Tinder’s head of product has left

Tinder’s chief product officer Brian Norgard wants to get back to his entrepreneurial roots, citing former PayPal executive-turned-venture capitalist Keith Rabois as inspiration.

Norgard, who joined Tinder as part of the acquisition of his Kleiner Perkins-backed ephemeral messaging startup Tappy in 2014, has confirmed to TechCrunch that he’s left the app-based dating company to focus on building products and investing in early-stage businesses. Tinder has not yet identified his successor, but Norgard says “it’s all positive vibes” between him and the company.

Norgard began as Tinder’s head of revenue before being promoted to the chief product role in late 2016. Prior to joining Tinder via Tappy, he co-founded two other successful startups: Chill, a Facebook application that garnered 30 million users, and adtech startup Newroo, which was acquired by FOX Interactive in 2006.

“It’s been a great ride but my strength has always been in the early-stage game,” Norgard told TechCrunch. “What I’m trying to do now is take all the learnings from that wonderful experience and bring them into my investing.”

Though he’s yet to sign on in any official capacity, Norgard said he is in talks with several different entities about investing roles.

Brian Norgard has invested in Coinmine, a developer of a sleek cryptocurrency mining device.

Norgard said he’s invested in one company so far, a cryptocurrency mining startup called Coinmine founded by Justin Lambert, who helped design the second iteration of the Pebble watch, and Farb Nivi, the former chief product officer at Learnist. Coinmine is selling a crypto mining device, similar in size and look to an Xbox, that’s controlled by a mobile app. The device is meant to help anyone, crypto enthusiasts and otherwise, mine crypto easily. Nivi told TechCrunch the internet-connected device uses less energy than a PlayStation.

The Los Angeles-based startup is officially launching today with Norgard signed on as an active advisor.

“There are a lot of parallels I draw from Coinmine and Tinder,” Norgard said. “Online dating was very complicated six years ago. It was an arduous process and so is mining. You have to be pretty sophisticated, but this takes it down to the studs. A normal consumer with no technical knowledge can get into the crypto game.”

Coinmine, which raised a total of $2 million, is also backed by Coinbase Ventures, Social Leverage, Arrington Capital, Wonder VC and angel investors like Coinbase’s chief technology officer Balaji Srinivasan.

Cryptocurrency mining attacks using leaked NSA hacking tools are still highly active a year later

It’s been over a year since highly classified exploits built by the National Security Agency were stolen and published online.

One of the tools, dubbed EternalBlue, can covertly break into almost any Windows machine around the world. It didn’t take long for hackers to start using the exploits to run ransomware on thousands of computers, grinding hospitals and businesses to a halt. Two separate attacks in as many months used WannaCry and NotPetya ransomware, which spread like wildfire. Once a single computer in a network was infected, the malware would also target other devices on the network. The recovery was slow and cost companies hundreds of millions in damages.

Yet, more than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack.

Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.

Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.

US Treasury sanctions North Korea over Sony hack and WannaCry attack

“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.

“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.

Cryptomining attacks have been around for a while. It’s more common for hackers to inject cryptocurrency mining code into vulnerable websites, but the payoffs are low. Some news sites are now installing their own mining code as an alternative to running ads.

But WannaMine works differently, Cybereason said in its post-mortem of the infection. By using those leaked NSA exploits to gain a single foothold into a network, the malware tries to infect any computer within. It’s persistent so the malware can survive a reboot. After it’s implanted, the malware uses the computer’s processor to mine cryptocurrency. On dozens, hundreds, or even thousands of computers, the malware can mine cryptocurrency far faster and more efficiently. Though it’s a drain on energy and computer resources, it can often go unnoticed.

After the malware spreads within the network, it modifies the power management settings to prevent the infected computer from going to sleep. Not only that, the malware tries to detect other cryptomining scripts running on the computer and terminates them — likely to squeeze every bit of energy out of the processor, maximizing its mining effort.

At least 300,000 computers or networks are still vulnerable to the NSA’s EternalBlue hacking tools.

Based on up-to-date statistics from Shodan, a search engine for open ports and databases, at least 919,000 servers are still vulnerable to EternalBlue, with some 300,000 machines in the US alone. And that’s just the tip of the iceberg — that figure can represent either individual vulnerable computers or a vulnerable network server capable of infecting hundreds or thousands more machines.

Cybereason said companies are still severely impacted because their systems aren’t protected.

“There’s no reason why these exploits should remain unpatched,” the blog post said. “Organizations need to install security patches and update machines.”

If not ransomware yesterday, it’s cryptomining malware today. Given how versatile the EternalBlue exploit is, tomorrow it could be something far worse — like data theft or destruction.

In other words: if you haven’t patched already, what are you waiting for?

Coinbase acquires Distributed Systems to build ‘Login with Coinbase’

Coinbase wants to be Facebook Connect for crypto. The blockchain giant plans to develop “Login with Coinbase” or a similar identity platform for decentralized app developers to make it much easier for users to sign up and connect their crypto wallets. To fuel that platform, today Coinbase announced it has acquired Distributed Systems, a startup founded in 2015 that was building an identity standard for dApps called the Clear Protocol.

The five-person Distributed Systems team and its technology will join Coinbase. Three of the team members will work with Coinbase’s Toshi decentralized mobile browser team, while CEO Nikhil Srinivasan and his co-founder Alex Kern are forming the new decentralized identity team that will work on the Login with Coinbase product. They’ll be building it atop the “know your customer” anti-money laundering data Coinbase has on its 20 million customers. Srinivasan tells me the goal is to figure out “How can we allow that really rich identity data to enable a new class of applications?”

Distributed Systems had raised a $1.7 million seed round last year led by Floodgate and was considering raising a $4 million to $8 million round this summer. But Srinivasan says, “No one really understood what we’re building,” and it wanted a partner with KYC data. It began talking to Coinbase Ventures about an investment, but after they saw Distributed Systems’ progress and vision, “they quickly tried to move to find a way to acquire us.”

Distributed Systems began to hold acquisition talks with multiple major players in the blockchain space, and the CEO tells me it was deciding between going to “Facebook, or Robinhood, or Binance, or Coinbase,” having been in formal talks with at least one of the first three. Of Coinbase the CEO said, they “were able to convince us they were making big bets, weaving identity across their products.” The financial terms of the deal weren’t disclosed.

Coinbase’s plan to roll out the Login with Coinbase-style platform is an SDK that others apps could integrate, though that won’t necessarily be the feature’s name. That mimics the way Facebook colonized the web with its SDK and login buttons that splashed its brand in front of tons of new and existing users. This turned Facebook into a fundamental identity utility beyond its social network.

Developers eager to improve conversions on their signup flow could turn to Coinbase instead of requiring users to set up whole new accounts and deal with crypto-specific headaches of complicated keys and procedures for connecting their wallet to make payments. One prominent dApp developer told me yesterday that forcing users to set up the MetaMask browser extension for identity was the part of their signup flow where they’re losing the most people.

This morning Coinbase CEO Brian Armstrong confirmed these plans to work on an identity SDK. When Coinbase investor Garry Tan of Initialized Capital wrote that “The main issue preventing dApp adoption is lack of native SDK so you can just download a mobile app and a clean fiat to crypto in one clean UX. Still have to download a browser plugin and transfer Eth to Metamask for now Too much friction,” Armstrong replied “On it :)”

In effect, Coinbase and Distributed Systems could build a safer version of identity than we get offline. As soon as you give your Social Security number to someone or it gets stolen, it can be used anywhere without your consent, and that leads to identity theft. Coinbase wants to build a vision of identity where you can connect to decentralized apps while retaining control. “Decentralized identity will let you prove that you own an identity, or that you have a relationship with the Social Security Administration, without making a copy of that identity,” writes Coinbase’s PM for identity B. Byrne, who’ll oversee Srinivasan’s new decentralized identity team. “If you stretch your imagination a little further, you can imagine this applying to your photos, social media posts, and maybe one day your passport too.”

Considering Distributed Systems and Coinbase are following the Facebook playbook, they may soon have competition from the social network. It’s spun up its own blockchain team and an identity and single sign-on platform for dApps is one of the products I think Facebook is most likely to build. But given Coinbase’s strong reputation in the blockchain industry and its massive head start in terms of registered crypto users, today’s acquisition well position it to be how we connect our offline identity with the rising decentralized economy.

0x lets any app be the Craigslist of cryptocurrency

Centralized crypto exchanges like Coinbase are easy but expensive because they introduce a middleman. Not-for-profit project 0x allows any developer to quickly build their own decentralized cryptocurrency exchange and decide their own fees. It acts like Craigslist, connecting traders without ever holding the tokens itself. And instead of having to bootstrap their way to enough users trading tokens on their app alone so that there’s liquidity, 0x offers cross-platform liquidity between users on the different projects it powers.

The problem is the user experience of decentralized apps is often crappy compared to the consumer apps we’re used to across the rest of tech. From sign-in to recovering accounts to conducting transactions, it’s a lot more complicated than Facebook Login, PayPal, or Shopify. Bitcoin and Ethereum prices remain well below half their peaks because it’s difficult to do much with cryptocurrency right now. Until the decentralized infrastructure improves, the dreams of how blockchains can improve the world remain distant.

0x is trying to fix that by ensuring developers all don’t have to reinvent the exchange wheel.

It began as a for-profit exchange before the team recognized the massive usability gap. So instead it became a decentralized exchange protocol, and raised $24 million in an ICO for its ZRX token. That’s how relayers — the apps who use it to build exchanges for ERC20 tokens atop the Ethereum blockchain — can charge fees. It also gives those who collect the most a say in the governance of the protocol.

Some of the top projects on 0x like Augur and Dydx are going strong. Last week Coinbase announced it was exploring whether it might list ZRX and several other currencies for trade on its exchange, helping perk up the price after declines since the new year.

 

0x’s ZRX token price, via CoinMarketCap

Now 0x is putting some of its $24 million to work. It just hired former Facebook designer Chris Kalani to help it improve the usability of its APIs and the products built on top of them. His skills helped Facebook embrace mobile around its 2012 IPO. He then built Wake, raising $3.8 million for the design prototype sharing tool that let teams get instant feedback on their works-in-progress. Kalani sold Wake to design platform InVision in April, and after a few months assisting the transition, he’s joined 0x.

“There are very few designers involved in the [blockchain] space” Kalani tells me. “There’s not a lot of people who had worked on anything at a large-scale or from the consumer perspective. We’re focused on making crypto more approachable.”

Sustaining a crypto not-for-profit

After talking to four leaders in different parts of the blockchain industry, the consensus was that 0x was an elegant protocol for spawning decentralized exchanges. But the question kept coming up about whether the project will be sustainable. The company doesn’t have to earn enormous amounts of revenue, but concerns about its longevity could scare away developers. One, who asked to remain anonymous, described 0x saying, “the best analogy is trying to monetize Linux.”

0x is open source, so it could be forked so developers can sidestep ZRX. 0x hopes that the shared liquidity feature will keep developers in line. It only works with the unforked version, and is now being used by 0x-powered projects, including Radar Relay, ERC dEX, Shark Relay, Bamboo Relay and LedgerDex.

While some centralized exchanges have suffered security troubles and hacks, those with stronger records like Coinbase continue to thrive while banking off high fees. That in turn lets them offer better liquidity and invest more in the user experience, widening the gap versus decentralized apps. “People trust Coinbase with large amounts of capital but they wouldn’t trust themselves,” Kalani admits. But he thinks it’s early in the game, and as users become more knowledgeable and comfortable with holding their own tokens for use on decentralized exchanges, 0x and ZRX will thrive.

There’s also competition within the decentralized exchange space from Kyber’s liquidity network, and AirSwap’s peer-to-peer exchange marketplace. But for any of these to thrive, the mainstream crypto owner will have to get better educated. That could fall to 0x.

One alternative path for the not-for-profit would be selling developer services and consulting to those building on top of it. Or it could always do another ICO. But for now, there are a lot of projects out there that don’t want to foot the upfront cost to build their own secure and compliant exchange from scratch. Kalani concludes, “The way Stripe allowed developers and businesses to build on top of it, and not have to worry about regulatory issues and all the infrastructure necessary to take payments, I think 0x is going to do something similar with exchanges for crypto.”