Colleagues, a recent bug in Bitcoin’s
public code has led to the illicit printing of some 235
million Pigeoncoins.
Although Bitcoin has released a software
patch which altcoins, exchanges and mining pools can
install to mitigate this bug, the specter of crypto double-spend cyber-attacks
looms large. Double spending is a
problem unique to digital currencies because digital information can be
reproduced with relative ease. Bitcoin transactions take some time to verify
because the process involves intensive computational power and complex algorithms,
which can be measured in seconds or milliseconds. Two fundamental questions
emerge. First, just how many exchanges, pools and altcoins use BTC’s public
code? Given the size, complexity and global diversity of the crypto ecosystem this question is almost impossible to answer.
Second, how many of these crypto entities will expeditiously implement the
software patch before cyber criminals can perform double-spend transactions?
Sadly, this question is equally difficult to answer. When in doubt we once
again offer our baseline guidance: Stay with established (aka Tier 1) currencies,
exchanges and pools that typically have more comprehensive security measures in
place. Share a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, as we have previously reported
cyber security attacks, specifically cryptojacking via
Internet browsers, has risen some 400% YoY from 2017 through H1 2018. Google
Chrome commands almost 67% market share according to data from Statista. Earlier
this year Google banned cryptocurrency-related ads from AdWords and
placed major restrictions on apps and extensions on Google
Play and the Chrome
Web Store. Therefore, it comes as welcomed news for
individual and corporate Chrome users that Google has taken the next step of
adding more stringent rules for developers of Chrome extensions. Chrome,
Firefox and Safari have been the primary targets of cyber criminals seeking to
perform crypto mining by way of installing malicious code (aka illegal extensions)
to mobile and desktop browsers alike. The Chrome Web Store’s Developer
Program Policies clearly states “Do not create an extension
that requires users to accept bundles of unrelated functionality”. Nevertheless, written policies are no better than
the vendor’s enforcement practices and penalties. We will report back in Q1
2019 on the initial impact these stricter policies have on mitigating the
cryptojacking tsunami impacting Chrome users … and hopefully stemming the tide
of illicit crypto mining. Share a comment while visiting us today! Lawrence Wilson – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the fraudulent representation or
claim of a “security” or “commodity” in the US can be tired as a federal or a
state level crime. Nevertheless, fraud is fraud. So ruled a district
judge regarding the cryptocurrency My Big
Coin Pay scam. Co-defendants Mark Gillespie and Randall Crater are alleged to have use investments –
categorized as commodities - in My Big Coin Pay for personal use and gain.
Sovereign nations, their governments and court systems around the world are
struggling to regulate digital assets. One of the foremost dilemmas is whether
cryptocurrencies are securities or commodities. To outsiders the distinction
may appear meaningless, however, to government regulators and the exchanges
upon which these assets are traded the difference in critical. In the US, the
issue will ultimately depend upon the decisions of the judicial system along
with the US SEC and the Commodities Futures Trading Commission (CFTC). Although the issue of My Big Coin Pay
may be decided for now, the much larger issue will likely not be resolved at
the federal level for another 2-3 years. Share a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the promise of a 13-fold
appreciation in one month lies at the core of the US SEC’s lawsuit against PlexCoin
co-founders Sabrina Paradis-Royer
and Dominic Lacroix. The defendants are charged with an illicit PlexCoin ICO scheme. Although fraudulent ICOs are not a daily occurrence,
they are far too common. Moreover, they represent one more reason why the US SEC – and its
counterparts abroad – are reluctant to classify cryptocurrencies as legitimate
“securities” tradeable on leading stock exchanges. That is why even the most
prominent digital assets including Bitcoin, Ethereum, Ripple and the like are
confined to crypto only exchanges like BitFinex, Binance and Huobi. Bottom line: We predict that within 24-36
months the US SEC will define and implement a strict framework for regulating
cryptocurrencies and allowing only those assets, which meet the most stringent
requirements bona fide “securities” status. As we continuously stress crypto
investors must perform their due diligence and are urged to stay with proven
currencies traded on legitimate exchanges. Post a comment today! Lawrence – Cryptocurrency
Academy (https://cryptocurrencyacademy.blogspot.com/)
Colleagues, Zaif is a
small cryptocurrency exchange based in Japan. Although Zaif on ranks as the 45th
largest exchange based upon daily trading volume by CoinMarketCap, a
crypto theft worth $60m USD is
reason for concern. The exchange processed some $43B per day in
cryptocurrencies. The Japanese Financial Services Authority (FSA) is investing this cybercrime and
questioning why Tech Bureau – Zaif’s parent company – waited several days
to report this incident. Bottom line: Whether this was an “inside job” by a
disgruntled Tech Bureau employee or an external cyber-attack is unknown at this
time. What we do know is two-fold. First, Japan is an early adopter and
supporter of cryptocurrencies. Second, there has been a meteoric rise in the
number and value of cybercrimes specifically targeting crypto exchanges during
the past two years. Where possible, we highly recommend that crypto traders and
investors alike perform their due diligence and stay with top tier exchanges
such as BitForex, BitMEX, Binance, OKex and Huobi. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, although the numbers are alarming
they also confirm what many of us assumed to be true. Cyber-attacks focused on
cryptocurrency mining (aka “cryptojacking”) has sky rocketed by some 400% YoY
between 2017 and 2018. As reported by the CTA entitled
“The
Illicit Cryptocurrency Mining Threat” indicates
that EternalBlue,
perhaps the world’s most pervasive cyber-attack in history, targets Microsoft’s
Server Message Block (SMB) protocol via port 445 is the leading
culprit. Researchers suspect that North Korea is the likely source behind EternalBlue’s
root cause – the infamous WannaCry ransomware.
Bottom line: The global crypto ecosystem continues to be the most common target
of cybercrime, which ultimately serves to thwart mass market adoption of
cryptocurrencies. Crypto ecosystem members need closer ties and cooperation
with their cyber security peers in order to mitigate the relentless rise in
cryptojacking is cryptocurrencies are to move to the mainstream. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the recent Common
Vulnerabilities and Exposures Report (CVE-2018-17144
Full Disclosure) states, “a fix
for which was released on September 18th in Bitcoin Core versions 0.16.3 and
0.17.0rc4, includes both a Denial of Service component and a critical inflation
vulnerability”. A cybercriminal
exploited this bug to create new Bitcoin, which in turn would have deflated
Bitcoin value by increasing the supply of the currency above the 21 million
hard-cap. Matt Corallo, Bitcoin Core developer and Chaincode engineer acknowledged that if this bug has
gone undetected someone could have launched a cyber-attack to print an
unlimited number of BTCs. According to CoinMarketCap, global Bitcoin market capitalization exceeds
$115.6B USD far outpacing Ethereum, which is valued at $24.6 USD. Bottom line: The
world’s most valuable (and popular) cryptocurrency is prone to vulnerabilities
and is subject to cyber crime. This is just one reason why regulators such as
the US SEC question is
legitimacy as a financial “security”. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, according to CoinMarketCap the worldwide market capitalization for digital assets
reached some $760b in December 2017 and currently hoover around $240b. Coindesk
reports that the Japanese market lost $540m due to crypto crime in H1 2018. Globally,
cyber security firm Carbon Black
has confirmed $1.1b worth of cryptocurrencies were stolen in the same time
period. The numbers are alarming, they continue to grow and represent the
single largest threat to the market adoption of cryptocurrencies across the
global economy. Conventional malware, fraudulent ICOs, attacks on crypto
exchanges and crypto jacking which targets mining vendors and pools tops the
list of cybercrime tactics. We offer two basic conclusions: First, it is highly
likely that crypto theft will top $2b around the world in 2018. Second, the
rise in cybercrime
focused on digital assets heightens the concern of government regulators in the
US and abroad that cryptocurrencies should not be categorized as legitimate
“securities”. These factors are major barriers to adoption across the crypto
ecosystem. We do believe that digital assets
will take 2-3 years to cross the chasm from truly speculative investments to
viable securities traded on market stock exchanges … foremost the US NASDAQ. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, the US Texas Securities
Commission has issued cease and desist orders against three offshore entities
suspected of issuing fraudulent cryptocurrency investment schemes. The orders
target Ultimate Assets LLC, DigitalBank Ltd. and Coins Miner Investment Ltd. All three entities purport to represent Coinbase, a prominent U.S. crypto exchange.
The charges stem from crypto and forex trading services, false claims of meeting
with the president of Ripple and soliciting funds
to develop a claimed secure crypto wallet. Bottom line: The global crypto
ecosystem is under siege from cyber criminals on all fronts. The three firms
identified above a just the latest in a long list of bad actors targeting
crypto investors, wallets, exchanges and underlying Blockchain technology. The most
common motive across these nefarious actions is financial gain. We have and
will continue to warn legitimate players in the crypto ecosystem to take major security and human
factors measures to protect their business concerns. Send a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
