Thursday, October 4, 2018

Will a bug in Bitcoin’s software lead to double-spend exploits of Altcoins which use BTC’s public code?

Colleagues, a recent bug in Bitcoin’s public code has led to the illicit printing of some 235 million Pigeoncoins. Although Bitcoin has released a software patch which altcoins, exchanges and mining pools can install to mitigate this bug, the specter of crypto double-spend cyber-attacks looms large. Double spending is a problem unique to digital currencies because digital information can be reproduced with relative ease. Bitcoin transactions take some time to verify because the process involves intensive computational power and complex algorithms, which can be measured in seconds or milliseconds. Two fundamental questions emerge. First, just how many exchanges, pools and altcoins use BTC’s public code? Given the size, complexity and global diversity of the crypto ecosystem this question is almost impossible to answer. Second, how many of these crypto entities will expeditiously implement the software patch before cyber criminals can perform double-spend transactions? Sadly, this question is equally difficult to answer. When in doubt we once again offer our baseline guidance: Stay with established (aka Tier 1) currencies, exchanges and pools that typically have more comprehensive security measures in place. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Wednesday, October 3, 2018

Google Moves to Prevent Cryptojacking via Illicit Chrome Extensions

Colleagues, as we have previously reported cyber security attacks, specifically cryptojacking via Internet browsers, has risen some 400% YoY from 2017 through H1 2018. Google Chrome commands almost 67% market share according to data from Statista. Earlier this year Google banned cryptocurrency-related ads from AdWords and placed major restrictions on apps and extensions on Google Play and the Chrome Web Store. Therefore, it comes as welcomed news for individual and corporate Chrome users that Google has taken the next step of adding more stringent rules for developers of Chrome extensions. Chrome, Firefox and Safari have been the primary targets of cyber criminals seeking to perform crypto mining by way of installing malicious code (aka illegal extensions) to mobile and desktop browsers alike. The Chrome Web Store’s Developer Program Policies clearly states “Do not create an extension that requires users to accept bundles of unrelated functionality”.  Nevertheless, written policies are no better than the vendor’s enforcement practices and penalties. We will report back in Q1 2019 on the initial impact these stricter policies have on mitigating the cryptojacking tsunami impacting Chrome users … and hopefully stemming the tide of illicit crypto mining. Share a comment while visiting us today! Lawrence Wilson – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Monday, October 1, 2018

Bitcoin, Ethereum and Monero at the core of a new cryptocurrency money-laundering scheme

Colleagues, the lack of transaction transparency and money laundering have long been the Achilles heel of the crypto ecosystem. A recent Wall Street Journal study revealed that some $88m in cryptocurrencies from 2500 wallets was laundered through exchanges including Shape Shift. To date this exchange (and others) have allowed investors to anonymously trade digital assets – mostly Bitcoin that holds 50% market capitalization share among cryptocurrencies – without needing to create an account. To its credit ShapeShift is replacing its “account less” trading model with a new “loyalty program” which requires users to create a traceable account. Money laundering has long been a high priority of entities such as the US Drug Enforcement Agency and Europol … and so-called crypto laundering is reaching epic proportions. Having reported all too many times on this topic we believe that first and third world governments need to implement strict regulations requiring the transparency of crypto trading and exchanges alike. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Friday, September 28, 2018

The Perennial Tug of War Between the US SEC and CFTC – Are Crypto Assets “Securities” or “Commodities”?

Colleagues, the fraudulent representation or claim of a “security” or “commodity” in the US can be tired as a federal or a state level crime. Nevertheless, fraud is fraud. So ruled a district judge regarding the cryptocurrency My Big Coin Pay scam. Co-defendants Mark Gillespie and Randall Crater are alleged to have use investments – categorized as commodities - in My Big Coin Pay for personal use and gain. Sovereign nations, their governments and court systems around the world are struggling to regulate digital assets. One of the foremost dilemmas is whether cryptocurrencies are securities or commodities. To outsiders the distinction may appear meaningless, however, to government regulators and the exchanges upon which these assets are traded the difference in critical. In the US, the issue will ultimately depend upon the decisions of the judicial system along with the US SEC and the Commodities Futures Trading Commission (CFTC). Although the issue of My Big Coin Pay may be decided for now, the much larger issue will likely not be resolved at the federal level for another 2-3 years. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Thursday, September 27, 2018

US SEC Cyber Unit Sues PlexCoin Founders for Illicit Cryptocurrency Scheme

Colleagues, the promise of a 13-fold appreciation in one month lies at the core of the US SEC’s lawsuit against PlexCoin co-founders Sabrina Paradis-Royer and Dominic Lacroix. The defendants are charged with an illicit PlexCoin ICO scheme. Although fraudulent ICOs are not a daily occurrence, they are far too common. Moreover, they represent one more reason why the US SEC – and its counterparts abroad – are reluctant to classify cryptocurrencies as legitimate “securities” tradeable on leading stock exchanges. That is why even the most prominent digital assets including Bitcoin, Ethereum, Ripple and the like are confined to crypto only exchanges like BitFinex, Binance and Huobi. Bottom line: We predict that within 24-36 months the US SEC will define and implement a strict framework for regulating cryptocurrencies and allowing only those assets, which meet the most stringent requirements bona fide “securities” status. As we continuously stress crypto investors must perform their due diligence and are urged to stay with proven currencies traded on legitimate exchanges. Post a comment today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/)  

Wednesday, September 26, 2018

Cybercrime involving $60m in Zaif crypto exchange raises yet another red flag concerning security

Colleagues, Zaif is a small cryptocurrency exchange based in Japan. Although Zaif on ranks as the 45th largest exchange based upon daily trading volume by CoinMarketCap, a crypto theft worth $60m USD is reason for concern. The exchange processed some $43B per day in cryptocurrencies. The Japanese Financial Services Authority (FSA) is investing this cybercrime and questioning why Tech Bureau – Zaif’s parent company – waited several days to report this incident. Bottom line: Whether this was an “inside job” by a disgruntled Tech Bureau employee or an external cyber-attack is unknown at this time. What we do know is two-fold. First, Japan is an early adopter and supporter of cryptocurrencies. Second, there has been a meteoric rise in the number and value of cybercrimes specifically targeting crypto exchanges during the past two years. Where possible, we highly recommend that crypto traders and investors alike perform their due diligence and stay with top tier exchanges such as BitForex, BitMEX, Binance, OKex and HuobiPost a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Tuesday, September 25, 2018

Cyber Threat Alliance Confirms a 400% Spike in Cryptojacking Mining Attacks from 2017 to 2018

Colleagues, although the numbers are alarming they also confirm what many of us assumed to be true. Cyber-attacks focused on cryptocurrency mining (aka “cryptojacking”) has sky rocketed by some 400% YoY between 2017 and 2018. As reported by the CTA entitled “The Illicit Cryptocurrency Mining Threat” indicates that EternalBlue, perhaps the world’s most pervasive cyber-attack in history, targets Microsoft’s Server Message Block (SMB) protocol via port 445 is the leading culprit. Researchers suspect that North Korea is the likely source behind EternalBlue’s root cause – the infamous WannaCry ransomware. Bottom line: The global crypto ecosystem continues to be the most common target of cybercrime, which ultimately serves to thwart mass market adoption of cryptocurrencies. Crypto ecosystem members need closer ties and cooperation with their cyber security peers in order to mitigate the relentless rise in cryptojacking is cryptocurrencies are to move to the mainstream.  Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/

Monday, September 24, 2018

CVE Report for Bitcoin Core Revealed a Security Flaw that Could Bring Down Part of the Network

Colleagues, the recent Common Vulnerabilities and Exposures Report (CVE-2018-17144 Full Disclosure) states, “a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability”. A cybercriminal exploited this bug to create new Bitcoin, which in turn would have deflated Bitcoin value by increasing the supply of the currency above the 21 million hard-cap. Matt Corallo, Bitcoin Core developer and Chaincode engineer acknowledged that if this bug has gone undetected someone could have launched a cyber-attack to print an unlimited number of BTCs. According to CoinMarketCap, global Bitcoin market capitalization exceeds $115.6B USD far outpacing Ethereum, which is valued at $24.6 USD. Bottom line: The world’s most valuable (and popular) cryptocurrency is prone to vulnerabilities and is subject to cyber crime. This is just one reason why regulators such as the US SEC question is legitimacy as a financial “security”. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Friday, September 21, 2018

The Spector of $2b in 2018 Cyber Crime Targeting Cryptocurrencies Threatens Market Adoption

Colleagues, according to CoinMarketCap the worldwide market capitalization for digital assets reached some $760b in December 2017 and currently hoover around $240b. Coindesk reports that the Japanese market lost $540m due to crypto crime in H1 2018. Globally, cyber security firm Carbon Black has confirmed $1.1b worth of cryptocurrencies were stolen in the same time period. The numbers are alarming, they continue to grow and represent the single largest threat to the market adoption of cryptocurrencies across the global economy. Conventional malware, fraudulent ICOs, attacks on crypto exchanges and crypto jacking which targets mining vendors and pools tops the list of cybercrime tactics. We offer two basic conclusions: First, it is highly likely that crypto theft will top $2b around the world in 2018. Second, the rise in cybercrime focused on digital assets heightens the concern of government regulators in the US and abroad that cryptocurrencies should not be categorized as legitimate “securities”. These factors are major barriers to adoption across the crypto ecosystem. We do believe that digital assets will take 2-3 years to cross the chasm from truly speculative investments to viable securities traded on market stock exchanges … foremost the US NASDAQ. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Thursday, September 20, 2018

Issuing fraudulent investments is the latest cyber security risk to the cryptocurrency ecosystem

Colleagues, the US Texas Securities Commission has issued cease and desist orders against three offshore entities suspected of issuing fraudulent cryptocurrency investment schemes. The orders target Ultimate Assets LLC, DigitalBank Ltd. and Coins Miner Investment Ltd.  All three entities purport to represent Coinbase, a prominent U.S. crypto exchange. The charges stem from crypto and forex trading services, false claims of meeting with the president of Ripple and soliciting funds to develop a claimed secure crypto wallet. Bottom line: The global crypto ecosystem is under siege from cyber criminals on all fronts. The three firms identified above a just the latest in a long list of bad actors targeting crypto investors, wallets, exchanges and underlying Blockchain technology. The most common motive across these nefarious actions is financial gain. We have and will continue to warn legitimate players in the crypto ecosystem to take major security and human factors measures to protect their business concerns. Send a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)