in Nigeria. The main target audience of the service are residents of Africa. Satowallet offers support for more than 60 cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin and Ethereum.

Users began to have difficulty withdrawing funds in April. The company referred to temporary technical problems and at the same time announced the launch of the SatowalletEX exchange. Responding to user complaints, the developers said that several attackers took advantage of the wallet update to steal their funds. Later, they reported the elimination of the vulnerability, but introduced manual transaction processing and forced verification of users, which is why the withdrawal of funds was inevitably delayed for several days.

In August, Satowallet users found that they could not access the platform. The CEO of the company explained that all eight servers responsible for the operation of the wallets, application and website were out of order. After some time, the developers reported that they were able to restore the service due to backups received from the OVH data center. However, there were no user assets in wallets.

OVH claims that server maintenance was suspended due to an unnamed violation. The creators of Satowallet, for their part, continue to blame OVH for fraud and withhold user funds.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   912

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.