NY Attorney General: Cryptocurrency exchanges lack security, fairness, and integrity

Cryptocurrency exchanges may not be as safe as we first thought. A report from the state of New York’s attorney general has revealed that most exchanges do not have basic consumer protections in place, leaving them vulnerable to manipulation.

“Many virtual currency platforms lack the necessary policies and procedures to ensure the fairness, integrity, and security of their exchanges,” state Attorney General Barbara Underwood said in a statement. “Most platforms seem to cater to professional, automated traders, with many venues offering special pricing and other features to such traders, leaving retail customers at a disadvantage.”

As pointed out by The Wall Street Journal, the attorney general’s report suggests “protections for consumer funds are often limited or illusory.”

It would seem that standardized methods for auditing virtual assets do not exist.

“That makes it difficult or impossible to confirm whether platforms are responsibly holding their customers’ assets.” states the attorney general.

Thirteen platforms were approached by the attorney general’s office to participate in the study and provide information on how their platforms are secured, nine complied. These included: Bitfinex, Bittrex, Coinbase, Gemini Trust Company, itBit, Poloniex, Tidex, and HBUS.

“Four platforms – Binance Limited, Gate.io (operated by Gate Technology Incorporated), Huobi Global Limited, and Kraken (operated by Payward, Inc.) – claimed they do not allow trading from New York and declined to participate,” states the report.

The attorney general concludes the report with a list of eight questions that exchanges should be able to confidently answer. These questions concern but are not limited to: security measures to prevent hacking, insurance policies in the event of theft, measures for removing abusive traders, and if the platform is registered under forms of banking regulations.

Published September 19, 2018 — 08:58 UTC

Let’s block ads! (Why?)

Link to original source

This cryptocurrency botnet was designed to seek and destroy mining malware

Cryptocurrency botnets are normally the weapons of evil, used to covertly and illicitly steal other people’s computing power to earn coins. But now there’s a new kid on the block, and it seems to be cleaning up online avenues of crypto-malware.

The botnet, known as Fbot, appears to be hunting down illegitimate cryptocurrency mining malware and erasing it from where ever it is being hosted.

According to the researchers who discovered the botnet, Qihoo 360Netlab, the bot scans the web for a specific piece of cryptocurrency mining malware called com.ufo.miner. When found, the botnet installs itself over the top of the malware and then destroys itself.

Interestingly, the botnet is linked to a domain name. However, that domain is not accessible through conventional domain name systems (DNS). Rather it is accessed through EmerDNS – a decentralized alternative, which makes it much more difficult to track and possibly shut down the botnet’s source address.

Who exactly made and released this botnet into the wild at the time of writing remains a mystery.

There is the possibility that some rival cryptocurrency miner malware creators are using Fbot to wipe out the competition. Or maybe, there are some good folk still out there looking to make a positive impact and solve a real and growing problem.

Cryptocurrency malware – especially crypto-jacking campaigns – is on the rise. Just this week numerous government websites in India had fallen foul of cryptocurrency mining scripts.

We’ll have to wait and see if Fbot turns out to be one of the good guys, or just a baddie in a mask.

Published September 18, 2018 — 14:39 UTC

Let’s block ads! (Why?)

Link to original source

French artists celebrate 10 years of Bitcoin with cryptocurrency art exhibition

Bitcoin is turning 10 years old soon – and a group of international artists are putting on a cryptocurrency art exhibition in France to celebrate its birthday: Bitcoin BTC Art (r)Evolution.

Creatives have been challenged to explore how Bitcoin and other cryptocurrencies affect the artists’ relationship with their audience. Particularly, a focus on whether Bitcoin can free artists from the traditional art market – and ultimately the banking system – to explore greater creative freedoms.

Art (r)evolution will delve into the “unique opportunity to decode the potential upheavals that cryptocurrency and blockchain can cause in the world of art.”

We had the idea to organize an exhibition in Paris to show possible use cases of cryptocurrencies and connect the international crypto-friendly artists,” artist and organizer Pascal Boyart told Hard Fork.

“France, through Paris, is well positioned to become the capital of this new artistic movement between art and crypto. [“Crypto Art”] redefines the way an artist can engage his audience,” Boyart added. “The advent of cryptocurrencies is not just a monetary revolution, it’s also a cultural revolution.”

The public will be able to purchase works directly using Bitcoin, Litecoin, Ethereum, and Monero. What’s cooler is that artists have also been given a mission – hide Bitcoin in their works of art to be discovered by those with a keen eye.

Boyart is scheduled to be in attendance too. The artist caught Hard Fork’s attention when he emblazoned his massive graffiti murals with QR-codes in order to accept donations directly from the public.

Other attendees include Andy Bauch, Coin Artist, Nanu Berks, Yom de Saint Phalle, Ilies Issiakhem, Josephine Bellini, Yosh, Mark Bern, Choq, and Youl.

The exhibition is completely open to the public and will take place from 28 September to 5 October. You can find more details here.

Published September 18, 2018 — 13:46 UTC

Let’s block ads! (Why?)

Link to original source

Devs used solar-powered radios to complete first ‘off-grid’ cryptocurrency transaction

A group of developers claim to have performed a solar-powered cryptocurrency transaction, using shortwave radios and blockchain tech. While it might not be the world’s first radio-transmitted cryptocurrency transaction, the devs insist it is the first one to be completed entirely off-grid.

They managed to do it with just a portable hard drive, a solar battery pack, a shortwave radio, and, of course, some technical know-how.

In addition to these gadgets, the developers used open-source cryptocurrency Burst to conduct the experiment. For the record, the transaction was recorded on Burst’s blockchain without the need for any mains power or data connections.

One of the developers, Daniel Jones, has since teased an image of the improvised setup on Twitter:

While the items required for this system can be purchased in most good electronics stores, there are some caveats.

You’ll need to prove you understand the legalities and technicalities of using shortwave radios before sending cryptocurrency all over the world, as radio operators must hold a license.

That might sound like a fly in the ointment of this project, however there is a much deeper opportunity.

This project is a submission for the Call For Code challenge, which pits developers against each other to create tech that can aid in preparedness and relief during times of natural disaster.

In addition to the ability to send messages and (cryptocurrency) transactions on the blockchain, the off-grid method pretty much makes it possible to exchange digital information in a secure and immutable manner from practically anywhere in the world.

When accompanied with other predetermined verification methods, people sequestered deep inside disaster zones can communicate with the outside world.

Victims of disaster could confirm their livelihood when all other communication networks are down.

This isn’t the first time that blockchain and cryptocurrencies have been used for good. In a project called Game Chaingers, Unicef asked gamers to mine cryptocurrency to raise funds for children in Syria.

It’ll be curious to see whether the off-grid relay solution can prove useful in real-world scenarios. Just like with charities, it often takes a lot more than just good intentions to create something truly meaningful.

Published September 18, 2018 — 12:47 UTC

Let’s block ads! (Why?)

Link to original source

1% of wallets hold 55% of the world’s Bitcoin

More than half of the entire Bitcoin circulating supply is controlled by cryptocurrency whales, and 42 percent of them didn’t sell during peak crypto-mania.

Blockchain research unit Diar has put together some interesting data that suggests less than 1 percent of all wallet addresses control $100 billion in Bitcoin.

In fact, more than half of Bitcoin’s circulating supply is controlled by wallets with balances exceeding 200 BTC ($1.25 million).

Even further – it appears that a third of all Bitcoin BTC held by whales has never been used for outgoing transactions (meaning the whales never moved it out of their wallets after receiving it). Diar does note that some of these could be the reserves of cryptocurrency exchanges.

Regardless, this is surely impressive, considering the price of BTC fluctuates dramatically.

Most notably, BTC exceeded $20,000 in January, for which many blamed market manipulators for the hysteria that followed.

Diar suggests that some of the sleeping Bitcoin could actually be accidentally locked up due to owners losing private keys. Either that, or there are some rich cryptocurrency believers out there with lots of patience.

Published September 18, 2018 — 11:42 UTC

Let’s block ads! (Why?)

Link to original source

Hackers create 1B fake EOS to rob ‘decentralized’ cryptocurrency exchange

Thanks to a shocking security vulnerability, hackers have flooded a “decentralized” token exchange platform with 1 billion fake EOS EOS. By the end of the heist, the thieves were able to steal almost $58,000 in cryptocurrency directly from users.

The hackers created a new EOS-based token, ironically named “EOS,” and used it to illegitimately purchase BLACK, IQ, and ADD tokens from exchange service Newdex. The company has since confirmed the hack.

“EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens,” Newdex wrote in a statement. “After testing the feasibility of the attack, the account began to place large [buy orders]. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”

The thieves eventually traded the collection of tokens for real EOS cryptocurrency. Newdex later revealed the attackers managed to siphon 4,028 real EOS (approximately $20,000) to cryptocurrency exchange desk Bitfinex. Ultimately, it’s the Newdex dApp users left to suffer losses, which amount to roughly $58,000.

While the team has apologized for incident, it has not yet made plans to compensate affected users.

The vulnerability appears to stem from two things: first, anyone can create a token using EOS, and they can name it anything they want – apparently, even “EOS.” All you need is an EOS account.

Second, Newdex doesn’t use smart contracts. Yep, that’s right. Because there’s no smart contract, there was nothing to confirm the authenticity of the cryptocurrency being pumped into it.

All this is because its developers appear to be leveraging the hype surrounding decentralized exchanges (DEX), by dressing itself up as one. In reality, it’s just a single user account handling trades under the guise of being an asset exchange – pretty centralized, if you ask me.

The community actually proved this just days before the attack:

[…] They deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it. 

This was later corroborated by Hard Fork. As it stands, the “newdexpocket” EOS account – the operational Newdex dApp wallet – has no smart contract code programmed into it. Without a smart contract, users of Newdex are simply sending funds to a personal EOS account with the hope that trades will be conducted properly.

What’s worse, it appears that it is using the exact same key for both its owner and active permissions. This creates a single attack vector that is easily exploitable. For reference, most exchanges at least use multi-sig wallets.

It seems in this instance, the keys weren’t the target – just the gaping security holes left by token exchange developers too negligent to even program a smart contract to protect users.

Welcome to the “decentralized” internet of 2018.

Published September 18, 2018 — 09:53 UTC

Let’s block ads! (Why?)

Link to original source

Sim-swappers hack League of Legends star out of $200K worth of cryptocurrency

It’s not as easy as it sounds being a professional gamer. A League of Legends superstar has had $200,000 in cryptocurrency stolen from them – directly from their Coinbase account.

In a YouTube video spotted by Dot Esports, Yiliang “Doublelift” Peng describes how he awoke one morning last week to messages from his bank telling him he is overdrawn on his account.

While the exact details of the hack have not been officially confirmed, Peng does have his suspicions.

What happened?

Peng states that around a couple of weeks before the theft, he had experienced some abnormal cellphone coverage which he now believes to have been part of the scammer’s “genius plan.”

The League of Legends star believes that he was a victim of “sim swapping” – a fraudulent tactic attackers employ to dupe carrier employees into giving them access to the victim’s phone number.

Peng’s mobile provider confirmed the number had been reported as lost or stolen, and could have been transferred.

By obtaining access to Peng’s mobile phone number, the scammer could then gain access to his email and Coinbase accounts. As Coinbase uses mobile phone numbers as part of its two-factor authentication process (2FA), the scammer was not prevented from accessing Peng’s account when challenged.

The scam didn’t end here. The attacker then went on to employ an intricate system of email filters which prevented Peng from realizing the hack was taking place.

Emails that confirmed Coinbase transactions sent to Doublelift’s inbox were forwarded to a hidden email address – most likely belonging to the scammer. After this, emails were then deleted from Doublelift’s inbox. It happened so quickly Doublelift never saw any of the suspicious Coinbase activity.

The intricate – and clearly well-planned – heist is another in a string of scams that have seen unwitting victims conned out of their cryptocurrency. Last month, a Finnish millionaire lost $35 million in an illegitimate cryptocurrency investment.

While Doublelift isn’t setting any records for the highest value of assets stolen, it is certainly unnerving that scammers can covertly obtain such large sums. Doublelift remains confident he will get his lost funds back, so it might not all be bad news for the gamer.

Of course you should always use 2FA. But if you ever notice unusual activity on your mobile phone that you use for it, speak to your carrier to make sure your number hasn’t been compromised in a “sim swap” scam.

Published September 18, 2018 — 09:36 UTC

Let’s block ads! (Why?)

Link to original source

Cardano talks blockchain innovation with Mongolian government

Cardano is not quite done introducing blockchain technology to developing countries. Founder Charles Hoskinson revealed he recently visited Mongolia to discuss ways to use the technology to innovate the country’s government and business sectors.

Hoskinson, who was part of the original Ethereum founding team, took to Twitter to share a photo of his meeting with Mongolian minister Damdin Tsogtbaatar.

Unfortunately, he refrained from sharing any specific details of the meeting – other than confirming the pair chatted about “business,” “blockchain,” and “innovation.”

Go figure.

So cute – bonding over a cup of tea!

Cardano has devoted a significant chunk of its time towards building blockchain pilots for the world’s poorest nations.

Back in May, the company signed a Memorandum of Understanding (MoU) with the Ethiopian Ministry of Science and Technology. If it pans out, the agreement will see Cardano train a new generation of blockchain developers in Ethiopia.

Hoskinson previously revealed the first group of Ethiopian blockchain devs is expected to graduate by the end of the year. The hope is that they’ll end up actively contributing to Cardano’s code.

It is yet to be seen how much of an improvement Cardano’s tech can bring to developing countries. While there are tons of companies seeking to use blockchain to innovate, not every attempt so far has been a success.

Published September 17, 2018 — 15:40 UTC

Let’s block ads! (Why?)

Link to original source

Elon Musk recruits Dogecoin creator to fight cryptocurrency scambots

We might finally be getting an antidote to Twitter’s cryptocurrency scambot virus – thanks to none other than Tesla CEO Elon Musk.

Determined to stop malicious botnets from impersonating him, Musk has asked Dogecoin creator Jackson Palmer to help him build a solution to curb the spread of fraudulent bots on the platform.

As luck would have it, Palmer had already devised a similar script in the past. If Jackson Palmer is right, he has armed Elon Musk with the power to get end the epidemic once and for all.

Indeed, the Dogecoin creator later tweeted that he hooked up Musk with the scambot-scattering script. He further shared they also discussed some solutions Twitter can implement to fix the problem on their end.

The scambots are so prevalent that Twitter was forced to add a new rule: changing your name to Elon Musk will get you banned from the platform.

Ironically, just a few months ago, Musk joked about the prevalence of scambots on Twitter – and how impressed he is by the people behind them. It seems they no longer amuse him.

It’s worth noting that the scammers have even shown up inside major blockchains. Following the theft of $200,000 from an EOS-based gambling platform, shady characters (with a very similar modus operandi) were found to be phishing unsuspecting users through messages written to the EOS blockchain.

I guess, it makes sense that Elon Musk’s first official cryptocurrency-related project is to rid Twitter of scambots. Although, it is certainly underwhelming, compared to flamethrowers and intergalactic cars.

Goddamn, it better work.

Published September 17, 2018 — 13:41 UTC

Let’s block ads! (Why?)

Link to original source

Cryptocurrency researchers ask for XMR donations to secure Monero wallets

Cryptography researchers have urged the Monero community to donate XMR in order to continue the development of the popular anonymous altcoin Monero.

Academics Brandon Gooddall (also known as Surae Noether) and Dr. Sarang Noether have launched crowdfunding campaigns to raise money to continue investigating the usefulness of Monero multi-sig wallets (wallets that require more than one key to send transactions).

The reason the academics have appealed to the community for funds is because Monero is proudly an open-source and non-profit cryptocurrency project.

As there is no defining, central organization to Monero, members of its Research Lab submit funding requests to the community. Both seek the equivalent of roughly $9,000 per month, each, in the Monero cryptocurrency (XMR).

In an email to Hard Fork, Monero founder and lead developer Riccardo Spagni, also known as ‘fluffypony,’ insisted on the necessity of the work to be funded.

“The Monero Research Lab has been primarily responsible for major innovations in Monero, such as RingCT, so I’d definitely attest to that,” Spagni wrote.

It should be noted that the funding campaigns list vastly different targets for XMR donations. Sarang’s requests 241 XMR (approx $9.1 per month) and Gooddall’s requests 376 XMR (approx $14.2k).

For what it’s worth, Gooddall explained his reason for the increase XMR target: the bear market. Goddall set a lower base rate for XMR’s price than his Monero colleague, predicting a continued downturn, at least over the next quarter.

“I am asking for $9,000 USD/month; this is in line with market rates for a Ph.D. scientist and mathematician (accounting for the tax implications of working outside a traditional employer), and represents my assessment of fair compensation. and I am asking at 71.88 USD/XMR as my baseline exchange rate,” Gooddall explained. “[For] the last two funding periods, I was using the 30 day EMA to estimate the Monero exchange rate, but this always leads to an over-estimate of price during a bear market.”

An ever-present focus of security in Monero is an obvious choice for research efforts. Recently, a bug in Monero’s wallet was found that made it possible to steal XMR from exchanges. Further still, just a few months ago, Monero joined other projects in paying over $24,000 in bug bounties over the course of one week.

So far, both campaigns are about 25 percent of the way towards their target. Both are pegged to fund research until the end of December.

Published September 17, 2018 — 12:03 UTC

Let’s block ads! (Why?)

Link to original source