This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
News
CoinMarketCap has a data leak of 3.1M email addresses. Prepare for more phishing attempts.
Excellent investigation on the low cost of committing identity theft and fraud to enter regulated exchanges.
Bitcoin
Taproot soft-fork activation will be enforced sometime at the end of this week at block 709,632. It’s been a longtime coming and really excited to see a new foundational change to the Bitcoin protocol. Sharing this Bitcoin Optech guide again to prepare for Taproot.
TabConf conference was last week. Some videos of the talks are online already. For convenience, the following links are timestamped with talks on coin selection, lightning network, schnorr, miniscript, and scaling LND. There was also a workshop on creating a bitcoin wallet.
Taproot deployment is causing an issue with the Neutrino client.
Thread on ColdCard’s XOR functionality.
Brink launches a new podcast. First episode is on Bitcoin Core’s mempool policy.
Ethereum
Ethereum hard-fork will likely happen next month. New Geth release to prepare for it.
A proposed architecture for Flashbots for post-merge.
A Discord community hosting CreatureToadz NFT had one of its moderators compromised leading to a phishing attack. Discord is the center piece of most NFT communities so tooling and security education is very important. Last week, Discord showcased a wallet integration for its platform. Unfortunately, the platform has a serious phishing problem powered by bots so I hope that is solved before wallets are part of the experience.
BlockSec has a new flash loan monitor dashboard.
OpenZeppelin introduces a Smart Contract Security Registry.
Podcast episode on Fireblocks, Aave Arc, and institutional custodians entering DeFi.
Other Chains
Dfinity open sourced their canister SDK. For those unfamiliar, canisters are deployed smart contract libraries that can run in any wasm-compatible environment.
Brave is integrating Solana.
Solana security workshop.
A team is requesting funds from Kusama Council on a new browser extension wallet.
Security
Overview of random oracles in cryptography.
An eBPF module for tracing packets.
Finding memory safety issues in Rust.
Mitigated attack on protocols using threshold ECDSA.
FBI report on data collection by cell phone companies.
Have a great week! If you find this newsletter useful, please share with your friends & colleagues.