Latest Articles

Fujitsu Planning Comprehensive, Blockchain-Based Security Solutions

Fujitsu Global, the Japanese informational technology equipment and services giant, announced that it is developing verification and risk assessment technology for Ethereum-based smart contracts.

Using “symbolic execution technology,” Fujitsu researchers have demonstrated the ability to identify bugs in the source code of Ethereum smart contracts, with highly accurate risk detection.

Fujitsu is based in Tokyo and offers a wide range of technology products, solutions and services, with approximately 155,000 employees in more than 100 countries. 

“Because smart contracts are copied to multiple locations and executed in a distributed manner, once a contract has been executed, it cannot easily be stopped, and it cannot be revised even if risks are found in the smart contract,” per the Fujitsu press release.  

For instance, issues with a smart contract led to The DAO hack in 2016, which exploited weaknesses in the Ethereum Virtual Machine (EVM) to transfer $50 million worth of ether into the control of an attacker. 

Researchers from Fujitsu Laboratories and Fujitsu Research and Development Center, two subsidiaries of the Japanese tech giant, located respectively in Kawasaki, Japan, and Beijing, China, announced a new static analysis method for Ethereum smart contracts at the Blockchains and Smart Contracts Workshop 2018 (BSC 2018) in Paris, in a presentation titled “Security Assurance for Smart Contract.”

“Since Ethereum smart contracts hold millions of dollars, their execution correctness is crucial against attacks which aim at stealing the assets,” noted the researchers in their workshop paper. “In this paper, we proposed a security assurance method for smart contract source code to find potential security risks.”

The new static analysis solution for Ethereum smart contracts consists of topological analysis of function invocation relationship, logic risk detection and location.

Based on these features, the Fujitsu team developed a tool called “Security Assurance for Smart Contract” (SASC), which can provide high-quality support. According to the researchers, SASC will soon be published on GitHub as open source software.

An independent review published by a blockchain enthusiast on Medium explores possible security risks for smart contracts and Fujitsu’s SASC solution. 

In November, Ethereum co-founder Vitalik Buterin outlined a vision for the evolution of the Ethereum platform. Among other forthcoming developments, Buterin noted that he expects Ethereum to eventually introduce formal verification for smart contracts. At this moment, however, Ethereum doesn’t support static analysis to filter out bugs and predict the computing resources that a program will require. 

Therefore, the forthcoming open sourcing of SASC represents a significant acceleration in Ethereum development and a step toward full maturity. Smart contract security is a key issue for the adoption of Ethereum and similar blockchain technologies in critical industries.

The Fujitsu press release stated that Fujitsu Laboratories will continue to develop verification technologies, not only for Ethereum but also for Hyperledger Fabric, a blockchain framework project for smart contracts hosted by The Linux Foundation, with the goal of commercialization of this technology during fiscal year 2018.

In addition, besides verification technology for smart contracts, Fujitsu Laboratories plans to also develop a broad range of blockchain technologies for building secure systems. The commitment of a tech giant like Fujitsu is likely to significantly boost the adoption of blockchain technology in the information and communications technology security market.

FinCEN Takes First-Ever Enforcement Action Against Cryptocurrency Trader

Source: FinCEN

The Financial Crimes Enforcement Network (FinCEN) has assessed a civil money penalty against a peer-to-peer bitcoin trader for violating anti-money laundering (AML) regulations, its first enforcement action against a cryptocurrency exchanger. According to the agency, the exchanger failed to register as a money services business and failed to report "suspicious transactions," among other violations. The exchanger has been assessed a $35,000 fine and is now prohibited from providing money transmission services.

2019 Investments in Crypto and Blockchain Startups at $850 Million

Source: Reuters

According to data compiled by Pitchbook for Reuters, venture capital investment in crypto and blockchain startups has reached $850 million so far this year.

EEA Launches 'Token Taxonomy Initiative'

The Enterprise Ethereum Alliance has announced a "Token Taxonomy Initiative" to develop universal definitions for tokens to encourage their interchangeability across blockchain platforms. Members of the initiative include Microsoft, R3, ConsenSys, IBM, EY, Accenture and Intel.

Gemini Adds Support for SegWit

Source: Gemini

Gemini Trust, a New York-based cryptocurrency exchange, has announced support for Segregated Witness (SegWit) addresses and transaction batching. As a result, customers can now use SegWit addresses for bitcoin deposits and withdrawals, ideally improving processing times and lowering bitcoin withdrawal fees.