Day: August 6, 2023

China Targets Overseas Telecom Fraud Leveraging Blockchain, Crypto, Metaverse, and AI

by Blockchain News

In a recent meeting, China’s Central Political and Legal Affairs Commission has emphasized the need for a systematic, legal, and source-based approach to combat overseas telecom network fraud and related criminal activities. The announcement was made on August 6, 2023, as reported by the Economic Daily.

The commission pointed out that fraud groups have been increasingly utilizing new technologies such as blockchain, metaverse, virtual currency, and AI intelligence to update their criminal tools, making them more concealed and deceptive.

Overseas Telecom Fraud: A Growing Concern

In recent years, overseas telecom network fraud groups have been luring ordinary people into fraudulent activities under the guise of “high-paying job recruitment.” These activities have led to violent detention, human trafficking, and a series of dark industrial chains, causing significant harm to the safety of people’s lives and property.

The diversity of fraudulent methods, the ruthlessness of coercion, and the enormity of the defrauded amounts have led to public outrage. The commission stressed the need to “resolutely maintain the people’s vital interests, firmly uphold social decency, and firmly uphold the authority of the rule of law.”

Organized Crime Features

The overseas telecom network fraud groups are characterized by tight organization, clear division of labor, multi-industry support, industrial distribution, group operation, and refined division of labor. This has necessitated strengthening international law enforcement cooperation and joint efforts with relevant countries to eradicate fraud dens, rescue trapped individuals, and bring the criminal forces and their organizers to justice.

Utilizing New Technologies for Fraud

The commission noted that fraud groups are leveraging blockchain, metaverse, virtual currency, and AI intelligence to constantly update their criminal tools, making them more concealed and confusing. This requires coordination between public security, finance, telecommunications, and internet departments to apply advanced technological means and fulfill regulatory responsibilities.

Efforts are being made to compress online crime space from offline, organize concentrated investigations and disposals of high-risk telephone cards and bank cards related to fraud, clean up associated internet accounts, and smooth network reporting channels. Thorough investigations are being conducted into domestic criminal gangs colluding with overseas entities, with full efforts to cut off smuggling channels.

There are increasing crimes related to crypto, blockchain, NFT and Metaverse in China.

On July 18, 2023, Chinese authorities in Qingshui County, Shanxi Province, successfully cracked a money laundering case involving the cryptocurrency Tether (USDT). The operation led to the arrest of 21 suspects and the confiscation of cash and USDT worth over 1 million yuan. 

The investigation revealed a complex network of individuals across four provinces and six cities, using USDT to launder money for cybercriminals. The criminal group helped settle payments of over 54.8 million USDT, equivalent to about 380 million yuan.

In December 2022 in Inner Mongolia, 63 suspects were arrested for laundering money with USDT, amounting to 12 billion yuan.

Public Awareness and Education

The public security and judicial departments are urged to further strengthen publicity and education to continuously enhance people’s awareness and ability to identify and prevent telecom network fraud. Special attention is being paid to young people entering society, guiding them to be vigilant against opportunistic psychology and herd mentality, and to seek a solid footing in serving society.

Image source: Shutterstock

Source

Tagged : / / / / / /

Curve Finance and the Vyper Vulnerability: A Technical Post-Mortem Report

by Blockchain News

On July 30, 2023, multiple Curve.Fi liquidity pools were exploited due to a latent vulnerability in the Vyper compiler, specifically in versions 0.2.15, 0.2.16, and 0.3.0, resulting in approximately $70 million in losses. This caused panic within the DeFi community.

The hacks led to a 5% decline in CRV, Curve’s native token, and triggered fears of contagion effects for some DeFi protocols. The lending protocol AAVE appeared to be at risk due to a massive borrow position secured by CRV token collateral.

This report provides a deep-dive into the Vyper compiler’s vulnerability, its root cause, and the lessons learned from the incident.

What is Vyper?

Vyper is a contract-oriented, domain-specific, pythonic programming language targeting the Ethereum Virtual Machine (EVM). Its main goals include simplicity, pythonicity, security, and auditability.

Re-Entrancy: A Widespread Web 3.0 Problem

Re-entrancy is a common problem in blockchain programs. It occurs when the control flow of a contract is relinquished to another invoked program, allowing the invoked contract to re-enter the original caller while it is frozen.

Solutions

The ecosystem has developed two ways to combat re-entrancy attacks: the Checks-Effects-Interactions (CEI) pattern and re-entrancy guards. Vyper introduced a re-entrancy guard at the language level via the special `@nonreentrant` function decorator.

Vyper Vulnerability Historical Timeline

The @nonreentrant` decorators were introduced in the v0.1.0-beta.9 release of Vyper, offering flexibility by allowing a key to be set.

Beginning in 2018, the Vyper compiler started a multi-year effort to refactor its architecture. This culminated in 2023 with PR#3390.

PR#2308 and PR#2379 were part of efforts to make storage allocation smarter and avoid corruption. However, these updates introduced bugs, leading to the “yanking” of v0.2.13 and v0.2.14 releases.

Issue #2393 revealed that re-entrancy guard tests were failing in v0.2.14, leading to an overlap in storage.

The v0.2.15 release attempted to fix the corruption but introduced a vulnerability where all `@nonreentrant` decorators within a Vyper contract would utilize a unique storage offset regardless of their key.

The vulnerability went undetected for a 4-month period between July 21, 2021, and November 30, 2021.

The v0.3.1 release resolved the vulnerability through two different PRs, PR#2439 and PR#2514.

Vulnerability Summary

Versions Affected: v0.2.15, v0.2.16, v0.3.0

Root Cause: Improper remediations to re-entrancy guard data corruption issues introduced in v0.2.13

Vulnerability in Brief:** Cross-function re-entrancy is possible on all contracts compiled with the susceptible versions.

The Vyper team has outlined several practical steps to improve the correctness of smart contracts compiled with Vyper, including improved testing, providing developers with better tools, tighter feedback with protocols, and focusing on securing past releases.

New security-related initiatives within and beyond the Vyper team include:

1. A short-term, competitive audit in partnership with Codehawks

2. Bug bounty programs in partnership with Immunefi

3. The Vyper Security Alliance

4. Collaboration with multiple audit firms

5. Expansion of the team, including a dedicated security engineering role

6. Collaboration with existing security toolkits

7. Design of a language specification

The Vyper team’s commitment to learning from this incident and implementing these initiatives reflects their dedication to making Vyper a rock-solid and secure smart contract language and compiler project.

Image source: Shutterstock

Source

Tagged : / / / /

Cardano ADA Q2 2023: Dapp Transactions Up 49%, TVL Increases 9.7%

by Blockchain News

Messari, a leading provider of crypto research and insights, has released its Q2 2023 report on Cardano, a prominent Proof-of-Stake (PoS) Layer-1 smart contract network. The report highlights key insights and developments within the Cardano ecosystem, providing a comprehensive overview of its performance, financial status, ecosystem, staking, and decentralization, along with notable community and development events.

Key insights include average daily decentralized application (dapp) transactions being up 49% QoQ, with Minswap experiencing the largest absolute growth. Total Value Locked (TVL) in USD was up 9.7% QoQ and 198.6% YTD, moving Cardano from 34th to 21st in TVL ranking across all chains. Hydra Head, an off-chain mini ledger, continued its development with proposed topologies and a demo shared. Projects like Milkomeda C1, Midnight, Wanchain, and IOG’s sidechains team are working towards increased interoperability within the Cardano ecosystem.

The average transaction fee increased 8.5% QoQ from $0.117 to $0.126, still down 50.8% YoY. Daily active addresses declined 4.0% QoQ from 60,200 to 57,800. Average daily transactions were up 1.9% QoQ from 67,500 to 68,800. Cardano’s average blockchain load increased from just under 40% in Q1 to over 50% in Q2.

ADA’s price pulled back 26.9% QoQ after a 53.5% increase in Q1 but is still up 12.0% YTD. Cardano’s Treasury balance grew 8.5% to 1.30 billion ADA during Q2, with the value in USD terms decreasing 20.7% QoQ from $452 million to $358 million.

Cardano’s total stablecoin market cap grew 34.9% QoQ from $10.0 million to $13.5 million. Minswap, an automated market maker (AMM), ended Q2 with a TVL of $48.8 million and 32.2% dominance.

There were 1,921 unique stake pool operators (SPOs) in Q2, with the top 188 pools (6.5% of pools) accounting for over 50% of the total stake.

The 2023 Cardano Summit was announced to take place in Dubai in November. IOG launched a toolkit for building custom sidechains for Cardano, and Wanchain’s bridge is now live on the Cardano preview testnet environment. Hydra, a family of scaling protocols, continued its development, with the first Head opened on the Cardano mainnet in March 2023.

Cardano’s Q2 2023 report showcases significant growth in various areas, including dapp transactions, TVL, and development initiatives. The continued focus on interoperability, scalability, and community engagement positions Cardano as a leading player in the blockchain space, with promising prospects for the future.

Image source: Shutterstock

Source

Tagged : / / /

FBI Warns of Criminals Posing as NFT Developers to Target Internet Users

by Blockchain News

The Federal Bureau of Investigation (FBI) has issued a warning about criminal actors posing as legitimate Non-Fungible Token (NFT) developers to defraud active users within the NFT community.

According to the public service announcement released on August 4, 2023, these criminals either gain direct access to NFT developer social media accounts or create almost identical accounts to promote fraudulent NFT releases.

The criminals’ posts often create a sense of urgency, using phrases like “limited supply,” and refer to the promotion as a “surprise” or previously unannounced mint. The links provided in these announcements are phishing links that direct victims to spoofed websites, appearing to be legitimate extensions of particular NFT projects.

Once on the spoofed websites, victims are invited to connect their cryptocurrency wallets and purchase the NFT. Unknowingly, they connect their wallets to a “drainer smart contract,” resulting in the transfer of cryptocurrency and NFTs to wallets operated by criminals. The stolen contents are often processed through a series of cryptocurrency mixers and exchanges to hide the path and final destination of the stolen NFTs. 

This warning comes at a time when it is not uncommon to hear of scams and phishing incidents related to NFTs, reflecting a broader trend of fraudulent activities in the space.

Cybersecurity analyst Serpent revealed various crypto and NFT scams active on Twitter on August 3, 2023. These include the Crypto Recovery Scam, where scammers claim to be blockchain developers and trick victims of recent large-scale hacks into paying a fee to recover stolen funds. Other strategies include the Fake Revoke.Cash Scam, using Unicode Letters to create phishing URLs, and hacking verified Twitter accounts to impersonate influential figures.

On July 6, 2023, a class-action lawsuit was filed in Canada against Boneheads, an NFT project accused of orchestrating a rug pull worth $3.1 million. The Boneheads team is facing charges of breaching contracts, misappropriating funds, and engaging in fraudulent activities.

On July 26, 2023, NFT collector JKLaub confirmed losing over $150,000 worth of crypto and NFTs in a wallet hack. The stolen NFTs included various items such as Friendship Bracelets NFTs, Gutter Dogs, Implications NFTs, and more.

The FBI has provided several tips to protect individuals from falling victim to such schemes:

1. Research if a well-known NFT project announcing a surprise opportunity has a history of doing so or has stated they will never offer surprise mints.

2. Verify the legitimacy of the social media account advertising the opportunity, checking for discrepancies in spelling, account history, screen name, followers, or creation date.

3. Ensure the authenticity of websites requesting connection to cryptocurrency wallets by looking for indicators such as misspelled web domain names, URLs with additional or unnecessary characters, or non-functional links.

4. Vet any opportunity that offers NFTs as a reward, especially if it appears too good to be true.

The FBI urges victims to report fraudulent or suspicious activities related to this scam to the FBI Internet Crime Complaint Center at www.ic3.gov, including any links, social media accounts, crypto accounts, or domains utilized in the scam, with the keyword “NFTHack.”

This warning serves as a critical reminder to the growing NFT community to exercise caution and due diligence when engaging with NFT opportunities, as the space continues to attract both innovation and criminal activity.

Image source: Shutterstock

Source

Tagged : / / /
Bitcoin (BTC) $ 42,162.30 3.81%
Ethereum (ETH) $ 2,240.86 4.43%
Litecoin (LTC) $ 73.18 6.75%
Bitcoin Cash (BCH) $ 234.12 5.90%