According to the announcement, an update patch was released the following morning. The vulnerability reportedly affected all versions of Tendermint, on which Cosmos is built. All validators and service providers on Tendermint-powered networks are encouraged to update their software as soon as possible.
In a forum post published on Oct. 1 blockchain interoperability platform Cosmos has disclosed a “high-severity security vulnerability” that was found in consensus engine Tendermint Core.
Blockchain to blockchain communication
The Cosmos platform allows individual blockchains to communicate and transact with each other. Developed by the Tendermint team, it employs an inter-blockchain communication protocol to establish blockchain interoperability.
As Cointelegraph reported in August, it is also one of the top staking projects in the crypto space today.
Recent blockchain vulnerabilities
The Cosmos announcement caps a less than impressive week for blockchain security, with vulnerabilities also revealed in both ZCash and the Lightning Network.
Whilst no further details of the Cosmos bug have been given, the vulnerability in Lightning Network was fully disclosed by a developer this week.
LN nodes accepting funding transactions to open channels needed to check that the transaction was ‘as promised’, or an attacker could spend funds from the channel without paying.
The ZCash bug, announced Sept. 29, could have leaked metadata relating to the IP addresses of shielded full-nodes.
Court Allows Blockchain.com’s Trademark Lawsuit Against Paymium to Proceed
The New York Federal Court denied the motion to dismiss the ruling in the trademark infringement action by cryptocurrency wallet and exchange operator Blockchain.com against fintech startup Paymium and its CEO Pierre Noizat over the use of domain “blockchain.io”.
According to the court documents published on Aug. 7, the lawsuit, originally filed by Blockchain.com in September 2018, claimed that Paymium and its Blockchain.io platform not only infringed on the trademark, but also were involved in alleged unfair competition and false advertising.
Blockchain versus Blockchain
In February 2019, Paymium moved a motion “to dismiss the amended complaint for failure to state a claim upon which relief can be granted … and for lack of personal jurisdiction over Pierre Noizat.”
In its turn, Blockchain.com successfully managed to argue that their marks were not inherently descriptive and acquired secondary meaning, and that Blockchain.com and Blockchain.io marks were substantially similar enough for the case to proceed.
The New York Federal Court denied the trademark infringement part of the Paymium’s motion and allowed the suit to continue.
You don’t mess with the SEC
The court also found Paymium’s advertising claims that the “filing has been accepted and it is now registered with the SEC!” to be false, so this part stays in the lawsuit too.
In reality, the only thing the startup registered at that time with the U.S. Securities and Exchange Commission was a Form D. Blockchain.com argued that “the filing of a Form D does not mean that a security is ‘registered’ or that it has been in any way scrutinized or approved by the SEC.” The court agreed.
At the same time, all claims against Pierre Noizat were dismissed due to the actual lack of personal jurisdiction. The court also argued that the advertising of “hack-free status and atomic swaps” was not false.
Recently, Cointelegraph reported that IT giant Oracle sued blockchain startup CryptoOracle alleging trademark infringement and cybersquatting in the Northern District of California.
