On the weekend news of a bug at NEO-Nodes made the rounds. The NEO bug discovered by the Chinese software giant Tencent is supposed to make it potentially possible for attackers to withdraw crypto currencies from wallets of NEO node operators. NEO co-founder Erik Zhang now gave the all-clear – at least in part.
On December 1, Tencent Security on the Chinese social media platform Weibo announced the discovery of a bug in the NEO block chain. Accordingly, the operators of NEO nodes expose themselves to crypto-piracy if they use the standard configuration. This is what the Tencent announcement says:
“The monitoring of the famous blockchain project NEO […] revealed the risk of remote piracy. When a user starts the NEO node with the default configuration and opens the wallet, the digital currency can be stolen remotely.”
Tencent recommends three things to the node operators:
1. update of the NEO client to the latest version
2. not using the RPC function and changing the BindAddress in the configuration file to 127.0.0.1
3. if not: change RPC port, enable HTTPS-based JSON RPC interface and adjust firewall policies accordingly
So far, so FUD. What, in contrast to the Tencent warning, did not make the round so fast was the answer from NEO co-founder Erik Zhang, who refuted the claims only a few hours later.
Erik Zhang: “Normal” users not affected
Zhang swiftly reacted to reassure the NEO-Hodler community. “Normal users” don’t have to worry because the RPC function is disabled by default. RPC can only be accessed via the NEO-CLI client. Since this is a command line program, technically inexperienced users do not run the risk of opening the door to hackers through careless configuration adjustments. Zhang closes:
Since Zhang does not deny the security gap, one can assume that operators of NEO nodes are in danger of being robbed. It is probably for this reason that Zhang points to the bounty program that NEO launched this year under the name “NEO Vulnerability Bounty Program”. Anyone who finds a relevant and above all unknown NEO bug is entitled to a reward from NEO.
The guidelines of the Bounty Program state:
“If vulnerabilities are published before NEO repairs or publishes them, the reward is void.”
Tencent will therefore not be able to claim a reward for discovering the NEO bug.
This post summarize is succintly:
“No vulnerability exists and there is nothing to fix.
- Normal users do not use neo-cli
- Neo-cli does not have RPC activate by default
- Neo-cli does not have wallets active by default
- Users that need neo-cli with RPC and wallet enabled are advised to set a firewall in the installation docs for obvious reasons (putting your private key on an accessible server is pretty dumb)”
Was this FUD by Tencent?
No, because bug clearly exists. However, Tencent did, purposefully or not, mislead their readers by claiming this was a default configuration which is proven to be false. It is important to note that bugs and software errors are the most common thing in any company and with any technology. NEO team is clearly aware of that and puts a lot of focus and resources into their bug bounty campaigns and should be applauded for that.
NEO Appears to be Imploding: Senior R&D Manager Leaves Smart Economy Project
Just a little under two short weeks ago, Malcolm Lerider quietly and innocuously announced his departure from the $NEO team (officially) in a tweet, posted below:
I owe the community an apology for being quiet the last two months as I have been in the process of leaving #NEO.
— Malcolm Lerider (@MalcolmLerider) January 8, 2019
The tweet reads:
“I owe the community an apology for being quiet the last two months as I have been in the process of leaving #NEO.
People have different opinions and this was my only choice in the end. I will build #SmartEconomy through a business centric approach instead, #TechAgnostic.”
While vague, we can at least glean from it that Malcolm Lerider has not only left the $NEO team but that this has been in the works for a substantial period of time.
Malcolm Lerider has not been active since the above tweet was posted on his social media page.
Who is Malcolm Lerider?
According to Crunchbase, Malcolm Lerider was the Senior R&D Manager for NEO.
In addition, Malcolm Lerider was also the editor of ‘NEO Smart Economy’, the $NEO-based publication.
Despite his more developmentally-based role at NEO, Malcolm was one of the more vocal and visible leadership forces for the protocol.
Throughout 2017 and the earlier parts of 2018, Malcolm Lerider was extremely active on Medium, the blogging website, posting stories like the following:
Other Well-Known Departures
As the title of this article suggests, Malcolm Lerider was certainly not the first notable individual to announce that they were leaving the $NEO protocol.
Caterina Zhang, whom served as the Director of Marketing & Community Operations for NEO from November 2017 through September 2018, is another major, recent departure.
This is indicated by her LinkedIn page and is widely known by the community as well:
Conflicting/False Statements by $NEO’s Founder — Da Hongfei
NEO’s founder, Da Hongfei, has been the subject of much scrutiny by the cryptocurrency community, and for good reason.
Most of the speculation began throughout early 2018 that the NEO project was being abandoned by developers because of the lack of notable commits to NEO’s GitHub (in comparison to the activity seen throughout 2017).
The speculation about Da Hongfei’s true involvement with NEO heightened in July 2018 when a recording was leaked by extremely powerful and influential blockchain leader, Xiaolai Li, in which he accused Da Hongfei of erecting NEO as a get-rich-quick scheme and stated that Hongfei had already divested entirely of his NEO holdings.
The above link is written in garbled English, because it is a direct translation from a native-Chinese speaker. It is difficult to find a native-English speaker that can understand Chinese effectively enough to disseminate exactly what was said throughout the recording, and it is equally as difficult to find a native-Chinese speaker that is fluent enough in English to convey the information in an accurate manner.
However, one thing that all sources that covered this issue (both English and Chinese) agree upon is that Xiaolai Li did deem NEO to be a scam and also stated that Da Hongfei had divested entirely of his NEO holdings.
While this cannot be verified, it definitely put the onus upon Da Hongfei to combat these claims, especially given the fact that they were coming from a source as powerful as Xiaolai Li.
Da Hongfei’s Response
Da Hongfei performed an interview nearly two months later regarding the accusations that had been leveled against him throughout the year.
You can find a link to that interview below:
In that interview, Da Hongfei refuted the claims made by Da Hongfei (obviously) as well as those of critics on the internet that alleged that he had ‘abandoned’ $NEO in favor of Ontology.
He also made the incorrect claim that none of the NEO team had dedicated/allocated resources to Ontology.
We can show that this is demonstrably false via public record. For example, Li Jun, whom is now (and always has been) considered the head of the Ontology team, was listed as an executive of Antshares (former name of $NEO):
In just the involvement of Li Jun, we can see an inextricably woven relationship between the executives of NEO and Ontology. There are several other transplants from the NEO team that can be found on virtually all other projects that have been launched on the chain as well. However, we won’t get into that discussion in this piece.
With the departure of critical team members throughout the back half of 2018, as well as the obfuscation of team roles within NEO’s executive structure in addition to the lack of substantive commits in the NEO GitHub over the past several months, it is appearing more and more like the protocol is beginning to implode.
Perhaps some will castigate this narrative as one of ‘FUD’ and simply assume that everything is ‘okay’. But without a permanent (or interim) replacement for any of the individuals mentioned in this article, one must wonder whether NEO will remain viable for much longer.
Source: Bitcoin Exchange Guide
NEO Long-term Price Analysis – January 20
NEO/USD Long-term Trend – Ranging
- Distribution territories: $12, $16, $18
- Accumulation territories: $5, $4, $3
Since January 11, NEO/USD market worth has been closely ranging around $8 price territory until now. About between last year’s December 25 and January 5, the crypto had once been seen ranging along the same current point.
The present range spots have been observed between $10 and $6 marks while $8 mark is their middle. The two SMAs are being separated a tiny space as the 14-day SMA is located above the 50-day SMA. The Stochastic Oscillators have conjoined hairs to consolidate their movement around range 20. That suggests serious patience to await a strong price action to take place in the market.
The market of NEO/USD may still need to be pushed briefly southwards to test around December 16 last low market point to be able to muster the needful momentum that could bring back the bulls. Traders may be on the lookout for a decent strong reversal around the lower range point or a breakout of the upper range zone to launch a long trading position of the market.
Source: Bitcoin Exchange Guide
Neo: Price Predictions, Jan 19
Neo Price Analysis:
A look at the Weekly chart in logarithmic form for NEO shows that price is currently trading at $7.6.
Price is facing resistance from the 7, 21 and 50 period moving averages and the Ichimoku Cloud.
The RSI is at 35 indicating neither overbought nor oversold conditions.
Furthermore, the MACD is positive and increasing.
Neo Price Prediction:
Therefore, I believe that in the short-medium term price will start a rally to the next resistance area which coincides with the 7-period moving average at $13.