Beam Mimblewimble Wallet Vulnerability Found & Fixed, Days After Mainnet Release

Developers of the Beam Wallet have discovered and fixed a critical vulnerability in their software. The announcements of the discovery and the fix came simultaneously, on Twitter and on the startup’s official blog.

The Beam team posted detailed instructions for users to follow in order to update their wallets, and said that the vulnerability affects all previously released versions of the wallet.

They note, critically, that they themselves discovered the vulnerability, and that:

So far, we are not aware of Beam’s users being affected by this vulnerability. We are working with various providers in the ecosystem to upgrade their systems.

Beam Mimblewimble

Beam (the company) is a payment solution provider most prominently serving the United Arab Emirates. The wallet software is notable for its implementation of Mimblewimble, a privacy protocol that can greatly enhance privacy without using a lot of memory for transactions.

Mimblewimble transactions, unlike with public blockchains, are not (necessarily) visible in a blockchain explorer. The protocol makes use of both “blinding factors” and CoinJoin, to bundle many transactions together and encrypt their contents to all but the senders and receivers of transactions. One of Beam’s objectives is to create the option for publically visible transactions.

Beam released its Mimblewimble mainnet only on January 3, stating at the time (correctly, it seems) that because “Beam is of innovative nature, this Version, even though developed in accordance to state of the art, is likely to: (i) contain bugs, defects, or errors.”

But the software is indeed state of the art, and is the first released implementation of the Mimblewimble idea and protocol. A competing Mimblewimble blockchain, called Grin, is set to launch its own mainnet in a few days. Grin even got a mention in a recent article in The Guardian on the subject of Bitcoin’s tenth birthday.

CME Looks to Double Bitcoin Futures Limit, but Is This Wise?

The Chicago Mercantile Exchange (CME) has a new request for its regulator, as it looks to double open position limits on bitcoin futures contracts in the face of significant interest.

Nasdaq reports that the CME has already petitioned its regulatory body, the Commodity Futures Trading Commission (CTFC), asking for an increase from 1000 contracts per spot month to 2000 per investor. Each contract represents five BTC, so essentially, at its peak,  a single investor's total position may edge towards a monumental 10,000 BTC.

This is in direct response to the contract's recent growth which is currently depicting record levels of activity, citing $370 million being traded per day. A spokesperson for the CME noted that the idea to increase limits was proposed on the continued maturity of the market:

Based on the significant growth and acceptance of our financially-settled CME Bitcoin futures markets, as well as our analysis of the underlying bitcoin market.

However, as Nasdaq writes the increase in the upper limit of positions is somewhat superfluous. As of July, the number of open interest contracts reached an all-time high of just 6100; given this, it seems the CME may be future-proofing.

Open to Manipulation?

However, concerns remain about the limit increase, as without them, the potential for manipulation rises; often to the detriment to the underlying asset. Although, as per the CTFC website, the threat of manipulation from bitcoin futures contracts is "low":

In general, position limits are not needed for markets where the threat of market manipulation is non-existent or very low.

Instead, Nasdaq posited that this might point to a lessening on the CTFC's strict rule of bitcoin; as well as a maturing of the market in general.

Nevertheless, some believe the CME's bitcoin futures contracts do pose a significant threat to the price of BTC; with some suggesting that blatant manipulation continues unchecked within the market.

As reported, there seems to be a correlation between the expiry dates of CME bitcoin futures contracts and a lull in the price point of BTC. In several instances, a significant drop in bitcoin's price has coincided with a closure from the CME. The most recent example of this occurred on Labor Day, September 2, when bitcoin rose an extraordinary 8% shortly after the CME shut.

Crypto analyst, Alex Kruger, highlighted this, noting the large gaps which formed on the CME chart, from the price discrepancy before and after closing.

This has become a pretty accepted practice within the market. Kruger has even gone to the lengths of compiling statistics each time this phenomenon transpired:

On these occasions, bitcoin cited an average 4.6% price discrepancy following the close of the CME.

Whether this is a coincidence or the market is indeed being actively manipulated is as yet unclear. Either way, with the increase of these limits it might be only a matter of time until we know for sure.

Featured Image Credit: Photo via