Fireblocks Introduces ‘Off Exchange’ to Address Exchange Counterparty Risk, Integrates with Deribit

On November 28, 2023, Fireblocks, an innovative digital asset operations platform, announced the introduction of ‘Off Exchange’, a first-of-its-kind solution aiming to revolutionize the way institutional traders interact with digital asset exchanges. This groundbreaking platform is designed to mitigate the inherent counterparty risks that have long plagued the crypto trading market.

Exchange counterparty risk in digital assets trading encompasses a range of potential pitfalls, including the threat of cyber hacks, the risk of bankruptcy, and the potential for misappropriation of client funds. These risks are amplified in the crypto trading market due to the dual role of exchanges as both custodians and trading venues. Past incidents, such as the FTX collapse, have starkly highlighted these vulnerabilities.

Fireblocks’ Off Exchange platform represents a significant technological leap forward, employing multi-party computation (MPC) technology. This innovative approach enables traders to directly trade on centralized exchanges from a shared, on-chain MPC wallet. The shared wallet model ensures that traders maintain control over their assets, significantly reducing the risk of loss due to exchange-related issues like hacks, bankruptcy, and fraud.

The integration of Fireblocks Off Exchange with Deribit, a leading digital asset derivatives trading platform, marks a significant milestone in the journey towards more secure and efficient digital asset trading. This collaboration signifies the increasing recognition of the need for enhanced security measures in the burgeoning field of digital asset derivatives.

Fireblocks Off Exchange promises several key benefits for the trading community. Firstly, it offers enhanced security by allowing traders to retain control over their assets in a shared wallet, thereby reducing the risk of asset misappropriation. Secondly, it increases market liquidity by enabling real-time settlement of trades, allowing traders to move capital quickly and efficiently between various trading venues and counterparties.

Since its announcement, Off Exchange has garnered significant interest from the institutional trading community. Hundreds of hedge funds, market makers, liquidity providers, and brokerages have joined the waitlist to be onboarded onto the platform. The integration with Deribit is just the beginning, with plans to extend support to additional global exchanges, further broadening the impact and reach of this innovative solution.

The launch of Fireblocks Off Exchange is a pivotal moment in the quest to create a more secure and efficient digital asset trading environment. By leveraging the latest advancements in MPC and blockchain technology, Fireblocks is leading the charge in reducing counterparty risk, a move that is likely to encourage more traditional financial institutions to enter the crypto market.

Image source: Shutterstock

Source

Tagged : / / / / / / / / /

Senator Warren Focuses on Crypto Scam Risks for Seniors, Advocates New Legislation

Senator Elizabeth Warren emphasized the growing danger of cryptocurrency scams targeting seniors. Steve Weisman, a cybersecurity expert, supported Warren’s proposed Digital Asset Anti-Money Laundering Act, aimed at curbing these scams.

Warren highlighted a shocking 350% surge in crypto investment scams targeting seniors, resulting in losses over $1 billion. The FBI reported that crypto scams led investment fraud in the United States in 2022, totaling $2.5 billion in stolen funds.

Weisman, Scamicide.com Editor and Bentley University Senior Lecturer, explained seniors’ susceptibility to crypto scams. He cited studies indicating a diminished skepticism in older age, making seniors more prone to fall for these scams, which often involve promises of high returns or fraudulent recovery offers.

The allure of crypto for fraudsters lies in its anonymity and speed, making it challenging to track and recover funds. Weisman detailed various scam methods, including ransom demands, fake investment platforms, and AI-enhanced frauds. The anonymity of cryptocurrencies and their use in mixers complicates the tracking of fraudulent activities.

Senator Warren’s bipartisan legislation, endorsed by AARP and supported by 14 other Senators, aims to equip financial regulators with tools to monitor and act against suspicious crypto activities. Weisman strongly endorsed the Act, stressing the need for updated laws to keep pace with technological advancements.

The media has highlighted the Act’s potential to significantly reduce crypto scams. The law would bring digital assets under the same Anti-Money Laundering regulations as traditional currencies. The recent rise in crypto-related breaches and scams underscores the urgency of this legislation.

Senator Warren, with increasing support from other senators, is pushing for prompt action against the rampant crypto crimes affecting the senior population. The bipartisan support for the Act signifies a united front against these growing financial threats.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / /

Coin Cloud Customer Data and Source Code Allegedly Stolen

Coin Cloud, a participant in the cryptocurrency ATM market, has lately come under fire for a serious cybersecurity vulnerability. This episode adds to the company’s already long list of difficulties, which began with its filing for Chapter 11 bankruptcy in February 2023.

An extensive data breach at Coin Cloud has been attributed to an unidentified threat actor. The claims state that the hack led to the exfiltration of private client information from Coin Cloud’s ATMs. Approximately 70,000 client selfies that were taken using ATM cameras are included in this data, along with over 300,000 customers’ personally identifiable information (PII). A variety of information is included in the compromised PII, such as Social Security numbers, birth dates, complete names, email addresses, phone numbers, current jobs, physical addresses, and more. According to the threat actor, this information is relevant to people in Brazil as well as the United States.

In addition, the perpetrators of the hack claim that they have taken the source code for the whole of Coin Cloud’s backend. This is a development that may have far-reaching repercussions for the safety of the firm as well as its operational integrity.

The recent past of Coin Cloud has been marked by a series of financial challenges, which culminated in the company’s filing for bankruptcy earlier this year. It was a huge event when the corporation decided to file for Chapter 11 bankruptcy in February of 2023. This indicated that the company was experiencing serious financial hardship. When taken together, this bankruptcy petition and the most recent data leak portray a picture of a firm that is struggling to cope with numerous crises.

Because of the breach at Coin Cloud, major questions have been raised regarding the safety precautions taken at cryptocurrency automated teller machines (ATMs), which are a relatively new but fast increasing industry in the financial technology landscape. The loss of such a large quantity of sensitive customer data may have significant repercussions for the people who were impacted, including the possibility that their identities would be stolen and that they would become victims of financial fraud.

In addition, the allegation of stealing source code adds still another level of complication to the matter. If what you say is accurate, then the whole functioning of Coin Cloud might have its security compromised, leaving it open to more assaults and opportunities for exploitation. As Coin Cloud makes its way through these trying times, the emphasis will be on how the firm reacts to this hack and what steps it takes to strengthen its cybersecurity defenses.

Image source: Shutterstock

Source

Tagged : / / / / / / / /

BIS Conference Addresses Cybersecurity in Central Bank Digital Currencies (CBDC)

The BIS Innovation Hub and the Cyber Resilience Coordination Centre (CRCC) hosted a conference on November 8, 2023, focused on “Securing the future monetary system: cyber security for central bank digital currencies“. General Manager Agustín Carstens opened the event with a clear message: the advent of CBDCs is inevitable, and their security is paramount to the future financial system.

As the financial landscape is on the verge of substantial change, Carstens pointed out that central banks are tasked with not only keeping up with the digital evolution but leading the way. This leadership is embodied in the development of CBDCs, which are poised to be at the heart of the financial system. Whether they take on a wholesale or retail form, their design needs to be versatile and their legal frameworks robust to gain public trust.

The integrity of central bank money is a cornerstone of the public’s confidence in the financial system. CBDCs introduce new levels of security challenges, with cyber risks being a significant concern. Carstens cited the vulnerabilities exposed in the crypto universe as a cautionary tale for CBDCs, which carry much higher stakes. Addressing these risks is critical, necessitating a flexible design that can adapt to future technological advancements, including the potential impact of quantum computing and generative AI.

While focusing on security, Carstens didn’t overlook the importance of privacy in CBDC design, considering it essential for public acceptance, especially for retail CBDCs.

The BIS is firmly committed to aiding central banks in their journey towards a digital future. The Innovation Hub has been at the forefront, exploring solutions for secure and functional retail CBDCs, integrating quantum-resistant cryptography, and ensuring offline cyber resilience. Concurrently, the CRCC is enhancing collaboration and operational readiness among central banks through tools and exercises.

Carstens also recognized the vital role of the private sector, particularly in customer-facing services, and stressed the importance of shared cybersecurity and resilience as public goods among connected institutions.

The conference sets the stage for critical discussions on cybersecurity strategies for CBDCs, governance, risk management, and technical challenges, including the quantum computing threat. Carstens concluded with anticipation for the insights that the conference’s discussions will yield, reflecting the BIS’s readiness to guide and support central banks in securing the monetary system’s future.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / /

US Authorities Uncover Chinese-linked Bitcoin Mining Operations

The discovery of numerous Bitcoin mining operations with ties to China on American soil has flagged serious national security concerns among US authorities. A comprehensive report published by The New York Times on October 13 unveils a substantial presence of Bitcoin data centres in the US, traceable back to the Chinese government. The proximity of some of these operations to critical military and infrastructure sites further exacerbates the apprehensions. A notable case is a mining operation in Wyoming, situated adjacent to a Microsoft data center, pivotal in supporting various Department of Defence initiatives.

Geopolitical Undercurrents

The exploration sheds light on the potential risks emerging from growing Chinese-linked mining operations amidst the escalating political discord between the United States and China. The latter’s decision to outlaw mining activities in 2021 propelled many mining entities to migrate to crypto-receptive US states like Texas and Wyoming. The broader geopolitical implications are palpable as these revelations come at a time of heightened tension between the two superpowers, with the US continually scrutinizing cryptocurrency usage by individuals and corporations affiliated with China. Moreover, six Congress members called for a thorough investigation in July, following allegations of the cryptocurrency startup Prometheum having connections to the Chinese government.

Power Grid and Infrastructure Stress

The infrastructural stress induced by these mining operations is significant. The collective energy consumption of Chinese-owned or operated Bitcoin mining facilities across at least twelve states equates to that of 1.5 million households, posing a considerable demand on the US power grid. These mining facilities, harboring specialized computers operating ceaselessly, have the potential for targeted blackouts and cyberattacks due to their substantial energy usage and the instantaneous capability to escalate or cease operations, presenting a unique challenge among large power users.

Ownership and Equipment Supply

A commonality among these mining operations is the utilization of computing equipment produced by Bitmain, a Chinese enterprise. Following China’s ban on Bitcoin mining in May 2021, there has been a noticeable uptick in equipment shipments from Bitmain to the US. The ownership structures of these mining ventures range from transparent investments by affluent Chinese nationals seeking revenue channels outside China’s jurisdiction, to more murky setups with several traceable back to the Chinese government.

The revelation of Chinese-linked Bitcoin mining operations dispersed across the US, intertwined with substantial energy consumption and potential national security threats, has garnered the attention of both US government officials and corporations. The unfolding scenario evokes pressing inquiries concerning cybersecurity, energy sustainability, and the ongoing geopolitical strain between the US and China.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / / / /

Suspicious Transactions Linked to Mixin Network Hack Involve Huobi and Binance

Key Takeaways

Internal investigation by Cyvers Alerts reveals suspicious transactions involving Mixin Network hacker addresses.

Two hacker addresses received 51 ETH from an account that interacted with Huobi Global and Binance.

Calls for Huobi Global, Binance, and CZ Binance to help identify the suspicious account.

Investigation Unveils Suspicious Funding

Cyvers Alerts, a cybersecurity watchdog, recently updated its ongoing investigation into the Mixin Network hack that occurred on September 23, 2023. The breach led to a loss of $200 million and temporarily suspended Mixin Network’s deposit and withdrawal services. According to Cyvers Alerts, two hacker addresses received 51 ETH from an account with the address 0x1795F0eBDa5A836aE63F28CE546E72de069A8bd2. This account had previous interactions with major cryptocurrency exchanges Huobi Global and Binance.

On September 23, 2023, Mixin Network suffered a major security breach, leading to an estimated loss of $200 million. The attack targeted Mixin’s cloud service provider database. Blockchain security firm SlowMist has been enlisted to assist in the ongoing investigation, and a security alert has been issued. Deposit and withdrawal services on Mixin Network are temporarily suspended, although intra-network transfers remain operational. The incident has sparked concern in the crypto community, given the recent spate of similar hacks. Mixin founder Feng Xiaodong is scheduled to address the situation in a public livestream.

The Role of Disperse and USDT Holders

The hackers reportedly used the “disperse” function to send gas fees to USDT holders before transferring the stolen funds to their main address. This method could potentially make tracking the stolen assets more complicated, adding another layer of complexity to the ongoing investigation.

Calls for Exchange Involvement

Cyvers Alerts has publicly called on Huobi Global, Binance, and CZ Binance to assist in identifying the account linked to the suspicious transactions. The involvement of these major exchanges could be crucial in tracing the origins of the funds and possibly recovering some of the stolen assets.

Strengthening Cybersecurity Measures

The Mixin Network hack serves as a stark reminder of the vulnerabilities that exist within the cryptocurrency ecosystem. Cyvers Alerts emphasized the need to strengthen cybersecurity measures to prevent future incidents of this nature.

Summary

Cyvers Alerts has discovered suspicious transactions linked to the recent Mixin Network hack. Two hacker addresses received 51 ETH from an account that had interactions with Huobi Global and Binance. The watchdog has called on these exchanges to help identify the suspicious account as part of ongoing investigations.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Image source: Shutterstock

Source

Tagged : / / / / / / / / /

Unidentified Exploit Steals Over $10.5 Million in NFTs and Coins

Since December 2022, an unidentified exploit has drained more than $10.5 million in non-fungible tokens (NFTs) and coins from experienced members of the crypto community who believed they were “reasonably secure.” The alarming incident was first brought to light by MetaMask developer Taylor Monahan, who revealed that over 5,000 Ether (ETH) had been stolen. However, the extent of the losses is yet to be determined. Monahan also cautioned that no one knows how the exploit works yet.

What is particularly worrying about this exploit is that it does not target crypto newbies but rather those who are experienced in safeguarding their digital assets. As Monahan noted, the exploit is not like the usual phishing attempts or random scammers. It targets those who are “crypto native,” with multiple addresses and work within the space. Some of the known commonalities about the exploit are that it targets keys that were created from 2014 to 2022.

To safeguard their digital assets, Monahan advised crypto veterans to use a hardware wallet or migrate their funds. Those who have their assets in a single private key are especially vulnerable and should consider splitting up their assets or getting a hardware wallet. Community member Jacky Goh echoed this sentiment, stating that the unknown hack is yet another reminder to use a hardware wallet. Goh recommended moving assets worth more than $1,000 for more than a week to a hardware wallet, which can save one in the long run.

The crypto community has been grappling with cybersecurity threats, with data published by cybersecurity and anti-virus provider Kaspersky indicating that it detected over 5 million crypto phishing attacks in 2022 alone. This marks a 40% year-on-year increase compared to 2021 when the company detected around 3.5 million attacks. The rise in cyberattacks targeting the crypto community highlights the need for robust cybersecurity measures.

Moreover, the exploit highlights the need for greater awareness and education around digital asset protection. While many crypto veterans are well-versed in securing their digital assets, it is essential to stay up to date with emerging threats and vulnerabilities. The fast-paced and rapidly evolving nature of the crypto space means that vigilance is essential. By keeping a close eye on one’s digital assets and using best practices for digital asset security, one can reduce the risk of falling victim to cyberattacks.

In conclusion, the recent exploit that has stolen over $10.5 million in NFTs and coins serves as a sobering reminder of the importance of robust cybersecurity measures for crypto assets. The crypto community must remain vigilant and educate themselves on emerging threats to safeguard their digital assets effectively. By adopting best practices and staying up to date with the latest cybersecurity trends, crypto veterans can protect their assets from theft and loss.

Source

Tagged : / / / / /

MetaMask Users Email Addresses Exposed in Cybersecurity Incident

MetaMask, the popular Ethereum wallet, recently experienced a cybersecurity incident that exposed the email addresses of some of its users who submitted a customer support ticket between August 1, 2021, and February 10, 2023. Parent company ConsenSys released a blog post on April 14, 2023, which disclosed the details of the incident.

According to the post, unauthorized actors gained access to a third-party computer system that was used to process customer service requests. This allowed them to potentially view customer support tickets submitted by MetaMask users. While the tickets did not ask for information other than what was necessary to help the user, they did include a free text field that some users may have used to submit personally identifying information. This may have included economic or financial information, name, surname, date of birth, phone number, and postal address.

ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some users may have provided it anyway. The breach may have affected up to 7,000 MetaMask users who submitted customer support tickets during the affected timeframe.

As a response to the incident, hardware wallet provider Keystone warned MetaMask users that they might receive more phishing emails. The attacker may use this swiped email database to look for potential victims. Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.

ConsenSys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. The company also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. Additionally, the company’s third-party customer service provider is working with a cybersecurity and forensics team to perform a more detailed investigation of the incident.

This is not the first time MetaMask has come under scrutiny from privacy advocates. In late 2022, the company revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.

The incident highlights the importance of cybersecurity in the cryptocurrency industry. Users should remain vigilant and take steps to protect their personal information, such as using strong and unique passwords and enabling two-factor authentication.

Source

Tagged : / / / / /

Cryptocurrency Phishing Attacks Surge in 2022

When it comes to cryptocurrency-related cyberattacks, bad actors have seemingly reduced the use of traditional financial threats like desktop and mobile banking malware, shifting their focus to phishing. Russian cybersecurity and anti-virus provider Kaspersky has revealed that cryptocurrency phishing attacks witnessed a 40% year-on-year increase in 2022. The company detected 5,040,520 crypto phishing attacks in the year, compared with 3,596,437 in 2021. This represents a significant increase in the number of phishing attacks targeting crypto investors.

A typical phishing attack involves reaching out to investors through fake websites and communication channels that mimic official companies. Users are then prompted to share personal information such as private keys, which ultimately provides attackers unwarranted access to crypto wallets and assets. This is a serious threat, as once attackers have access to a user’s private keys, they can gain control over their cryptocurrency holdings and potentially steal their assets.

While Kaspersky could not predict if the trend would increase in 2023, phishing attacks continue to gain momentum in 2023. Most recently, in March, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site. This highlights the need for users to exercise caution and be vigilant in their interactions with cryptocurrency platforms.

In a survey conducted by Kaspersky in 2022, one out of seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, attackers continue to evolve their strategies. According to Kaspersky, “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Even established cryptocurrency platforms and their investors are not immune to phishing attacks. Arbitrum investors were recently exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link. This highlights the importance of securing communication channels and taking measures to ensure that official channels are not compromised.

To protect themselves from phishing attacks, cryptocurrency investors should be wary of unsolicited communications and only interact with official channels. They should also avoid sharing their private keys or recovery phrases with anyone, even if they appear to be legitimate sources. Finally, it’s essential to use two-factor authentication and keep their software and anti-virus systems updated to ensure maximum protection against phishing attacks.

In conclusion, phishing attacks targeting cryptocurrency investors are increasing in frequency, and scammers are continually evolving their techniques to steal investors’ assets. It’s crucial for investors to remain vigilant and exercise caution in their interactions with cryptocurrency platforms to avoid falling victim to these scams. By taking the necessary precautions, investors can help safeguard their cryptocurrency holdings and prevent losses due to phishing attacks.

Source

Tagged : / / / / /

OpenAI Launches Bug Bounty Program

OpenAI, the artificial intelligence (AI) company behind ChatGPT, has announced the launch of a bug bounty program to combat privacy and cybersecurity concerns. The program rewards security researchers and ethical hackers for identifying and addressing vulnerabilities in OpenAI’s technology and company, with cash rewards ranging from $200 for low-severity findings to $20,000 for exceptional discoveries.

OpenAI has partnered with Bugcrowd, a bug bounty platform, to manage the submission and reward process, ensuring a streamlined experience for all participants. The company has also offered safe harbor protection for vulnerability research conducted in compliance with its specific guidelines. OpenAI believes that expertise and vigilance will play a crucial role in keeping its systems secure and ensuring users’ security.

The launch of the program comes in the wake of recent bans in different countries on AI technology and concerns about privacy and cybersecurity. On March 20, OpenAI suffered a data breach, which exposed user data due to a bug in an open-source library. The incident highlighted the need for increased security measures and prompted OpenAI to launch the bug bounty program.

The global community of security researchers, ethical hackers, and technology enthusiasts have been invited to participate in the program. OpenAI hopes that the initiative will help to identify and address vulnerabilities in its systems and improve its overall security posture.

The program’s rules state that researchers must comply with all applicable laws and regulations, and safe harbor protection is provided for vulnerability research conducted according to OpenAI’s guidelines. If a third party takes legal action against a security researcher who participated in the program and followed the rules, OpenAI will inform others that the researcher acted within the program’s guidelines. This is because OpenAI’s systems are connected with other third-party systems and services.

The launch of the program follows a statement by the Japanese government’s Chief Cabinet Secretary Hirokazu Matsuno, stating that Japan would consider incorporating AI technology into government systems, provided privacy and cybersecurity issues are addressed. OpenAI’s bug bounty program demonstrates the company’s commitment to addressing these concerns and improving its security posture. By inviting the global community of security researchers, ethical hackers, and technology enthusiasts to participate, OpenAI hopes to increase vigilance and expertise, directly impacting the security of its systems and ensuring users’ security.

Source

Tagged : / / / / /
Bitcoin (BTC) $ 37,976.17 0.27%
Ethereum (ETH) $ 2,085.70 2.58%
Litecoin (LTC) $ 70.02 0.25%
Bitcoin Cash (BCH) $ 222.77 0.03%