This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
Have a great Thanksgiving dinner and enjoy the well deserved break! Thank you to all the readers that take time to read and support this newsletter weekly. If you have been finding this newsletter helpful so far, please support it by sharing with your friends & colleagues.
Bitcoin
Ledger publishes blog post covering the importance of Taproot. Worth reading!
Deep dive on compact block filters.
Design for implementing vaults using the proposed ANYPREVOUT signature hash flag. Vaults built with covenants allow for more complex script rules to be enforced at spend time. This is particularly useful in zero-trust environments.
A new LND version is released tagged as 0.14-beta. This is a big release that I’m really excited about. The accompanying blog post highlights a focus on both security and scaling issues. The release adds a security improvement allowing for a remote signing architecture which involves running one instance of LND as as watch-only service and another containing private key material (e.g. signer). There is supplemental documentation available here describing the setup.
Photon SDK is a newly available wallet development kit.
Nunchuk publishes an overview on self-custody in Bitcoin.
Ethereum
Metamask announces 21 monthly active users. A few weeks ago we covered their 10 MAU announcement. Usage is really picking up!
Tweet thread on an OpenSea vulnerability that would have allowed an attacker to mint blue chip NFTs.
Aave Arc is announced. This is an initiative to address compliance concerns by large traditional institutions.
Rekt has two new posts covering airdrops and Uniswap v3.
Recovering assets using Flashbots.
Other Chains
Acala wins the first parachain auction on Polkadot. The auction was really close. The next set of parachain auctions are happening in the coming weeks.
Kepler Wallet (Cosmos) removes IBC transfers from their homepage.
Tweet thread on Solana from an EVM perspective.
Electric Coin Company (Zcash) is focusing on better wallet development.
Security
Ledger is hosting a CTF. Registration is free and now open.
Kraken demonstrates a $5 attack against popular fingerprint-based authentication methods like Touch ID.
Lopp chronicles his experiences dealing with a swatter. It sounds absolutely frustrating. There’s several situations where law enforcement is not well equipped - swatting is one of them.
Supply Chain Security Con video recordings are available.
Awesome software supply chain repo.