The use of blockchain technology to help secure internet of things data, services and devices doubled last year, according to a recent survey by digital security firm Gemalto.

In a report published Tuesday, the firm said blockchain adoption in the IoT sector grew from 9 percent to 19 percent in 2018, even though the industry is still awaiting regulation around the tech.

Gemalto surveyed 950 tech and business professionals globally for the study, also finding that 23 percent of respondents believe that blockchain tech would be an “ideal” solution to use for securing IoT devices. Further, 91 percent of companies that do not currently use the technology are likely to consider it in the future.

Jason Hart, CTO of data protection at Gemalto, stressed the need for regulatory clarity in a statement, saying:

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store. But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

Despite the growth in uptake of blockchain tech, adoption is still in its early stages. As a result, companies are continuing to bank on other methods to protect themselves against hacks, the survey found, with the majority (71 percent) encrypting their data, 66 percent choosing password protection methods, and 38 percent integrating two-factor authentication systems.

However, nearly half of the companies surveyed cannot detect if their IoT devices have suffered a breach, and 95 percent believe that there should be standard security rules and regulations in place.

Credits to Yogita Khatri

That bitcoin (BTC) may be closing on a long-term bottom is generally accepted by now.

After all, the leading cryptocurrency by market value has dropped by close to 70 percent over the last 13 months.

The challenge now is to pick up early signs of a long-term bearish-to-bullish trend change, which may be possible with the help of the 10-week simple moving average (SMA).

Acting as resistance, that moving average proved a tough nut to crack in the eight weeks to Nov. 14 – the day BTC reentered the bear market with a big drop below $6,000.

Further, BTC has charted bearish-lower highs above the 10-week SMA in the last 13 months. Hence, acceptance above that hurdle could be considered a sign that the process of bearish-to-bullish trend change has begun.

As of writing, BTC is trading at $3,630 on Bitstamp, representing a 2.5 percent gain on a 24-hour basis. Meanwhile, the 10-week SMA is located at $3,919.

It is worth noting that a full confirmation of a longer-term bullish reversal would be a convincing break above the former support-turned-resistance of the 21-month exponential moving average (EMA), currently at $5,400.

Weekly chart

As seen above, BTC repeatedly failed to cross the 10-week SMA on a weekly closing basis (Sunday’s, as per UTC) before falling below $6,000 on Nov. 14.

Prior to that, BTC did cross the 10-week SMA in the last week of both February and April, the third week of July and in the last week of August. These bullish breakouts, however, were short-lived: BTC fell back below the 10-week SMA in the following two weeks, trapping the bulls on the wrong side of the market (marked by arrows).

Put simply, the cryptocurrency has struggled to breach the 10-week SMA throughout the ongoing bear market.

As a result, only a sustained break above the 10-week SMA (at least four weekly candles above the average) would imply bullish reversal.

The outlook remains bearish as long as prices are trading below the downward sloping 10-week SMA of $3,919.

Daily chart

BTC closed back above $3,566 (Dec. 27 low) yesterday, establishing a sideways channel on the daily chart.

With the weekly chart still biased toward the bears, the lower end of the channel, currently at $3,465, could be breached soon. A channel breakdown, if confirmed, would boost the prospects of a drop to the December low of $3,122.

View

  • A sustained break above the 10-week SMA could be considered an early sign of long-term bullish reversal, although prospects of a near-term move above that average look bleak.
  • A channel breakdown on the daily chart would bolster the bearish setup and allow a test of demand around the December low of $3,122.

Disclosure: The author holds no cryptocurrency assets at the time of writing.

Credits to Omkar Godbole

The rise of new stablecoins was a defining story in the second half of 2018, but the reality is that exclusive discounts partly fueled their growth.

Dollar-backed stablecoins are generally supposed to be worth $1, whether it’s Gemini’s GUSD or Paxos’ PAX. But according to four sources with knowledge of these cryptocurrency exchanges, both stablecoin-issuers privately offered over-the-counter [OTC] trading desks up to a 1 percent discount if traders used these tokens in some fashion before redeeming them for USD.

“They were offering that as a sweetener for getting it kick-started with adoption,” an OTC trader, who asked to stay anonymous, told CoinDesk.

This is why GUSD and PAX activity surged in December 2018, both between OTC desks and on exchange platforms like Huobi and Binance, where several traders moved millions of dollars within a matter of days. According to CoinMarketCap, GUSD’s global market cap suddenly surged from roughly $87 million on December 17 to over $103 million the following day.

“A lot of the arbitrage opportunities were manufactured,” the OTC trader added.

Dorothy Chang, VP of Paxos’ marketing and communications department, told CoinDesk this incentive structure was only offered to a “handful of partners” for “less than two months” starting around late September. Perhaps fortuitously for Paxos, the first-ever U.S.-dollar-pegged stablecoin Tether (USDT), temporarily lost parity in mid-October.

According to a report prepared for CoinDesk by the analytics firm Delphi Digital, USDT lost almost a third of its market share during this period, with GUSD eventually exceeding PAX with more than $140 million in transaction volume in January 2019.

The Delphi Digital report argued that “competitors are all fighting for the spot Tether will most likely eventually lose.”

With regards to PAX, Chang said the discount was “something we did when we were first introducing our product to the market,” adding that Paxos is increasing its redemption windows from once to twice a day and looking for more partnerships with enterprises across the space.

“We’ve been at above $100 million in daily transaction volume for the past three days and holding steady,” Chang said on Monday.

While Paxos has moved on, the markets may still witness ripple effects from these corporate incentive programs for months to come. GUSD, for example, saw a burst of trading activity and market valuation in January.

“The incentives that are issued by these entities often come with a lock-up period. Those may have expired,” said Jesse Proudman, CEO of the algorithmic trading platform Strix Leviathan. Proudman explained to CoinDesk that the discounted stablecoins can now be freely traded.

Game of coins

Once several stablecoins became available for less than or more than a dollar, whether based on incentive strategies or organic market fluctuations, the arbitrage games began.

According to a Paxos blog and reporting by The Block, several Huobi users tried to obfuscate their source of funds by opening dozens of accounts using other names in order to exceed the Paxos exchange’s daily USD redemption limit. Paxos told CoinDesk at least 10 accounts were closed in relation to this trend.

The frenzy arose because the PAX discount program coincided with the release of HUSD, which is essentially a pool of stablecoins offered by the Singapore-based exchange Huobi that allows traders to deposit one type and later withdraw another. Besides GUSD and PAX, the pool also supports Circle’s USDC and TrustToken’s TUSD.

According to Kelvy Ko, partner at crypto hedge fund Leotank Digital Trading, Huobi’s HUSD pool has made it much more convenient for traders to swap stablecoins and leverage arbitrage without actually trading them.

Indeed, around the same time that the stablecoin USDT oscillated and Huobi launched HUSD, PAX’s global market cap jumped from roughly $42 million to $79 million in a single day on October 23. Then in early December, Binance saw a plethora of multibillion-dollar PAX trades as traders struggled to find liquidity and arbitrage sources beyond the redeemer itself. By the first week of 2019, Paxos told CoinDesk the company had redeemed $200 million worth of stablecoins so far.

Tiantian Kullander, founding partner at Amber AI, a crypto firm that works with market makers, said he wouldn’t be surprised if Gemini matched the Paxos promotion in December to incentivize usage because “they were lagging behind the other stablecoins.”

Even so, there could be a long way to go until the regulator-approved stablecoins like PAX and GUSD catch up to USDT in terms of volume.

“Even though USDT is wash traded, it has the first mover advantage,” Ko said, referring to how some USDT users allegedly buy and sell the same financial instrument to create the artificial appearance of marketplace activity. Plus, this practice is hardly restricted to USDT and might currently be applied by some traders to other stablecoins as well.

“Even if USDT is in a legal grey area, it is hard for others to compete because some people want to avoid the regulators,” Ko added.

Gemini declined to comment on this specific incentive program or transaction volumes across global exchanges. According to the company’s blog and a recent regulation-friendly marketing campaign, Gemini seeks to distinguish itself from the competition by being “a compliance-centric company.”

When asked if incentive programs artificially inflated the respective coin’s market cap, Chang of Paxos said:

“That may have been true for some, but we have not been optimizing for market cap alone; it’s not meaningful by itself. What is meaningful is transaction volume. For us, the point of offering an incentive was to develop market depth.”

Windows of opportunity

One of the anonymous OTC traders CoinDesk spoke with said that stablecoin issuers were inspired to launch this short-lived campaign because there isn’t an organic demand for these assets.

“The banks and the other [crypto] OTC desks we work with are really incredibly flexible,” the trader said. “It’s much easier to do that [work with the bank] than to…get back these tokens that have a bunch of strings attached and also doesn’t pay any interest.”

On the other hand, Proudman of Strix Leviathan told CoinDesk his company uses PAX for large-scale trades on Binance – sans backroom discounts – because he prefers to hold a regulated asset that can be redeemed for dollars.

“We elect to not use the incentive strategies from any of the stablecoin companies,” Leviathan said, adding they use stablecoins for arbitrage related to bitcoin, ethereum and other trading pairs. “From a trader’s perspective, we find ourselves electing to use coins we are comfortable with over those that we are less comfortable with.”

However, since stablecoin issuers require a significant amount of know-your-customer information in order to redeem the tokens, the anonymous trader said OTC desks that participated in the rush may have revealed competitive information about their partners and trading volumes to the exchanges, namely Gemini and Paxos.

“These smaller desks can’t get banked at the places that allow instant U.S. dollar transfer, so they are willing to give up some of their privacy,” he said.

The second anonymous trader agreed that this opportunity was especially appealing to OTC desks with liquidity challenges, often related to jurisdictional compliance. Because of that, he expects companies to continue issuing stablecoins, perhaps with more promotional discounts, in 2019.

“I think there is no clear winner yet, both in terms of traders and issuers,” he said.

According to Ko, the regulated stablecoin arbitrage opportunity closed after several weeks because “once the short-term interests [were] achieved, they don’t need to keep the aggressive promotional rebates.”

Plus, a Huobi Global representative told CoinDesk that the exchange added the daily withdrawal limits during the timeframe of this incident.

For PAX traders in particular, the limits are now $20,000 for verified accounts and $1,000 for unverified users. The arbitrage rush may have impacted Huobi’s coffers, with three Huobi wallets holding roughly 78 percent of all GUSD in circulation. Gemini declined to comment on why that might be.

Moving forward, the Huobi Global representative said the exchange plans to “dynamically develop HUSD over the course of 2019” in order to improve the user experience and prevent misuse of the system.

Credits to Leigh Cuen and Wolfie Zhao

Ethereum’s long-anticipated Constantinople upgrade has just been delayed after a critical vulnerability was discovered in one of the planned changes.

Smart contract audit firm ChainSecurity flagged Tuesday that Ethereum Improvement Proposal (EIP) 1283, if implemented, could provide attackers a loophole in the code to steal user funds. Speaking on a call, ethereum developers, as well as developers of clients and other projects running the network, agreed to delay the hard fork – at least temporarily – while they assessed the issue.

Participants included ethereum creator Vitalik Buterin, developers Hudson Jameson, Nick Johnson and Evan Van Ness, and Parity release manager Afri Schoedon, among others. A new fork date will be decided during another ethereum dev call on Friday.

Discussing the vulnerability online, the project’s core developers reached the conclusion that it would take too long to fix the bug prior to the hard fork, which was expected to execute at around 04:00 UTC on Jan. 17.

Called a reentrancy attack, the vulnerability essentially allows an attacker to “reenter” the same function multiple times without updating the user about the state of affairs. Under this scenario, an attacker could essentially be “withdrawing funds forever,” said Joanes Espanol, CTO of blockchain analytics firm Amberdata in a previous interview with CoinDesk.

He explained:

“Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.”

This is similar to one of the vulnerabilities found in the now-infamous DAO attack of 2016.

ChainSecurity’s post explained that prior to Constantinople, storage operations on the network would cost 5,000 gas, exceeding the 2,300 gas usually sent when calling a contract using “transfer” or “send” functions.

However, if the upgrade was implemented, “dirty” storage operations would cost 200 gas. An “attacker contract can use the 2300 gas stipend to manipulate the vulnerable contract’s variable successfully.”

Constantinople was previously expected to activate last year, but was delayed after issues were found while launching the upgrades on the Ropsten testnet.

Credits to Christine Kim and Nikhilesh De

New Zealand-based cryptocurrency exchange Cryptopia has gone offline citing a major hack.

The exchange announced the news on Twitter this morning, stating that it “suffered a security breach which resulted in significant losses.”

No information has yet been provided on the value of the losses, the tokens and currencies affected or any measures to refund users.

The exchange’s website, including support and blog pages, is currently completely offline, with a notice stating: “Cryptopia is currently in unscheduled maintenance mode. We will be back soon.”

Meanwhile, tweets from Whale Alert on Saturday indicated that 19,391 ether (ETH) tokens worth nearly $2.44 million and around 48 million centrality (CENNZ) tokens worth about $1.18 million were transferred from Cryptopia to unknown wallets on Jan. 13. It is not currently clear if those funds were moved by the hacker or by the exchange.

Cryptopia further mentioned in its tweet that it has notified and involved relevant government agencies, including the New Zealand police and the High-Tech Crimes Unit, who are “jointly and actively investigating the matter as a major crime and they are assisting us with advice.”

The announcement further reads:

“Until this has been carried out, The Cryptopia Exchange will remain in maintenance mode, with trading suspended. We are committed to getting this resolved as quickly as possible and will keep you all updated every step of the way.”

Credits to Yogita Khatri

Major ethereum clients, including Go-Ethereum (Geth) and Parity, have released software updates following an earlier decision to delay the planned system-wide upgrade dubbed Constantinople.

The upgrade was postponed Tuesday during a developers call, a move that came after blockchain audit firm Chain Security discovered a security vulnerability in Ethereum Improvement Proposal (EIP) 1283, one of the planned changes included in Constantinople. If exploited, the bug would have allowed for “reentrance attacks,” allowing malicious actors to withdraw funds from the same source multiple times.

A new activation block for the upgrade will be decided during another call later this week.

In order to prevent the fork from happening – given that some of the software clients on the network had already been updated ahead of the fork – developers of the major ethereum implementations moved to publish new versions.

Geth released an emergency hotfix (version 1.8.21) designed to delay the upgrade, though developer Péter Szilágyi noted that users who do not wish to upgrade to the new version of the client can also downgrade their existing clients to version 1.8.19 or continue running the current version (1.8.20) with an override.

Parity clients can similarly either upgrade their existing clients to 2.2.7 (the stable release) or 2.3.0 (a beta release) or otherwise downgrade to 2.2.4 (beta).

Parity Technologies head of security Kirill Pimenov, speaking in an ethereum core developers chat on Gitter, said he recommended users upgrade to the new release, rather than downgrade to an older version, explaining:

“I want to restate — downgrading Parity to pre-Constantinople versions is a bad idea, we don’t recommend that to anyone. Theoretically it should even work, but we don’t want to deal with that mess.”

Similarly, Parity release manager Afri Schoedon told CoinDesk that he recommends 2.2.7, though the other two should work as well.

In a blog post, core developer Hudson Jameson wrote that anyone who does not run a node or otherwise participate in the network does not need to do anything.

Smart contract owners do not need to do anything either, though “you may choose to examine the analysis of the potential vulnerability and check your contracts,” he wrote.

However, he pointed out that the change that could introduce the potential issue will not be enabled.

As of the blog post’s publication, security researchers with ChainSecurity, who initially discovered the bug, and TrailOfBits are analyzing the overall blockchain.

Reentrance attacks

So far, no instances of the vulnerability have been discovered in live contracts. However, Jameson noted that “there is still a non-zero risk that some contracts could be affected.”

In order for transfers on ethereum to avoid reentrance attacks, a small amount of ether called gas is paid which prevents attackers from repurposing a transfer to steal funds.

However, as explained to CoinDesk by Hubert Ritzdorf – the individual who found the vulnerability and CTO of Chain Security – a “side effect” of EIP 1283 ensures attackers can leverage this small amount of gas for malicious purposes.

“The difference is before you couldn’t do something malicious with this little bit of gas, you could do something useful but not something malicious and now because some of the operations became cheaper, now you can do something malicious with this little bit of gas,” said Ritzdorf.

And though the issue of reentrancy is always on the minds of smart contract developers coding in Solidity on ethereum, Matthias Egli – COO of Chain Security – explained that core developers strictly looking at the mechanics of the virtual machine couldn’t have easily spotted this vulnerability.

He told CoinDesk:

“It’s a Solidity thing, it’s not an [ethereum virtual machine] core thing that in practice allowed this attack. That was part of this disconnect that in practice small changes to gas cost will allow new kind of attacks which wasn’t considered before.”

What’s more, Ritzdorf added that the fix to this issue isn’t as easy as updating ethereum’s gas cost limits, explaining that “if we change this amount to a small number now then we would fix the vulnerability but we would also break many existing [smart] contracts.”

As such, for the time being, a delay to Constantinople was the right call by core developers according to Egli.

“It was the right decision because it at least buys some time for researchers to evaluate the real world impact. With high likelihood, this [EIP] will be taken back and not included in the upcoming hard fork which is now delayed by perhaps a month,” he contended.

Next steps

As of press time, developers are contacting exchanges, wallets, mining pools and other groups which use or interact with the ethereum network.

Core developers plan to discuss longer-term steps – including when to execute Constantinople and how to fix the bug in EIP 1283 – during another call on Jan. 18.

Multiple developers suggested initiating some sort of bug bounty program focused on analyzing the code, in order to ensure future bugs are discovered well in advance, rather than “right before [hard fork] day.”

Szilágyi noted that the EIP had been available for review for nearly a year, adding that “maybe it’s not a bad idea to do some grants for more focused eyes.”

Credits to Nikhilesh De and Christine Kim

Grin, a cryptocurrency that leverages the mimblewimble privacy technology, has just gone live on mainnet.

Named after the tongue-tying curse in the Harry Potter book series, mimblewimble is a protocol that fuses transactions together such that they are indecipherable – even on a public digital ledger.

While it has been in the works since late 2016, Grin saw its first block of transactions (after the network’s genesis block) appear Tuesday at 17:38 UTC. A second block was mined less than a minute later, according to one block explorer.

A market for the cryptocurrency is already beginning to form, and though the first block only awards 60 grin, one investor has already bid 0.1 BTC for 1,000 grin (roughly $0.37 per token) on Bisq, a decentralized exchange listing the token. Another bid on Bitmesh values the token much more highly, offering 10 BTC for 1 grin (though the buy order is for 0.001 grin).

What is Grin?

It is the second cryptocurrency leveraging the tech to go live on mainnet, the first being created by an Israel-based startup known as Beam.

As highlighted by Grin developer “Yeastplume” in late October, though the two privacy-focused chains are separate, the projects are by no means in competition, with proponents at Beam even helping to raise funds at one point for Grin development.

Indeed, as stated on the official website, Grin is a fully donations-based initiative that is “launched fairly, free of [initial coin offering], pre-mine or founder’s reward.”

Unlike Beam, Grin has an unfixed monetary policy, meaning it issues tokens once every second.

This is meant to spur confidence in the coin as a currency, Yeastplume told CoinDesk back in December, adding that he didn’t want to “unfairly reward early adopters with an arbitrary deflationary halving schedule.”

And with over  7,000 followers on Grin’s official Twitter account, there is a sizable community supporting and watching the continued development of this privacy coin now that it has officially launched.

Credits to Christine Kim

Signs are emerging that the futures market may not be impressed by bitcoin’s recovery from 15-months lows in December – at press time, the cryptocurrency’s spot price is higher than the futures price.

As of writing, the global average or spot price calculated by CoinDesk’s Bitcoin Price Index (BPI) is currently $3,650 – up 16.9 percent from the low of $3,122 reached on December.

Meanwhile, futures contracts are trading below the spot price.

BTC futures

As seen above (CME chart), January futures are reporting a $20 discount (futures price-spot price). Further, contracts expiring in February, March and June are trading at a discount of $30, $40 and $80, respectively.

A futures contract is an agreement between two parties to buy or sell a something at a future specified price and date, allowing for investors to hedge or speculate on the performance of the underlying asset. Hence, BTC futures trading at a discount to spot price (also known as market inversion) is a clear indication that the participants are still bearish.

Put simply, bitcoin’s price in one month, two months and six months from now is expected to be lower than its current price. So, it could be argued that the bear market is alive and kicking.

The outlook would turn bullish if the futures start trading at a premium to spot price. Moreover, that is a classic trait of the bull market.

That said, an unprecedented rise in premium serves as a warning sign of market nearing a long-term top. For instance, BTC futures were carrying a staggering $2,000 premium over spot price in December 2017.

Disclosure: The author holds no cryptocurrency assets at the time of writing.

Credits to Omkar Godbole and Sam Ouimet

Belarus-based blockchain startup Currency.com has launched a trading platform for tokenized securities.

The firm announced Tuesday that the platform would allow investors to directly trade and invest in financial instruments using the cryptocurrencies bitcoin or ethereum, without first converting to fiat.

The platform will initially host over 150 tokenized securities, tracking the underlying market price of financial instruments such as equity and commodities, it said, while over 10,000 similar offerings could be available in the future.

Currency.com explained that the service lets investors buy a token that would reflect the performance of, say, an Apple share on the Nasdaq stock exchange, at the “same economic costs and benefits of an Apple share.”

“To offer these capabilities, Currency.com leverages the technology of Capital.com, its sister platform regulated by the FCA [U.K. Financial Conduct Authority] and CySEC [Cyprus Securities and Exchange Commission], to offer users access to a tokenized version of a contract for exchange of a specific equity, commodity or index,” the firm said.

Currency.com said it’s “fully compliant” with “Decree No. 8 On Development of Digital Economy” of the President of the Republic of Belarus, which legalizes blockchain businesses, adding it follows anti-money laundering (AML) and know-your-customer (KYC) rules, as well as General Data Protection Regulations (GDPR).

The mobile trading apps of the platform, both iOS and Android, are expected to be available as beta versions from February.

This is not the first platform to enable trading of tokenized securities. Earlier this month, Estonia-based crypto startup DX.Exchange launched a trading platform allowing clients to purchase crypto tokens representing shares in different tech firms listed on Nasdaq. DX.Exchange’s customers will be able to use select cryptocurrencies, as well as fiat currencies to purchase the tokens.

Credits to Yogita Khatri

The U.S. state of Vermont is launching a blockchain pilot project for the captive insurance industry.

The state government announced Friday that the Office of the Vermont Secretary of State and the Vermont Department of Financial Regulation have signed a memorandum of understanding to conduct the pilot that will examine the tech’s potential in digital recordkeeping and registration and regulatory processes.

The trial program will give captive insurers – licensed insurance companies formed by one or more parent entities to provide self coverage – in the state an option to file registration and reporting documents using private blockchain technology. The state government currently maintains paper and digital copies of filed documents.

Vermont aims to create a “transparent and validated” record of transactions through blockchain, as well as reduce costs compared to traditional record-keeping methods.

Jim Condos, Vermont Secretary of State, said in a statement:

“This pilot will allow us to examine whether or not the application of blockchain technology for digital recordkeeping can improve aspects of the state regulatory process.”

The government has already started the process of identifying vendors with technical and consulting expertise for the pilot program, through a Request for Information (RFI) process.

Vermont is one of the leading markets for captive insurance in the U.S., with the state government registering 20-40 new companies in the sector per year, according to the RFI.

The state has launched several blockchain initiatives in the past, including the signing of a bill last May that opened the door for the creation of blockchain-based limited liability companies. And, in January 2018, the city government of South Burlington partnered with blockchain startup Propy to trial a land registration system using the technology.

Credits to Yogita Khatri