Youtube Video

Playing the video that you've selected below in an iframe

Neptune Mutual to Close Cover Marketplaces

5 min read
Neptune Mutual Final

After much deliberation and careful thought Neptune Mutual decided to close the cover marketplaces.

After much deliberation and careful thought Neptune Mutual decided to close the cover marketplaces. Below the reasons for the decision as well as what it means for the community.

The marketplaces will be closed using an emergency withdrawal process whereby the liquidity provided to cover pools by LPs will be returned to the wallet addresses from which the liquidity was supplied. In addition to protecting cover pool LPs, there will also be refunds to all cover policy purchasers with an existing and valid policy who have paid over 10 USD in policy fees in one transaction.

For veNPM holders, please fill out this form to receive a refund for your veNPM to NPM conversion penalty.

From the end of June there will no longer be NPM emission incentives for LPs i.e. Epoch 3 of the liquidity gauge emissions will be canceled.

Unused funds raised from financial backers will be returned to those backers; this includes DEX liquidity that has now been removed from SushiSwap and Uniswap. A small amount of liquidity on SushiSwap Arbitrum has been left to enable a minimum amount of NPM trading.

The protocol will be open sourced, and become a true public good. Enabling the community to fork the code developed by the Neptune Mutual team such that others might use the existing resources to further our mission to make the blockchain space better protected against smart contracts and other risks.

There are numerous factors that have led to this difficult decision, some of which are external factors which are uncontrollable or unforeseeable. A few factors summarized below:

CEX Listing#

“Given Neptune Mutual’s Tier 1 backers, why have you not listed on a top CEX?”

This is perhaps one of the most frequently asked questions. In short, the answer is that for a variety of reasons Neptune Mutual was not able to achieve the diverse set of performance metrics (community size and engagement, marketplace user activity, DEX 24 hour trading volume, TVL growth etc.) required to list on top tier CEX. The CEXs that are prepared to list NPM token do not have the depth of liquidity or breadth of user-base to offer good prospects for NPM tokenholders.

Growth Performance#

The above point invariably leads to the question

“Why has Neptune Mutual not achieved strong growth?”

It is tempting to take a shortcut to answer this question by pointing a finger at one specific factor, but the reality is that there are many contributing factors. A few summarized below:

The DeFiInsurance Narrative#

Since the outset of engaging with the community we have endeavored to highlight the need for DeFiInsurance; Neptune Mutual built a comprehensive dataset of on-chain hacks available, anywhere, and each week we highlight the many millions of dollars that are stolen as a result of smart contract hacks. Despite this, we have consistently been confronted by projects unwilling to spin up cover pools in our marketplace because of the sentiment that audits of their code are sufficient to persuade their community that their protocol is safe. Less than 0.3% of all digital assets are protected with some form of DeFiInsurance, and yet despite all the media reports of hacks, the conference discussions about the importance of governance or CEX proof-of-reserves, it continues to be the case that it is extremely difficult to get media attention to focus on the need for a fast and efficient means of mitigating smart contract risk.

A variety of approaches have been taken by different DeFiInsurance protocols to address this, from attending multiple conferences throughout the year and significant marketing spend, to the leaner approach that Neptune Mutual took (in part as a result of the bear market in 2023). What can be said is that no DeFiInsurance protocol has managed to achieve significant growth over the last 18 months, sadly the overall TVL of the sector has shrunk a lot.

Continue to Invest in Growth, or Refund?#

For all the reasons above, at this moment the best course of action is no longer to double-down on investing in growth, but rather to refund unused capital and close the marketplaces.

The consequences are very tough for the Neptune Mutual team who have spent the past 3 years of their time on the mission to facilitate  safer environments within DeFi.  The team has delivered products according to the roadmap and the fact that the protocol was never hacked, despite attempts being made on the darkweb, is testament to the expertise, passion and absolute focus on security.  The team survived the FTX and UST crisis unscathed, and believed that the continued growth in hacks would lead to growth in the demand for a good solution to mitigate these risks, but sadly, as can be seen right across the DeFiInsurance category, this is not yet in sight. So we would like to thank the team for all the dedication, skill and passion invested into the Neptune Mutual project since the outset.

What's Next?#

The team will open source the protocol, including blockchain indexing protocol (subgraph alternative), frontend, middleware, database, and backend code, to make it a true public good. This will allow anyone to fork the code and create covers by defining parameters and premium ranges, potentially leading to innovative covers and organic usage.

The Discord channel will be closed to reduce the risk of phishing and other types of cyber attack, any questions / queries will be responded to in the Telegram channel.

We want to take this final opportunity to thank you all for your support.

Disclaimer:#

Neptune Mutual will contact only its financial backers, with whom a signed agreement exists, in relation to next steps (i.e. holding NPM tokens does not qualify you for any form of refund). Contact will be made only from a neptunemutual.com domain email address so please check the source of any email you may receive very carefully. Please ignore any messages from any other email or social media accounts in relation to token/cash refunds.

By

Is Your Crypto Safe from Randstorm Vulnerability?

5 min read
Blog

Understand Randstorm vulnerability, affected platforms, and precautions against it.

Security and privacy are major concerns in the crypto space, a domain where the convergence of technology and finance creates fertile ground for both innovation and exploitation. The decentralized nature of cryptocurrencies, while offering advantages in terms of autonomy and enhanced security measures, also presents unique challenges in safeguarding digital assets.

The security of cryptocurrencies relies heavily on the robustness of their underlying technology and the vigilance of individual users. If a vulnerability in the technology is detected, it might lure malicious actors to exploit it.

The discovery of the "Randstorm" vulnerability by the cybersecurity firm Unciphered sends ripples through the cryptocurrency community. This newfound flaw, with its effect on billions worth of crypto assets, points to the fragility of digital security that could arise from older technology and slight oversight by the developers.

In this blog, we’ll explain the details and complexities of the Randstorm vulnerability, including affected platforms and users, mitigation efforts, and precautions against it.

Randstorm Vulnerability - Overview#

The cybersecurity company Unciphered made a rather fortunate discovery of the Randstorm vulnerability. The team stumbled upon this significant flaw while assisting a client who was locked out of their Bitcoin wallet. This incident led to a deeper investigation, revealing a systemic issue with far-reaching implications, specifically for the wallets generated using web browsers between 2011 and 2015. The information about the vulnerability was released on November 14th, 2023.

The name "Randstorm" aptly encapsulates the nature of the vulnerability. It signifies the chaotic and unpredictable "storm" in the randomness (hence "Rand") generation process used in cryptographic functions. This flaw compromises the integrity of the cryptographic keys, making them easy to crack or figure out. Consequently, the assets they protect become vulnerable to unauthorized access.

The scope of the Randstorm vulnerability is alarmingly extensive. It's estimated to affect millions of cryptocurrency wallets, putting approximately $2.1 billion in crypto assets at risk. The vulnerability is not confined to Bitcoin alone; other popular cryptocurrencies such as Dogecoin, Litecoin, and Zcash are also under threat due to their reliance on similar cryptographic mechanisms during the period.

For users concerned about the security of their assets, you can use a resource at www.keybleed.com. People can use this platform to see if their wallets are among those that the Randstorm vulnerability has exposed.

Technical Details of the Randstorm Vulnerability#

Central to the Randstorm vulnerability is the SecureRandom function within the JSBN (JavaScript Big Number) library of the BitcoinJS suite. BitcoinJS has been widely used for creating cryptocurrency wallets directly in web browsers, a practice particularly prevalent from 2011 to 2015.

The issue lies in how SecureRandom generates the random numbers that form the backbone of private keys. According to the report, the function generated the private keys with “insufficient entropy,” meaning that the private keys didn’t have enough randomness.

This shortfall implies that the "randomly" generated numbers are not as unpredictable as required. As a result, rendering the private keys of wallets become possible through brute-force attacks or other cryptographic analysis methods.

The absence of a CVE (Common Vulnerabilities and Exposures) is the factor that made the issue worse. This absence signifies the intricate nature of the flaw and the challenges in its identification and resolution.

The Randstorm vulnerability casts a wide net, affecting a range of projects and platforms that incorporate the BitcoinJS library. Among these, several projects have since become inactive, yet the wallets created during their operation remain susceptible. These include BrainWallet, CoinPunk, and QuickCoin, platforms that once offered wallet generation services but are no longer operational.

In addition, active and prominent platforms such as Blockchain.comBitgoDogechain.info, and some others also utilized the BitcoinJS library. The continued operation and significant user base of these platforms underscore the urgency and scale of addressing the Randstorm vulnerability.

Response and Mitigation Efforts against Randstorm#

Since the identification of the Randstorm vulnerability in January 2022, Unciphered has undertaken a series of proactive measures to address and mitigate the potential fallout. The initial step involved extensive notifications to various blockchain and wallet services that were potentially impacted.

This list of notified entities includes Blockchain.com, BitGo, Dogechain.info, BitPay, Blockstream Green, Bitaddress.org, Coinkite, and BitcoinJS. The aim was to ensure that these platforms were aware of the vulnerability and could take immediate steps to protect their users.

Addressing the vulnerability is not as straightforward as issuing a simple patch. The core of the problem lies in the cryptographic keys generated during the affected period. These keys, once created, remain permanent and continue to secure the wallets and the assets within.

In light of this, the users with wallets generated between 2011 and 2015 are suggested to transfer their assets to wallets generated more recently with updated and secure software.

As of the most recent updates, there is no evidence to suggest that malicious actors have actively exploited the Randstorm vulnerability. However, this absence of reported breaches shouldn’t be the cause of negligence. But rather, it should be a cue for heightened vigilance and taking precautions.

The Unciphered team has exercised utmost discretion and responsibility in handling the disclosure of the issue from their side. They have deliberately refrained from publicizing specific details of the vulnerability, preventing the information from reaching malicious actors.

About Neptune Mutual#

Similar to the Randstorm vulnerability, DeFi and the blockchain ecosystem could have potential threats that are yet to be discovered, posing a significant risk to your funds and digital assets. So, the necessity for robust protective measures is essential. This is where Neptune Mutual steps in, offering a safety net for users against such threats.

Neptune Mutual is a DeFi insurance protool, operating on a parametric model that is dedicated to safeguarding your investments against threats that pervade the DeFi ecosystem.

Our platform offers a versatile marketplace where projects can establish cover pools tailored to their specific products. We invite you to engage with us through our contact page; our team is ready to assist you in creating cover pools and setting parameters that align with your requirements.

Neptune Mutual's reach extends across various networks, including EthereumArbitrum, and BNB Smart Chain. So, it has allowed our marketplace to reach various projects in DeFi, CeFi, or the Metaverse.

We also invite Liquidity Providers (LPs) to contribute liquidity to our cover pools. With that, LPs not only earn rewards but also play a crucial role in enhancing the platform's capacity to underwrite risks effectively.

Follow us on X (Twitter) and join our vibrant community on Discord to get informed about Neptune Mutual's latest offerings and updates.

By

Tags

Blog Unciphered Randstorm Vulnerability Private Key Compromise Parametric Insurance

Related Posts

More Related Posts

Collaboration between Neptune Mutual and SushiSwap

Explore Neptune Mutual's ongoing collaboration with SushiSwap offering several benefits.

Blog

Protecting Your Intellectual Property in Web3

Learn about the effective strategies to protect your intellectual properties in Web3.

Blog

Joining Dots Between Neptune Mutual and Arbitrum

Understand the aligning of Neptune Mutual with Arbitrum for enhancing cover protection.

Blog