Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ccedk_pro

Pages: 1 ... 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 ... 85
OpenLedger Proposal: BitShares User Security Project

Security, real decentralization, and anonymity are the complex yet extremely vital topics of the crypto world.  Last week, we have announced our support of BitShares Bug Bounty initiative. Apart from encouraging the security proposals and projects connected with the BitShares trading platform, we’re stepping forward with our own project.

BitShares User Security Project
"The idea of the proposal was born deep inside the team process of improving the BitShares security landscape.
After the recent phishing attack, we’ve spent a lot of time investigating the possibilities of eliminating the future attacks risk or making their consequences less dramatic for users.
Now it’s clear that the certain changes and new features must be implemented to improve the security of BitShares users. OpenLedger R&D department has enough expertise for performing the technical investigation and building specifications needed to deliver the security changes
- Yury Cherniawsky
OpenLedger VP of Business Development

The OL team proposes to research and create a trusted open-source application to configure users’ account security and manage their private keys. The current proposal includes the research and analysis stage which is estimated to take a 2 months period.

Please feel free to read the details about the estimation, resources and other details of the proposal here.

Your feedback is important
OpenLedger team will appreciate any support of this project: your votes and spreading the word about the proposal make this project closer to its implementation.

What is more, we very much encourage the discussion and welcome any suggestions about the proposal to make sure this project is maximally helpful for the BitShares community. Please leave your thoughts and questions in the BitShares forum topic.

OpenLedger DEX UI/UX Update from July 23, 2018

As you know, we are constantly working on enhancing the look and feel of our decentralized trading platform. Meet three new improvements on :
*Striving to make sure that our users never miss an update from our team, we added colored bars with news at the top of the website, right under the address bar. The most important updates are colored red, those of medium importance have an orange color, and low-importance news and updates are green.

*Two new buttons on the transaction popup: Confirm and Cancel. Acting as a reminder, the first button gives you a chance to double-check addresses and the amount you entered before sending your funds. To cancel the transaction, simply hit the ‘Cancel’ button.

*We also fixed some technical issues on the dashboard panel to make it work smoothly.

[bApptrade ICO: Important Information For Holders[/b]

On February 2, 2017, OpenLedger ApS has launched a tokens offering for the Apptrade project, according to an ICO agreement between OpenLedger ApS and Apptrade.

Apptrade ICO results
The minimum amount of US$1 million was not raised. OpenLedger ApS continued the AppTrade offering by amending the offer to include a 50% bonus in APPX.WARRANT tokens in addition to 1 OBITS.WARRANT for every $1.00 in APPX.WARRANT purchased. This amended offer remained open until May 31, 2017.

Following these offerings, due to the fact that the minimum threshold has not been met, all the offering proceeds will be returned to the holders, according to the ICO agreement. All the offering activity related to APPX.WARRANT is deemed terminated.

APPX.WARRANT refund procedures
The record date and time for the refund calculation shall be 1:00 PM (GMT+2) on July 31, 2018, when all accounts holding APPX.WARRANT tokens will be credited with 1.0 BitUSD per 1,5 APPX.WARRANT token, and all APPX.WARRANT tokens will revert to OpenLedger ApS for cancellation (the tokens will be burned). From that point onward no APPX.WARRANT tokens will be in circulation and none will exist for exchange between any party.

No action is required from APPX.WARRANT holders. The calculated amount of BitUSD will be transferred to each applicable account without the need for any approval or confirmation by individual account holders.*

*APPX.WARRANT in orders [Important]
If you have some APPX.WARRANT in orders – be ready to get them back to your account before the refund date and time! APPX.WARRANT in orders will not be credited.

Note that OpenLedger will use its own funds to settle the APPX.WARRANT refund. Therefore, by accepting the funds from OpenLedger ApS, you agree to assign the funds in the escrow to OpenLedger ApS in lieu of payment from escrow.

Phishing Attempt Update. Website is Closed, Issue Under Investigation

OpenLedger Team is happy to inform you that the fraudulent website has been closed.

We are collaborating with the cyber police to help them find the criminals who attempted to steal your login details through this website.

If you have any information about them or have noticed any other suspicious domains, please contact us immediately.

Note:,, and domains belong to OpenLedger and are entirely secure.

Let’s improve the safety of blockchain together!

Executive summary

After a recent phishing attack, the OpenLedger team has gone through a series of massive brainstorm sessions, aiming to come up with a solution, which makes further attacks impossible, much harder  or at least, that minimizes the impact of a potential attack. It has became obvious that these types of attacks will continue as more and more new businesses join the BitShares ecosystem and new faucets are launched. User security becomes a paramount focus for the community. Below is a list of the changes we would like to introduce to allow BitShares users to protect themselves and mitigate the risk and impact of phishing attacks or any other attacks that can cause private key loss.

Briefly, we propose the following changes:

  • To minimize risk of both keys being stolen at the same time: Separate Active and Owner private keys, encourage their storage in different wallets (preferably on different devices).
  • To minimize the impact of Active private key theft: Severely limit permissions for Active private key, while allowing to more fine-grained permissions control with Owner private key.
  • To minimize the risk of transactions coming from unknown sources signed with your private key: Introduce new Device-Tagged transaction allowing users to identify and block transactions sent from an unauthorized device and implement multi-signature accounts, essentially moving to 2FA.
  • To make keys and account management more secure and user-friendly: Create simple desktop and mobile applications that allow users to easily manage their accounts and private keys, create multi-signature accounts, sign transactions, enable auto-sign feature, and receive notifications for specific transactions.

Given the complexity, importance and potential impact of security for BitShares and for the community, it is difficult to have a complete solution for the features mentioned above without thorough brainstorming, research, analysis and design.

This worker is for funding the Analysis and Architecture phase to elaborate on the features mentioned above, and to describe and estimate specific and feasible security solutions that can be implemented later.

Total duration: 2 months, Aug 6 2018 - Oct 5, 2018.

Total cost: 49 080 bitUSD.

The Solution

Here is how we envisage the changes mentioned above at the high functional level.

Active vs Owner private keys: Separation of Duties

At this time, each account in BitShares is separated into:

  • Owner Permission: This permission has administrative powers over the whole account and should be considered for ‘backup’ strategies.
  • Active Permission: Allows to access funds and some account settings, but cannot change the owner or Active permission and is thus considered the ‘online’ permissions.

This is a great approach, but if both Owner and Active private keys are stored in the same pocket the user loses both keys if a successful phishing attack was done or the wallet was compromised.

We do believe that Owner and Active private keys must be stored in different wallets, preferably on different devices.

A User uses only the Active key for day-to-day operations, but when they need to manage their account, the Owner key should be used.

Hence, to minimize the impact of a successful phishing attack on a User’s regular account (if a user suspects that Active key is compromised), we suggest to limit the Active key permissions in the following way:

  • Owner is able to suspend the account activity. This means that if a user suspects that Active key is compromised, they can suspend the account Active key and then any transaction signed with the compromised Active key will be blocked.
  • Daily transfer limits can be set for each asset. So that a hacker who steals the Active key is not able to drain the account immediately.
  • Limit the markets where Active key can place orders. So that a hacker can't sell the assets he got illegal access to for their fake assets (Markets whitelist)
  • Specify accounts the user can transfer to. So that a hacker is not able to move funds to their own account (Accounts whitelist).

Each of these settings can be modified only with the Owner private key.

These changes will provide BitShares users with a set of powerful tools, allowing them to configure security settings of the account so that users' assets stay safe even after a successful hacker attack or a security breach.

Device-Tagged Transactions

Security and privacy are key requirements of any BitShares user. However, they often contradict each other. Being anonymous is good, but anonymity is something that gives bad guys more power. If your key has been stolen, the blockchain will accept transactions signed with this key. It does not matter if they were sent by you or by the hacker. You can configure your account so that two or more signatures are required for each transaction, but if you are an active trader and submit hundreds of transactions daily, this is not a realistic option. To help active traders to keep their funds safe we suggest implementing a new transaction type - device-tagged transaction.

Let's imagine that a user has a trading BitShares account with two Active keys. If a user submits a signed device-tagged transaction, then a witness node adds DeviceID to the transaction and records it in the blockchain. DeviceID is a hash of particular data that belongs to a particular device (e.g. hash of IP address, MAC or any other device-specific information). The key requirement here is that the DeviceID is unique for each device, but the device cannot be uncovered by this ID to protect privacy of the user. Now that the user has sent their device-tagged transaction to the blockchain, they can confirm this transaction on another device.  Moreover, once a user recognizes transaction or device, they can enable auto-sign, so that future transactions from this device are automatically signed and fulfilled.

This gives the user the ability to filter out any transactions coming from an unauthorized device, even if one of the Active private keys has been stolen. It’s a method that  allows a two-factor  authorization approach even if hundreds or thousands transactions are submitted by the account daily.

User-Friendly Accounts and Keys Management

As a typical non-technical BitShares user, you need a web, mobile or desktop application to interact with the blockchain. And the problem is that you have to trust the application provider. Besides, the current new user registration and account management approach is extremely non-user-friendly. This leads to users leaving BitShares for other exchanges.

We  suggest that a new open source application should be implemented, allowing users to:

  • View and manage their wallets, accounts and private key in a very transparent and user-friendly manner: e.g. view wallets stored on this device, accounts and private keys in the wallets, their relationships and interdependence (e.g. accounts hierarchy or multi-signature accounts), generate and replace private keys, and set limits for Active keys.
  • Sign or auto-sign transactions, with the ability to see and filter Device ID, if a device-tagged transaction has been generated.
  • Notify users by listening to the blockchain, searching for specific transaction types (e.g. transactions signed by specific key) and sending out emails and displaying notifications.

The applications can be created as a browser plugin, desktop and mobile app, and users can use a particular application type depending on their needs and habits.

To register and trade, users will still need to use a proprietary or BitShares standard application, but they now will have the ability to use a trusted open source locally executed application to configure their account security and manage keys.

Even if a user registered and traded on a phishing site, they can still protect their funds  by replacing private keys or configuring multi-signature account in a separate trusted application. We hope that dealing with private keys in a stand-alone open-source application only will become a standard way for most users.

The Worker Proposal

Worker Scope

OpenLedger believes in a transparent and steady, step-by step development approach. Before we jump into major implementation project, we would like to perform detailed technical investigation, which will deliver clear and straightforward specifications and estimation of the new features and components to be implemented.  This worker is to fund this Analysis and Architecture phase only. As soon as the investigation for a particular feature is completed and specifications along with estimations are delivered to the community, new implementation workers will be submitted for public approval.

Work Approach and Costs

Immediately upon the approval of the worker, OpenLedger will allocate the resources listed below to perform the investigation and provide the deliverables. Reports outlining time spent and current progress to be published on bi-weekly basis. At this point, we estimate the Analysis and Research to take 2 months. Below is the resources and costs breakdown.

Worker daily pay: 3 885 BTS


We strongly believe in a bright future for BitShares, and this worker will make a great contribution to that. Therefore, we would like to be paid in BTS, BitShares core asset. Accepting BTS instead of bitUSD also allows us to not over-utilize daily workers budget by claiming more BTS than is needed to cover the current costs, leaving room for more workers to be executed simultaneously. In order to avoid over- and under-payment, we will settle the payment at the end of the worker using the current price of BTS in bitUSD. If, due to BTS rate fluctuations, more funds will be needed to complete the job, an additional worker will be created. If we need less effort or BTS rate increases, unspent BTS will be sent back to the reserve pool.

All payments will be vested for 1 month.

Openness for suggestions

Security is a complex but vital topic for BitShares and for blockchain technology. There has to be a way between tightening up security and staying anonymous, while keeping everything decentralized. We would like to open discussion and we particularly welcome suggestions and ideas about new security features and the best way to design a specific feature.

OCASH Tokens: Important Update For Holders

In anticipation of the upcoming launch of the OCASH debit card program, we have developed a new business model for this project.

The OCASH card will be available for order for every KYC approved customer in the EEA region. No tokens involved, no ICO performed, no subscription needed.*

We strongly believe this change will introduce a number of advantages for the whole OCASH project.
*Only the dedicated tokens to transfer a deposit to the card will be required.

Here’s the roadmap of OpenLedger activities related to this business model change:
*On July 11th, 2018, we burned all the OCASH tokens held on the ico.ocash reserve account, 2 572 610 OCASH in total.
*On July 11th, 2018,  we reached all the OCASH token holders with the personal buyback conditions relevant until August 1st, 2018.
*On August 1st, 2018, the rest of the OCASH tokens held on the ico.ocash account will be burned.
*On August 2nd, 2018, OpenLedger will place a single order to buy the remaining amount of OCASH for OBITS on the Bitshares DEX market. The conversion rate is 1 OCASH to 0,2 OBITS.
*Starting from August 2nd, 2018, the OCASH tokens will have no relevance to any OpenLedger ApS activities or the OCASH debit card program.

SKY, ATM, ESC, and XDRAC Trading to Be Stopped on July 23, 2018

Starting July 23, 2018, SKY, ATM, ESC, and XDRAC will no longer be tradeable on OpenLedger DEX.

To withdraw your funds from our decentralized trading platform, please create a support ticket.

For all the necessary details about the withdrawal procedure, visit

Note: manual withdrawals will be available until August 23, 2018, inclusive. We won’t support the tokens after this date and you won’t be able to withdraw the coins.

General Discussion / OpenLedger Supports BitShares Bug Bounty Program
« on: July 20, 2018, 08:45:40 am »

OpenLedger has recently voted for the ‘Hack The Dex’ worker that allocates funds to support the Bitshares Bug Bounty program.

A worker is an elected position that is paid to fund the new blockchain infrastructure. Thanks to the funds stored in the reserve pool, BitShares can pay for its own development and protocol improvement and to support and encourage the ecosystem growth.

BitShares Bug Bounty Program initiative

Right now the users do not have any external incentive to disclose the critical bugs, their exploits and techniques, and to avoid using them for personal gain.

The bug bounty program is proposed to endorse anyone who found a BitShares vulnerability accidentally or intentionally and disclosed it so that the vulnerability can be eliminated. The proposal will employ the allocated funds to reward the users relative to the overall risk assessment of the exploit they found.

The higher the payout for critical bugs, the more incentive there will be to attract higher quality researchers, and ultimately providing better security coverage for the DEX.

Funds will also be used to build and maintain a basic public website for reporting vulnerabilities. … It will also lay the groundwork for future HackTheDEX worker proposals to improve the security and safety of BitShares as a whole.

‘Hack The DEX’ worker proposal

Supporting security initiatives

Being one of the key players in the Bitshares ecosystem, OpenLedger is highly concerned about users security and welcomes any reasonable initiatives to make BitShares safer. That’s why we’re supporting the Bitshares Bug Bounty Program and spreading the word about this proposal.

Our team also welcomes any feedback regarding the security of OpenLedger resources and products – feel free to drop all the related messages here. Thanks in advance!

Русский (Russian) / Re: Новости BitShares 2.0
« on: July 19, 2018, 10:35:27 pm »
OpenLedger поддерживает BitShares Bug Bounty Program

Больше информации в официальном блоге биржи

AgentMile ICO: Реферальная программа, бонус OpenLedger для владельцев ICOO

В начале июля мы объявили кампанию AgentMile ICO , где партнеры OpenLedger с AgentMile и выступает в качестве советника и поставщика условного депонирования при первоначальном размещении монет.

AgentMile помогает независимым брокерам, глобальным брокерским компаниям и арендодателям перечислять свои коммерческие объекты на MLS с блочной связью. Подробнее о AgentMile здесь.

Предпродажный раунд - это шанс получить лучшую цену, и вскоре он будет закрыт. Планируйте покупку жетонов ESTATE, сделайте депозит и присоединитесь к белому списку ICO сейчас!

Реферальный бонус AgentMile
Чтобы поддержать вас за участие в продаже токенов, AgentMile запускает реферальную программу. Чтобы узнать больше об этой возможности, нажмите здесь.

В качестве партнеров мы участвуем в программе перенаправления AgentMile. Вы можете использовать ссылку OpenLedger , чтобы зарегистрироваться, купить токены AgentMile ESTATE и получить немедленный бонус в размере 5% для вашей покупки.

Следите за  OpenLedger в соц.сетях!

Join OpenLedger DEX Telegram Group and get all news

:: Twitter ::
:: Facebook::
:: LinkedIn ::
:: YouTube ::
:: Telegram ::
:: SubReddit::
:: OpenLedger Lab Slack Channel::
:: Twitter handle ::

AgentMile ICO: Referral Program, OpenLedger Bonus for ICOO Holders

At the beginning of July, we have announced the AgentMile ICO campaign, where OpenLedger partners with AgentMile and serves as the advisor and the escrow provider on its initial coin offering.

AgentMile helps independent brokers, global brokerages, and landlords to list their commercial properties on the blockchain-powered MLS. Learn more about AgentMile here.

The presale round is the chance to get the best price, and it soon will be closed. Plan your ESTATE tokens purchase, make a deposit and join the ICO whitelist now!

AgentMile Referral Bonus
To endorse you for participating in the token sale, AgentMile runs a referral program. To learn more about this opportunity, click here.

As partners, we participate in the AgentMile Referral Program. You can use the OpenLedger referral link to sign up, buy the AgentMile ESTATE tokens and get an immediate 5% bonus for your purchase.

OpenLedger запускает ребрендинг: экспертный, инновационный, развивающийся

Возможно, вы уже заметили, что внешний вид сайтов и продуктов OpenLedger меняется. Сегодня мы делимся подробностями за ребрендингом.

Зачем OpenLedger ребрендинг
Со временем прежний дизайн OpenLedger и многочисленные онлайн-активы стали непригодными для изображения измененной компании, а также предлагаемых продуктов и услуг, которые он предлагает. Именно поэтому команда OpenLedger инициировала процесс ребрендинга, который охватывал практически все части нашего онлайн-присутствия.

Результаты ребрендинга призваны показать, что OpenLedger вырос, развился, добавил к своим знаниям и навыкам и теперь является надежным, инновационным, опытным компанией с упором на технологии blockchain.

Что это значит для вас
Хотя, безусловно, обновленные визуальные эффекты влияют на восприятие бренда, это не просто внешний вид, который мы обновляем для OpenLedger. Это также способ сделать наши продукты и ресурсы более удобными для пользователей OpenLedger. За кулисами наша техническая команда также работает над новыми функциями DEX.

Михаил Романовский, CMO OpenLedger

Вот общая дорожная карта ребрендинга, как поставленными, так и планируемыми:

От Вас
Что вы думаете о последних изменениях, внесенных OpenLedger? Пожалуйста, дайте нам знать в комментариях ниже.

Следите за  OpenLedger в соц.сетях!
Join OpenLedger DEX Telegram Group and get all news

:: Twitter ::
:: Facebook::
:: LinkedIn ::
:: YouTube ::
:: Telegram ::
:: SubReddit::
:: OpenLedger Lab Slack Channel::
:: Twitter handle ::

OpenLedger Launches Rebranding: Expert, Innovative, Evolving

You might’ve already noticed that the look and feel of OpenLedger websites and products is changing. Today we’re sharing more details behind the rebranding.

Why rebrand OpenLedger
With time, the former OpenLedger design and numerous online assets became unfit for the reshaped company image, as well as the evolving products and services it is offering. That is why, the OpenLedger team initiated the process of rebranding, which covered virtually every part of our online presence.

The rebranding results are intended to show that OpenLedger has grown, evolved, added to its expertise and skills, and is now a trusted, innovative, seasoned company with its focus on blockchain technologies.

What it means for you
While, surely, the updated visuals are influencing the perception of the brand, it’s not just the looks we’re renovating for OpenLedger. It is also a process of making our products and resources more convenient for OpenLedger users. Behind the scenes, our technical team is working on the new DEX features as well.

Mihail Romanovsky, OpenLedger’s CMO

Here’s the general roadmap of the rebranding activities, both delivered and planned:

Over to you
What do you think about the latest changes introduced by OpenLedger? Please let us know in the comments below.

Уважаемые пользователи OpenLedger DEX!
Начиная с сегодняшнего дня, станет единственным официальным каналом OpenLedger в Telegram.

  Подпишитесь на него, чтобы быть в курсе последних новостей и обновлений о OpenLedger и его сервисах, решениях и продуктах, включая OpenLedger DEX.
Последние анонсы компаний можно найти также по адресу

Все остальные каналы будут закрыты с 18 июля 2018 года.

Новый канал будет обслуживать только информационные цели. По любым техническим вопросам обратитесь в нашу службу поддержки по адресу
Перед отправкой билета, пожалуйста, ознакомьтесь с нашими часто задаваемыми вопросами на странице

Следите за  OpenLedger в соц.сетях!
Join OpenLedger DEX Telegram Group and get all news

:: Twitter ::
:: Facebook::
:: LinkedIn ::
:: YouTube ::
:: Telegram ::
:: SubReddit::
:: OpenLedger Lab Slack Channel::
:: Twitter handle ::

DearOpenLedger DEX users!
Starting from today, will be the only official OpenLedger Telegram channel.

 Subscribe to it to keep abreast of latest news and updates about OpenLedger and its services, solutions, and products, including OpenLedger DEX. Latest company announcements can be also found at

All other channels will be closed from July 18, 2018.

The new channel will serve informational purposes only. For any technical questions, contact our support team at
Before submitting a ticket, please see our FAQ at

Pages: 1 ... 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 ... 85