Group items tagged

Binance experienced issues with APIs and withdrawal processing due to network issues with Amazon Web Services on August 23. Amazon has confirmed to The Block that AWS has experienced a temporary outage in the Asia Pacific (Tokyo) region.

Amazon Web Services (AWS) published their views on best CBDC design practices through an agile development lifecycle. This framework aligns the design of a CBDC to the goals of a particular central bank and its stakeholders. Each stage throughout this process encourages reflection on a central bank's policy vision and only recommends proceeding with a CBDC if alignment remains with all relevant policy goals.

Amazon Web Services (AWS) published Retail Central Bank Digital Currency: From Vision to Design, which outlines a framework that can help support policymakers in evaluating the interdependencies between central bank digital currency (CBDC) policy and technology choices. In a blog post, they summarized the key principles outlined in paper (see below). "The CBDC strategy framework starts with a central bank's policy goals and aligns those to design principles to create awareness of potential policy trade-offs. Then, the solution exploration phase aligns technology considerations to those principles, and competitive dynamics from the design are considered. Results from experimentation then feed back into design principles to make sure the technical solution aligns to policy goals."

"Avalanche price skyrocketed 35% from $12.23 to $16.55 mid-week. This followed the news that Ava Labs, the company behind the Avalanche blockchain project, had partnered with Amazon Web Services (AWS) to scale blockchain solutions access to institutions, governments and enterprises. It is expected that the news will sustain AVAX's recovery to higher levels."

The Bybit security breach is turning out to had been a supply-chain attack, which is way worse than initially anticipated. While most crypto hacks exploit phishing or hacked workstations, this attack was executed directly through a supply chain compromise of Safe {Wallet}'s UI infrastructure, enabling attackers to manipulate transactions at the source. The attackers breached Safe{Wallet}'s AWS S3 storage and injected malicious JavaScript directly into its UI. This means _every_ Safe user could had been affected. https://docsend.com/view/s/rmdi832mpt8u93s7

Multi-signature wallet provider Safe said that February 2025's $1.4 billion Ethereum heist from Dubai-based centralized exchange Bybit stemmed from a compromised developer laptop. The investigation's key findings highlighted a high-level Safe developer's workstation being compromised on February 4 when it interacted with a malicious docker project, or lightweight application. From there, the hackers were able to bypass multi-factor authentication on Safe's Amazon Web Services account, "hijacking" active AWS session tokens to do so. A Wayback Machine snapshot shows that two weeks after the initial compromise, malicious JavaScript was inserted on the Safe website, leading to the Bybit exploit on February 21.

"I cannot figure out why the Safe cold wallet, even though it is a web based application connecting to the internet, qualifies as a cold wallet. Bybit used a Safe wallet. Safe is an Orwellian term, like Liberty, Patriot, Truth. The wallet UI was hosted on a AWS S3 bucket a database in the Amazon cloud. All the postmortems point to the hacking of this UI with stolen Safe S3 credentials, leaked many months ago. Cold wallets are not for timely transactions as it takes a while for such multisig wallets to bridge between a disconnected wallet and the internet. Cold wallets can be as simple as a piece of paper with your private key or hardware cold wallets. Of course the bridging point is where it is most vulnerable. Maybe Safe was used because for people on the move like the Bybit CEO and his two co-signers, a wallet such as Safe is convenient. Calling it cold is a stretch."

"Today, the foundational invention of non-fungible tokens (NFTs) made popular by CryptoKitties is being applied to a broad set of use cases from digital art and in-game items, to digital identity credentials and land titling. "

ISDA also published a whitepaper that addresses some of the derivatives-related legal issues raised by the recent bankruptcies of major crypto exchanges and market participants. It focuses on the importance of close-out netting and collateral arrangements for derivatives referencing digital assets and identifies several areas of focus for policymakers and market participants to ensure greater certainty. This includes use of standardized contractual frameworks and further legal clarity from national authorities on the property status of digital assets.