This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
News
Cloudflare. Cloudflare announces a big push into Web3. Part of their announcement includes a focus on distributed web gateways.
Coinbase. A new Coinbase MFA vulnerability affects 6000 clients. Moving away from SMS 2FA is critical for reducing account takeover risks.
DeversiFi. A deposit to DeversiFi accidentally included a $23.7 million transaction fee. Here is a post mortem. A combination of a bug in EthereumJS and a UI issue in Ledger devices created a poorly crafted transaction.
Bitcoin
Lightning Address. A popular dns-like standard called Lightning Address has been emerging that lets you map a human readable URI to a server running a LNURL compliant API.
LNRouter. LNRouter Lookups service helps routing node operators by providing liquidity management recommendations.
Blinded Xpubs. An interesting approach to blinding xpubs when sharing with other wallet participants.
Electrs 0.9. New release of Electrs. Tweet shares release notes.
Bitcoin Core. New minor release of Bitcoin Core.
Scaling LN at Exchanges. I recently went on the Stephan Livera podcast to speak about scaling Lightning Network products at River.
Backdoors. Very interesting discussion on the bitcoin-dev mailing list last week on backdoors in Bitcoin. The discussion focuses on detecting backdoors and how maintainers and PR reviewers might respond.
Ethereum
New Bridges. Paper on generalizing weighted trees in order to bridge Bitcoin to Ethereum more easily.
Layer Twos. An updated overview of L2s.
Proofs of Custody. Great blog post introducing a “Proofs of Custody” scheme for Ethereum 2 validators.
NodeWatch. New explorer for Ethereum 2.
Beacon Chain. A new paper provides a security review of Beacon Chain clients.
Compound. Tweet thread on debugging the recent Compound bug using dapptools.
Infura. Guide to running your node alongside Infura’s node.
Other Chains
Monero Proof of Reserves. Paper on improving a Proof of Reserves protocol for Monero.
Privacy. Paper analyzing the privacy-enhancing techniques adopted in Bitcoin and other chains.
Zerojoin. Paper on combining Zerocoin and Coinjoin protocols.
Security
BIP32 Security. More academic research on the security of the BIP-32 HD wallet standard. Very needed!
DIY HSMs. Slides from a talk from HCPP21 on HSMs.
Coreboot & FOSS. New podcast episode by Opt Out with a System76 engineer discussing Coreboot, FOSS, and general boot security issues.
BGP. Facebook services went offline yesterday due to a poorly configured BGP update. Patiently waiting for the epic post-mortem. Cloudflare wrote a post explaining the root problem. BGP has been a topic for cryptocurrency engineers for some time. Sharing this older paper on the risks that BGP has on cryptocurrency networks.
Have a great week!