THORChain Weekly Dev Update for Week 19–02 Nov 2019
1 Rune Fee
Reasoning about gas costs on networks with non-deterministic fee schedules (such as Bitcoin) becomes unnecessarily complex. The issue is that the final gas cost cannot be known ahead of time so the system must cover any variability in the gas cost so that the user can be charged a flat rate. If the user is not charged anything, then the system can be depleted of funds, passing the cost back to stakers. Additionally, swaps below 1 Rune bring negligible economic value to the network and saturate the mempool with low value transactions. As such the solution is to charge a flat 1 Rune fee (or 1 Rune equivalent) on all outgoing transactions (swap and withdrawals). This 1 Rune fee is moved into the Protocol Reserve and increases the network’s future income. When the nodes report on the final transaction, they include the observed transaction fee. This transaction fee is then reimbursed back to the pool that paid for it ( BNB.BNB, BTC.BTC, ETH.ETH etc). There are cases that the outgoing transaction fee may exceed 1 Rune (Bitcoin in high use), but more than likely 1 Rune will be more than sufficient to cover the costs and ensure the network grows its reserves. Additionally, it sets a floor on the minimum transaction that the network will process. A swap of less than 1 Rune will end up becoming a donation to the network.
The team are working on 4 parallel streams of effort. Cross-chain infrastructure has now been merged into a single repo called “THORNode”. * THORChain * Midgard Public API * Threshold Signature Scheme implementation * Front-end Integration for BEPSwap
Much work has been done to refactor and clean up the codebase which will make public audits easier. This includes splitting up the keeper, separating out the events module and more. Smoke tests have been fully-integrated into the test schedule. Safer subtraction and division methods were added to prevent the likelihood of panic events. * [refactor] split keeper funcs/interface into separate files * [tests] use gow * [refactor] Redo how get key works in keeper * [security] require no signers on tx ins * Resolve “ADD: 1 Rune Fee on all Swaps” * [bug] fix smoke tests * [ADD] semantic versioning * [Refactor] Keeper chains * [Refactor] Events Keeper * Resolve “Adds a SafeSub method” * [Refactor] Last Height Keeper * [Refactor] keeper liquidity fees * FIX: Issue 208 * [ISSUE] Get smoke tests to 100%
Midgard Public API
Midgard is now ready for integration into the FrontEnd. The manner in which USD price of assets in now updated to source only from internal pool pricing. This includes BNB.BUSD, BNB.TUSD, BNB.USDS. ROI endpoints are now added. * Fix : Updated our mock data to include a correct BNB address. * Add: Return the date a staker first staked. * Add: Previously missing implementations for pool data (24hr and 12m). * Fix: Several potential query issues. Updates to return the TX date as a UNIX timestamp. * Fix: Additional query updates/fixes. * Fix: Build system * Add: Filtering implementation for TxID and Asset. * Added missing import. * Fix/build issues * Fixed issue with my auto refactor * Add: Filtering updates. DB Config fix. * Add: Missing Staker methods for ROI and earnings. * Added fix to enabled timescale extension * Fix: Added build config for rpc_host * Add: Support to Calculate USD price of an asset. * Added: Health check for mainnet to test that we still have a db connection… * Add: Tests for the recent endpoints work. * jq syntax fix. * Additional jq fixes. * [ADD] Manage docker image on gitlab
Threshold Signature Scheme
The Binance Go TSS library is now fully implemented and deploys in a four-node chain. integrate with new go-tss * 212-issue export private key thus we can use it to start tss * 214-issue consolidate tss keygen and tss keysign config, with our new go-tss… * [ADD] Setup go-tss in genesis docker * [ADD] Have CI run smoke tests on a four node chain with TSS
The frontend makes some final tweaks on the interface, before integrating the Midgard APIs. * Resolve “Update stake page share panel” * Resolve “UPDATE: Network Dropdown Titles” * Resolve “ADD: Sorting of columns in pool list” * Resolve “ADD: Sorting of columns in pool list” * Resolve “FIX: Close token selection drop down when clicking outside” * Resolve “Add redux saga for midgard apis” * Resolve “Update protect price UI” * Resolve “Update wallet drawer”
The next milestone is: ChaosNet: 03 January 2020 on-time
To keep up to date, please monitor community channels, particularly Telegram and Twitter: Twitter: https://twitter.com/thorchain_org
Telegram Community: https://t.me/thorchain_org
Telegram Announcements: https://t.me/thorchain
For a more interactive view of changes, click here
In our current world; bordering on financial chaos, with tariff wars, Brexit and hyperinflation rife, you can count on Groestlcoin to consistently produce innovation that strikes to take the power away from the few and into the many, even after a full five and a half years
of solid development.
Here is what the team has already announced in the last 3 months since the last development update:
- Added to Ledger Nano X with Electrum-GRS. Offering state-of-the-art security.
- Testnet added to the Ledger Nano X!
- Added to Keepkey hardware wallet with Electrum-GRS.
- Testnet added to Keepkey hardware wallet!
- Added to the new multi-currency wallet, Cobo! With a 12,000 GRS giveaway!
- Groestlcoin Testnet added to ARCHOS Safe-T Mini hardware wallet!
- Groestlcoin started to be accepted at Mind Research & Development!
- Groestlcoin was added to Vertbase cryptocurrency exchange!
- Groestlcoin started to be accepted at Bitcoin-Meister, offering various merchandise.
- Added to the Decentralised Cryptocurrency exchange Neblidex!
- Groestlcoin started to be accepted at Drapis! Offering bee bread, raw honey, comb honey and more!
- BECH32 support added to Binance! Allowing users to withdraw their GRS directly to their Trust Wallet app or any other BECH32-supported app.
- Listed at DynX Decentralised Cryptocurrency Exchange
- Accepted at SpendBTC, offering various giftcards to be purchased with $GRS
- Added to Switchain, a non-custodial cryptocurrency exchange
- Supported at NOWNodes. An innovative platform offering customers unlimited access to public full nodes.
- Groestlcoin added to Melis lite wallet, designed for mobile devices to transact faster than ever.
- Testnet added to Melis lite wallet!
- Supported at NOWPayments, offering instant auto-conversion, easy-to-use API with no hidden fees
- Added to PayCentRUBYdebit card powered by China Union Pay.
- Added to PayCentSapphire debitcard. Powered by Union Pay International!
- Added to PayCent Solitaire debit card, powered by Mastercard!
- See these PayCent cards in action in Korea!
- Added to Digifinex Korea cryptocurrency exchange!
- Accepted at AcceptCryptoz! THE Crypto Directory to find places accepting Crypto near you.
- Added to Cryptwerk! An online directory and map with merchants accepting cryptocurrencies.
- Accepted at 247Bits! Selling cold storage cards and gift cards
What's Being Released Today?
What am I?
Groestl Nodes aims to map out and compare the status of the Groestlcoin mainnet and testnet networks. Even though these networks share the same protocol, there is currently no way to directly compare these coins in a single location. These statistics are essential to evaluate the relative health of both networks.
- Shows Onion (Tor) nodes
- Shows IPv6 nodes
- Supports both main net and test net
- Node Checker – Check the status of a remote node
- Ability to download node data by CSV, JSON or TXT format
- Ability to download unique address data by CSV, JSON or TXT format
- Shows last seen time for each node
- Shows uptime for each node
Groestlcoin Transaction Tool
What am I?
This is a tool for creating unsigned raw Groestlcoin transactions and also to verify existing transactions by entering in the transaction hex and converting this to a human-readable format to verify that a transaction is correct before it is signed.
- Create Raw Unsigned Groestlcoin transactions
- Coin Control
- Generates a QR code for the transaction
- Verifying Transactions
- Compatible with most Groestlcoin wallets including but not restricted to Groestlcoin Core and Electrum-GRS
- Estimates final signed transaction size
- Taking a raw transaction format and shows its Transaction ID, Transaction Inputs and Outputs
What am I?
AGCore is an Android app designed to make it easier to run a Groestlcoin Core node on always-on Android appliances such as set-top boxes, Android TVs and repurposed tablets/phones. If you are a non-technical user of Groestlcoin and want an Android app that makes it easy to run a Groestlcoin Core node by acting as a wrapper, then AG Core is the right choice for you.
- Update to Groestlcoin Core 2.17.2
- Switched to native builds via NDK for Groestlcoin Core resulting in a smaller footprint.
- Added embedded tor
- Added tor pairing support
- TOR upgrade bug fixes
- Improved blockchain Sync progress using getblockchaininfo verificationprogress
- Improved package download progress bar
- Added support for external storage access > Android M
- Added support for Android Oreo, including new notification mechanism
- Added support for Bitcoind RPC cookie
- Change minimum target to Android 21
- Add support for some arm64 android devices
- Various security and bug fixes
- Bump Fee (RBF) improvements – Implemented a new fee-bump strategy that can add new inputs, so now any transaction can be fee-bumped. The old strategy was to decrease the value of outputs (starting with change). We will now try the new strategy first, and only use the old as a fallback.
- Coin Choser improvements
- More likely to construct transactions without change (where possible)
- Less likely to construct transactions with really small change
- Only spend negative effective value coins when beneficial for privacy
- Fix long-standing bug that broke wallets with >65k addresses
- Windows binaries: Now build the PyInstaller bootloader ourselves, as this seems to reduce anti-virus false positives
- Fix performance regression for large wallets
- Fix high-DPI issues related to text fields
- Trezor – Allow bypassing 'too old firmware' error
- Trezor – Use only the Bridge to scan devices if it is available
- Hardware wallets – On Win10-1903, some hardware devices with U2F functionality can only be detected with Administrator privileges. A workaround is to run as Admin, or for Trezor to install the Bridge.
- The AppImage Linux x86_64 binary and the Windows setup.exe are now built reproducibly.
- Fix watch-only wallets that could not bump fee in some scenarios
- Faster transaction signing for segwit inputs or really large transactions.
- Fix BIP70 payment requests could not be paid
- Allow copy-pasting partial transactions from/to clipboard
– Windows Standalone
– Windows Portable
- Android Server Source
– Server Installer Source
– Client Source
– Icon Source
– Locale Source
Android Wallet – Including Android Wallet Testnet
What am I?
Android Wallet is a BIP-0032 compatible hierarchial deterministic Groestlcoin Wallet, allowing you to send and receive Groestlcoin via QR codes and URI links.
Groestlcoin Java Library Source
- SegWit Support:
- Send to native SegWit Bech32 addresses.
- Receive to and spend from native segwit (Bech32) addresses
- Existing wallets without a spending PIN are updated to use native segwit (Bech32) addresses
- Existing wallets with spending PIN can be upgraded by changing or removing the PIN
- Add 3 more block explorers – Groestlsight, Blockbook, Blockchair
- New alert for users with insecure Bluetooth
- Use much less memory when displaying QR codes
- Add a warning dialog regarding a relatively high fee
- Clarify message when fetching/validating the payment request fails
- Backing up makes use of the SAF. For most users, this means encrypted backups are stored on Google Drive, but other cloud storage providers can also be used
- Fix certain payments not showing up until they become confirmed
- Always show fiat amounts directly below Groestlcoin value in the payment history
- The QR Code scanner now supports portrait orientation
- Run circular reveal transition if QR code scanner is started via lower action bar
- Update build to Gradle 3.3+ and Android Plugin for Gradle 2.3.3
- Use Room Persistence Library for access to the address book database
- Adds a network security configuration
- Migrate support libraries and architecture components to AndroidX
- Add another backup reminder
- Remove ability to restore backups from list of Base58-encoded private keys
- The app now requires Android 5.0 (Lollipop) or higher
- Option to request coins to a legacy address (Sender may not support BECH32)
- Double the capacity of the block store
- Make more room for transactions list by scrolling away the balance panel
- Based on GroestlcoinJ 0.15.2
- Disconnects from incompatible peers much faster
- Fix crash on Pixel 2 devices
- Fix crash with hyperinflated fiat currencies
- Fix rarely occurring crash when backing up the wallet
- Fix crashes when opening dialogs at the wrong time
- Fix crash when archiving a wallet backup on certain devices
- Updated checkpoints
- Update Electrum-GRS list with server fingerprints
- Removed unused code and features. Show splash icon whilst the app is loading
- Remove labs feature – Look up wallet names from the DNS
- The FOREGROUND_SERVICE permission is now requested (Android 9 Pie +)
- Support notification channels and adaptive launcher icons (Android 8+)
- Fix app shortcuts (Android 7.1)
- Multiple 'coin received' notifications are now bundled into a notification group (Android 7+)
– Testnet Download
What am I?
Groestlwallet is designed to protect you from malware, browser security holes, even physical theft. With AES hardware encryption, app sandboxing, keychain and code signatures, groestlwallet represents a significant security advance over web and desktop wallets, and other mobile platforms.
Simplicity is groestlwallet's core design principle. Because groestlwallet is "deterministic", your balance and entire transaction history can be restored from just your recovery phrase.
iOS 0.7.3 Changes
- Fix BIP70 payments
- Updated QR Scanner
- Lowered spending limit
- Updated DNS Seeds
- Updated checkpoints
- Fixed URL Scheme
- Fixed GRS Name in mailing
- Fixed crash upon starting in some scenarios
Android v89 Changes
- Use default fee
- Republished on Google Play by removing send_sms permissions
- Lowered spending limit
- Updated to API 28
- Use https instead of http for GRS price
- Updated DNS Seeds
- Updated Checkpoints
– Android Source
- Android Download
– iOS Download
What am I?
Groestlcoinomi is a lightweight thin-client Groestlcoin wallet based on a client-server protocol.
Groestlcoinomi v1.1 Desktop Changes
- Rebranded to Groestlcoinomi
- Updated to use ElectrumX 1.4 protocol
Groestlcoinomi Android v1.6 Changes
Groestlcoin Java Library Source
- Updated to use ElectrumX 1.4 protocol
- Removed unused native code
- Removed local groestlcoinj library (Included from Mavenlocal)
- Updated Gradle
– Android Source Android Download
– Windows Download
– Mac OS Download
– Linux Download
Groestlcoin BIP39 Tool
- Update Samourai Path on BIP32 tab
- Fix BIP38 Support for mainnet and testnet
If you have been around the cryptocurrency industry long enough, you will know that one of the biggest risks faced by users is the loss of funds through hacks on cryptocurrency wallets and exchanges.
Online exchanges are prime targets for hackers and thieves on the internet. This is mainly because of the amount of funds that are kept on these platforms. For hackers that have succeeded in stealing funds from such platforms, the amounts are usually huge.
As much as individual users try to play their roles in securing their accounts by using personal passwords, PINs and codes, there is a higher layer of security that lies in the hands of the platform providers. Once this is breached, the individual security efforts become irrelevant.
Over the years, exchanges and wallets appear to have improved in terms of security as the frequency of hacks and platform breaches have reduced. What used to be a common occurrence in the industry has become a rare development, with hacks now few and far between.
Let’s take a look at the top 10 of the biggest cryptocurrency hacks and scams ever.
10. Bitcoin Gold ($18 Million)
In May 2018, the theoretical 51% attack possibility was proven in a heist that saw a breach in Bitcoin Gold which cost the protocol $18 million.
In this heist, hackers used 51% raw computing power to seize control of the network and carry out their ulterior plans effectively. Ciphertrace and other security outfits in the ecosystem believe that the algorithm weaknesses in Bitcoin Gold’s Proof of Work (PoW) transaction verification may have enabled the success of the theft.
9. Geth ($20 Million)
In June 2018, the Ethereum client Geth was hacked and ETH worth $20 million was stolen. This incidence was reported by blockchain security firm, Cyphertrace. During the hack, JSON-RPC port 8545 was exploited. This is the port that initiates ETH send transactions.
All the ETH wallets that were affected by this breach was drained by the thieves, accumulating to the quoted $20 million equivalence based on the price of ETH at that time.
8. Bancor ($23.5 Million)
In July 2018, about one month after the Geth incident, decentralized cryptocurrency exchange, Bancor was hacked and $23.5 million worth of crypto stolen. This particular event raised some eyebrows in the cryptocurrency industry, redefining the general opinion of decentralized exchanges being prone to hacking.
The process involved the exploitation of a security flaw in a wallet that was used to update some of the smart contracts on the exchange. Bancor, which was one of the most successful ICOs of 2017, raising $153 million during its token sale, was forced to shut down after the hack.
7. Coinrail ($40 Million)
Coinrail was hacked in June 2018, and $40 million was stolen from the exchange. The South Korean exchange which ranked among the top 100 exchanges by volume, suspended its services shortly after the hack.
According to sources from the exchange, the tokens that were stolen included NPXS tokens from the Pundi X project, ATC from Aston and the NPER project’s NPER token.
- Binance ($40.7 Million)
Binance exchange was hacked in May 2019 and 7,000 Bitcoins were stolen from the platform. The value of the Bitcoins stolen at the time was about $40.7 million.
To achieve their aim, hackers were able to steal API keys, two-factor codes and some other key information to access the wallets. According to the exchange, the incident impacted only about 2% of its total Bitcoin holdings as all other wallets are secure.
Affected wallets were promised a refund through the exchange’s Secure Asset Fund for Users (SAFU) arrangement. This is a policy that the exchange uses to prepare for rainy days. A portion of fees charged on the exchange is set aside in order to ensure that platform users do not bear the brunt during occurrences such as this.
5. Zaif ($60 Million)
Japan-based cryptocurrency exchange Zaif was hacked in September 2018 and $60 million was stolen in the process. The theft was possible after hackers gained authorised access into the exchanges hot wallets, making away with huge amounts of Bitcoin, Bitcoin Cash, and MonaCoin.
The exchange’s asset reserve could not cover the loss, therefore it reached an agreement with a Japan-listed firm called Fisco to receive a $44.5 million investment in exchange for a major share of ownership.
4. Bitfinex ($77 Million)
The Bitfinex hack of August 2016 was a popular event that rocked the entire cryptocurrency industry. The hack occurred at a time when cryptocurrencies appeared to be shifting gears in terms of awareness and development. As a matter of fact, the aftermath of the event saw the Bitcoin price drop by 20%.
After the hack, Bitfinex issued cryptographic tokens to its users that were affected by the hack, all of which the exchange announced to have bought back by April 2017.
3. BitGrail ($187 Million)
$187 million worth of Nano tokens were stolen from BitGrail in February 2018. The reported theft was announced weeks after the unauthorized transfer was initiated. This information was from evidence retrieved from the Nano blockchain explorer by skeptics.
While BitGrail recognized the concerns of it users, it however stated that it is impossible for it to refund the stolen amount.
2. Mt. Gox ($460 Million)
The Mt. Gox scandal remains one of the biggest stains on the cryptocurrency industry. In February 2014, Mt. Gox was hacked and as much as $460 million was stolen from the exchange. In the wake of this, the exchange’s CEO, Mark Karpeles issued a statement that accepted responsibility on behalf of his company.
“We had weaknesses in our system, and our bitcoins vanished. We’ve caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened, “ he said.
At the time, Mt. Gox was the world’s largest Bitcoin exchange that looked impressive from the outside, but many who claimed to know about the internal workings accused the company of a messy combination of poor management, neglect, and raw inexperience.
The size of this event left a huge dent on the reputation of Bitcoin and the crypto industry at large. It took a long time before the market picked up again, and for users to regain confidence in the industry. The exchange has since gone down and ceased to exist.
1. Coincheck ($500 Million)
The biggest theft in the history of the cryptocurrency industry happened in January 2018, when Japan-based cryptocurrency exchange, Coincheck was hacked. A total of NEM tokens worth $500 million were stolen in the process.
A statement from the exchange accepted the blame and took responsibility for the breach. According to reports, rather than storing its customers’ assets in offline wallets, the assets were stored in hot wallets that were connected to the internet. Coincheck also reportedly failed to protect the wallets with standard multi-signature security protocols.
Having traced the destination of the stolen funds, NEM developers created a tracking tool that would allow exchanges to automatically reject stolen funds.
Hacks and massive theft of cryptocurrencies have contributed to the setback experienced by the technology. Each of the events takes a hit on the confidence of investors and willing participants who may not be sure of how the affected exchanges will handle the situation.
The industry is however learning from past experiences, as the frequency of such hacks have reduced, while in some cases, modalities are being put in place to ensure that end users do not bear the brunt of such events, just like the case of Binance.
The NEM developers’ response to the Coincheck hack has a way of rendering stolen funds unspendable, as long as other members of the community comply. However, no one knows how long this will last, and if the hackers will be able to nullify the traceability of the stolen coins yet.
The action by the developers will discourage hackers and thieves, but is yet to restore value to the end users whose funds have been stolen.
For the industry to grow as it should and become stable, security of funds need to be established. Exchanges and developers are continuously making efforts to ensure that funds and transactions within the industry remain safe at all times. http://bitcoinadvisor.info/top-10-of-the-biggest-cryptocurrency-hacks-and-scams-eve?fbclid=IwAR1aKdbjF1HQpFQq3jH6PQptxt7mhXHJWsABPnlN5ZEjmq07ByMEYWvVezM