This Week in Custody #19
This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
Hope everyone had a restful time with family this holiday break! We’re back to our weekly cadence.
News
Institutional crypto custodians raised more than $3 billion in 2021. [Link]
January 3rd is the anniversary of the Bitcoin genesis block. The Proof of Keys movement has also adopted the date to raise awareness about self-custody. However, on-chain data doesn’t seem to prove that the movement’s January 3rd target date is gaining much traction.
Human Rights Foundation and Strike launch Bitcoin bounties for FOSS developers working on LN. [Link]
Kraken acquires Staked. [Link]
Bitgo adds support for Avalanche. [Link]
Bitcoin
Bitcoin Optech’s 2021 Year-in-Review. [Link]
Is it possible to convert a taproot address into a native segwit address? [Link]
The answer is no. Binance however went ahead and accepted a P2TR address and converted it to SegWit version 0 address causing loss of funds for the user.
Lightning Node Connect: A Technical Deep Dive. [Link]
This technical post outlines a new way to securely connect to a remote LND node. The use of PAKE, gRPC, and macaroons is really interesting and worth the read.
Getting Taproot ready for multisig. [Link]
Reusable taproot addresses. [Link]
Base58 is a new educational program teaching Bitcoin developers. [Link]
Unchained Capital write about seed phrase physical security. [Link]
CardCoins adds support for LN. [Link]
Trezor writes about what comes after the Taproot upgrade. [Link]
Ethereum
Huobi Global Has Opened ETH Deposits and Withdrawals on Arbitrum. [Link]
Yul (and Some Solidity) Optimizations and Tricks. [Link]
Argent adds support for ZigZag. [Link]
Aave is building a mobile wallet. [Link]
Gnosis Safe is deployed on Optimism. [Link]
Coinbase Wallet outlines its plan for 2022. [Link]
WalletConnect releases Kotlin and Swift SDKs. [Link]
Language server for Solidity merged. [Link]
Dissecting Defi (great substack!) writes about the Secureum Bootcamp. [Link]
Crypto
Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs. [Link]
Several SSS libraries had vulnerabilities allowing an attacker to steal the secret keys of other users. Trail of Bits announces ZKDocs to knowledge share non-standard cryptographic primitives and their best practices.
Cryptographic bait using nonce reuse. [Link]
Robert Miller crafts two transactions with the same nonce and waits to see if a bot will detect the bait and steal funds. Couple of hours later, he proves his point as his small honeypot is stolen. Definitely sounds like a fun exercise.
FIPS-compliant random numbers for the kernel. [Link]
Security
Fast Linux Kernel headers are here. Goodbye C++ dependency hell? [Link]
Discovering a firmware backdoor. [Link]
Trail of Bits does a deep dive on supply chain security. [Link]
Thanks for reading! Have a great week.