Connect with us

Coin Market

Russians banned from accessing Bitmex within European Union

Published

on

Russian citizens or residents will no longer be able to access BitMEX services from the European Union after July 11, 2022.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Coin Market

OpenAI ignored experts when it released overly agreeable ChatGPT

Published

on

By

OpenAI says it ignored the concerns of its expert testers when it rolled out an update to its flagship ChatGPT artificial intelligence model that made it excessively agreeable.

The company released an update to its GPT‑4o model on April 25 that made it “noticeably more sycophantic,” which it then rolled back three days later due to safety concerns, OpenAI said in a May 2 postmortem blog post.

The ChatGPT maker said its new models undergo safety and behavior checks, and its “internal experts spend significant time interacting with each new model before launch,” meant to catch issues missed by other tests.

During the latest model’s review process before it went public, OpenAI said that “some expert testers had indicated that the model’s behavior ‘felt’ slightly off” but decided to launch “due to the positive signals from the users who tried out the model.”

“Unfortunately, this was the wrong call,” the company admitted. “The qualitative assessments were hinting at something important, and we should’ve paid closer attention. They were picking up on a blind spot in our other evals and metrics.”

OpenAI CEO Sam Altman said on April 27 that it was working to roll back changes making ChatGPT too agreeable. Source: Sam Altman

Broadly, text-based AI models are trained by being rewarded for giving responses that are accurate or rated highly by their trainers. Some rewards are given a heavier weighting, impacting how the model responds.

OpenAI said introducing a user feedback reward signal weakened the model’s “primary reward signal, which had been holding sycophancy in check,” which tipped it toward being more obliging.

“User feedback in particular can sometimes favor more agreeable responses, likely amplifying the shift we saw,” it added.

OpenAI is now checking for suck up answers

After the updated AI model rolled out, ChatGPT users had complained online about its tendency to shower praise on any idea it was presented, no matter how bad, which led OpenAI to concede in an April 29 blog post that it “was overly flattering or agreeable.”

For example, one user told ChatGPT it wanted to start a business selling ice over the internet, which involved selling plain old water for customers to refreeze.

Source: Tim Leckemby

In its latest postmortem, it said such behavior from its AI could pose a risk, especially concerning issues such as mental health.

“People have started to use ChatGPT for deeply personal advice — something we didn’t see as much even a year ago,” OpenAI said. “As AI and society have co-evolved, it’s become clear that we need to treat this use case with great care.”

Related: Crypto users cool with AI dabbling with their portfolios: Survey 

The company said it had discussed sycophancy risks “for a while,” but it hadn’t been explicitly flagged for internal testing, and it didn’t have specific ways to track sycophancy.

Now, it will look to add “sycophancy evaluations” by adjusting its safety review process to “formally consider behavior issues” and will block launching a model if it presents issues.

OpenAI also admitted that it didn’t announce the latest model as it expected it “to be a fairly subtle update,” which it has vowed to change. 

“There’s no such thing as a ‘small’ launch,” the company wrote. “We’ll try to communicate even subtle changes that can meaningfully change how people interact with ChatGPT.”

AI Eye: Crypto AI tokens surge 34%, why ChatGPT is such a kiss-ass 

Continue Reading

Coin Market

Solana devs fix bug that allowed unlimited minting of certain tokens

Published

on

By

The Solana Foundation has confirmed that a zero-day vulnerability that allowed an attacker to potentially mint certain tokens and even withdraw those tokens from user accounts has been fixed. 

A May 3 post-mortem from the Solana Foundation said that the security vulnerability, first discovered on April 16, could have allowed an attacker to forge an invalid proof affecting Solana’s privacy-enabling “Token-22 confidential tokens.”

There is no known exploit of the vulnerability, and Solana validators have since adopted the patched version, the foundation said.

Solana zero-day security bug affected Token-22 confidential tokens

The Solana Foundation said the security vulnerability concerned two programs: Token-2022 and ZK ElGamal Proof.

Token-2022 handles the main application logic for token mints and accounts, while ZK ElGamal Proof verifies the correctness of zero-knowledge proofs to show accurate account balances.

The foundation said certain algebraic components were omitted from the hash in the Fiat-Shamir Transformation’s transcript generation, which specifies how provers create public randomness using a cryptographic hash function. 

The flaw could have enabled an attacker to exploit the unhashed components by crafting a forged proof that passes verification to mint and steal Token-22 confidential tokens.

Token-22 confidential tokens, or “Extension Tokens,” leverage zero-knowledge proofs for private transfers and aim to enable advanced token functionality. 

The vulnerability was first identified on April 16, and two patches were deployed to resolve the issues. A super majority of Solana validators adopted the patches around two days later.

Solana development firms Anza, Firedancer and Jito were the main parties behind the security patch, while Asymmetric Research, Neodyme and OtterSec also assisted.

The foundation confirmed that all funds remain safe.

Related: Bloomberg Intelligence boosts Solana ETF approval odds to 90%

Despite the fix, the Solana Foundation’s private handling of the issue with Solana validators raised centralization concerns from some in the crypto community. 

This included a Curve Finance contributor who raised concerns about the foundation’s close relationship with Solana validators.

“Why does someone have a list of all validators and their contact details? What else are they talking about in those comms channels,” they asked, fearing that they could collude to potentially censor transactions or roll back the chain.

Solana Labs CEO Anatoly Yakovenko didn’t directly deny the claims but said members of the Ethereum community could also coordinate to resolve a similar security bug.

Source: Clouted

More than 70% of Ethereum network validators are also controlled by crypto exchanges or staking operators such as Lido, Yakovenko said in arguing his point.

“It’s the same people to get to 70% on ethereum. All the lido validators (chorus one, p2p, etc..) binance, coinbase, and kraken. If geth needs to push a patch, I’ll be happy to coordinate for them.”

In August, the Solana Foundation and network validators resolved another critical vulnerability behind the scenes. At the time, the foundation’s executive director, Dan Albert, said the ability to coordinate a patch doesn’t mean that Solana is centralized.

Ethereum wouldn’t fall for the same issue, community member says

Ethereum community member Ryan Berckmans slammed claims that Ethereum is subject to the same centralization issues as Solana, pointing out that Ethereum has sufficient client diversity. 

The most popular Ethereum client, geth, has at most 41% market share on Ethereum, Berckmans said, while noting that Solana has just one production-ready client, Agave.

“This means zero day bugs in the single Sol client are de facto protocol bugs. Change the single client program, change the protocol itself. The client is the protocol.”

Meanwhile, Solana is looking to roll out a new client, Firedancer, in the next few months, which is expected to improve the network’s resilience and uptime. 

However, Berckmans said that Solana would need three clients to be sufficiently decentralized at the client level.

Source: Ryan Berckmans

Magazine: Memecoins are ded — But Solana ‘100x better’ despite revenue plunge

Continue Reading

Coin Market

Hackers use New York Post’s X account to send scam DMs, users report

Published

on

By

Malicious actors appear to have infiltrated the New York Post’s X account in an attempt to scam crypto users on the microblogging platform. 

Some X users from the crypto community have recently reported having received a private message from the New York Post’s X account inviting them to feature in a podcast and to contact them via Telegram. 

The spurious messages were first discovered on May 3 by Kerberus founder and CEO Alex Katz, who shared a screenshot of a message made out to be from author and journalist Paul Sperry via the official nypost account. 

“What’s interesting about this case is that the scammer gained unauthorized access but didn’t post a Pump.fun address or wallet drainer. Instead, they’re messaging users and then directing them to Telegram,” observed cybersecurity engineer and NFT collector “Drew”.

Related: ‘I’m sick’ — Scammers use AI, fake ID of crypto influencer to steal $4M

After sending the message, the scammer blocks users from replying to prevent the actual New York Post team from being alerted to the compromise, he added.  

Donny Clutterbuck from NFT Bitcoin’s ordinals platform Fomojis also reported having been contacted by the hacker, suggesting that it could be a potential Zoom exploit from enabling audio. 

When you click to enable audio, a pop-up gives the option to either cancel or enable WiFi, he said before adding, “I guess WiFi gives network access to the scammer.” 

Blockchain sleuth ZachXBT said this compromise was similar to one from a few weeks ago when direct messages were sent from The Defiant’s X account.

Private message from New York Post’s X account. Source: Alex Katz

Cointelegraph contacted the New York Post for more information but did not receive an immediate response. There was nothing regarding the social media compromise on the NYP or Sperry’s X feeds. 

Scammers seeking victims on Zoom 

Scammers have increasingly shifted their social engineering techniques to messaging users directly after having established trust from previous conversations, and video conference platform Zoom has become a hotbed of crypto scams recently. 

In April, Emblem Vault CEO Jake Gallen warned users to be wary of malicious actors using Zoom after losing $100,000 in crypto assets. Gallen was also contacted via X to arrange a Zoom interview during which the scammer installed malware that drained his wallets. 

It is not the first time the New York Post’s verified Twitter account has been hijacked. In 2022, an employee hacked the account to post a series of obscene messages designed to look like real headlines. 

Magazine: Bitcoin to $1M ‘by 2029,’ CIA tips its hat to Bitcoin: Hodler’s Digest

Continue Reading

Trending