Search This Blog

Showing posts with label cryptocurrency. Show all posts

DubaiCoin: Dubai's First Cryptocurrency Rose Over 100% Since its Debut

 

Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain, which means that anyone can mine DBIX to generate their own.  

On May 27, around 4 p.m. IST, it was trading at roughly $1.13, up from the original price of $0.17. According to Crypto.com, the price of the cryptocurrency has increased by over 1000 percent in the last 24 hours.

The city of Dubai, on the other hand, issued a statement late last night denying this According to the official Dubai Media Office, “Dubai Coin cryptocurrency was never approved by any official authority. The website promoting the coin is an elaborate phishing campaign that is designed to steal personal information from its visitors.”

Arabianchain Technology, based in the United Arab Emirates (UAE), claimed to be the first public blockchain in the Arabic world when it introduced cryptocurrency. In a press release, the company stated, “DubaiCoin will soon be able to be used to pay for a range of goods and services both in-store and online, with the clear intention for the coin to be used in place of traditional bank-backed currencies. Circulation of the new digital currency will be controlled by both the city itself and authorized brokers.” 

The United Arab Emirates is regarded as being a safe place for cryptocurrency investors but the Dubaicoin, on the other hand, would be distinct from other cryptocurrencies. While mining should make it fairly volatile, and as it is built on a public blockchain, it's unclear what Arabchain means when it says the city of Dubai is regulating its pricing. If the coin replaces (or operates interchangeably with) the Dirham inside the UAE, it may qualify as a central bank digital currency (CBDC). 

Being located in Dubai should provide the coin some stability since Dirham is always stable versus the dollar because of specific international treaties between the two countries. 

Although the Dubaicoin is not exactly CBDC, it is the closest thing to China's official digital Yuan, which is now being tested in the country. Countries such as the United States, India, the United Kingdom, and the European Union are considering digital versions of fiat currencies.

Thousands of Cryptocurrency Users Targeted by Tor Network Exit Nodes

 

Cybersecurity researchers have said a threat actor has been adding malicious servers into the Tor network to intercept traffic heading to cryptocurrency websites and carry out SSL stripping attacks on users while accessing mixing websites.

The threat actor, through its exit relays, performed an SSL stripping attack on traffic headed towards cryptocurrency websites, downgrading the encrypted HTTPS connection to plaintext HTTP. In the case of the attacks against the Tor network, threat actors aimed at replacing the addresses of legitimate wallets with the ones under the control of the attackers to hijack transactions.

In August 2020, the security researcher and Tor node operator Nusenu first highlighted this malicious behavior and has now shared more details about the ongoing malicious behavior in a follow-up post. Nusenu has revealed a new part of its research that says threat actors are still active. 

“You can see the repeating pattern of new malicious relays getting added to the tor network and gaining significant traction before dropping sharply, when they got removed.” reads the study

“In terms of scale of the attacker’s exit fraction, they managed to break their own record from May 2020 (>23% malicious exit fraction) twice:

• on 2020–10–30 the malicious entity operated more than 26% of the tor network’s exit relay capacity

• on 2021–02–02 they managed more than 27% of tor’s exit relay capacity. This is the largest malicious tor exit fraction I’ve ever observed by a single actor.”

According to the researcher, the threat actor managed to fly under the radar for more than a year because the malicious exit relays were added to the Tor network in small increments until they made up more than 23% of all exit nodes. Threat actors operated more than 26% of the tor network’s exit relay capacity two times in the last year, reaching 27% in February 2021. 

Once the scheme was discovered, the exit relays were removed from the Tor network, anyway, the experts pointed out that threat actors were able to intercept the traffic for months. Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor.

Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns

 

SSD designer Galax has warned users on its Chinese website that mining cryptocurrency with the company’s Solid State Drives (SSDs) will void their warranty with that product. This comes as no surprise with miners getting prepared to start mining the new Chia cryptocurrency which focuses on storage to mine coins rather than requiring the best mining GPUs.

“If users use our SSDs for mining/farming and other abnormal operations, the data writing volume is much higher than the standard for daily use, and the SSD will slow down or get damaged due to excessive data writing volume. Due to the tests carried out, the damages are qualitative according to the test results, and that is why according to the quality assurance standards of our SSDs, we have the right to refuse to provide warranty services. The right of final interpretation belongs to the company, " Galax published a note on their website.
 
Chia is a new cryptocurrency that isn't even available to trade just yet, but it's already gaining in popularity. The main attraction for this new crypto is the way you can mine the cryptocurrency. Chia relies on a 'proof of time and space' algorithm to mine the currency on hard drives and SSDs, so there's no need to optimize your GPU for mining.

The makers of Chia designed it to be mined this way so mining the cryptocurrency is more accessible to the end-user and won't penalize the customer with big electricity bills or the purchasing of single-use hardware (i.e., ASICs). But, on the negative side of things, this mining technique could severely affect storage supply and demand. If Chia gets popular at all, we will probably see the same shortages we're seeing on GPUs applied to hard drives and SSDs as well. At present, Chia already has over 950 petabytes of storage, consisting of 101.4GiB plots. That's a lot of hard drives and SSDs, and that space remains occupied as long as a miner wants to try to harvest Chia. 

Given how much data write is required to design a Chia plot, it's no surprise that Galax is already preventing users from using their warranty on its SSDs when it comes to mining workloads. If Chia is demanding enough on write performance, we could see all other SSD manufacturers following suit.

Nagios XI Servers: Seems to be Turning Into Cryptocurrency Miners for Attackers

 

Nagios XI is a popular enterprise server and network monitoring solutions. The feature “Configuration Wizard: Windows Management Instrumentation (WMI)” is being exploited in Nagios XI. 

On March 16, 2021, Unit 42 researchers observed an attacker targeting Nagios XI software to exploit the vulnerability CVE-2021-25296, a remote command injection vulnerability impacting Nagios XI version 5.7.5, to conduct a cryptojacking attack and deploy the XMRig coin miner on victims’ devices.

The XMRig coin miner is an open-source cross-platform cryptocurrency miner. If the attack is successful, the XMRig coin miner will be installed on the compromised devices. The vulnerability can be lessened by updating Nagios XI to the most recent update. 

In order to understand if a device is compromised and running XMRig miner, users can either:
1.Execute commands ps -ef | grep 'systemd-py-run.sh\|systemd-run.py\|systemd-udevd-run.sh\|systemd-udevd.sh\|systemd-udevd.sh\|workrun.sh\|systemd-dev' and check the result. If the processes of the mentioned scripts are running, the device might be compromised. 

2.Check the files in the folder /usr/lib/dev and /tmp/usr/lib to see if the mentioned scripts exist or not. If they exist, the devices might be compromised. If the system is discovered to be hacked, simply terminating the operation and deleting the scripts will remove the XMRig used in the attack. 

The attacks try to execute a malicious bash script fetched from the malicious server 118[.]107[.]43[.]174. The bash script dropped by the attacker downloads the XMRig miner from the same server where the script is hosted and releases a series of scripts to run the XMRig miner in the background. Once the attack succeeds, the devices will be compromised for cryptojacking. 

The attack targeting Nagios XI 5.7.5, exploits CVE-2021-25296 and drops a cryptocurrency miner, jeopardizing the security of systems running out-of-date Nagios XI applications. 

Cryptojacking malware-infected devices can experience performance degradation. Furthermore, the attacker could modify the script online, causing the new script to be automatically downloaded and executed on the compromised computers, resulting in additional security risks. 

Security subscriptions protect Palo Alto Networks Next-Generation Firewall customers from the vulnerability: 
1.Threat Prevention can block attacks with Best Practices through Threat Prevention signature 90873. 
2. Static signature detections in WildFire can avoid malware. 
3.Malicious malware domains can be blocked using URL filtering.

Crypto Lending Service, Celsius Suffers Third Party Data Breach

 

Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party services provider that resulted in a phishing attack, as confirmed in the email sent out to the Celsius clients. 

Celsius CEO Alex Mashinsky indicated that perhaps the third-party commercialization server of Celsius has been hacked and threat actors acquired access to a partial Celsius client list. The hackers used this knowledge to send Celsius clients malicious e-mails and text messages to reveal their secret keys. 

"An unauthorized party managed to gain access to a backup third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers," sources noted.

The breach was intended to make clients believe that the malicious email originated from Celsius, also that the malicious website was a Celsius Website, and that they had their own (non-Celsius) wallet possession of the recipients' assets by encouraging the client to provide their private wallet address. The actors behind the attack caught up with Celsius Networks in phishing texts and emails promoting a new Celsius Web Wallet after accessing the customer list. To encourage people to visit the website, the Celsius text says, when they build a wallet and enter a certain promotion code, they will offer $500 for the CEL cryptocurrency. After clicking on the mentioned link, clients were asked to build a Celsius Web Wallet by the celsiuswallet[.]network website, which is now closed. Furthermore, Celsius users complained that phishing messages are received on phone numbers they have never sent to Celsius. 


The issue came to light on 14th April 2021 when clients from Celsius started reporting about a fake website claiming to be the Celsius official portal. The company has also notified some Celsius customers receiving SMS and emails claiming to be Celsius officials, referring to this website and encouraging recipients to enter confidential details according to their source. Meanwhile, the team also examined how hackers accessed Celsius customer telephone numbers because of the breach in an email management system. 

Nevertheless, some of the Celsius employees had the encouraging concept in response to recent incidents of setting up a compensation fund to help people who might have lost cryptocurrency assets.

Bitcoin Touches the Peak at $60,000 – Everything you Need to Know!

 

On Saturday 13 March, Bitcoin, the world's largest cryptocurrency, had gone up again, touching an all-time milestone. As per Coin Desk reports, it increased to $60,0,065, up from a preceding $58,330 peak on February 21, by more than 2 percent. At 12.34 GMT on 13th March, the digital monetary reached $60,197 and remained at around $60,000. "It increased almost 6% in the past 24 hours alone." On the other hand,  Ethereum was 4.7% higher at $2,173.63. 

Whereas the volatility has dropped in the crypto market following the six consecutive months of the double-digit returns on bitcoin (BTC). Experts believe that there are indications that the horizon is moving significantly. 

At first, Bitcoin reached heights of $30,000 and $40,000 in January for a couple of days. Bitcoin’s worth is over $1 trillion in circulation. It retreated to $43,000 just after the high of February 21, following uncertainties about stimulus prospects as well as its effect on the US bond returns. Later for seven days, stocks and cryptocurrencies experienced decline alongside lateral trade for weeks before re-starting. After swelling from below $1,000 in January to close to $ 20,000 in December, Bitcoin, which was launched back in 2009, hit the headlines again. 

On Saturday 13th, the record came after the huge $1.9 trillion stimulus bill signed on Thursday by US President Joe Biden. The bill would provide most Americans with a check payment of $1,400, assist the unemployed, increase public health, and raise money for vaccine programs. Kraken Intelligence reports that with April being the second most successful month on average, bitcoin could be expected to finish higher and thus to bind up for the longest winning streak since the start of the cryptocurrency. 

Historical information shows that both bitcoin and Ethereum generally achieve a positive return portion in the second quarter of the calendar year. Since 2011, BTC has, on aggregate, returned 256 percent in 2Q, while ETH, on average, returned 141 percent in 2016. 

Due to the $58,786 market price of bitcoin in the March-end, it is assumed that in the second quarter of 2021, the price will end at 256 percent higher, also it can be expected to trade around $209,000 from 1 July 2021. The world's largest crypto-currency will stand at approximately $82,000, based on an average 2nd-quarter return of 39.5%. 

In the meantime, throughout March, Bitcoin's steady upward trend led to a drop in volatility of almost 40% point a month to 63%, almost three months down. The absence of market uncertainty led to a 5 percent decrease in trade volumes and to an annual drop of about 255 billion dollars. 

It has been praised as 'digital gold' by Bitcoin proponents claiming that it will address the inflation risks posed by large central banks and government stimulus packages aimed at tackling the economic effects of the crisis from the pandemic of the Covid-19. Critics consider the rally to be just a stimulus-powered bubble that will soon explode in the same direction as during the boom period 2017-2018.

More Businesses are Accepting Bitcoin

 

Bitcoin is turning into an undeniably well-known payment alternative among numerous organizations. Fast-food chains, large tech organizations, and major beverage organizations are accepting cryptocurrency.  

Bitcoin(₿) is a cryptocurrency created in 2008 by an obscure individual or group of people utilizing the name Satoshi Nakamoto. The currency began use in 2009 when its execution was released as open-source software. Bitcoin utilizes peer-to-peer technology to work with no central authority or banks; overseeing transactions and the issuing of bitcoins is completed on the whole by the network. Bitcoin is open-source; its design is public, no one owns or controls Bitcoin and everybody can take part. 

Its costs on the trading stock exchanges plunged around Thanksgiving a year ago – only to turn back the clock and set an unsurpassed high of $ 19,857 on November 30: a 177% increment since the beginning of the despicable year up 14% of the S&P 500, as Insider recently reported. Then, a month ago, the cryptocurrency hit an all-time high, with costs moving to $ 60,000. A quirk of the increment implied that two pizzas purchased by crypto legend Laszlo Hanyecz would have really been valued at $ 613 million. 

Restaurant Brands International is one of the world's biggest fast-food holding organizations. It is the parent organization of Burger King, Tim Hortons, and Popeyes. A year ago, Burger King Venezuela declared that it would begin accepting bitcoin and other cryptocurrencies. It has worked with Cryptobuyer, a platform that generates the conversion of cryptocurrencies into normal currency, Yahoo Finance reported. Yum Brands, which operates KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, likewise accept cryptocurrencies. Yum Brands has additionally collaborated with CryptoBuyer to commence the launch of encrypted payment methods, according to Nasdaq. 

After briefly suspending acceptance of cryptocurrency as a legitimate payment method because of its volatility, Xbox accepts bitcoin payments for Xbox store credits. Coca-Cola Amatil is one of the world's biggest bottlers and distributors of non-alcoholic and ready-to-drink beverages in the Asia-Pacific area. A year ago, the organization declared in a press release that it was partnering with an online asset platform, Centrapay, to permit bitcoin as an official payment method.

A 38-Year-Old Indian Professor, Lost Rs 10 Lakh to a Scammer in Cryptocurrency Trading

 

A Bengaluru-based 38-year-old professor new to the cryptocurrency world lost Rs 10 lakh in bitcoins to a scammer, who assured to manage his cryptocurrency account. This Palace Gutahalli resident and a private university lecturer brought a complaint on Saturday to the Central CEN Police. The incident took place on 22 February, after attempting to register to a cryptocurrency trading platform, as per the complainant.

“As he was unaware of how to handle cryptocurrency, he had visited certain groups on Telegram, where discussions on the same took place. As he (the victim) had doubts regarding how to use CoinSwitch Kuber, the trading platform, the hacker approached him promising to help in handling bitcoins to ensure high returns,” the police said. CoinSwitch Kuber is a simple and safe platform for Indian users, which allows them to purchase more than 100 cryptocurrencies, including Bitcoin, Ethereum, Ripple, etc. 

The victim posted a query on a Telegram group following failure to effectively add Rs 90,000 to his account. He also registered into a couple of crypto-currency rooms of the mobile app, Telegram – to understand the trade process and share their views. Later a scammer told the victim himself that he could manage the bitcoins that the latter purchased and make high returns from it. The alleged scammer pursued his credentials, including a one-time password (OTP), and then the Bitcoins worth Rs 10 lakh were transferred from the wallet of the victim to some other wallet in the following few minutes. 

In response to a complaint from the victim, a case was also registered by the Central CEN police, in compliance with the appropriate sections of the Information Technology and Indian Penal Code (IPC). A senior police officer said that this is their first-of-a-kind case and that they are examining how they want to verify. 

“We are exploring options on how to conduct the investigation. To begin with, we will approach CoinSwitch Kuber as there are no other regulators that can be communicated to take this forward,” the officer added. 

In response to the incident, CoinSwitch Kuber said in a statement: “It is unfortunate that one of our users has been subjected to fraud by a third party. We will cooperate with the investigating authorities and provide them all possible assistance. We request all our users to be extremely careful in handling their OTPs and account details.” 

Further, the company warned its users by stating that, the credentials are just as sacrosanct as the credentials of one's bank and therefore it should not be shared with any third party. Customers also need to note that CoinSwitch Kuber and its staff never demand for their login credentials.

Twitter Ads used by Scammers to Promote Fake Cryptocurrency

 

One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote" an existing tweet in order to promote their own services and information, by showing it to other followers or users on Twitter. The scammers' report on Twitter checked accounts supporting bogus cryptocurrency scams. The scams are allegedly made under the name of these well-known individuals or companies such as Elon Musk's Tesla, Gemini Exchange, Chamath Palihapitiya, and Social Capital. The threat actors have indeed been unbelievably successful with a round of attacks raising over $580,000 in a single week. 

If anyone receives messages from Tesla, Elon Musk, Gemini exchange, Palihapitiya Chamath, Social Capital, or other famous cryptocurrency donations – individuals or companies, they must go as far as they can from such types of posts, because the handles are compromised, and they are scammed. 

Since these scams continue to produce revenue by plundering thousands of dollars via the promotion of Bitcoin, the threat actors are also beginning to threaten other recent prominent cryptocurrencies, including Dogecoin. Dogecoin is the cryptocurrency of Billy Markus and Jackson Palmer, software engineers, who wanted to build an immediate, enjoyable, and conventional banking fees-free payment system. Dogecoin has as its emblem and its name as the face of Shiba Inu dog from the "Doge" memes. 

Twitter users are able to "promote" an ongoing tweet by paying for it being displayed to many other users in their Twitter feeds to advertise its services and content. Security researchers such as Zseano, Jake, and MalwareHunterTeam have found a new technique that crypto-currency fraudsters use, i.e. via tweets on Twitter. 

The technique comprises of the splitting up of URLs so as not to differentiate them by the Twitter algorithms of advertising for fraud. This then brings users to fakes landing pages which have been the social capital; exchanges between Tesla and Gemini, etc. and leads the user to additional real websites with the topics of Tesla or Elon Musk and an address with a Bitcoin, Dogecoin, or Ethereum. Besides, users can send coins to the address and they will actually increase the sum in return. 

Based on some of those scams, a total of $39,628.06 so far has been raised through the use of Bitcoin and Ethereum addresses. Unfortunately, several more cryptocurrency addresses are currently used by scammers, so the created sum is significantly greater. It doesn't mean that it is secure, only because the crypto app is in the app store. Recently, a Trezor-named application has been uploaded to the Apple store. Later, it was discovered to be a scam and the software has been used for phishing passwords and private keys.

US Agencies Publish Advisory on North Korean Cryptocurrency Malware, AppleJeus

 

The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury, released an advisory on North Korea's cyber-threat to cryptocurrency and on suggestions for mitigating. 

Operated with the US government allies, FBI, CISA and the Treasury assess that, Lazarus Group –advanced persistent threat (APT) actors assisted by these agencies in North Korea is targeting the consumers and firms through the dissemination of cryptocurrency trading apps, including crypto-currency exchange and financial service providers, that have been updated to cover. 

“This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors,” said CISA Acting Executive Assistant Director of Cybersecurity Matt Hartman. “The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by North Korea, cybercriminals, and other nation-state actors and are committed to providing organizations timely information and mitigations to combat these threats.” 

In the last year alone, these cyber actors attacked organizations for cryptocurrency theft, in more than 30 nations. These actors would undoubtedly see amended cryptocurrency trade applications as a way of bypassing North Korea's foreign sanctions—applications that allow them to gain access to cryptocurrency exchanges and loot cryptocurrency cash from victims' accounts. 

The US government refers to the North Korean Government's malicious cyber activity as HIDDEN COBRA. Malware and indicators of compromise (IOCs) have been identified by the United States Government to facilitate North Korean cryptocurrency robbery, which is called "AppleJeus" by the Cyber Security community. 

Although the malware was first found in 2018, North Korea has used several versions of AppleJeus. In the first place, HIDDEN COBRA actors used websites that seemed to host genuine cryptocurrency trading platforms, but these actors seem to be using other infection feature vectors, such as phishing, social networking, and social engineering, to get users to download the malware and to infect victims with AppleJeus. They are also using other infection vectors. Active AppleJeus Malware agencies in several areas, including energy, finances, government, industry, technology, and telecommunications, were targeted by HIDDEN COBRA actors. 

Ever since it was discovered, several variants of AppleJeus were found in the wild. Most of them are supplied as relatively simple applications from attacker-controlled websites that resemble legitimate cryptocurrency exchange sites and firms. 

“It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea — the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts,” states the report. 

If consumers perceive that they have been affected by AppleJeus, the findings suggest victims creating new keys or transferring funds from corrupted crypto wallets, expelling hosts, running anti-malware tests on tainted devices, and notifying the FBI, CISA, or treasury.

Bitcoin Surpasses $50,000 Mark For The First Time Ever

 

The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street institutions has added to the momentum. Bitcoin rose by as much as 4.9%, to $50,547.70. The cryptocurrency at that point pared gains slightly, exchanging at $48,853.99 as of 9 a.m. ET. After ending last year with a fourth-quarter surge of 170% to around $29,000, Bitcoin token leaped to $40,000 seven days after the fact. It took just nearly a month and a half to breach the latest threshold, buoyed by endorsements from the likes of Paul Tudor Jones, Stan Druckenmiller, and Elon Musk. Bitcoin exchanged for a few cents for quite a long while after its introduction more than a decade ago. 

Tesla Inc's. declaration that it added $1.5 billion in Bitcoin to its balance sheet was the most noticeable recent impetus, sending the cost up 16% on Feb. 8, the greatest one-day acquire since the Covid-19 inspired financial markets volatility in March. Optimism grew after Mastercard Inc. furthermore, Bank of New York Mellon Corp. moved to make it simpler for clients to utilize cryptocurrencies, while Bloomberg reported on Saturday that Morgan Stanley may add Bitcoin to its rundown of possible bets. 

Sustained interest from organizations decidedly affects Bitcoin's value, pushing it on an upward bend. In December of 2020, it touched an all-time high crossing $24,000 in valuation. This was a 224% expansion from where it began its excursion toward the start of the year. By the start of 2021, BTC had leaped to a $40,000 valuation. In the second seven-day stretch of May 2020 Bitcoin saw its third halving occurred since its inception, in this way getting a further drop in its assessed future supply, Sumit Gupta, CEO, and Co-Founder, CoinDCX said. 

The interest from huge players has upheld the narrative that institutional investors are increasingly interested in Bitcoin. This conviction has been a critical driver of the bewildering rally in the cost of Bitcoin. It has likewise helped other cryptocurrencies, for example, ether, the coin on the Ethereum network. Its cost was roughly flat on Tuesday, at $1,793, in the wake of hitting a record high above $1,870 over the course of the weekend.

Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies.

 The Minister of Digital Transformation Mikhail Fedorov said that his department is in contact with the team of the developer of the Telegram messenger Pavel Durov.

According to Fedorov, he is familiar with Durov's team. Employees of the Ministry of Digital Transformation received advice on bills related to virtual assets and cryptocurrency

"I know Durov's team. I know all its management, we communicate, consult even on bills related to cryptocurrency, virtual assets, and so on."

The Minister said that he actively uses the Telegram messenger for fast communications. However, the information exchanged by officials is protected as much as possible, and all documents pass through electronic document management.

"Of course, questions of national importance do not need to be sent in messengers, this is understandable," added Mikhail Fedorov.

Answering the question about which of the messengers is the safest for him, the head of the Ministry of Digital Transformation noted that he most often uses Telegram and WhatsApp.

Recall that on December 2, the Verkhovna Rada of Ukraine in the first reading adopted as a basis the draft law "On virtual assets" regulating operations with cryptocurrencies in the country. The bill classifies virtual assets (VA) as an intangible good.

The function of the market regulator is assigned to the Ministry of Digital Transformation, and in some cases to the National Bank and the National Commission on Securities and Stock Market.

According to experts, the daily volume of cryptocurrency transactions in Ukraine is about $150-200 million. One of the authors of the document, Deputy Oleksiy Zhmerenetsky, noted that the bill will allow cryptocurrency companies to pay taxes and allow specialized foreign firms to cooperate with Ukrainian banks and invest in the industry.

Ukraine did not follow the Russian path of banning virtual assets, because this market is a growth point for Ukraine's GDP and an opportunity to become one of the world's technology leaders. In addition, it makes no sense to prohibit something that is technically impossible to control, as we have already seen in the case of blocking Telegram in Russia.

Recall that Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia.

Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI

 


Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack to hit the 'nascent defi industry'. 
When the attack occurred, (GMT timezone) Akropolis admins stopped all transactions on the platform to forestall further losses. In a statemen on Nov. 12, Akropolis revealed that the hack was executed over an assemblage of s contracts in its "savings pools". 

The attacker stole the platform's Ycurve pool in batches of $50,000 in the stablecoin DAI. This specific pool permits investors to trade stablecoins and procure interest.

Despite the fact that Akropolis says that it recruited two firms to further investigate the incident, yet unfortunately neither one of the companies were able to pinpoint the attack vectors utilized in the exploit.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools,” revealed Akropolis. 

The hacker though was still able to discover loop holes to exploit, wiring his 'loot' to this address. Akropolis clarified additionally: “The attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with Dydx flash loan origination.”

Flash loan attacks have gotten rather common against cryptocurrency services running DeFi (decentralized financed) platforms that enables users to either borrow or loan 'using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.' 

These attacks are noticed to have been on a quite steady rise since early February this year, and one of the biggest flash loan attacks occurred just a month ago, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance. 

Others pools were fortunately not affected. These included compound DAI, compound USDC, AAVE sUSD, AAVE bUSD, curve bUSD, curve sBTC. Native AKRO and ADEL staking pools were also left untouched. 

Nonetheless, the Akropolis group said that it is still looking for approaches to repay the affected user “in a way that is sustainable for the project”. All stable coin pools have been put on a hold currently, it added.

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020


Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies – 46,000 bitcoin, 2.04 million ethereum, 56,000 bitcoin cash, 292,000 litecoin, and 684,000 EOS.

Cryptocurrency is a virtual or digital currency that uses cryptographical functions to make financial transactions. In order to gain transparency and immutability, it makes use of blockchain technology. It is decentralized in nature as there is no central authority controlling or interfering in the processes that include making cryptocurrency exchanges directly between two parties using private and public keys. Equating to money in the real-world it attracts a large possibility of cyber fraud.

On June 2, 2020, CipherTrace released its Cryptocurrency Crime and Anti-Money Laundering Report covering the global trends and latest developments to fight money laundering, terrorism financing, and sanctions evasion. It highlighted the need for regulation and compliance while reporting that 74% of bitcoin in exchange-to-exchange transactions was the cross border and 88% of funds sent to exchanges in 2019 by US Bitcoin ATMs were offshore. Researchers also noted that phishing sites are the most popular COVID-19 related products marketed on the dark web.

“While only 9.8% of the dark market’s one-hop (direct) interactions went directly to exchanges, 30.7% of its two-hop (once removed) interactions went to exchanges—more than tripling the risk exposure to exchanges,” the report read.

In addition, cryptocriminals are also employing several new malware to target cryptocurrencies, an undocumented Trojan called ‘KryptoCibule’ has been found targeting various cryptocurrencies by replacing wallet addresses and stealing cryptocurrency-related files. Previously reported P2P botnet, FritzFrog attempted to brute-force SSH servers of government, education and medical institutions, and telecom players, with an objective of mining cryptocurrency via XMRig miner. Over two weeks ago, a new botnet, dubbed as TeamTNT was observed stealing AWS credentials from affected servers.

With the old techniques being upgraded and the new ones being continually introduced to mine illicit financial gains, cryptocurrencies have become one of the most increasingly targeted areas at present. Users are advised to stay perceptive to indicatives of criminal behavior.

The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations' Networks


Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.

FinCEN Chief Blanco warns of Wide Scale Virtual Currency Scams


Financial Crimes Enforcement Network (FinCEN) is keeping a close watch on financial scams involving virtual currency payments as the COVID-19 pandemic opens new areas of exploitation said, Director Ken Blanco.



As we are stuck in an unfortunate period of emergency, these scammers are exploiting this vulnerability from extortion, ransomware, and the sale of fraudulent medical products, to initial coin offering investment scams.

“This type of cybercrime in the COVID-19 environment is especially despicable, because these criminals leverage altered business operations, decreased mobility, and increased anxiety to prey on those seeking critical healthcare information and supplies, including the elderly and infirm,” the Financial Crimes Enforcement Network chief told the virtual Consensus Blockchain Conference in a video conference.

Blanco stressed on the need for collaborating with other law enforcement agencies and working together to beat this issue by generating much-needed funds to help the recipients and for financial survival.
 “The need for our collaboration is clear and undeniable,” he stated.
He further delved into the cyber crimes occurring because of COVID-19 as much of the population and government employees are working from home these cybercriminals are attacking vulnerabilities in remote applications like VPN (virtual private networks) and remote desktop protocol in order to steal information. Blanco advised companies to pay due diligence and advise the same to the customers.

"Financial institutions should consider the risks of the current environment in their business processes, and the appropriate level of assurance needed for digital identity solutions to mitigate criminal exploitation of your products and platforms.”

FinCEN has also worked with other law enforcement initiatives like the Joint Criminal Opioid Darknet Enforcement (J-CODE) and National Cyber Investigative Joint Task Force (NCIJTF) in cases like criminals exploiting crypto for the purchase of fentanyl.

The virtual currency business has to be very vigilant and properly scrutinized as there are a number of miscreants persistently attacking their onboarding and authentication processes. FinCEN, since 2013 has received nearly 70,000 Suspicious Activity Reports (SARs) of cryptocurrency fraud alone. During COVID-19, this threat becomes ten fold.

Attention! Fake Extensions on the Chrome Web Store Again!


Reportedly, Google was in the news about having removed 49 Chrome extensions from its browser’s store for robbing crypto-wallet credentials. What’s more, after that, there surfaced an additional set of password-swiping “extensions” aka “add-ons”, which are up for download even now.

Per sources, the allegedly corrupt add-ons exist on the browser store disguised as authentic crypto-wallet extensions. These absolutely uncertified add-ons invite people to fill in their credentials so as to make siphoning off them easy and the digital money accessible.

Reports mention that the security researchers have affirmative information as to 8 of the 11 fake add-ons impersonating legitimate crypto-wallet software being removed including "Jaxx Ledger, KeyKeep, and MetaMask." A list of “extension identifiers” which was reported to Google was also provided.

Per researchers, there was a lack of vigilance by the Google Web Store because it apparently sanctions phisher-made extensions without giving the issue the attention it demands. Another thing that is disturbing for the researchers is that these extensions had premium ad space and are the first thing a user sees while searching.

According to sources, much like the Google Play Store with malicious apps, the Google Web Store had been facing difficulty in guarding itself against mal-actors. There also hadn’t been much of a response from their team about the issue.

One solution that was most talked about was that Google should at the least put into effect mechanisms in the Chrome Web Store that automatically impose trademark restrictions for the store and the ad platforms in it.

Per sources, Google’s Chrome Web Store “developer agreement” bars developers from violating intellectual property rights and also clearly mentions “Google is not obligated to monitor the products or their content”. Reports mention that as per the ad policy of Google, it could review trademarks complaints from trademarks holders only when it has received a complaint.

Google heeding all the hue and cry about the extensions did herald more restrictions with the motive of wiping away traces of any fake extensions and spammers creating bad quality extensions that were causing people trouble.

The alterations in the policy will block the spammers and developers from swarming the store with similar extensions and elements with questionable behavior. Word has it that because of hateful comments the Chrome Web Store was “locked down” in January.

But, as promising as it may be, allegedly Google has been making such promises about the Chrome Web Store security strengthening for more than half a decade. So no one can blame researchers for their skepticism.

Meghan Markle and Prince Harry's Names Used for Fake Celebrity Endorsement of Bitcoins?


While the Coronavirus pandemic has practically driven people to stay locked up in their homes and spend a lot more (in some cases almost all) of their time online, the possibilities for cyber-criminals have only flourished.

Cyber-security experts have realized this and made a note out of it that everyone knows the kind of danger is lurking in their cyber-world.

From elaborate scams to phishing attacks that target the victim’s personal information, there is a lot of people who need to be cautious about it.

The Cryptocurrency industry is going through a lot due to the current crisis the world is in. The 'crypto-partakers" are being particularly on the hit list with something as attention-grabbing as purportedly “celebrity endorsement”. The latest bait names for this attempt happen to be that of charming Meghan Markle and Prince Harry.

Well-known personalities’ names like Bill Gates, Lord Sugar and even Richard Branson have been misused to lure people in as a part of similar scams. It is not necessary for the people mentioned to belong to a particular industry. They could be anyone famous for that matter.

The scams are so elaborate that once fooled the victims can’t even trace the mal-agent and. The latest scam, per sources, employs a fake report from the “BBC” mentioning how Prince Harry and Meghan Markle found themselves a “wealth loophole”.
Per sources, they also assure their targets that in a matter of three to four months they could convert them into millionaires. Further on, allegedly, it is also mentioned that the royals think of the Cryptocurrency auto-trading as the “Bitcoin Evolution”. It reportedly also includes a fake statement to have been made by Prince Harry.

The overconfident scammers also declare that there is no other application that performs the trading with the accuracy like theirs. Reportedly, on their website, there are banners with “countdowns” forcing people to think that there are limited period offers.

According to researchers this is one of the many schemes desperate cyber-criminals resort to. People not as used to the Cryptocurrency industry and the trading area, in particular, are more vulnerable to such highly bogus scams and tricks that the cyber-criminals usually have up their sleeves.

Bitcoin Prices Are Off The Charts!


Bitcoin, our favorite digital currency has experienced a certain kind of unbelievable hike, all of a sudden. It has profited across several markets with a spike of 12% in its price solely in the last week, mention sources.

Word has it that the Bitcoin price has risen around 6% in the last 24-hour trading duration, overtaking next to all main indices, even the stocks throughout Asia and Europe.

Bitcoin and other forms of digital currency including cryptocurrency have escalated around the globe owing it to the Coronavirus lockdowns.

Per sources, The Bitcoin price has outgrown the $7,000/Bitcoin level and is ascending to “$7,170 on the Luxembourg-based Bitstamp exchange”.

As if they knew things were going to go south, the Bitcoin investors were up and about right from the start of this year. In fact, surveys indicate that the Bitcoin price has a high probability of rocketing up to $20,000/Bitcoin in 2020.

The basic foundational facets for a better Bitcoin system exist today owing to various developmental projects in the crypto industry. An in case of such massively unprecedented crisis investors would want to fall back upon digital currency

Asian and European markets furthered their reserves by 3% and 2-4%. Researchers mention that Bitcoin purchases could have a positive effect on the stock markets.

History has it that the Bitcoin price has seen a major upswing before from a low $1,000 to a high $20,000 in a matter of a year.

Investors are in genuine awe with this ascent in the prices of Bitcoin and see this as a new opportunity for cryptocurrency in general because of the fresh interest the market has shown for it.

Per analysts, this year investors may need to rethink their current cryptocurrency store and even pile up more of it in case of increased demand because of risk assets.

Everyone understands that if the things were to stay the way they are there is a strong chance for a longer period of intense recession.

This has given birth to questions regarding the effect of COVID-19 on the economy and the part Bitcoin could play in it.



Cryptocurrency Profit Reaches $182.62 Billion, Bitcoin Rises upto 10% in 24 Hours


According to data by Coindesk, the cryptocurrency value suddenly increased on Tuesday. And this comes as a matter of surprise as the whole trade market is suffering heavy losses due to coronavirus pandemic. Witnessing this sudden increase in the Cryptocurrency's value, Bitcoin eventually rose up to 10% in a single day, as trading prices reached $6,569.17 around noon, Singapore time.


Meanwhile, Ethereum's value has increased by 7%, whereas XRP witnessed a jump rate of over 5% in its prices.

The total value of the cryptocurrency trading market- Market Capitalization, recorded a surprising leap of $14 Billion to $182.62 Billion within a mere 24 hours at 11:47 am Singapore time, says the data of the website Coinmarketcap.com.

The entire Cryptocurrency market suffered severe losses at the start of March. On 8th March, the whole business failed when oil prices took a hard fall. Furthermore, on 12th March, the Cryptocurrency lost $93.5 of its value within a day, and even worse, Bitcoin suffered a 48% fall in its prices.

As observed, the growth of Cryptocurrency is marching foot by foot with the Equity market. Since recent years, people have started viewing Bitcoin as 'digital gold,' having complete faith that investing in it even under times of economic slowdown can be profitable. Unfortunately, Bitcoin, like the Equity market too, started suffering losses and became a risk asset, especially since the start of this year.

"We're seeing some bullish bitcoin price action today along with other asset classes after the Fed announced unprecedented measures yesterday to shore up the economy. It will be interesting to see how bitcoin fares in such an environment. Given this is its first test as a haven asset in a market downturn and is yet to be proven," says Vijay Ayyar in a conversation with CNBC.

 Key takeaways:
  • Bitcoin rose over 10% in 24 hours, earlier exchanging at $6,569.17. 
  • Ethereum and XPR also witnessed an increase in their prices. 
  • The market value rose from $14 Billion to $182.62 within a day.
  • The cryptocurrency market took a hard beating at the start of March due to the coronavirus outbreak.