TheDinarian
News • Business • Investing & Finance
? The Dinarian on Locals brings you the latest in news, interviews, in-depth conversations, and stories from across the blockchain and global communities—within and beyond cryptocurrency ?. Experts delve into how blockchain technology is reshaping industries, enhancing business networks ?, transforming transaction workflows, and advancing distributed ledger systems ??. We also explore intriguing topics that may venture into the realm of conspiracies—and so much more!
Interested? Want to learn more about the community?
How Secure Is the Ethereum Sitting in Your MetaMask Wallet?

Security and privacy experts say it's become alarmingly common for people to report vulnerabilities on public forums like Twitter because they otherwise get ignored.

It’s been an unrelenting week for MetaMask developers.

Reacting to the news that $4.5 million worth of funds had been drained from thousands of software wallets on Solana, the team behind MetaMask—far and away the most popular software wallet for Ethereum and Ethereum-compatible networks—combed through the wallet's codebase to make sure users would not be affected by a similar hack.

That kind of fire drill has been repeated elsewhere. On reports that the Near Wallet might have a vulnerability similar to the hacked Solana wallets, the protocol’s Twitter account said Thursday night that it’s “highly recommended” users change their security settings.

Scanning for vulnerabilities after there’s been an exploit is one way that developers handle security. Ideally, they find them before they’ve been exploited. MetaMask has said previously that it’s working to reorganize its teams to better respond to security issues, but there are signs that it’s struggling to keep up.

In a recent example, Aurox CEO Giorgi Khazaradze said he found MetaMask’s team to be unresponsive when he tried to tip them off about a vulnerability in June.

He told Decrypt that his team was looking at MetaMask’s codebase—which is open source and viewable in its GitHub repository—because they’re building their own browser extension wallet.

The wallet has been announced, but not yet launched. When it does, it’ll be competing with MetaMask. To put it plainly: That means Khazaradze stands to benefit from casting doubt on what is, far and away, the biggest competitor for his new product.

After all, ConsenSys, the company that develops MetaMask (and, full disclosure, an investor in Decrypt), just closed a $450 million Series D round at a $7 billion valuation—helped in large part by the rate at which MetaMask has been attracting new users. As of March, MetaMask had more than 30 million monthly active users, a 42% increase over the 21 million it had in November 2021.

Khazaradze said his team realized that it would be possible to use an HTML element called an inline frame, or iframe, to add a hidden decentralized app, or dapp, to a webpage.

That would mean an attacker could hypothetically create a page that looks like a legit application, but connects to another that the MetaMask user never sees. So instead of swapping some Ethereum for coins to support a new project or buying an NFT, the user could unwittingly be sending their crypto straight to a thief’s wallet.

This kind of vulnerability could take advantage of the fact that MetaMask automatically prompts users to connect to a dapp if it detects one on a webpage. It’s standard behavior for the browser extension version of MetaMask. Outside the context of vulnerabilities and attackers, it’s a feature that puts fewer clicks between a user and their ability to interact with dapps.

It’s similar, but not quite the same, as a clickjacking vulnerability that MetaMask paid a $120,000 bounty for in June. With that, an attacker hides MetaMask itself on a webpage and tricks the user into revealing private data or transferring funds.

“That’s a different vulnerability. That was within MetaMask itself. Basically, you could iframe MetaMask and then clickjack people,” Khazaradze said. “Whereas the one we found is iframing dapps. The wallet automatically connects to those dapps, which can allow an attacker to trick you to perform specific transactions.”

Khazaradze said he attempted to contact MetaMask about the vulnerability on June 27. First he tried the company’s support chat feature and said he was told to make a post on the app’s GitHub. But he didn’t feel comfortable doing that.

He said he then emailed MetaMask support directly, but got an unhelpful response: “We are experiencing extremely high volumes of inquiries. In an effort to improve our efficiencies on responding to support inquiries, direct emails to support are no longer enabled.”

At that point, Khazaradze said he gave up trying to let the team know about the vulnerability and reached out to Decrypt.

MetaMask responds
Herman Junge, a member of MetaMask’s security team, told Decrypt that the app’s support team wouldn’t have wanted an iframe vulnerability listed on GitHub.

“At MetaMask, we take iframe reports seriously and give them due procedure through our bug bounty program at HackerOne. If a security researcher sends their report using another instance, we invite them to go to HackerOne,” he said in an email. “We don’t have in our records any message where we encourage researchers to post an iframe report into GitHub.”

In an email conversation with MetaMask public relations, Decrypt described the vulnerability that the Aurox team claims to have found. In his emailed statement, Junge didn’t acknowledge the purported vulnerability or say that MetaMask would be investigating the issue.

He did, however, say that publishing an active security issue before the app’s team has a chance to address it can “put innocent people at unnecessary risk.” But so far, the language used in its support messages doesn’t mention anything about HackerOne, where MetaMask launched a bug bounty program in June.

Resorting to 'spectacle'
In the security community, it’s professional courtesy to privately notify a company about a vulnerability for the same reason it’s courteous not to shout that someone’s fly is down. The discretion gives them a chance to fix it before other people notice.

Reporting vulnerabilities discreetly keeps the information away from people who would exploit it before developers have had a chance to implement a fix. But when the reporting process is confusing or the recipient seems unresponsive, vulnerabilities go public before there’s a fix, usually in an effort to force the team to act.

Janine Romer, a privacy researcher and investigative journalist, said she’s seen lots of instances of people trying discreet lines of communication first and then switching to Twitter to report vulnerabilities.

“Similar things happen with Bitcoin wallets where the only way sometimes to get attention for stuff is to just tweet at people, which is bad. That should not be the way that things are handled,” she told Decrypt. “It should also be possible to report things privately and not have to make a public spectacle. But then it kind of incentivizes people to make a public spectacle because nobody's answering privately.”

In January, Alex Lupascu, co-founder of Omnia Protocol, said on Twitter that he and his team found a “critical privacy vulnerability” in MetaMask and linked to a blog post describing how an attacker could exploit it.

Harry Denley, a security researcher who works with MetaMask, replied to ask if the team had been notified or said they were working on it. Lupascu said they had, but that he first made his report five months ago and the vulnerability was still exploitable.

Eventually MetaMask co-founder Dan Finlay weighed in.

“Yeah, I think this issue has been widely known for a long time, so I don’t think a disclosure period applies,” he wrote on Twitter. “Alex is right to call us out for not addressing it sooner. Starting to work on it now. Thanks for the kick in the pants, and sorry we needed it.”

Safely using software wallets
A couple months later, the aforementioned bug bounty program was launched. It’s not as though all MetaMask vulnerability reports go unaddressed. Web3 security firm Halborn Security reported a vulnerability that could impact MetaMask users in June and got a hat tip from the MetaMask Twitter account for it.

David Schwed, Halborn’s chief operating officer, said he found the MetaMask team responsive. They addressed and patched the vulnerability. Even so, he said users should be cautious about keeping any substantial funds in a software wallet.

“I wouldn’t necessarily take a shot at MetaMask. MetaMask serves a certain purpose right now. Now if I was an organization, I wouldn’t store hundreds of millions of dollars on MetaMask, but I probably wouldn’t store it on any particular wallet,” he said. “I would diversify my holdings and self-custody and use other security practices to manage my risk.”

For him, the safest and most responsible way to use software wallets is to keep private keys on a hardware security module, or HSM. Two of the most popular hardware wallets, as they’re also known in crypto, include the Ledger and Trezor.

“At the end of the day, that’s what’s actually storing my private keys and that’s where the signing of the transactions is actually happening,” Schwed said. “And your [browser] wallet is really just a mechanism to broadcast out to the chain and construct the transaction.”

Closing the gap
The problem is that not everybody uses browser extension wallets that way. But there have been efforts to address it, both by giving developers better guidance on how to build security into their apps and teaching users how to keep their funds safe.

That’s where the CryptoCurrency Certification Consortium, or C4, comes in. It’s the same organization that created the Bitcoin and Ethereum professional certifications. Fun fact: Ethereum creator Vitalik Buterin helped write the Certified Bitcoin Professional exam before he invented Ethereum.

Jessica Levesque, executive director at C4, said there’s still a big knowledge gap for new crypto adopters.

“What’s kind of scary about this is that people who have been around crypto for a long time probably are like, it’s pretty clear you shouldn’t keep a lot of money on MetaMask or any hot wallet. Move it off,” she told Decrypt. “But most of us, when we first started, we didn’t know that.”

On the other end of things, there’s been a prevailing assumption that open-source projects are more secure because their code is available for review by independent researchers.

In fact, on Wednesday, in light of the Solana wallet hack, a developer who goes by fubuloubu on Twitter, garnered a lot of attention for saying it’s “irresponsible not to have open source code in crypto.”

Noah Buxton, who leads Armanino’s blockchain and digital asset practice and sits on C4’s CryptoCurrency Security Standard Committee, said the low visibility of smaller projects or offers to pay bug bounties in native tokens can act as a disincentive for researchers to spend their time looking at them.

“In open source, the attention of developers is driven largely by either notoriety or some monetization,” he said. “Why spend time looking for bugs on a new decentralized exchange when there’s very little liquidity, the governance token isn’t worth anything and the team wants to pay you in the governance token for a bounty. I would rather spend time on Ethereum on another layer 1.”

https://decrypt.co/106848/how-secure-ethereum-metamask-wallet

Interested? Want to learn more about the community?
What else you may like…
Videos
Podcasts
Posts
Articles
September 07, 2025
Utility, Utility, Utility

🚨Robinhood CEO - Vlad Tenev says: “It’s time to move beyond Bitcoin and meme coins into real-world assets!”

For up to date cryptocurrencies available through Robinhood:
https://robinhood.com/us/en/support/articles/coin-availability/

00:00:24
September 06, 2025
3 Companies Control 80% Of U.S. Banking👀

3 companies. 80% of U.S. banking. You need to know their names.

Watch us break it down in the latest Stronghold 101

00:03:58
September 06, 2025
We Have Been Lied To, For Far To Long!

Impossible Ancient Knowledge That DEBUNKS Our History!

Give them a follow:

Jays info:
@TheProjectUnity on X
youtube.com/c/ProjectUnity

Geoffrey Drumms info:
@TheLandOfChem on X
www.youtube.com/@thelandofchem

00:18:36
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading
Pyth Network DAO

Beyond revenue, the Phase 2 proposal asks for the DAO to consider whether and how the network can deliver value back to the community.

This new product could fuel the DAO, and the DAO should consider whether it wants to support buybacks, rewards, and strengthening the network for all stakeholders.

Looking ahead to Phase 3: Total market coverage.

→ 200–300 new symbols added each month
→ 3K+ by year-end, 10K+ in 2026
→ Complete coverage across: trading venues, OTC markets, permissioned & unpermissioned DeFi

Pyth will become the most comprehensive financial data layer in the world.

https://x.com/PythNetwork/status/1963255788698484942

🚨BREAKING: Ledger CTO Charles Guillemet warns of a supply chain attack in the JavaScript ecosystem after an NPM account compromise.

He advises users to carefully verify every transaction if using a hardware wallet, and to avoid on-chain transactions entirely if they don’t.

Stay safe.

https://x.com/CoinDesk/status/1965110299456847944

$ETH ETF outflow of $96,700,000 🔴 yesterday.

BlackRock sold $192,700,000 in Ethereum.

post photo preview
post photo preview
The Great Onboarding: US Government Anchors Global Economy into Web3 via Pyth Network

For years, the crypto world speculated that the next major cycle would be driven by institutional adoption, with Wall Street finally legitimizing Bitcoin through vehicles like ETFs. While that prediction has indeed materialized, a recent development signifies a far more profound integration of Web3 into the global economic fabric, moving beyond mere financial products to the very infrastructure of data itself. The U.S. government has taken a monumental step, cementing Web3's role as a foundational layer for modern data distribution. This door, once opened, is poised to remain so indefinitely.

The U.S. Department of Commerce has officially partnered with leading blockchain oracle providers, Pyth Network and Chainlink, to distribute critical official economic data directly on-chain. This initiative marks a historic shift, bringing immutable, transparent, and auditable data from the federal government itself onto decentralized networks. This is not just a technological upgrade; it's a strategic move to enhance data accuracy, transparency, and accessibility for a global audience.

Specifically, Pyth Network has been selected to publish Gross Domestic Product (GDP) data, starting with quarterly releases going back five years, with plans to expand to a broader range of economic datasets. Chainlink, the other key partner, will provide data feeds from the Bureau of Economic Analysis (BEA), including Real Gross Domestic Product (GDP) and the Personal Consumption Expenditures (PCE) Price Index. This crucial economic information will be made available across a multitude of blockchain networks, including major ecosystems like Ethereum, Avalanche, Base, Bitcoin, Solana, Tron, Stellar, Arbitrum One, Polygon PoS, and Optimism.

This development is closer to science fiction than traditional finance. The same oracle network, Pyth, that secures data for over 350 decentralized applications (dApps) across more than 50 blockchains, processing over $2.5 trillion in total trading volume through its oracles, is now the system of record for the United States' core economic indicators. Pyth's extensive infrastructure, spanning over 107 blockchains and supporting more than 600 applications, positions it as a trusted source for on-chain data. This is not about speculative assets; it's about leveraging proven, robust technology for critical public services.

The significance of this collaboration cannot be overstated. By bringing official statistics on-chain, the U.S. government is embracing cryptographic verifiability and immutable publication, setting a new precedent for how governments interact with decentralized technology. This initiative aligns with broader transparency goals and is supported by Secretary of Commerce Howard Lutnick, positioning the U.S. as a world leader in finance and blockchain innovation. The decision by a federal entity to trust decentralized oracles with sensitive economic data underscores the growing institutional confidence in these networks.

This is the cycle of the great onboarding. The distinction between "Web2" and "Web3" is rapidly becoming obsolete. When government data, institutional flows, and grassroots builders all operate on the same decentralized rails, we are simply talking about the internet—a new iteration, yes, but the internet nonetheless: an immutable internet where data is not only published but also verified and distributed in real-time.

Pyth Network stands as tangible proof that this technology serves a vital purpose. It demonstrates that the industry has moved beyond abstract "crypto tech" to offering solutions that address real-world needs and are now actively sought after and understood by traditional entities. Most importantly, it proves that Web3 is no longer seeking permission; it has received the highest validation a system can receive—the trust of governments and markets alike.

This is not merely a fleeting trend; it's a crowning moment in global adoption. The U.S. government has just validated what many in the Web3 space have been building towards for years: that Web3 is not a sideshow, but a foundational layer for the future. The current cycle will be remembered as the moment the world definitively crossed this threshold, marking the last great opportunity to truly say, "we were early."

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto Donations👇
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
US Dept of Commerce to publish GDP data on blockchain

On Tuesday during a televised White House cabinet meeting, Commerce Secretary Howard Lutnick announced the intention to publish GDP statistics on blockchains. Today Chainlink and Pyth said they were selected as the decentralized oracles to distribute the data.

Lutnick said, “The Department of Commerce is going to start issuing its statistics on the blockchain because you are the crypto President. And we are going to put out GDP on the blockchain, so people can use the blockchain for data distribution. And then we’re going to make that available to the entire government. So, all of you can do it. We’re just ironing out all the details.”

The data includes Real GDP and the PCE Price Index, which reflects changes in the prices of domestic consumer goods and services. The statistics are released monthly and quarterly. The biggest initial use will likely be by on-chain prediction markets. But as more data comes online, such as broader inflation data or interest rates from the Federal Reserve, it could be used to automate various financial instruments. Apart from using the data in smart contracts, sources of tamperproof data 👉will become increasingly important for generative AI.

While it would be possible to procure the data from third parties, it is always ideal to get it from the source to ensure its accuracy. Getting data directly from government sources makes it tamperproof, provided the original data feed has not been manipulated before it reaches the oracle.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
List Of Cardano Wallets

Well-known and actively maintained wallets supporting the Cardano Blockchain are EternlTyphonVesprYoroiLaceADAliteNuFiDaedalusGeroLodeWalletCoin WalletADAWalletAtomicGem WalletTrust and Exodus.

Note that in case of issues, usually only queries relating to official wallets can be answered in Cardano groups across telegram/forum. You may need to consult with specific wallet support teams for third party wallets.

Tips

  • Its is important to ensure that you're in sole control of your wallet keys, and that the keys used can be restored via alternate wallet providers if a particular one is non-functional. Hence, put extra attention to Non-Custodial and Compatibility fields.
  • The score column below is strictly a count of checks against each feature listed, the impact of specific feature (and thus, score) is up to reader's descretion.
  • The table represents current state on mainnet network, any future roadmap activities are out-of-scope.
  • Info on individual fields can be found towards the end of the page.
  • Any field that shows partial support (eg: open-source field) does not score the point for that field.

Brief info on fields above

  • Non-Custodial: are wallets where payment as well as stake keys are not shared/reused by wallet provider, and funds can be transparently verified on explorer
  • Compatibility: If the wallet mnemonics/keys can easily (for non-technical user) be used outside of specific wallet provider in major other wallets
  • Stake Control: Freedom to elect stake pool for user to delegate to (in user-friendly way)
  • Transparent Support: Easy approachability of a public interactive - eg: discord/telegram - group (with non-anonymous users) who can help out with support. Twitter/Email supports do not count for a check
  • Voting: Ability to participate in Catalyst voting process
  • Hardware Wallet: Integration with atleast Ledger Nano device
  • Native Assets: Ability to view native assets that belong to wallet
  • dApp Integration: Ability to interact with dApps
  • Stability: represents whether there have been large number of users reporting missing tokens/balance due to wallet backend being out of sync
  • Testnets Support: Ability to easily (for end-user) open wallets in atleast one of the cardano testnet networks
  • Custom Backend Support: Ability to elect a custom backend URL for selecting alternate way to submit transactions transactions created on client machines
  • Single/Multi Address Mode: Ability to use/import Single as well as Multiple Address modes for a wallet
  • Mobile App: Availability on atleast one of the popular mobile platforms
  • Desktop (app,extension,web): Ways to open wallet app on desktop PCs
  • Open Source: Whether the complete wallet (all components) are open source and can be run independently.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals