‘High severity’ vulnerability in Argent wallet could have allowed attackers to steal user funds

https://www.theblockcrypto.com/linked/68968/high-severity-vulnerability-in-argent-wallet-could-have-allowed-attackers-to-steal-user-funds?utm_source=rss&utm_medium=rss

A “high severity” vulnerability was discovered on the popular Ethereum mobile wallet Argent by researchers at OpenZeppelin, a crypto-focused cybersecurity firm. 

According to a blog post from OpenZeppelin, the issue could have allowed attackers to take over the wallets of Argent users, specifically those that have not activated “guardian” features. The post says that the Argent team has now fixed the bug and contacted affected users with steps to keep their wallets safe.

The guardian feature lets Argent users give selected accounts permission to execute actions on the wallet, like locking it or approving a wallet recovery. Before March 30, 2020, users could create wallets without guardians by default. A bug in Argent’s code enabled attackers to target wallets without guardians and trigger a recovery process and steal funds.

The only way for a user to mitigate this process is to monitor their wallet and cancel the recovery request within the 36-hour default recovery period—Argent has a notification process that warns users when a recovery attempt is being made, giving them time to stop the recovery. But even if a user is able to block a false recovery attempt, the bug leaves them vulnerable to a denial of service attack that can keep their funds indefinitely frozen: the attacker can repeatedly trigger a recovery, forcing a victim to remain in the recovery period and preventing them from accessing their funds.

OpenZeppelin has identified 329 wallets holding nearly 162 ETH (~$37,000) that were at immediate risk. An additional 5,513 wallets were also identified as being potentially vulnerable to the attack. 

“The Argent team has taken quick action to fix this issue so that no user funds were impacted,” said Demian Brener, CEO of OpenZeppelin.

In March, Argent raised a $12M round led by Paradigm. As reported by The Block, more than 20,000 cryptocurrency wallets have been created on the platform.


Editor’s Note: This post has been updated to clarify that Argent has a notification process to warn users when a recovery attempt is being made

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Coinbase to list Compound’s governance token

https://www.theblockcrypto.com/linked/68808/coinbase-to-list-compounds-governance-token?utm_source=rss&utm_medium=rss

COMP, the governance token of decentralized finance (DeFi) lending protocol Compound, will soon be listed for trading on Coinbase. The exchange announced Thursday, that it would begin accepting inbound transfers of COMP on Monday, June 22, to Coinbase Pro, with trading beginning on Tuesday.

Coinbase’s announcement follows just three days after the Compound team began distributing its tokens to users. COMP is currently trading at slightly above $100 (~0.43ETH) on decentralized exchange Uniswap.

The COMP token was first unveiled in February and went live on Ethereum in mid-April. According to Coinbase, the exchange owns COMP tokens “as a result of a 2018 investment in Compound.” The exchange added that it “intends to maintain its investment in Compound for the foreseeable future and maintains internal policies that address the timing of permissible disposition of its digital assets, including COMP tokens.”

Source: Uniswap.Vision

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.