NY Attorney General: Cryptocurrency exchanges lack security, fairness, and integrity

Cryptocurrency exchanges may not be as safe as we first thought. A report from the state of New York’s attorney general has revealed that most exchanges do not have basic consumer protections in place, leaving them vulnerable to manipulation.

“Many virtual currency platforms lack the necessary policies and procedures to ensure the fairness, integrity, and security of their exchanges,” state Attorney General Barbara Underwood said in a statement. “Most platforms seem to cater to professional, automated traders, with many venues offering special pricing and other features to such traders, leaving retail customers at a disadvantage.”

As pointed out by The Wall Street Journal, the attorney general’s report suggests “protections for consumer funds are often limited or illusory.”

It would seem that standardized methods for auditing virtual assets do not exist.

“That makes it difficult or impossible to confirm whether platforms are responsibly holding their customers’ assets.” states the attorney general.

Thirteen platforms were approached by the attorney general’s office to participate in the study and provide information on how their platforms are secured, nine complied. These included: Bitfinex, Bittrex, Coinbase, Gemini Trust Company, itBit, Poloniex, Tidex, and HBUS.

“Four platforms – Binance Limited, Gate.io (operated by Gate Technology Incorporated), Huobi Global Limited, and Kraken (operated by Payward, Inc.) – claimed they do not allow trading from New York and declined to participate,” states the report.

The attorney general concludes the report with a list of eight questions that exchanges should be able to confidently answer. These questions concern but are not limited to: security measures to prevent hacking, insurance policies in the event of theft, measures for removing abusive traders, and if the platform is registered under forms of banking regulations.

Published September 19, 2018 — 08:58 UTC

Let’s block ads! (Why?)

Link to original source

Attorney General blasts cryptocurrency exchanges

Falling apart
Falling apart

It’s not just the hacks and outright scams that make cryptocurrency a risky investment. 

According to a report from the office of the New York state attorney general, the exchanges themselves — the places where would-be investors go to buy and sell cryptocurrencies like bitcoin and ether — are not doing enough to protect their customers. And that should concern you. 

The in-depth look at 13 exchanges, released today, details all the ways in which major exchanges fail to guard their customers against fraud, manipulation, and abuse. It’s not a pretty picture. 

“[Virtual] asset trading platforms now in operation have not registered under state or federal securities or commodities laws,” reads the report. “Nor have they implemented common standards for security, internal controls, market surveillance protocols, disclosures, or other investor and consumer protections. Accordingly, customers of virtual asset trading platforms face significant risks.”

That those risks are varied and wide-ranging was perhaps to be expected. That they are not limited to some of, shall we say, the less scrupulous exchanges was perhaps not.  

The New York State attorney general sent voluntary questionnaires out to 13 exchanges, and nine decided it was in their best interest to respond. The exchanges that did play ball include major names like Bitfinex, Bittrex, Coinbase, and Gemini Trust Company. Binance Limited, Gate.io, Huobi Global Limited, and Kraken all essentially told the AG to buzz off. 

Which didn’t go over so well. 

“Based on the results of our report,” wrote the official Twitter account of New York state attorney general Barbara Underwood’s office, “we have also referred three platforms — Binance, Gate.io, and Kraken — to the New York State Department of Financial Services for possibly operating unlawfully in New York.”

The report looked at the possibility of market manipulation and insider trading at each exchange, in addition to the prevalence of automated and algorithmic trading. Many of the companies running the exchanges, the report shows, buy and sell cryptocurrencies on their own exchange — perhaps in an effort to maintain liquidity. 

Coinbase, for example, told the AG that close to 20 percent of its “executed volume” was its own trading. Why is this a potential problem?

“[When] a significant percentage of the volume in one or more assets on a venue is attributable to one source,” the report explains, “customers face the risk that the availability of liquidity in those assets could change, without notice and at any time, including when liquidity is needed most — namely, in times of market volatility or rapid price movement.”

In other words, if the market suddenly tanks and Coinbase stops buying and selling on its own exchange, those mom and pop investors looking to offload their crypto before it hits rock bottom may not be able to find buyers. And then they’d be left holding some rapidly shrinking bags. 

Coinbase, need we remind you, is one of the better regulated exchanges. 

Kraken, which declined to answer the AG’s questions, appeared to dismiss the very notion that scams even matter at all when it comes to trading cryptocurrency. 

“In announcing the company’s decision not to participate in the Initiative,” notes the report, “Kraken declared that market manipulation ‘doesn’t matter to most crypto traders,’ even while admitting that ‘scams are rampant’ in the industry.”

This should not inspire confidence. But hey, it gets worse. 

In a section titled “Protections for Customer Funds Are Often Limited or Illusory,” the report helpfully informs us that “Generally accepted methods for auditing virtual assets do not exist.” What’s more, it continues that “several [tracking platforms] do not claim to do any independent auditing of their virtual currency holdings at all.”

So, in conclusion, many cryptocurrency exchanges appear to be vulnerable to large-scale price manipulation via bots and fail to appropriately protect investors’ funds.

That’s something to keep in mind the next time your friend passionately attempts to convince you to put your savings into cryptocurrency. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2018%2f1%2fc1d630c0 4101 48d1%2fthumb%2f00001

Let’s block ads! (Why?)

Link to original source

Coinbase poaches LinkedIn’s head of data Michael Li

Coinbase continues to beef up its management team with another new hire in Michael Li, who’s joining the cryptocurrency trading platform as its VP of data. Li spent the last seven years at LinkedIn, most recently as its head of analytics and data science.

“Data will be essential to empowering Coinbase’s mission, and core to company’s strategy to deliver the most trusted and easiest-to-use cryptocurrency products and services,” Li wrote in a Medium post this morning. “I feel privileged to take on this challenging and rewarding new role to start the next chapter of my career.”

“We will be both leveraging existing technologies like machine learning and AI, as well as creating data innovations for emerging blockchain use cases to keep up with the ever-changing industry landscape. I look forward to advancing the company’s leadership position in the crypto industry through the power of data and will share key learnings along the way.”

On stage at TechCrunch Disrupt 2018, Coinbase CEO Brian Armstrong opened up about his desire to one day run a public company. For now, Coinbase is backed by private investors including IVP, Spark Capital, Greylock Partners, Battery Ventures, Section 32 and Draper Associates. It had raised more than $200 million at a $1.6 billion valuation as of August 2017.

Here’s a look at some of Coinbase’s other 2018 hires:

  • Tim Wagner, VP of engineering (July). Wagner was previously a general manager at Amazon Web Services.
  • Jeff Horowitz, Chief Compliance Officer (July). Horowitz was the former global head of compliance at Pershing.
  • Alesia Haas, Chief Financial Officer (April). Haas joined from New York-based alternative asset management firm Oz Management
  • Balaji Srinivasan, Chief Technology Officer (April). Srinivasan joined through the company’s acquisition of Earn.com, where he was CEO.
  • Rachael Horwitz, VP of communications (April). Horwitz was formerly a partner at Spark Capital.
  • Tariq Meyers, Global Head of Belonging & Inclusion (April). Meyers was formerly the head of diversity and inclusion at Lyft.
  • Emilie Choi, VP of corporate and business development (March). Choi also joined from LinkedIn, where she was head of corporate development.

Let’s block ads! (Why?)

Link to original source

This cryptocurrency botnet was designed to seek and destroy mining malware

Cryptocurrency botnets are normally the weapons of evil, used to covertly and illicitly steal other people’s computing power to earn coins. But now there’s a new kid on the block, and it seems to be cleaning up online avenues of crypto-malware.

The botnet, known as Fbot, appears to be hunting down illegitimate cryptocurrency mining malware and erasing it from where ever it is being hosted.

According to the researchers who discovered the botnet, Qihoo 360Netlab, the bot scans the web for a specific piece of cryptocurrency mining malware called com.ufo.miner. When found, the botnet installs itself over the top of the malware and then destroys itself.

Interestingly, the botnet is linked to a domain name. However, that domain is not accessible through conventional domain name systems (DNS). Rather it is accessed through EmerDNS – a decentralized alternative, which makes it much more difficult to track and possibly shut down the botnet’s source address.

Who exactly made and released this botnet into the wild at the time of writing remains a mystery.

There is the possibility that some rival cryptocurrency miner malware creators are using Fbot to wipe out the competition. Or maybe, there are some good folk still out there looking to make a positive impact and solve a real and growing problem.

Cryptocurrency malware – especially crypto-jacking campaigns – is on the rise. Just this week numerous government websites in India had fallen foul of cryptocurrency mining scripts.

We’ll have to wait and see if Fbot turns out to be one of the good guys, or just a baddie in a mask.

Published September 18, 2018 — 14:39 UTC

Let’s block ads! (Why?)

Link to original source

Devs used solar-powered radios to complete first ‘off-grid’ cryptocurrency transaction

A group of developers claim to have performed a solar-powered cryptocurrency transaction, using shortwave radios and blockchain tech. While it might not be the world’s first radio-transmitted cryptocurrency transaction, the devs insist it is the first one to be completed entirely off-grid.

They managed to do it with just a portable hard drive, a solar battery pack, a shortwave radio, and, of course, some technical know-how.

In addition to these gadgets, the developers used open-source cryptocurrency Burst to conduct the experiment. For the record, the transaction was recorded on Burst’s blockchain without the need for any mains power or data connections.

One of the developers, Daniel Jones, has since teased an image of the improvised setup on Twitter:

While the items required for this system can be purchased in most good electronics stores, there are some caveats.

You’ll need to prove you understand the legalities and technicalities of using shortwave radios before sending cryptocurrency all over the world, as radio operators must hold a license.

That might sound like a fly in the ointment of this project, however there is a much deeper opportunity.

This project is a submission for the Call For Code challenge, which pits developers against each other to create tech that can aid in preparedness and relief during times of natural disaster.

In addition to the ability to send messages and (cryptocurrency) transactions on the blockchain, the off-grid method pretty much makes it possible to exchange digital information in a secure and immutable manner from practically anywhere in the world.

When accompanied with other predetermined verification methods, people sequestered deep inside disaster zones can communicate with the outside world.

Victims of disaster could confirm their livelihood when all other communication networks are down.

This isn’t the first time that blockchain and cryptocurrencies have been used for good. In a project called Game Chaingers, Unicef asked gamers to mine cryptocurrency to raise funds for children in Syria.

It’ll be curious to see whether the off-grid relay solution can prove useful in real-world scenarios. Just like with charities, it often takes a lot more than just good intentions to create something truly meaningful.

Published September 18, 2018 — 12:47 UTC

Let’s block ads! (Why?)

Link to original source

1% of wallets hold 55% of the world’s Bitcoin

More than half of the entire Bitcoin circulating supply is controlled by cryptocurrency whales, and 42 percent of them didn’t sell during peak crypto-mania.

Blockchain research unit Diar has put together some interesting data that suggests less than 1 percent of all wallet addresses control $100 billion in Bitcoin.

In fact, more than half of Bitcoin’s circulating supply is controlled by wallets with balances exceeding 200 BTC ($1.25 million).

Even further – it appears that a third of all Bitcoin BTC held by whales has never been used for outgoing transactions (meaning the whales never moved it out of their wallets after receiving it). Diar does note that some of these could be the reserves of cryptocurrency exchanges.

Regardless, this is surely impressive, considering the price of BTC fluctuates dramatically.

Most notably, BTC exceeded $20,000 in January, for which many blamed market manipulators for the hysteria that followed.

Diar suggests that some of the sleeping Bitcoin could actually be accidentally locked up due to owners losing private keys. Either that, or there are some rich cryptocurrency believers out there with lots of patience.

Published September 18, 2018 — 11:42 UTC

Let’s block ads! (Why?)

Link to original source

Hackers create 1B fake EOS to rob ‘decentralized’ cryptocurrency exchange

Thanks to a shocking security vulnerability, hackers have flooded a “decentralized” token exchange platform with 1 billion fake EOS EOS. By the end of the heist, the thieves were able to steal almost $58,000 in cryptocurrency directly from users.

The hackers created a new EOS-based token, ironically named “EOS,” and used it to illegitimately purchase BLACK, IQ, and ADD tokens from exchange service Newdex. The company has since confirmed the hack.

“EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens,” Newdex wrote in a statement. “After testing the feasibility of the attack, the account began to place large [buy orders]. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”

The thieves eventually traded the collection of tokens for real EOS cryptocurrency. Newdex later revealed the attackers managed to siphon 4,028 real EOS (approximately $20,000) to cryptocurrency exchange desk Bitfinex. Ultimately, it’s the Newdex dApp users left to suffer losses, which amount to roughly $58,000.

While the team has apologized for incident, it has not yet made plans to compensate affected users.

The vulnerability appears to stem from two things: first, anyone can create a token using EOS, and they can name it anything they want – apparently, even “EOS.” All you need is an EOS account.

Second, Newdex doesn’t use smart contracts. Yep, that’s right. Because there’s no smart contract, there was nothing to confirm the authenticity of the cryptocurrency being pumped into it.

All this is because its developers appear to be leveraging the hype surrounding decentralized exchanges (DEX), by dressing itself up as one. In reality, it’s just a single user account handling trades under the guise of being an asset exchange – pretty centralized, if you ask me.

The community actually proved this just days before the attack:

[…] They deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it. 

This was later corroborated by Hard Fork. As it stands, the “newdexpocket” EOS account – the operational Newdex dApp wallet – has no smart contract code programmed into it. Without a smart contract, users of Newdex are simply sending funds to a personal EOS account with the hope that trades will be conducted properly.

What’s worse, it appears that it is using the exact same key for both its owner and active permissions. This creates a single attack vector that is easily exploitable. For reference, most exchanges at least use multi-sig wallets.

It seems in this instance, the keys weren’t the target – just the gaping security holes left by token exchange developers too negligent to even program a smart contract to protect users.

Welcome to the “decentralized” internet of 2018.

Published September 18, 2018 — 09:53 UTC

Let’s block ads! (Why?)

Link to original source

Sim-swappers hack League of Legends star out of $200K worth of cryptocurrency

It’s not as easy as it sounds being a professional gamer. A League of Legends superstar has had $200,000 in cryptocurrency stolen from them – directly from their Coinbase account.

In a YouTube video spotted by Dot Esports, Yiliang “Doublelift” Peng describes how he awoke one morning last week to messages from his bank telling him he is overdrawn on his account.

While the exact details of the hack have not been officially confirmed, Peng does have his suspicions.

What happened?

Peng states that around a couple of weeks before the theft, he had experienced some abnormal cellphone coverage which he now believes to have been part of the scammer’s “genius plan.”

The League of Legends star believes that he was a victim of “sim swapping” – a fraudulent tactic attackers employ to dupe carrier employees into giving them access to the victim’s phone number.

Peng’s mobile provider confirmed the number had been reported as lost or stolen, and could have been transferred.

By obtaining access to Peng’s mobile phone number, the scammer could then gain access to his email and Coinbase accounts. As Coinbase uses mobile phone numbers as part of its two-factor authentication process (2FA), the scammer was not prevented from accessing Peng’s account when challenged.

The scam didn’t end here. The attacker then went on to employ an intricate system of email filters which prevented Peng from realizing the hack was taking place.

Emails that confirmed Coinbase transactions sent to Doublelift’s inbox were forwarded to a hidden email address – most likely belonging to the scammer. After this, emails were then deleted from Doublelift’s inbox. It happened so quickly Doublelift never saw any of the suspicious Coinbase activity.

The intricate – and clearly well-planned – heist is another in a string of scams that have seen unwitting victims conned out of their cryptocurrency. Last month, a Finnish millionaire lost $35 million in an illegitimate cryptocurrency investment.

While Doublelift isn’t setting any records for the highest value of assets stolen, it is certainly unnerving that scammers can covertly obtain such large sums. Doublelift remains confident he will get his lost funds back, so it might not all be bad news for the gamer.

Of course you should always use 2FA. But if you ever notice unusual activity on your mobile phone that you use for it, speak to your carrier to make sure your number hasn’t been compromised in a “sim swap” scam.

Published September 18, 2018 — 09:36 UTC

Let’s block ads! (Why?)

Link to original source

Cardano talks blockchain innovation with Mongolian government

Cardano is not quite done introducing blockchain technology to developing countries. Founder Charles Hoskinson revealed he recently visited Mongolia to discuss ways to use the technology to innovate the country’s government and business sectors.

Hoskinson, who was part of the original Ethereum founding team, took to Twitter to share a photo of his meeting with Mongolian minister Damdin Tsogtbaatar.

Unfortunately, he refrained from sharing any specific details of the meeting – other than confirming the pair chatted about “business,” “blockchain,” and “innovation.”

Go figure.

So cute – bonding over a cup of tea!

Cardano has devoted a significant chunk of its time towards building blockchain pilots for the world’s poorest nations.

Back in May, the company signed a Memorandum of Understanding (MoU) with the Ethiopian Ministry of Science and Technology. If it pans out, the agreement will see Cardano train a new generation of blockchain developers in Ethiopia.

Hoskinson previously revealed the first group of Ethiopian blockchain devs is expected to graduate by the end of the year. The hope is that they’ll end up actively contributing to Cardano’s code.

It is yet to be seen how much of an improvement Cardano’s tech can bring to developing countries. While there are tons of companies seeking to use blockchain to innovate, not every attempt so far has been a success.

Published September 17, 2018 — 15:40 UTC

Let’s block ads! (Why?)

Link to original source

Elon Musk recruits Dogecoin creator to fight cryptocurrency scambots

We might finally be getting an antidote to Twitter’s cryptocurrency scambot virus – thanks to none other than Tesla CEO Elon Musk.

Determined to stop malicious botnets from impersonating him, Musk has asked Dogecoin creator Jackson Palmer to help him build a solution to curb the spread of fraudulent bots on the platform.

As luck would have it, Palmer had already devised a similar script in the past. If Jackson Palmer is right, he has armed Elon Musk with the power to get end the epidemic once and for all.

Indeed, the Dogecoin creator later tweeted that he hooked up Musk with the scambot-scattering script. He further shared they also discussed some solutions Twitter can implement to fix the problem on their end.

The scambots are so prevalent that Twitter was forced to add a new rule: changing your name to Elon Musk will get you banned from the platform.

Ironically, just a few months ago, Musk joked about the prevalence of scambots on Twitter – and how impressed he is by the people behind them. It seems they no longer amuse him.

It’s worth noting that the scammers have even shown up inside major blockchains. Following the theft of $200,000 from an EOS-based gambling platform, shady characters (with a very similar modus operandi) were found to be phishing unsuspecting users through messages written to the EOS blockchain.

I guess, it makes sense that Elon Musk’s first official cryptocurrency-related project is to rid Twitter of scambots. Although, it is certainly underwhelming, compared to flamethrowers and intergalactic cars.

Goddamn, it better work.

Published September 17, 2018 — 13:41 UTC

Let’s block ads! (Why?)

Link to original source