WuBlockchain Weekly: Ordinals Added to Vulnerability Database, and Top10 News

1. U.S. Reveals November Unadjusted CPI Yearly Rate at 3.1%, the Lowest Since June This Year link

The seasonally adjusted Consumer Price Index (CPI) in November in the United States showed a year-on-year rate of 3.1%, meeting expectations of 3.10%. This marks a decrease from the previous value of 3.20% in October and represents the lowest level since June of this year. The seasonally adjusted core CPI for November exhibited a year-on-year rate of 4%, in line with expectations and unchanged from the previous month.

For the month of November, the seasonally adjusted CPI rose by 0.1%, surpassing the expected 0.00% and showing a slight increase from the previous month’s 0.00%. The core CPI for the same period had a monthly rate of 0.3%, reaching the highest level since September this year and exceeding the anticipated 0.30%, compared to the previous value of 0.20%.

2. Fed’s FOMC Keeps Interest Rates Unchanged, Anticipates Three Rate Cuts in 2024, Earliest in Spring link

The Federal Reserve of the United States announced on Wednesday that it would maintain the target range for the federal funds rate at 5.25%-5.50%. However, it revised down the interest rate outlook for the end of 2024 to 4.6%, which is lower than the projection of 5.1% made three months ago. The Fed stated that tighter fiscal and credit conditions might impact economic activity, hiring, and inflation, but the extent of these effects remains uncertain. The quarterly economic forecasts from the Fed indicate an expectation for the core inflation rate to decrease to 3.2% in 2023 and further decline to 2.4% in 2024. The projected real GDP growth rate for 2024 has been revised down from 1.5% to 1.4%.

According to reports from Wall Street, the pace of this year’s inflation decline is much faster than officials anticipated, with most officials expecting three interest rate cuts in 2024. Federal Reserve Board Governor Christopher Waller mentioned that if inflation performs exceptionally well, the central bank could theoretically start cutting rates in the spring.

3. Bitcoin Ordinals Added to the U.S. National Vulnerability Database link

On December 9, the National Vulnerability Database (NVD) in the United States flagged Bitcoin Ordinals as a cybersecurity risk, urging people to pay attention to this vulnerability. Being added to the NVD list means that a specific cybersecurity vulnerability has been identified and confirmed. This database is managed by the National Institute of Standards and Technology (NIST), which is a subsidiary of the U.S. Department of Commerce. Previously, Bitcoin Core developer Luke Dashjr stated that the vulnerability exploited by Ordinals in Bitcoin Core client had been assigned a specific vulnerability identifier, CVE-2023–50428.

According to Cosmos, the founder of SlowMist, Bitcoin Ordinals has been assessed as having a moderate risk level of 5.3 in the National Vulnerability Database. It is described as follows: “In Bitcoin Core through version 26.0 and Bitcoin Knots through version 25.1.knots 20231115, the size limitation of data carriers can be bypassed by obfuscating the data as code (e.g., using OP_FALSE OP_IF), as exploited in 2022 and 2023 by Ordinals.”

4. CFTC Chairman Rostin Behnam States Most Cryptocurrencies Are Commodities link

CFTC Chairman Rostin Behnam stated on CNBC’s “Squawk Box” program that, according to current laws, most cryptocurrencies are considered commodities. He also acknowledged an ongoing “turf war” among regulatory agencies regarding who has the authority to oversee the cryptocurrency industry, particularly the issue of whether it falls under the jurisdiction of the SEC or CFTC.

CNBC reports that Gary Gensler, the chairman of the U.S. Securities and Exchange Commission (SEC), stated regarding the approval process for a physically-backed Bitcoin ETF and the approval window in early January: “We’ve got 8 to 12 filings, I won’t pre-judge anything. We’ve turned down a lot of these in the past, but the D.C. Circuit has weighed in on this. So, we’re going to take a fresh look based on some of those court opinions.”

5. Tether Freezes Multiple Cryptocurrency Wallets Related to Sanctions link

Stablecoin issuer Tether froze 41 wallets associated with individuals on the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) specially designated nationals (SDN) list on December 9. Tether described these actions as “preventative measures” in a blog post. On-chain data indicates that several wallets had been using the privacy mixer service Tornado Cash over the past six months. Tether CEO Paolo Ardoino stated, “By voluntarily freezing wallet addresses newly added to the SDN list and those added before, we will further strengthen the responsible use of stablecoin technology and promote a more secure stablecoin ecosystem for all users.”

On December 11, Tether froze an additional 161 Ethereum wallets, with 150 of them currently holding no USDT. The remaining 11 wallets collectively hold over 3.5 million USDT, with one address holding around 3.4 million USDT. Blockchain analyst ZachXBT linked this address to the recent hacking of Stake. Among the other wallets, two hold approximately 20,000 USDT each, another holds nearly 60,000 USDT, and one wallet holds only 0.16 USDT.

6. MetaMask Announces Collaboration with Payment Platforms in Six Countries link

MetaMask has announced collaborations with payment platforms in six countries, including VietQR and Mobile Money in Vietnam, GCash in the Philippines, QRIS in Indonesia, Thai QR in Thailand, Vodafone Cash in Egypt, and Webpay in Chile. Additionally, MetaMask has expanded its support to enable local transfers in Vietnam, Malaysia, Japan, and South Korea.

7. SEC: Despite Binance’s Settlement with the U.S. Department of Justice, SEC Lawsuit Against Binance Should Continue link

The SEC has stated that Binance Holdings Ltd. recently reached a $4.3 billion settlement agreement with the Department of Justice and other U.S. authorities, supporting its lawsuit against the exchange. While the SEC was not part of this agreement, it argued on Friday that the federal court in Washington handling the case should weigh the statements made by Binance and its former CEO CZ in the settlement agreement reached on November 21. Binance and CZ have requested the court to dismiss the SEC’s lawsuit. The settlement agreement with the U.S. government concludes investigations by the Department of Justice, Treasury Department, and CFTC over several years, but it does not include the SEC.

8. OKX’s Weekly Summary

a. OKX Executes the 22nd OKB Repurchase and Burn, Approximately $630 Million link

On December 14th, OKX executed its 22nd OKB repurchase and burn, acquiring and destroying approximately 10.53 million OKB tokens, equivalent to around $630 million. This marks a new record high in the value of OKB burned. OKX had previously stated that the repurchases are conducted based on seasonal market conditions and operational performance, without disclosing specific rules for the burns.

b. OKX DEX Suspected Victim of Hack, Analysis Suggests Potential Compromise of Permissioned Account Private Keys link

On December 13th, a community user’s wallet funds were stolen, and all the stolen wallets were authorized to OKX DEX. The attacker targeted the deployment of the OKX DEX: Aggregation Router smart contract, and the directly attacked proxy has been removed. The extent of the impact still needs further investigation to be determined.

OKX Response: After verification, this incident resulted from the theft of management permissions for a deprecated OKX DEX liquidity provider contract. Eighteen addresses that had authorized this contract had their assets transferred. The affected contract has been deactivated, and all user assets have been confirmed as secure. Users impacted by this incident suffered losses of approximately $370,000, and the platform will compensate them as soon as the tally is complete. Additionally, the platform will initiate legal proceedings to recover the relevant losses. Going forward, the platform will conduct a security review, reevaluate all related deprecated contracts to prevent such incidents from occurring again.

9. U.S. IRS Demands FTX to Pay $24 Billion in Unpaid Taxes link

FTX’s lawyers, in a new filing submitted to the Delaware bankruptcy court, argue that the Internal Revenue Service (IRS) should substantiate its claims against FTX and clarify how it estimates the back taxes it claims FTX owes. Although FTX asserts that it does not owe any debt to the IRS, the tax agency is seeking as much as $24 billion, more than three times the amount FTX must pay to compensate creditors for their losses. The IRS claims the owed $24 billion is related to income taxes, employment taxes, and penalties owed by FTX and its affiliated entities for the period from 2018 to 2022. This is not the final figure, as the tax agency is still continuing its audit. The IRS initially filed a preliminary claim in April for around $44 billion, revised the figure to $43 billion in September, and reduced it to $24 billion in November.

10. Ledgerconnect Suite Attacked, Resulting in Extensive Damage to Numerous DApps link

On the evening of December 14th, the Ledgerconnect suite was attacked, leading to significant damage to numerous decentralized applications (dapps), including SushiSwap, Zapper, Revoke.cash, Kyber Network, Balancer, and others. The operators of these dapps have stated that they are avoiding or disabling their frontend UIs.

SlowMist’s co-founder,余弦, has warned that one of Ledger’s modules was compromised through a supply chain attack, particularly highlighting the risk as the full extent of the impact is unknown. Many dapps may rely on the poisoned library, ledgerhq/connect-kit. Users are advised to exercise caution when interacting with any DApp-related operations and ensure that the information for wallet signing requests is as expected.

Ledger has reported that they have identified and removed the malicious version of the Ledger Connect Kit. They are actively pushing legitimate versions to replace the compromised files. Users are advised not to interact with any dApps temporarily. Ledger assures that user devices and Ledger Live have not been compromised.

Fundraising

Seam Social announces the completion of a $2.5 million seed funding round with 1kx leading the investment. link
Matr1x completes a new funding round with full participation from OKX Ventures. link
Bitcoin mining company Bit Origin secures $6.74 million in financing for its new mining facilities. link
LineNext raises $140 million in funding, claiming to be the largest blockchain financing in Asia this year. link
Jiannan plans to raise $125 million through preferred stock financing and has already raised $25 million. link
Andalusia Labs raises $48 million in Series A funding. link
NodeKit’s team raises $1.2 million in the previous seed funding round. link
A former Credit Suisse executive launches a crypto trading platform and secures $14 million in funding. link
Digital asset exchange GFO-X announces the completion of a $30 million Series B funding round. link
French AI startup Mistral AI secures $415 million in funding with a16z leading the investment. link

Learn more, check out crypto-fundraising.info.