Blockchain Lockbox: A New Hardware Wallet From Ledger Made Exclusively for Blockchain Wallet

Siamak Masnavi

On Thursday (25 October 2018), crypto company Blockchain (formerly known as "Blockchain.info"), announced a new custom hardware wallet ("Blockchain Lockbox") exclusively created for the Blockchain Wallet by French crypto hardware wallet specialist Ledger.

Here is how the news of this partnership was announced by Ledger on Twitter:

The press release was posted on Ledger's blog, and provided the following details:

  • "Blockchain Lockbox will allow Blockchain users to seamlessly and securely store crypto assets offline through a first-of-its kind integration of cryptocurrency hardware and software."
  • "The Lockbox offers Blockchain’s nearly 30 million users a tailored end-to-end solution that harnesses Blockchain’s innovative non-custodial software along with Ledger’s expertise in hardware security."
  • The Blockchain Lockbox, which is a customized Ledger Nano S hardware wallet, can be pre-ordered from today (with deliveries expected to take place around mid-November).
  • Early orders will get a limited edition of the Lockbox (in blue).
  • "Existing Ledger customers will be able to pair their Nano S devices to the Blockchain Wallet and benefit from the added functionality and ability to trade."

Peter Smith, co-founder and CEO of Blockchain, said:

“The Lockbox is a reflection of what our companies both do best. We’ve created an elegant software and hardware integration that offers more functionality than previously existed in our space. We’re thrilled to offer the Lockbox to Blockchain users so they can easily manage their funds online and offline seamlessly."

Pascal Gauthier, President of Ledger, added:

“With stories about crypto hacking continuing to dominate headlines, it’s obvious that security must be top of mind for all stakeholders in the crypto space. With the combined forces of Blockchain and Ledger, users are truly getting the best of both worlds. Our partnership with Blockchain is the first of its kind, but as two companies hyper-focused on crypto security, it’s one that’s a natural fit.”

Over on Blockchain blog, Peter Smith made a post titled "New Ways to Control Your Crypto". Here, he first listed some of the things his company was company had achieved during the past six years:

  • First "cross-platform, non-custodial, and cross-chain wallet"
  • "30 million wallets in 140 countries"
  • "Powering over $200 billion in consumer transaction volume and over 80 million consumer crypto transactions in the last two years alone"
  • "Helping our users store millions of BTC, BCH & ETH coins and generate over a quarter of bitcoin network traffic alone"

Then, Smith said that at the end of last year, his company noticed that these were the most common requests from their users:

  1. "Better, faster ways for new users get their first crypto and make their first transaction"
  2. "More storage types, like hardware, as users’ balances increased"
  3. "More assets as users want to store and use an increasingly diverse asset set"
  4. "Better, more reliable sources of liquidity as trading and investing across assets continues to increase"

The Blockchain Lockbox, he say, is designed to address the second of these problems:

"Lockbox is simple to use and is even more secure thanks to a locked endpoint that prevents phishing and spoofing attacks. It’s hardware made easy, with a setup that takes just a few moments thanks to our custom hardware-software integration. With Lockbox you’re able to check your balance and receive transactions, on mobile and web, without the inconvenience of having to plug your device in every time. In an industry first, you’ll also be able to trade directly from your Lockbox while still maintaining your keys. In conjunction with Lockbox, we’re also excited to let current Ledger device owners seamlessly pair with the Blockchain Wallet and trade directly from the Ledger device they already own."

One unique feature of the Blockchain Lockbox hardware wallet is crypto-to-crypto trades. This is enabled via another new feature of Blockchain Wallet: "Swap by Blockchain", which is "a next generation trading product with best-in-class liquidity and execution, powered by our new machine trading software platform that ensures best execution across assets." This will allow Blockchain Wallet users to "have access to exchange-like prices without giving up control of their keys or their crypto". Also, trade limits are being raised, "from hundreds to thousands of dollars of crypto per trade." 

Featured Image Courtesy of Blockchai

1.2 Million Ethereum dApps Have Used A Free Security Tool to Prevent Bugs

  • Free crypto security tool from Amberdata has now been used by 1.2 million Ethereum-based decentralized applications (dApps)
  • Researchers at Amberdata use a grading system (from A+ to F) to rate the overall security of apps.

Over 1.2 million Ethereum (ETH)-based decentralized applications (dApps) have reportedly used a security software program, developed by Amerdata (in October 2018), to prevent potential software bugs from adversely affecting their operating systems.

Amberdata’s free security tool may be used to detect vulnerabilities in dApps launched on the Ethereum blockchain. In the past year, vulnerabilities in smart contracts have resulted in huge losses for users - with some accounts losing hundreds of millions of dollars.

High Level Of Code Reuse Between Smart Contracts

As explained on its official website, Amberdata’s automated software scans dApps for the most commonly occurring software bugs (usually found in smart contracts). Based on its findings, the company’s security program assigns a letter grade (A, B, or C) which is used to assess how secure (or insecure) a dApp platform might be.

According to a research report published in early November 2018 (by the University of Maryland), most Ethereum-based smart contracts had been using potentially vulnerable code. Notably, 1.2 million contracts issued on Ethereum were “reduced” by the researchers to 5,877 clusters - as most contained similar code. The research team had said that due to the high level of code reuse between smart contracts, there were chances that even a greater number of such programs contained critical vulnerabilities.

As noted by Shawn Douglass, the CEO at Amberdata, the cybersecurity firm aims to provide "greater access and enhanced visibility into smart contracts.” Douglass remarked:

We hope that by providing these tools to the community, we can reduce outside dependencies and enable the community to develop faster and more safely.

13 Main Types Of Vulnerabilities Searched For In Smart Contracts

Commenting on the 13 different types of vulnerabilities that Amberdata’s software has been programmed to detect, Joanes Espanol, the firm’s CTO, said that each smart contract bug is comparable to “engine lights on [a vehicle’s] dashboard.” Espanol added:

It just means that I need to check what’s going on with the car. Any of these can result in security error.

Elaborating on how Amberdata’s grading system used works, Espanol mentioned that the greater the number of bugs detected in an app, the lower the grade assigned to the app. For instance, a dApp that may have an excessive amount of vulnerabilities might be assigned the letter “F” (lowest grade). Meanwhile, a dApp with zero or almost no vulnerabilities detected could receive a grade of “A+.”

TrueUSD-Related Vulnerabitlies Not "Critical"

In January, security researchers found that stablecoin platform TrueUSD had a potential vulnerability related to its “message call” function. Other issues found earlier this year with TrueUSD included one in its delegate call - which was used to issue smart contracts. Developed by blockchain firm, TrustToken the 1-to-1 USD-backed TrueUSD stablecoin is based on the Ethereum platform. At present, TrueUSD has been assigned a “C” security grade.

However, William Morriss, a security specialist at TrustToken, has claimed that the vulnerabilties were not critical. Morriss also said:

The vulnerabilities that are being reported are not ways in which we can be attacked. We are aware of them and when people bring vulnerabilities to us we treat them very seriously.