Chainkit cyber integrity automation

There are only a few ways to get that kind of information. • Inside job – Someone leaked the signer list. • Social engineering – Lazarus studied their emails & behavior. • Device compromise – One or more signers were infected with malware. This means other exchanges are at risk too...

Curious how Coinbase’s new smart wallet works? I was too. Here’s an overview of how it’s possible to create and use a crypto wallet through Touch ID without ever needing a chrome extension. 1. The secret sauce Here's a demo video of a smart wallet in action: https://t.co/RTlEkefw7r. There are a couple things happening here. First a wallet is created through Touch ID, then a transaction is signed via Touch ID, and finally the transaction is fully paid for by Base. All of this is made possible by Account Abstraction (AA) aka ERC4337. 2. Passkeys Before we talk about AA, it’s important to understand what passkeys are. Passkeys are a form of authentication that rely on public/private key cryptography rather than traditional passwords. With passkeys, private keys are stored privately on user devices while public keys can be shared with apps. Touch ID / Face ID can be used to prevent unauthorized use of a passkey. 3. Wallet Creation The first step in the flow above is to create a wallet. This wallet is a “smart wallet” - it’s a smart contract deployed on Base rather than your typical EOA. Smart wallets are perhaps the greatest unlock of AA. This particular smart wallet contains code that allows for multiple owners, including ones that are passkey-based. Within the AA flow, a smart wallet is created if it doesn’t already exist. 4. Touch ID Signing Once the wallet exists, the mint transaction can be signed and executed. To accomplish this, the website will prompt the user to sign a user op (think of it as an AA tx). The user first needs to verify they control the passkey (through Touch ID, Face ID, etc) before they can sign the user op. After that, the user op and signature are verified by the smart wallet code and then executed. 5. Free Transactions You’ll notice that the price paid by the user in the demo is 0. This is because AA adds a paymaster service that can be used to sponsor transactions. In this particular case, Base has a paymaster setup to pay for smart wallet mints. Other applications can use paymaster sponsorships as a way to easily onboard users with needing them to have ETH in their wallets. 6. Conclusion All the magic here is made possible by Account Abstraction. While AA has been out for a while, Coinbase’s smart wallet is one of the first to leverage account ownership via passkeys. In the future, it’ll also be possible to control wallets through traditional Web2 signin flows like Google SSO.

Why Azure Logs Should Matter in Your Cybersecurity Strategy Experience how the game-changing power of Azure Log Analysis is fundamentally reshaping your approach to cybersecurity. Build an incident-response plan following actions from first-breach threat actors with the Microsoft Incident Response team. Strengthen your defense approaches in this ever-changing digital environment. Read our blog here https://t.co/0PEtkU2lRI. #MicrosoftIR #MicrosoftSecurityExperts

I’m applying this to first-principles encryption. PKI and asymmetric encryption was appropriate for the 1980s. No more. Today PKI is an unmitigated mess of risk via excessive complexity and misplaced trust. PKI defeats zero trust. Cleaner simpler lighter-weight ubiquitous zero knowledge symmetric keys, over any cipher, is the way: