TechCrunch+

Investment giant Fidelity announced today that it has acquired Shoobx, a venture-backed fintech startup, for an undisclosed amount.

Jason Furtado and Stephan Richter founded Boston-based Shoobx in 2013, according to Crunchbase. The pair went on to raise a known $10 million in funding for the company with investors such as Austin-based Scout Ventures and Steve Papa. Atlas Ventures is also a backer, according to the Wall Street Journal. All 40 of Shoobx’s employees will join Fidelity.

Shoobx is a provider of automated equity management operations and financing software to private companies “at all growth stages,” up to and including an initial public offering. Services it offers include helping companies send offer letters, grant equity to new employees, manage their cap tables and get a 409A valuation report, among other things.

On its website, Shoobx notes that it has been called “Carta on steroids” because its “capabilities rocket past what Carta can provide.” Meanwhile, Carta Crunchbase data indicates that Carta has raised $1.1 billion to date, including a massive $500 million round raised in August 2021, led by Silver Lake. At that time, the company was valued around $7.4 billion, per the same data source. So while we don’t know how much Shoobx was worth at the time of this acquisition, it’s safe to say that its valuation is likely less than that of Carta’s based on how much it has raised over time.

For its part, Fidelity said its purchase of Shoobx is a sign of its commitment to the private market “and will help to satisfy an increasing demand Fidelity sees from private companies to support them as they scale and grow.” The last time Fidelity acquired another company was in 2015, when it acquired wealth planning software company eMoney Advisor, according to a company spokesperson.

Shoobx will be folded into Fidelity’s Stock Plan Services business, which provides equity compensation plan recordkeeping and administration services to nearly 700 companies with 2.5 million plan participants, totaling over $250 billion in plan value. Stock Plan Services is part of Fidelity’s Workplace Investing division, one of the country’s leading workplace benefits providers.

According to Shoobx’s website, the two companies were partners prior to this announcement.

Fidelity makes first acquisition in 7 years, snapping up fintech Shoobx by Mary Ann Azevedo originally published on TechCrunch

AR/VR/MX took center stage at CES 2023. Automotive trends got a lot of love, as well, as did robotics and the metaverse. Heck, even pee-related gadgets had their moment to shine last week in Vegas. Another trend, however, was ever-present, if decidedly more understanded.

The last few years have been a roller coaster for the smart home. After years of hype, the cracks have begun to show for some of the major players in the space. The most prominent example of late is Amazon’s Echo division. While no doubt being set up as something of a loss leader, few expected a $5 billion a year revenue loss at this late stage.

In addition to the standard tech hype cycle, the smart home has also been cursed by a lack of interoperability. One of the technology’s most hopeful promises is an easy set up. Forget all of those expensive, time-consuming setups that require someone with contracting and electrical know-how — just plug it in, connect the app and you’re off to the races.

But in consumer electronics, the best laid plans and all that. It’s still a relatively young category, with several pain points, but at least one was seemingly easily avoided. If you’ve followed consumer tech with any frequency, you know one thing for sure: Competitors will rarely give an inch. It’s an approach that — in the past — has led to antitrust and other regulatory scrutiny. In recent years, this has manifested itself as app stores and walled gardens.

For the smart home, it’s meant a dearth of interoperability. If you’ve attempted to buy a smart home product, you’re almost certainly familiar with the limitations. Heck, there’s a decent chance you purchased a product and had to return it after finding out the hard way that it didn’t work with HomeKit, Alexa, Google Home, Samsung SmartThings or any manner of other ecosystems.

This is the promise of Matter. Announced at the tail end of 2019, the home automation standard is the purview of the Connectivity Standards Alliance (CSA). The group was founded by Amazon, Apple, Google, Comcast and the Zigbee Alliance. It operates similarly to organizations like the Bluetooth Special Interest Group and WiFi Alliance. The company list has expanded greatly, but each member gets the same single vote, from Apple, Amazon and Google on down to the smallest startup.

“Manufacturers all agree to send the same commands and all agree to do the same thing when they’ve received those commands,” Jon Harros, the CSA’s director of Certification and Testing Programs, told us in an interview at last week’s CES. “It wouldn’t matter whether the command came from one manufacturer or the other. If you’re receiving it, it will always work in the same way.”

The obvious question in all of this is: Why now? Or, more explicitly, why did this take so long? For starters, the obvious issue alluded to above that most of these big companies would really rather not work with their competitors if they can avoid it. As such, getting everyone on the same page about something like this is a bit of a cat herding scenario.

“Technically, there are a lot of different steps,” says Harros. “Number two, it was also we had to reach a level of maturity within the market and with those global players that everyone understood and recognized that having these walled gardens and having these fractured networks was actually limiting the AOT (automation of things), and that it was time to resolve that issue.”

Effectively, the big players recognized that there was less value in cutting out the competition by demanding manufacturers comply to a single ecosystem than there was in suddenly opening their own offering up to practically every third-party device manufacture by way of a group effort. It’s a remarkable bit of collaboration in an era of closed ecosystems and app stores.

“The IoT started reaching a point where it became obvious to have that reality of the billions of sensors and connected devices that we all know is possible,” says Harros. “They all have a major slice of the pie. They’re all doing very well, but the size of the pie could grow orders of magnitude. You’re now not talking about shipping millions of products, you’re talking about shipping billions.”

More than 2,000 engineers pulled from different member companies were put to work creating a software protocol that would offer cross platform functionality, and provide the sort of product security consumers demand from their smart products in 2023. The initial fruits of that work began rolling out toward the end of last year. Plenty more are still on the way.

“We’ve already had one train arrive at the station as Matter 1.0,” says Harros. “We wanted to make sure we launched on time, with all of the features and primary device types everyone wanted, straight out of the block. Before the train arrived, other trains set off behind it. There are members of the alliance that have been working on things like white goods [appliances], cameras and smart vacuums. They’re already on the way to the train station. They just haven’t arrived yet.”

One of the beauties about the implantation of a software layer is that many existing products will be backward compatible with the standard through an over the air update. Newer products, meanwhile, will carry the Matter logo, which the alliance is hoping will become as ubiquitous as the Bluetooth and WiFi logos. For older products, you’ll be able to check them against the CSA’s online database.

The organization is employing third-party laboratories to put devices through similar testing practices as the ones the FCC has in place.

We absolutely believe that — in a very short matter of time — everyone will recognize the Matter logo, so when a consumer goes to an electronics store or your local home hardware store, they’re just going to look for that logo. You know that if it has that logo, it will interoperate with something else.

Why the Matter logo was everywhere at CES 2023 by Brian Heater originally published on TechCrunch

Here’s something that seems all but a guarantee: The way we purchase expensive electronics is going to change. Years after the U.S. began moving away from the carrier-based model of phone purchases, it seems as though we’re heading toward another sort of subscription model in the form of hardware as a service.

Even with that in mind, this is a strange one — though Nothing has made breaking from orthodoxy a central tenet of its existence since day one.

As we’ve known for some time, the Phone (1) wasn’t destined for the U.S. market — at least not through any traditional means. Today, however, the London-based firm announced it is available through a far less traditional route. “The United States represents a high potential market for Nothing and so the company is seeking to better understand users’ needs,” the company said in a note sent to TechCrunch.

The “Nothing OS 1.5 Beta” is a $299 program designed to help the company get a better grip on the world’s third-largest smartphone market — one that’s been notoriously difficult to crack. The price includes a Nothing phone that’s yours to keep, even after the program runs its course at the end of June.

Nothing notes:

Please note, the Phone (1)’s distributed are for testing purposes. Whilst these are final models, devices may not work with all US carriers. Since this is a Beta version of the software, users may experience some limitations. Please read the below FAQs before continuing.

Interested parties can sign up for the program starting today and save themselves ~$173 off the retail price. A little nothing for something, if you will.

Want the Nothing phone in the US? Be a beta by Brian Heater originally published on TechCrunch

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PST, subscribe here.

Haje is still dazed from spending a week deep in the bowels of Las Vegas for CES 2023 but is grateful to be back in the Daily Crunch saddle. Let’s see what’s happening in tech land! — Christine and Haje

The TechCrunch Top 3

More layoffs at Coinbase: Coinbase said it is going to cut another chunk of jobs, this time 20%, or 950 employees, and will abandon several projects, Manish reports. This is the crypto exchange’s second round of layoffs in seven months after cutting about 1,100 jobs in June.
Primed and ready: Amazon is going to expand its Buy with Prime service to the U.S. on January 31, Sarah writes. Buy with Prime’s delivery service is similar to Prime, but also includes “seamless checkout and easier returns, allowing merchants to establish their own direct relationships with customers.”
Chatting, but with a bot: Everyone’s ChatGPTing. Know how we know? Dubious ChatGPT apps are flooding the Apple App Store and Google Play Store. Ivan has more.

Startups and VC

German-based biotech company BioNTech — one of the big manufacturers of COVID-19 vaccines, among other things — is set to acquire InstaDeep, a Tunis-born and U.K.-based AI startup for up to £562 million (~$680 million) in its largest deal yet, Tage reports. The German vaccine maker intends to use InstaDeep’s machine learning to “improve its drug discovery process, including developing personalised treatments tailored to a patient’s cancer.”

Supermom, a parenting platform with 20 million users in six Southeast Asian countries, offers parents price comparisons, communities and the chance to earn money by completing surveys, Catherine reports. It gives brands a way to conduct market research and collect first-party data, which is important as marketers prepare for a post-cookie world.

And we have a smattering of additional stories for you:

Keeping an eye out — on the cheap: Frederic reports that Wyze launches its new $34 pan-and-tilt security camera.
Like tea, but functional: A brand-new “functional” tea brand, the Ryl Company, is steeped in cash with $6.7 million in new funding and is making its debut in Wegmans and Whole Foods, Christine reports.
Recycling the heat: Servers get hot, so why not use ’em for something useful? Qarnot creates green data centers by putting servers in central heating boilers, Romain reports. The company just raised $13 million to continue on its mission.
Like Etsy but Korean: Handmade goods marketplace Backpackr gears up to expand into Southeast Asia, reports Kate.
Better chat, with some ways to go: Anthropic’s Claude improves on ChatGPT, but it still suffers from limitations, Kyle reports.

A timeline for startup M&A processes: Key steps and factors to consider

“Not all companies are best positioned to go it alone, and that’s okay,” writes Vishal Lugani, general partner and co-founder at Acrew Capital.

In his detailed guide to the M&A process, Lugani offers a week-by-week deal timeline that breaks down every step between sourcing offers and post-close integration.

A lot can happen over the months it can take for a deal to close, so the article includes strategies for selecting an acquirer, maintaining product momentum, and managing your team (and investors!).

Three more from the TC+ team:

Hold on tight…: Salesforce turmoil continues into new year, as recent layoffs attest, Ron writes.
Gettin’ chatty: Some investors are (cautiously) implementing ChatGPT in their workflows, reports Natasha M, Christine, and Kyle.
Cookin’ on gas: Climate benefits of killing gas stoves aren’t what you think, but the health benefits are, Tim reports.

TechCrunch+ is our membership program that helps founders and startup teams get ahead of the pack. You can sign up here. Use code “DC” for a 15% discount on an annual subscription!

Big Tech Inc.

Some sources told Manish that OpenAI’s startup fund is in talks to invest in silicon chip bigwigs Sam Zeloof and Jim Keller, who started Atomic Semi to manufacture chips. And get this: the proposed $15 million investment will value the company at $100 million. Not too shabby, er, should we say silicon-y.

And we have five more for you:

Matchmaker, app-style: Scams do happen, especially when love is involved. Not a good look for Tinder and other Match dating apps, so they are offering in-app tips on avoiding romance scams, Lauren writes.
Even more layoffs: Data software company Scale AI is cutting 20% of its workforce, Kirsten reports. In a blog post, CEO Alexandr Wang pointed to aggressive hiring during good times, but “the macro environment has changed dramatically in recent quarters, which is something I failed to predict.”
In privacy news: Natasha L writes about Facebook’s data-scraping breach leading to an enforcement lawsuit in Ireland, while Europe quizzes TikTok on various topics, including data safety, disinformation and Digital Services Act compliance.
Windows 7 security is in the rearview mirror: Microsoft ends Windows 7 security updates,Zack reports.
Teen screen time: Instagram and Facebook are looking at its advertising to young users and will introduce more limits on targeting teens with ads, Taylor reports.

Daily Crunch: Citing ‘unscrupulous actors’ and market trends, Coinbase CEO lays off 950 workers by Christine Hall originally published on TechCrunch

A little over two years after its public debut, Mineral is becoming its own Alphabet company. The team, which was formerly known as the “Computational Agriculture Project” (no prizes for guessing why they adopted the new name), just graduated from the X “moonshot” labs.

“After five years incubating our technology at X, Alphabet’s moonshot factory, Mineral is now an Alphabet company,” CEO Elliott Grant said in a blog post. “Our mission is to help scale sustainable agriculture. We’re doing this by developing a platform and tools that help gather, organize, and understand never-before known or understood information about the plant world — and make it useful and actionable.”

Years after attempting to build a robotics division largely through acquisition, Alphabet appears to be growing one more organically in-house. Mineral follows Everyday Robots and Intrinsic in growing from X to a fully released Alphabet subsidiary.

Mineral uses its in-house robots to create datasets and do research about different crops. It explains that — over the course of its half decade of (mostly stealth) existence — it’s discovered that most companies are doing a good enough job collecting the scope of data required to leverage machine learning.

“There is no single mode of data collection suited to every agriculture task or crop,” says Grant. “We began with a plant rover that could capture huge quantities of high quality images, and over time expanded to building generalized perception technology that can work across platforms such as robots, third party farm equipment, drones, sentinel devices, and mobile phones.”

The company’s end goal is creating detailed and rich datasets that can be used by farmers across the world to tap into previously unknown factors in growing. In doing so, it hopes to help cultivate crops that are more resilient to climate change, without exacerbating the urgent issue.

Alphabet X graduates robotic agtech firm Mineral by Brian Heater originally published on TechCrunch

Activity in the self-driving car industry, frenetic for years, has somewhat stalled in more recent times, but a handful of the most promising companies are continuing to see their businesses grow and attract investment in the process. In one of the more recent developments, Oxbotica, a startup out of England that develops software to power autonomous vehicles, has closed a Series C round of $140 million, money that it will be using to continue building out services for existing clients and to drum up new business in that wake.

The size of the round is big by any terms, but it’s a signal of how AI startups especially continue to fare well at the moment. It also shows the kinds of companies that are working with, and looking to back, startups breaking new ground in the space of autonomous driving.

The basic model for Oxbotica — eight years old and based out of Oxford, England — is B2B: It sells and customizes its autonomous software, which it dubs “Universal Autonomy,” for a range of enterprise customers. Its premise is that its flexible technology can power whatever it is that a customer needs: navigation, perception, user interfaces, fleet management or other features needed to run self-driving vehicles in multiple environments, regardless of the hardware being used and in integration with whatever other software its customers are using.

Underscoring its traction with that premise, this latest funding is coming from a mix of investors that include some of those strategic backers and customers. Japan’s Aioi Nissay Dowa Insurance Co., Ltd., and ENEOS Innovation Partners, the corporate VC of the mining conglomerate Eneos, are among its new investors; previous backers in this round include BGF, safety equipment group Halma, hospitality and recreation investor Hostplus, climate fund Kiko Ventures (IP Group), the online shopping company Ocado Group, internet giant Tencent, Venture Science and automotive component maker ZF. Several of these companies also invested in Oxbotica’s last round, a Series B in January 2021 of $47 million.

This round brings the total raised by Oxbotica to $225 million. The startup is not disclosing its valuation, but Paul Newman, the company’s CTO and co-founder, noted that the fact that it was one of the autonomous startups that’s raising big right now, and the current appetite for artificial intelligence startups that are building applications around their innovations, have contributed to a healthy number.

“You should take it to be in a space that investors are valuing greatly,” he said. At a moment when businesses, consumers, investors and startups themselves are reassessing things like self-driving technology through a more pragmatic lens, asking questions about unit economics and commercial and technical viability, Oxbotica, he said, has emerged as a leader in “the application of autonomy where the world needs it.”

That translated also into much shorter conversations with investors, the kind that are generally not happening across other sectors in tech. “It didn’t take that much time at all to show you can solve what is really needed versus what is not a problem at all,” CEO Gavin Jackson added. “It was a distinction investors understood quickly in the first 30 seconds of us talking to them.”

Indeed, while some of the more ambitious efforts around self-driving vehicles for consumers have been shelved or faced some tragic mishaps, it’s emerged that campus-style, closed environments where it’s either more dangerous and/or less efficient to employ humans to navigate vehicles have shaped up to be some of the most popular use cases for it and others building autonomous systems.

In addition to the industries of its strategic investors, other use cases where Oxbotica is building services include agriculture, airports, energy and shared passenger transportation.

Not to say that things are perfect. Some (and perhaps all) of its actual commercial deployments appear to be quite medium- to long-term. One of its big milestones from this year was in May 2022, when it ran Europe’s first zero-occupancy trial (note the word trial) on a publicly accessible road. It also worked on “metaverse-based testing” and forged alliances with insurance companies.

Newman admits what he described in our interview as “sticking points” that still need addressing in the very complex world of building autonomous vehicles and systems.

“It’s exhilarating when we can connect fleet management to our operating system,” he told me. In its favor, once something is solved, it’s solved for everyone. A mining company’s need to integrate Oxbotica with its system to dispatch drivers into mines is the same that Ocado will have for connecting its delivery vehicles.

The amount that it has proven, meanwhile, has convinced customers and backers that it’s not a matter of “if” anymore, but rather when this comes to fruition.

“Oxbotica really sets itself apart from its competitors thanks to its ambitious vision to unlock Universal Autonomy,” said Mitsuru Yamaguchi, senior managing executive officer at Aioi Nissay Dowa Insurance, in a statement. “We are excited to combine Oxbotica’s world-class AI and robotic techniques with our own pioneering expertise in the telematics insurance arena. This will leave us well placed to develop innovative insurance products and services which will create a safer, greener and more secure society for everyone.”

“We are excited to grow our investment in Oxbotica, which has become a global leader in autonomous vehicle software,” added Erin Hallock, managing partner at bp ventures. “Our sustained support is a great example of bp ventures’ continued investment in game-changing technology companies. By leveraging automation and digital technology we believe the team can improve safety and increase efficiency across a wide range of vehicles, and support bp’s ambition to accelerate the global revolution in mobility.”

Oxbotica raises $140M more as its B2B autonomous vehicle platform gains ground by Ingrid Lunden originally published on TechCrunch

After launching Elon Musk’s version of the Twitter Blue subscription service last month in five countries, the company has expanded the paid plan to users in Japan. Both the old (launched in 2021) and revamped Twitter Blue subscriptions were available in the US, Canada, the UK, Australia, and New Zealand.

Twitter noted on its support page that users in Japan will be able to buy the subscription for ¥980 ($7.40) per month on the web and ¥1,380 ($10.42) per month on iOS. These prices are marginally lower than the US prices of $8 per month on the web and $11 per month on iOS.

At the moment, Twitter Blue offers features like the blue verification badge, longer video uploads, priority ranking in conversation replies, a thread reader, and an edit tweet feature along with custom icons and themes. While some of these features were already present in the legacy version of the paid subscription, the verification mark, higher limit on video uploads, and a boost in rankings are newly introduced features.

After taking over Twitter, Musk has had lofty plans of reducing reliance on ad revenue by adding more subscribers. He launched a new version of Twitter Blue initially in November but had to quickly shut it down because of people impersonating celebrities and brands.

Twitter Blue’s expansion in Japan is not surprising. In his first all-hands meeting as Twitter boss, Musk reportedly boasted about the social network’s market share in the country. Estimates noted that Japan has more than 50 million Twitter users.

Since then the company has tried to put guardrails around the new verification system by mandating users to have a phone number to buy the Blue subscription and putting a 90-day cool-off period for newly created accounts. However, Twitter’s manual verification system of reviewing names and bio are not working as intended. Last week, a Washington Post reporter successfully created a fake account of Senator Edward J. Markey.

Twitter launches its Blue subscription service in Japan by Ivan Mehta originally published on TechCrunch

Meta’s main subcontractor for content moderation in Africa, Sama, earlier Tuesday announced the closure of its content moderation arm at its hub in Kenya, citing the need to streamline operations.

This comes months after Sama and Meta were sued in the East African country for union busting, and exploitation, and just weeks after another lawsuit called for Meta to increase its content moderation capacity in Kenya.

Following the announcement by Sama, 200 employees, representing 3% of its team, will be let go as the company exits content review services, and concentrates on labelling work (computer vision data annotation).

The company sourced moderators from across Africa, and the closure of the arm is said to leave a section without work permits. Sama’s moderators were required to sift through social media posts on all its platforms, including Facebook, to remove those perpetrating and perpetuating hate, misinformation and violence.

Reports indicate Sama encouraged staff affected by the closure to apply for other job opportunities at its Kenya and Uganda offices.

“The current economic climate requires more efficient and streamlined business operations,” said Sama, according to a report by the Financial Times, which said that the social media giant has contracted Luxembourg-based Majorel to fill up the gap.

The decision to drop Meta’s contract, which expires end of March, comes months after a lawsuit was filed by Daniel Motaung, a South African national and ex-Sama content moderator, in Kenya last year accusing the two firms of forced labor and human trafficking, unfair labor relations, union busting and failure to provide “adequate” mental health and psychosocial support.

Sama’s decision also comes at a time when Meta is facing another lawsuit in Kenya over claims that the social media giant failed to employ enough safety measures on Facebook, which has, in turn, fueled a conflict that led to deaths, including of 500,000 Ethiopians during the recently-ended Tigray War.

The lawsuit claims the social site amplified hateful content, and failed to hire enough personnel, with an understanding of local languages, to moderate content.

Meta’s main content moderation partner in Africa shuts down operations by Annie Njanja originally published on TechCrunch

A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’.

The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country’s federal land, national parks and a budget of billions of dollars, said that the department’s reliance on passwords as the sole way of protecting some of its most important systems and employees’ user accounts has bucked nearly two decades of the government’s own cybersecurity guidance of mandating stronger two-factor authentication.

It concludes that poor password policies puts the department at risk of a breach that could lead to a “high probability” of massive disruption to its operations.

The inspector general’s office said it launched its investigation after aprevious test of the agency’s cybersecurity defenses found lax password policies and requirements across the Department of the Interior’s dozen-plus agencies and bureaus. The aim this time around was to determine if the department’s security defenses were enough to block the use of stolen and recovered passwords.

Passwords themselves are not always stolen in their readable form. The passwords you create on websites and online services are typically scrambled and stored in a way that makes them unreadable to humans — usually as a string of seemingly random letters and numbers — so that passwords stolen by malware or a data breach cannot be easily used in further hacks. This is called password hashing, and the complexity of a password (and the strength of the hashing algorithm used to encrypt it) determines how long it can take a computer to unscramble it. Generally, the longer or more complex the password, the longer it takes to recover.

But watchdog staffers said that relying on claims that passwords meeting the department’s minimum security requirements would take more than a hundred years to recover using off-the-shelf password cracking software has created a “false sense of security” that its passwords are secure, in large part because of the commercial availability of computing power available today.

To make their point, the watchdog spent less than $15,000 on building a password-cracking rig — a setup of a high-performance computer or several chained together — with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like ‘Polar_bear65’ and ‘Nationalparks2014!’.

The watchdog also recovered hundreds of accounts belonging to senior government employees and other accounts with elevated security privileges for accessing sensitive data and systems. Another 4,200 hashed passwords were cracked over an additional eight weeks of testing.

Password cracking rigs aren’t a new concept, but they require considerable computing power and energy consumable to operate, and it can easily cost several thousands of dollars just to build a relatively simple hardware configuration. (For comparison, White Oak Security spent about $7,000 on hardware for a reasonably powerful rig back in 2019.)

Password-cracking rigs also rely on massive amounts of human-readable data for comparison to scrambled passwords. Using open-source and freely available software like Hashcat can compare lists of readable words and phrases to hashed passwords. For example, ‘password’ converts to ‘5f4dcc3b5aa765d61d8327deb882cf99’. Because this password hash is already known, a computer takes less than a microsecond to confirm it.

According to the report, the Department of the Interior provided the password hashes of every user account to the watchdog, which then waited 90 days for the passwords to expire — per the department’s own password policy — before it was safe to attempt to crack them.

The watchdog said it curated its own custom wordlist for cracking the department’s passwords from dictionaries in multiple languages, as well as U.S. government terminology, pop culture references, and other publicly available lists of hashed passwords collected from past data breaches. (It’s not uncommon for tech companies to also collect lists of stolen passwords in other data breaches to compare to their own set of customers’ hashed passwords, as a way of preventing customers from re-using the same password from other websites.) By doing so, the watchdog demonstrated that a well-resourced cybercriminal could have cracked the department’s passwords at a similar rate, the report said.

The watchdog found that close to 5% of all active user account passwords were based on some variation of the word “password,” and that the department did not “timely” wind down inactive or unused user accounts, leaving at least 6,000 user accounts vulnerable to compromise.

The report also criticized the Department of the Interior for “not consistently” implementing or enforcing two-factor authentication, where users are required to enter a code from a device that they physically own to prevent attackers from logging in using just a stolen password. The report said that nearly nine out of 10 of the department’s high-value assets, such as systems that would severely impact its operations or the loss of sensitive data, were not protected by some form of second-factor security, and the department had as a result disregarded 18 years of federal mandates, including its “own internal policies.” When the watchdog asked for a detailed report on the department’s use of two-factor authentication, the department said the information did not exist.

“This failure to prioritize a fundamental security control led to continued use of single-factor authentication,” the watchdog concluded.

In its response, the Department of the Interior said it concurred with most of the inspector general’s findings, and said it was “committed” to the implementation of the Biden administration’s executive order directing federal agencies to improve their cybersecurity defenses.

Read more:

Hackers stole passwords for accessing 140,000 payment terminals
LastPass says hackers stole customers’ password vaults
Passwordstate customers complain of silence and secrecy after cyberattack

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes by Zack Whittaker originally published on TechCrunch

The crypto venture capital industry has become more selective thanks to the general market downturn and wavering trust caused by a slew of scandals and market disruptions, but investors at major firms are still writing checks in the space.

Amid market volatility, decentralized finance, or DeFi, is an area that continues to be in focus in both the crypto VC world and across the community as new use cases, protocols and projects arise.

Anywhere from 20% to 50% of crypto-related pitches today are DeFi-focused, several investors we surveyed said. That shows there’s a vast number of DeFi projects looking for funding.

“To stand out in this crowded space, founders should focus on highlighting unique technology and a clear advantage for a specific use case, as well as a defensible moat,” Alex Marinier, founder and general partner at New Form Capital said.

Ultimately, DeFi is a mirror reflection of traditional finance (TradFi), and founders who have deep sector expertise in TradFi, coupled with a fundamental understanding of blockchains will stand out from the other teams, Paul Veradittakit, general partner at Pantera Capital, shared.

Last year, the crypto world faced a handful of massive industry-changing events like the Terra/LUNA ecosystem collapse in May and the cryptocurrency exchange FTX collapsing in early November. Both events brought down a lot of smaller startups and big players who intermingled with those now defunct market players.

As the market looks toward the future, some venture capitalists are revamping their investing strategies, while others are holding to their current plans, with perhaps a small tweak or two. Read on to find out how active investors are thinking about DeFi, how they’re advising their portfolio companies amid the lack of funding, the best way to approach them, and more.

We surveyed:

Michael Anderson, co-founder, Framework Ventures
Alex Marinier, founder and general partner, New Form Capital
Samantha Lewis, principal, Mercury
Paul Veradittakit, general partner, Pantera Capital
David Gan, founder and general partner, OP Crypto
Mike Giampapa, general partner, Galaxy Ventures

Michael Anderson, co-founder, Framework Ventures

How big is the DeFi market today? How much do you expect it to grow in the next five years?

When thinking about the DeFi market, we look at the total market cap of DeFi assets, total value locked (TVL), and trading volume. While total value locked (TVL) as a metric certainly has its flaws, we think it’s still a decent measure of activity in the sector. As TVL increases, we also think it’s possible that total market cap could follow.

We’re keeping a close eye on the sector’s relative activity, like trades, volumes and users, compared to centralized alternatives like exchanges. Despite the negative sentiment surrounding crypto today, we still believe activity will eventually return to the industry. However, in the aftermath of all of these dramatic centralized finance (CeFi) explosions, we think that the next time users decide to enter the space, they’re going to think twice about trusting a CeFi exchange or company, and instead opt to use decentralized protocols.

What were the biggest challenges your firm faced in 2022? What steps are you taking to better prepare for 2023?

As with most investors in the space, our biggest challenge has been navigating the seemingly endless CeFi blowups and failures that have rocked our industry. We were able to avoid the vast majority of these blowups, as we passed on several FTX ecosystem projects.

As a result, Framework wasn’t hit nearly as hard as many of the big VC firms in the space, and we’re in a pretty strong position to continue deploying capital in this new market.

These CeFi incidents have caused plenty of collateral damage across the industry, so a major priority over the last 12 months has been making sure all of our portfolio companies are sound, liquid, well-capitalized, and can survive the next 1-3 years. This means helping the founders in our portfolio cut costs, prioritize high growth activity, and providing advice on product, growth, and future fundraising strategy in a less friendly funding environment.

In general, our position is a validation of our core theses over the last 3 years, and we’re going to continue doubling down on DeFi, web3 gaming, and more. Given that a lot of the other firms aren’t actively investing at this time, we see this market as a great opportunity for Framework to selectively deploy capital.

How are you advising your portfolio companies going into 2023?

We’re working with them to cut costs and focus on surviving the next 1-3 years. We believe in crypto long-term, but we don’t know how quickly the market could bounce back, and so survival should be the top priority.

We’re also encouraging founders to think more strategically about project development. If a team was focusing on three different areas, we’re encouraging them to instead prioritize the highest-growth activity only.

Of all the pitches you get, what percentage are DeFi protocols or projects? What can they do to stand out in the broader crypto landscape?

These days, around 30%-35% of the pitches we receive are firmly DeFi-focused.

If a DeFi project wants to really stand out, we want to see that they’re thinking about where the puck is going. We’re looking for projects that have the potential to be regulation-friendly. It’s a non-starter if the team is not thinking about regulation, or thinks they can just figure it out down the line.

Additionally, we’re interested in projects that have direct connections to institutions or at least a compelling growth strategy that involves institutions. We don’t think that retail will offer projects a large enough market in DeFi over the next two years, so creating something attractive to institutions should be more of a core focus than previously.

We also want to see that the project is differentiated from a product perspective. We’re not interested in another Uniswap clone, or an Open Sea copycat of the flavor of the week alt-L1.

What is your current strategy for investing in DeFi protocols and projects? How has that changed from past quarters?

In 2020, during the height of DeFi summer, the market was big enough that projects courted retail and DeFi degens [a nickname for people interested in risky, niche, speculative crypto projects]. The market is totally different now.

Unfortunately, retail was blown up more than a dozen different ways last year, and they’re unlikely to come back for a few years. As a result, we’re focusing more on projects that are thinking about addressing new, more institutional users and markets.

We understand that regulation is likely coming down the line, so we’re very interested in projects that are pro-regulation, or at the very least, regulation-friendly.

What types of DeFi use cases do you think will gain more mainstream adoption going forward? Which areas of DeFi are now perceived as more significant than they used to be?

With the Merge officially behind us, liquid staking has become a big area of excitement for us. We think liquid staking projects will receive much more attention after Shanghai goes live and users have the opportunity to withdraw their assets without worrying about illiquidity.

How can the gap between traditional finance (TradFi) and DeFi be bridged?

We need to see more DeFi products and services that more realistically accommodate institutions. This means projects that have pro-regulatory elements baked into the products themselves, including KYC, the ability to limit certain assets, and more. Projects that institutions will be able to transact with won’t look and feel like the traditional DeFi we’re accustomed to and will co-exist as a relatively different ecosystem.

How do you think regulatory frameworks can affect the DeFi space? Which country or region seems to be going in the best direction?

At some point in 2023, we’ll have the landmark crypto regulation that everyone has been waiting on for years. More clarity could be very positive.

We don’t have a firm position, but on the surface, it looks like the UK is rapidly becoming one of the most open, from a thought-leader perspective.

How do you like to receive pitches? What’s the most important thing a founder should know before they talk with you?

We really like a good storyline. We want to know why you’re working on this problem, why it needs to be solved now, and why you think you can beat everyone else. Competitive advantage is key for us.

Alex Marinier, founder and general partner, New Form Capital

How big is the DeFi market today? How much do you expect it to grow in the next five years?

The DeFi market is currently around $50 billion in TVL. In the next five years, we expect the market to bifurcate into two categories: permissioned and permissionless.

Permissioned DeFi will gain traction among institutions, because it marries the benefits of blockchain technology with the compliance standards of traditional finance. If just a small percentage of traditional finance activity moves on-chain, it could create a market opportunity worth more than $1 trillion.

When you add in permissionless DeFi, which is more geared towards individual users and makes up most of DeFi today, the combined market has the potential to become worth anywhere from $500 billion to $2 trillion by 2028.

That said, DeFi’s growth will depend on more than just an increase in use cases. It will also be influenced by developments in infrastructure, regulation and financial innovation.

What were the biggest challenges your firm faced in 2022? What steps are you taking to better prepare for 2023?

Navigating the high-profile collapses (Terra, Celsius, FTX) was certainly the focus of 2022. We had to take more time to support our founders and ensure they have sufficient runway to endure an extended bear market.

This year, our focus is on helping founders find creative ways to grow through this market and position themselves for the next bull market. We’re also focused on sourcing opportunistic investments at attractive valuations and incubating more projects in-house.

Six crypto investors talk about DeFi and the road ahead for adoption in 2023 by Jacquelyn Melinek originally published on TechCrunch