Opera is finally rolling out its blockchain-oriented browser specifically designed for surfing and interacting with the decentralized web (also known as Web 3.0).
Today at Hard Fork Decentralized in London, the company announced the browser, which comes with a built-in cryptocurrency wallet, is now available for Android. This makes Opera the first mainstream browser that comes with cryptocurrency and blockchain features.
Among other things, the latest version of the browser will enable users to interact with decentralized apps (dApps), manage their digital identity, and make transactions.
In addition to providing users with seamless access to a number of blockchain-powered services, Opera hopes the app will also stimulate the mainstream adoption of cryptocurrencies.
“Our hope is that this step will accelerate the transition of cryptocurrencies from speculation and investment to being used for actual payments and transactions in our users’ daily lives,” Opera executive VP Krystian Kolondra said.
A deeper look at Opera’s crypto-browser
In July 2018, Opera announced it’s developing an Android version of its app with a built-in wallet . The company later revealed it is also developing a synchronization feature that will allow users to access the wallet from their desktop browsers.
Eventually, Opera opened up the browser to select beta testers in September, and has been working on polishing the app since then. The developer is also gunning to release a desktop version of its crypto-browser for Windows, Mac, and Linux. The official launch date is unclear at present, but a beta version of the desktop browser is already available .
For starters, the updated Android browser will support exclusively the Ethereum network – the same goes for the built-in cryptocurrency wallet.
“We’ve decided to support Ethereum, as it has the largest community of developers building Dapps and has gathered a lot of momentum behind it,” project lead Charles Hamel told Hard Fork.
So while you’ll be able to store your Ethereum tokens (as well as any other ERC20-based cryptocurrencies) on the Opera browser, you will have to find an alternative storing solution for your Bitcoin, and other (non-ERC20) altcoins.
The good thing is that most cryptocurrencies out there are running on Ethereum. Opera says it is looking into adding support for cryptocurrencies based on other protocols, but is not ready to commit to any announcements just yet.
Aside from the wallet feature, Opera aims to make it easy for users to browse dApps on the Ethereum network. Indeed, the company hopes it can stimulate growth in the dApp market, which has struggled to retain users in the past .
“One major hurdle in all this is that you need a special browser or special browser extensions to even start exploring the decentralized web and even then, users are faced with lots of new terminology that is sometimes confusing,” Hamel explained to Hard Fork. “That’s why made our browser super user-friendly.”
“Using a Web 3.0 application is now just as easy as going to a website like Google or Facebook with Opera,” he continued. “This is a lot easier and faster than what has been available until now.”
Building a browser for blockchain and cryptocurrencies
Although Opera has over 20 years in the browser game under its belt, the company is quick to admit that building software for the blockchain space is certainly a tall order.
“We had to learn a lot of new technology ourselves and build competence around different blockchains, cryptography, and distributed networks in order to build our wallet,” Hamel shared with Hard Fork. “One of the biggest challenge was to define what a browser wallet should look like and how it should behave.”
Another hurdle was figuring out how to seamlessly integrate the wallet into the browser, so it feels like an actual feature – and not simply another app living inside the browser.
Of course, building for fledgling technologies like blockchain also comes with a string of issues you might never encounter otherwise.
“Another technical challenge was around site-compatibility. In the early days of the previous web developers made different assumptions in their code: this made their apps behave differently in different browsers,” Hamel told Hard Fork. “A similar phenomenon exists in Web 3, but we are already experiencing encouraging signs of progress in that area.”
Then there is the whole concern with security. While it is always advisable to store large amounts of cryptocurrency on hardware wallets, researchers agree that smartphones tend to be a pretty decent day-to-day storage alternative. Fortunately, Opera has taken every measure to ensure the safety of its app.
“Security has been a focus for the team since the inception of this product,” Hamel added. “We decided early-on to use Android’s secure key storage (with hardware support) and protect the keys to the wallet using the user’s device lock screen.”
“This has two benefits,” Hamel continued. “First of all, the user doesn’t need to create a new PIN code to remember and secondly, we get the maximum security possible offered by the Android OS.”
“We also kept this true for our desktop product, which benefits from this security, while making the wallet available in the desktop browser through our pairing system,” he further told Hard Fork. “The keys remain always within the Android keystore.”
Opera and the blockchain
Opera has already voiced its intention to continue building for the decentralized web, perhaps in a bid to disrupt Google Chrome’s grip on the browser market.
“We believe all browsers will eventually integrate some kind of wallet, which will enable new business models to emerge on the web,” Hamel told Hard Fork. “We are very happy with the version we are launching today, which greatly simplifies onboarding and makes Web 3.0 just as easy to use as the the current web we’re used to.”
Indeed, blockchain insiders are already paying attention to Opera‘s foray into the industry.
“It’s a significant step for one of the world’s leading browsers to add an Ethereum-based [cryptocurrency] wallet and dApp explorer, and speaks to Opera’s innovative roots and commitment to embracing next generation technology,” commented Joseph Lubin, co-founder of Ethereum and venture studio ConsenSys. “We see this as an important moment in improving dApp accessibility, opening Web 3.0 to mainstream audiences, and encouraging developers to build on Ethereum.”
And as far as Opera‘s future in the blockchain goes, the company says it intends to continue polishing its Web 3.0-inspired features.
“The key to accelerating the adoption of Web 3.0 applications should be a great browser which allows people to seamlessly use the web they know and venture out into Web 3.0,” Hamel added.
“That being said, there are still many interesting areas where the decentralized web needs to improve in the future and we intend to stay at the forefront,” Hamel enthusiastically told Hard Fork.
The blockchain-focused Opera browser is already available to download for free. Head to the Play Store here to check it out .
Researchers find tons of red flags in Bitfi’s ‘unhackable’ cryptocurrency wallet
Last week, John McAfee offered up $100,000 to anyone who could break into the Bitfi wallet – a device advertised as the world’s first completely “unhackable” cryptocurrency wallet.
Bitfi even asked that all attempts be made public. An ad-hoc collective of hackers and security researchers is doing just that, already finding a bunch of kinks that throw the device’s security into question.
While nobody has managed to claim the $100,000 reward for stealing the $50 worth of cryptocurrencies inside, the squad have torn it apart. Ryan Castellucci, software engineer and hardware hacker commented that Bitfi appears to be exactly what it seems to be from its marketing photos – a cheap stripped down Android phone.
The researchers uploaded an exhaustive list of directories that are loaded into its onboard memory (ROM) when the device is switched on. Made publicly available through Pastebin, they give a complete overview of everything pre-installed on the Bitfi device.
Most troubling is the alleged inclusion of a well-known malware suite called Adups FOTA, a spyware platform that allows for the transmitting text, call, location, and app data to a server in China every 72 hours.
Another stowaway is the Chinese app Baidu. It has built-in WiFi and GPS tracking functionality – which makes this device perfect for those who love having absolutely fuck-all privacy.
There’s also no internal cold storage , all funds are seemingly kept in what’s known as a hot wallet. It’s precisely this method of storing cryptocurrencies that is often attributed as the main reason for the world-record CoinCheck exchange hack earlier this year.
McAfee, who is also an adviser to Bitfi, confirmed the so-called “wallet” is indeed a small phone-like device. “There is no internal storage,” McAfee tweeted . “The wallet receives its instructions for each coin from our servers.”
Bitfi’s security hinges on its ability to keep all transmissions of the private key and seed phrases safe – so really its “un-hackability” is technically the same as any other online wallet solution.
What’s most alarming is that it appears that the Adups FOTA suite and Baidu are active and are transmitting information.
We reached out to one of the researchers, Cybergibbons, a security consultant for a white-hacking firm. He relayed to us that they accessed the data through a Mediatek chipset utilized by the device. The chip, an 8GB eMMC chip, loads libraries into its internal memory (ROM) on start-up that make the running of applications possible.
“The device is using a Mediatek chipset,” the researcher told Hard Fork. “Often is the case that these chipsets run a Mediatek bootloader for the first few seconds when they boot. This can be interacted with over USB.”
The team simply used a free tool, SP Flash Tool, to access the data and read it completely. Cybergibbons stepped through the process on Twitter:
“The problem is that they don’t seem to have minimized the device, which is what they need to do,” Cybergibbons added. “All this extra stuff puts you at risk of tracking, snooping and other network attacks.”
Minimizing, in this case, would be to strip the bloatware and the malware tools. Instead, it appears Bitfi have just bought a bunch of Android phones and shipped them with no regard to protecting the sensitive data of its users.
He further clarified that for now they believe Bitfi’s file system is read-only, which means any data stored on the device can’t be overwritten. If the researchers are correct, it would mean that the spyware was most likely preloaded on the wallet prior to shipping – not after-the-fact.
The main problem the hackers face is that they only have one device. If they break it now – they may not be able to get another one.
For now, they will continue ‘dry-hacking’ the device – accessing its flash contents but not interacting completely, just logging its network traffic as they probe further. After all, they’re interested in claiming McAfee’s the $100,000 cash price (plus $50 worth of cryptocurrencies) for a successful hack, so extras will probably come in handy.
We reached out to Bitfi for further comment, but we are yet to hear back. We will update this article should they respond accordingly. In the meantime, it appears the company has taken to Twitter to downplay claims that its cryptocurrency wallet is merely a phone.
While the collective hasn’t published proof of breaking into the Bitfi device yet, the researcher’s findings really highlight just how sceptical the general public needs to be regarding the storing and usage of their cryptocurrencies.
Do your research before you trust a device (or an app) with your funds – nothing is unhackable .
Update August 1, [08:58] AM UTC: Bitfi has since responded to the criticism, accusing hardware wallet manufacturers Trezor and Ledger of enlisting an “army of trolls” to badmouth its product.
“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete,” a Bitfi spokesperson told Hard Fork in an email. “So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails).”
“There is absolutely no Chinese bloatware whatsoever,” the spokesperson further told Hard Fork. “The device simply has Google and Bidu [sic] to be able to ping something to see if it is connected to the internet or not. Bidu [sic] is there because we have customers in China and Google is blocked in China. So for Chinese customers the device will simply ping Bidu [sic]. Thats all. None of this has anything to do with the security of the device. I mean we are offering a $250,000 bounty. Do you see any other wallet doing that?”
“All these trolls can do is talk smack all day but they can’t hack the wallet if their life depended on it,” Bitfi continued.
Despite the heated response, Bitfi has yet to share its code for review or directly address the researchers’ claims. But as we pointed out in our original coverage, nothing is unhackable.
Note: “Bidu” as referenced by Bitfi’s spokesperson is referring to Baidu, a China-based media platform.
Swiss university awards Ethereum’s Vitalik Buterin with honorary PhD
The University of Basel – an institution that has produced great minds like philosopher Friedrich Nietzsche and psychiatrist Carl Jung – has awarded Vitalik Buterin, a prominent blockchain figure and the co-founder of Ethereum, with an honorary doctorate.
The Faculty of Business and Economics has decided to grant Buterin an honorary degree for his “outstanding achievements” in the fields of cryptocurrencies, smart contracts, and the design of institutions.
“He makes a groundbreaking contribution to promoting decentralization and equal participation in the digital revolution,” the university wrote.
Universities jumping on the blockchain
For the record, Buterin is not the only blockchain researcher to receive recognition this year. Indeed, it seems that institutions are finally starting to pay attention to the achievements of blockchain and cryptocurrency researchers.
A few weeks back, Joseph Liu from Monash University was named Australian Computer Society’s researcher of the year for his contributions to privacy-oriented currency Monero.
Similarly, universities across the globe are gradually starting to pay attention to blockchain tech, with nearly half of the world’s top universities now offering programs focusing on distributed ledgers and decentralization tech.
University College London’s Centre for Blockchain Technologies is committed to becoming a global academic center. If you’d like to hear more about how they’re educating young students about blockchain, join their Hard Fork Decentralized event in London on December 13.