Welcome to Valid Points. In today’s issue, Sam Kessler is back and focuses on the firestorm stemming from a recent revelation that MetaMask was sharing IP information with Infura. For an extended version of this article, visit the Valid Points web post here.
Last week, the leading crypto wallet provider MetaMask came under fire for a change to its terms of service that revealed it was sharing user IP information with Infura, a piece of blockchain infrastructure created by MetaMask creator ConsenSys.
ConsenSys, a research and development company led by Ethereum co-founder Joe Lubin, built MetaMask to offer users a convenient way to store and trade their crypto without needing to trust centralized exchanges like Coinbase and Binance – platforms that store, or “custody,” funds on a user’s behalf.
Relative to “cold” wallets that allow users to custody their crypto keys on a kind of USB thumb drive, MetaMask, a “hot wallet,” is installed on your phone or web browser and is continuously connected to the internet. While convenient – you only need to keep track of a username and password, not a physical thumb drive – “hot wallets” are theoretically more vulnerable to attacks and information leaks because they are always connected to the Web.
But compared to centralized exchanges, hot wallets like MetaMask are, at least in theory, more private and secure than allowing someone else to manage your assets.
The revelation that MetaMask was sharing IP information with Infura set off a firestorm on Twitter, with many users upset to learn their identifying information could have leaked to Infura – meaning their transaction history was not as private as they once thought.
The FTX debacle, along with last week’s MetaMask controversy, resurfaced a familiar refrain in the world of crypto: “not your keys, not your crypto.”
If you hold your funds on a centralized platform, they risk being stolen or misappropriated (as happened in the case of FTX, which apparently loaned out user funds without users knowing).
Downloading a hot wallet was supposed to be a safer way to get around the “not your keys” problem – your MetaMask funds are only accessible to you. But when users realized that MetaMask, too, was vulnerable to centralizing parties, they scrambled to figure out how they might be able to use the wallet without connecting it to Infura – a so-called RPC service that MetaMask uses to communicate with the Ethereum blockchain.
While ConsenSys noted in a statement that it is technically possible to use MetaMask sans Infura, users quickly realized that doing so would be confusing and impractical – requiring one to jerry-rig a new solution for reading information from the Ethereum blockchain.
The MetaMask controversy – and the anti-centralization discourse that surrounded it – serves as a harsh reminder of a hard truth that the crypto industry must face as it rebuilds from the FTX rubble: Centralized intermediaries have seeped deep into the crypto user experience.
Celsius Network LLC, et al., are soliciting offers for the purchase substantially all of their assets, including their Retail Platform and Mining Business, consistent with the bidding procedures approved by the U.S. Bankruptcy Court for the Southern District of New York, No. 22-10964 (MG) [Docket No. 1272]. All interested bidders should carefully read the bidding procedures and bidding procedures order. The deadline to submit final bids is December 12, 2022 at 4:00 p.m. ET.
Pulse Check
The following is an overview of network activity on the Ethereum Beacon Chain over the past week. For more information about the metrics featured in this section, check out our 101 explainer on ETH metrics.
Disclaimer: All profits made from CoinDesk’s Eth 2.0 staking venture will be donated to a charity of the company’s choosing once transfers are enabled on the network.
WHY IT MATTERS: On Monday, the centralized crypto lender filed for bankruptcy protection, days after suspending withdrawals amid the ongoing fallout from exchange FTX’s bankruptcy filing. According to the company’s petition, BlockFi’s executives estimate the company has more than 100,000 creditors as well as between $1 billion and $10 billion in both assets and liabilities. BlockFi’s largest creditors include West Realm Shires Inc., the legal name for FTX US, and the Securities and Exchange Commission (SEC). Read more here.
WHY IT MATTERS: The proposal, written by decentralized finance (DeFi) infrastructure company Gauntlet Network, is meant to avoid the risk of Aave accruing bad debt. According to Gauntlet, the freeze will help the protocol transition to its third version by giving users the option to migrate their assets to the upgraded network. The Ethereum liquidity pool is the largest on Aave, which has $5.6 billion in liquidity locked across six chains on the protocol. Read more here.
WHY IT MATTERS: In a vote that closed on Nov. 22, ENS community members selected Karpatkey to manage the bulk of ENS’s treasury composed of mostly USDC and ETH. The goal of the endowment fund, called ENS Endaoment, is to create a sustainable fund that can fuel continuous development regardless of macroeconomic conditions that may adversely affect revenue stemming from ENS registrations and renewals. Karpatkey said in its proposal, “The funds would be managed transparently and completely on-chain through a non-custodial solution.” Read more here.
Factoid of the Week
Year after year, Consensus has had a dedicated purpose of bringing the industry together to process the year past and strategize for the year ahead. This year, that purpose is more critical than ever. We are extending this limited-time Buy One, Get Two Free offer as a way to bring more people into the most important conversation in crypto and Web3. Register now.
Open Comms
Valid Points incorporates information and data about CoinDesk’s own Eth 2.0 validator. All profits made from this staking venture will be donated to a charity of our choosing once transfers are enabled on the network. For a full overview of the project, check out our announcement post.
You can verify the activity of the CoinDesk Eth 2.0 validator in real time through our public validator key, which is:
