TheDinarian
News • Business • Investing & Finance
? The Dinarian on Locals brings you the latest in news, interviews, in-depth conversations, and stories from across the blockchain and global communities—within and beyond cryptocurrency ?. Experts delve into how blockchain technology is reshaping industries, enhancing business networks ?, transforming transaction workflows, and advancing distributed ledger systems ??. We also explore intriguing topics that may venture into the realm of conspiracies—and so much more!
Interested? Want to learn more about the community?
How Secure Is the Ethereum Sitting in Your MetaMask Wallet?

Security and privacy experts say it's become alarmingly common for people to report vulnerabilities on public forums like Twitter because they otherwise get ignored.

It’s been an unrelenting week for MetaMask developers.

Reacting to the news that $4.5 million worth of funds had been drained from thousands of software wallets on Solana, the team behind MetaMask—far and away the most popular software wallet for Ethereum and Ethereum-compatible networks—combed through the wallet's codebase to make sure users would not be affected by a similar hack.

That kind of fire drill has been repeated elsewhere. On reports that the Near Wallet might have a vulnerability similar to the hacked Solana wallets, the protocol’s Twitter account said Thursday night that it’s “highly recommended” users change their security settings.

Scanning for vulnerabilities after there’s been an exploit is one way that developers handle security. Ideally, they find them before they’ve been exploited. MetaMask has said previously that it’s working to reorganize its teams to better respond to security issues, but there are signs that it’s struggling to keep up.

In a recent example, Aurox CEO Giorgi Khazaradze said he found MetaMask’s team to be unresponsive when he tried to tip them off about a vulnerability in June.

He told Decrypt that his team was looking at MetaMask’s codebase—which is open source and viewable in its GitHub repository—because they’re building their own browser extension wallet.

The wallet has been announced, but not yet launched. When it does, it’ll be competing with MetaMask. To put it plainly: That means Khazaradze stands to benefit from casting doubt on what is, far and away, the biggest competitor for his new product.

After all, ConsenSys, the company that develops MetaMask (and, full disclosure, an investor in Decrypt), just closed a $450 million Series D round at a $7 billion valuation—helped in large part by the rate at which MetaMask has been attracting new users. As of March, MetaMask had more than 30 million monthly active users, a 42% increase over the 21 million it had in November 2021.

Khazaradze said his team realized that it would be possible to use an HTML element called an inline frame, or iframe, to add a hidden decentralized app, or dapp, to a webpage.

That would mean an attacker could hypothetically create a page that looks like a legit application, but connects to another that the MetaMask user never sees. So instead of swapping some Ethereum for coins to support a new project or buying an NFT, the user could unwittingly be sending their crypto straight to a thief’s wallet.

This kind of vulnerability could take advantage of the fact that MetaMask automatically prompts users to connect to a dapp if it detects one on a webpage. It’s standard behavior for the browser extension version of MetaMask. Outside the context of vulnerabilities and attackers, it’s a feature that puts fewer clicks between a user and their ability to interact with dapps.

It’s similar, but not quite the same, as a clickjacking vulnerability that MetaMask paid a $120,000 bounty for in June. With that, an attacker hides MetaMask itself on a webpage and tricks the user into revealing private data or transferring funds.

“That’s a different vulnerability. That was within MetaMask itself. Basically, you could iframe MetaMask and then clickjack people,” Khazaradze said. “Whereas the one we found is iframing dapps. The wallet automatically connects to those dapps, which can allow an attacker to trick you to perform specific transactions.”

Khazaradze said he attempted to contact MetaMask about the vulnerability on June 27. First he tried the company’s support chat feature and said he was told to make a post on the app’s GitHub. But he didn’t feel comfortable doing that.

He said he then emailed MetaMask support directly, but got an unhelpful response: “We are experiencing extremely high volumes of inquiries. In an effort to improve our efficiencies on responding to support inquiries, direct emails to support are no longer enabled.”

At that point, Khazaradze said he gave up trying to let the team know about the vulnerability and reached out to Decrypt.

MetaMask responds
Herman Junge, a member of MetaMask’s security team, told Decrypt that the app’s support team wouldn’t have wanted an iframe vulnerability listed on GitHub.

“At MetaMask, we take iframe reports seriously and give them due procedure through our bug bounty program at HackerOne. If a security researcher sends their report using another instance, we invite them to go to HackerOne,” he said in an email. “We don’t have in our records any message where we encourage researchers to post an iframe report into GitHub.”

In an email conversation with MetaMask public relations, Decrypt described the vulnerability that the Aurox team claims to have found. In his emailed statement, Junge didn’t acknowledge the purported vulnerability or say that MetaMask would be investigating the issue.

He did, however, say that publishing an active security issue before the app’s team has a chance to address it can “put innocent people at unnecessary risk.” But so far, the language used in its support messages doesn’t mention anything about HackerOne, where MetaMask launched a bug bounty program in June.

Resorting to 'spectacle'
In the security community, it’s professional courtesy to privately notify a company about a vulnerability for the same reason it’s courteous not to shout that someone’s fly is down. The discretion gives them a chance to fix it before other people notice.

Reporting vulnerabilities discreetly keeps the information away from people who would exploit it before developers have had a chance to implement a fix. But when the reporting process is confusing or the recipient seems unresponsive, vulnerabilities go public before there’s a fix, usually in an effort to force the team to act.

Janine Romer, a privacy researcher and investigative journalist, said she’s seen lots of instances of people trying discreet lines of communication first and then switching to Twitter to report vulnerabilities.

“Similar things happen with Bitcoin wallets where the only way sometimes to get attention for stuff is to just tweet at people, which is bad. That should not be the way that things are handled,” she told Decrypt. “It should also be possible to report things privately and not have to make a public spectacle. But then it kind of incentivizes people to make a public spectacle because nobody's answering privately.”

In January, Alex Lupascu, co-founder of Omnia Protocol, said on Twitter that he and his team found a “critical privacy vulnerability” in MetaMask and linked to a blog post describing how an attacker could exploit it.

Harry Denley, a security researcher who works with MetaMask, replied to ask if the team had been notified or said they were working on it. Lupascu said they had, but that he first made his report five months ago and the vulnerability was still exploitable.

Eventually MetaMask co-founder Dan Finlay weighed in.

“Yeah, I think this issue has been widely known for a long time, so I don’t think a disclosure period applies,” he wrote on Twitter. “Alex is right to call us out for not addressing it sooner. Starting to work on it now. Thanks for the kick in the pants, and sorry we needed it.”

Safely using software wallets
A couple months later, the aforementioned bug bounty program was launched. It’s not as though all MetaMask vulnerability reports go unaddressed. Web3 security firm Halborn Security reported a vulnerability that could impact MetaMask users in June and got a hat tip from the MetaMask Twitter account for it.

David Schwed, Halborn’s chief operating officer, said he found the MetaMask team responsive. They addressed and patched the vulnerability. Even so, he said users should be cautious about keeping any substantial funds in a software wallet.

“I wouldn’t necessarily take a shot at MetaMask. MetaMask serves a certain purpose right now. Now if I was an organization, I wouldn’t store hundreds of millions of dollars on MetaMask, but I probably wouldn’t store it on any particular wallet,” he said. “I would diversify my holdings and self-custody and use other security practices to manage my risk.”

For him, the safest and most responsible way to use software wallets is to keep private keys on a hardware security module, or HSM. Two of the most popular hardware wallets, as they’re also known in crypto, include the Ledger and Trezor.

“At the end of the day, that’s what’s actually storing my private keys and that’s where the signing of the transactions is actually happening,” Schwed said. “And your [browser] wallet is really just a mechanism to broadcast out to the chain and construct the transaction.”

Closing the gap
The problem is that not everybody uses browser extension wallets that way. But there have been efforts to address it, both by giving developers better guidance on how to build security into their apps and teaching users how to keep their funds safe.

That’s where the CryptoCurrency Certification Consortium, or C4, comes in. It’s the same organization that created the Bitcoin and Ethereum professional certifications. Fun fact: Ethereum creator Vitalik Buterin helped write the Certified Bitcoin Professional exam before he invented Ethereum.

Jessica Levesque, executive director at C4, said there’s still a big knowledge gap for new crypto adopters.

“What’s kind of scary about this is that people who have been around crypto for a long time probably are like, it’s pretty clear you shouldn’t keep a lot of money on MetaMask or any hot wallet. Move it off,” she told Decrypt. “But most of us, when we first started, we didn’t know that.”

On the other end of things, there’s been a prevailing assumption that open-source projects are more secure because their code is available for review by independent researchers.

In fact, on Wednesday, in light of the Solana wallet hack, a developer who goes by fubuloubu on Twitter, garnered a lot of attention for saying it’s “irresponsible not to have open source code in crypto.”

Noah Buxton, who leads Armanino’s blockchain and digital asset practice and sits on C4’s CryptoCurrency Security Standard Committee, said the low visibility of smaller projects or offers to pay bug bounties in native tokens can act as a disincentive for researchers to spend their time looking at them.

“In open source, the attention of developers is driven largely by either notoriety or some monetization,” he said. “Why spend time looking for bugs on a new decentralized exchange when there’s very little liquidity, the governance token isn’t worth anything and the team wants to pay you in the governance token for a bounty. I would rather spend time on Ethereum on another layer 1.”

https://decrypt.co/106848/how-secure-ethereum-metamask-wallet

Interested? Want to learn more about the community?
What else you may like…
Videos
Podcasts
Posts
Articles
Brad Garlinghouse In Washington 🚀

It’s time for a fair and open level playing field.

Under Gary Gensler it was quite the opposite.

  • Brad Garlinghouse
    July 9, 2025
00:01:56
More Of The Same...l

🚨 JUST IN: Patriot Tom Fitton, who has been fighting DOJ and FBI to release documents for years, has practically thrown in the towel.

👉 "The justice department and the FBI are irredeemably compromised and corrupted.
The leadership needs to understand that and act accordingly." ~Tom Fitton

00:01:30
Christine Lagarde just gave Ripple & Circle A Shoutout!
00:00:44
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading

same for: https://coinmarketcap.com/community/articles/686e68f5d405956445e039ff/

🚨 Ripple Picks BNY Mellon to Back RLUSD Stablecoin Amid Major Surge 🚨

Ripple has selected BNY Mellon, one of the world’s largest and most trusted financial institutions, to serve as the primary custodian for its RLUSD stablecoin. This decision comes as RLUSD experiences a surge in demand, highlighting growing institutional interest in Ripple’s stablecoin offering.

🔹 Institutional Partnership

🔹 BNY Mellon will safeguard the reserves backing RLUSD, ensuring transparency, security, and regulatory compliance for the stablecoin.

🔹 This partnership is designed to build trust with both institutional and retail users by leveraging BNY Mellon’s expertise in asset custody.

🔹 RLUSD’s Rapid Growth

🔹 RLUSD has seen a significant increase in adoption, reflecting confidence in Ripple’s approach to stablecoins and its commitment to compliance and transparency.

🔹 The collaboration with BNY ...

From Wall Street to Web3: Building Tomorrow’s Digital Asset Markets

COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS will meet in OPEN SESSION, HYBRID FORMAT to conduct a hearing entitled, “From Wall Street to Web3: Building Tomorrow’s Digital Asset Markets.” The witnesses will be: The Honorable Summer Mersinger, CEO, Blockchain Association; Mr. Jonathan Levin, CEO, Chainalysis; Mr. Dan Robinson, General Partner, Paradigm; Mr. Brad Garlinghouse, CEO, Ripple; The Honorable Timothy Massad, Research Fellow and Director of Digital Assets Policy Project of the Mossavar-Rahmani Center for Business and Government, Kennedy School of Government at Harvard University, former CFTC Chairman; and Mr. Richard Painter, S. Walter Richey Professor of Corporate Law, University of Minnesota Law School, former Associate Counsel to the President and chief White House ethics lawyer.

https://www.banking.senate.gov/hearings/from-wall-street-to-web3-building-tomorrows-digital-asset-markets

‼️XRP ETF INFOGRAPHIC REVEALS AMERICAN EXPRESS UTILIZES XRP‼️

“A well-known company that uses XRP is American Express, which leverages RippleNet to enable realtime cross-border payments for corporate clients.

Through its partnership with Ripple, American Express uses XRP indirectlyvia Ripple's infrastructure to facilitate faster and more transparent transactions between the U.S. and international markets, helping businesses move money efficiently and reduce settlement times from days to seconds.”✅

OP: Smqkedqg

post photo preview
post photo preview
Musk Turns On Starlink to Save Iranians from Regime’s Internet Crackdown

Elon Musk, the world’s richest man and a visionary behind SpaceX, has flipped the switch on Starlink, delivering internet to Iranians amid a brutal regime crackdown.

This move comes on the heels of Israeli strikes targeting Iran’s nuclear facilities, as the Islamic Republic cuts off online access.

The former Department of Government Efficiency chief activated Starlink satellite internet service for Iranians on Saturday following the Islamic Republic's decision to impose nationwide internet restrictions.

As the Jerusalem Post reports, that the Islamic Republic’s Communications Ministry announced the move, stating, "In view of the special conditions of the country, temporary restrictions have been imposed on the country’s internet."

This action followed a series of Israeli attacks on Iranian targets.

Starlink, a SpaceX-developed satellite constellation, provides high-speed internet to regions with limited connectivity, such as remote areas or conflict zones.

Elizabeth MacDonald, a Fox News contributor, highlighted its impact, noting, "Elon Musk turning on Starlink for Iran in 2022 was a game changer. Starlink connects directly to SpaceX satellites, bypassing Iran’s ground infrastructure. That means even during government-imposed shutdowns or censorship, users can still get online, and reportedly more than 100,000 inside Iran are doing that."

During the 2022 "Woman, Life, Freedom" protests, Starlink enabled Iranians to communicate and share footage globally despite network blackouts," she added.

MacDonald also mentioned ongoing tests of "direct-to-cell" capabilities, which could allow smartphone connections without a dish, potentially expanding access and supporting free expression and protest coordination.

Musk confirmed the activation, noting on Saturday, "The beams are on."

This follows the regime’s internet shutdowns, which were triggered by Israeli military actions.

Adding to the tension, Israeli Prime Minister Benjamin Netanyahu addressed the Iranian people on Friday, urging resistance against the regime.

"Israel's fight is not against the Iranian people. Our fight is against the murderous Islamic regime that oppresses and impoverishes you,” he said.

Meanwhile, Reza Pahlavi, the exiled son of Iran’s last monarch, called on military and security forces to abandon the regime, accusing Supreme Leader Ayatollah Ali Khamenei in a Persian-language social media post of forcing Iranians into an unwanted war.

Starlink has been a beacon in other crises. Beyond Iran, Musk has leveraged Starlink to assist people during natural disasters and conflicts.

In the wake of hurricanes and earthquakes, Starlink has provided critical internet access to affected communities, enabling emergency communications and coordination.

Similarly, during the Ukraine-Russia conflict, Musk activated Starlink to support Ukrainian forces and civilians, ensuring they could maintain contact and access vital information under dire circumstances.

The genius entrepreneur, is throwing a lifeline to the oppressed in Iran, and the libs can’t stand it.

Conservative talk show host Mark Levin praised Musk’s action, reposting a message stating that Starlink would "reconnect the Iranian people with the internet and put the final nail in the coffin of the Iranian regime."

"God bless you, Elon. The Starlink beams are on in Iran!" Levin wrote.

Musk, who recently stepped down from leading the DOGE in the Trump administration, has apologized to President Trump for past criticisms, including his stance on the One Big Beautiful Bill.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
GENIUS Act lets State banks conduct some business nationwide. Regulators object

The Senate passed the GENIUS Act for stablecoins last week, but significant work remains before it becomes law. The House has a different bill, the STABLE Act, with notable differences that must be reconciled. State banking regulators have raised strong objections to a provision in the GENIUS Act that would allow state banks to operate nationwide without authorization from host states or a federal regulator.

The controversial clause permits a state bank with a regulated stablecoin subsidiary to provide money transmitter and custodial services in any other state. While host states can impose consumer protection laws, they cannot require the usual authorization and oversight typically needed for out-of-state banking operations.

The Conference of State Bank Supervisors welcomed some changes in the GENIUS Act but remains adamantly opposed to this particular provision. In a statement, CSBS said:

“Critical changes must be made during House consideration of the legislation to prevent unintended consequences and further mitigate financial stability risks. CSBS remains concerned with the dramatic and unsupported expansion of the authority of uninsured banks to conduct money transmission or custody activities nationwide without the approval or oversight of host state supervisors (Sec. 16(d)).”

The National Conference of State Legislatures expressed similar concerns in early June, stating:

“We urge you to oppose Section 16(d) and support state authority to regulate financial services in a manner that reflects local conditions, priorities and risk tolerances. Preserving the dual banking system and respecting state autonomy is essential to the safety, soundness and diversity of our nation’s financial sector.”

Evolution of nationwide authorization

Section 16 addresses several issues beyond stablecoins, including preventing a recurrence of the SEC’s SAB 121, which forced crypto assets held in custody onto balance sheets. However, the nationwide authorization subsection was added after the legislation cleared the Senate Banking Committee, with two significant modifications since then.

Originally, the provision applied only to special bank charters like Wyoming’s Special Purpose Depository Institutions or Connecticut’s Innovation Banks. Examples include crypto-focused Custodia Bank and crypto exchange Kraken in Wyoming, plus traditional finance player Fnality US in Connecticut. Recently the scope was expanded to cover most state chartered banks with stablecoin subsidiaries, possibly due to concerns about competitive advantages.

Simultaneously, the clause was substantially tightened. The initial version allowed state chartered banks to provide money transmission and custody services nationwide for any type of asset, which would include cryptocurrencies. Now these activities can only be conducted by the stablecoin subsidiary, and while Section 16(d) doesn’t explicitly limit services to stablecoins, the GENIUS Act currently restricts issuers to stablecoin related activities.

However, the House STABLE Act takes a more permissive approach, allowing regulators to decide which non-stablecoin activities are permitted. If the House version prevails in reconciliation, it could result in a significant expansion of allowed nationwide banking activities beyond stablecoins.

Is it that bad?

As originally drafted, the clause seemed overly permissive.

The amended clause makes sense for stablecoin issuers. They want to have a single regulator and be able to provide the stablecoin services throughout the United States. But it also leans into the perception outside of crypto that this is just another form of regulatory arbitrage.

The controversy over Section 16(d) reflects concerns about creating a regulatory gap that allows banks to operate interstate without the oversight typically required from either federal or state authorities. As the two Congressional chambers work toward reconciliation, lawmakers must decide whether stablecoin legislation should include provisions that effectively reduce traditional banking oversight requirements.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
Dubai regulator VARA classifies RWA issuance as licensed activity
Virtual Asset Regulatory Authority (VARA) leads global regulatory framework - makes RWA issuance licensed activity in Dubai.

Real-world assets (RWAs) issuance is now licensed activity in Dubai.

~ Actual law.
~ Not a legal gray zone.
~ Not a whitepaper fantasy.

RWA issuance and listing on secondary markets is defined under binding crypto regulation.

It’s execution by Dubai.

Irina Heaver explained:

“RWA issuance is no longer theoretical. It’s now a regulatory reality.”

VARA defined:

- RWAs are classified as Asset-Referenced Virtual Assets (ARVAs)

- Secondary market trading is permitted under VARA license

- Issuers need capital, audits, and legal disclosures

- Regulated broker-dealers and exchanges can now onboard and trade them

This closes the gap that killed STOs in 2018.

No more tokenization without venues.
No more assets without liquidity.

UAE is doing what Switzerland, Singapore, and Europe still haven’t:

Creating enforceable frameworks for RWA tokenization that actually work.

Matthew White, CEO of VARA, said it perfectly:

“Tokenization will redefine global finance in 2025.”

He’s not exaggerating.

$500B+ market predicted next year.

And the UAE just gave it legal rails.

~Real estate.
~Private credit.
~Shariah-compliant products.

Everything is in play.

This is how you turn hype into infrastructure.

What Dubai is doing now is 3 years ahead of everyone else.

Founders, investors, ecosystem builders:

You want to build real-world assets onchain.

Don’t waste another year waiting for clarity.

Come to Dubai.

It’s already here.

 

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals