Colleagues, the on-going
debate regarding which type of crypto wallet is more secure continues with no clear
consensus – hardware, software, clod-based and paper wallets. This debate has
returned to the spotlight given the recent security breach of BitPay’s Copay (software) Wallet. Copay claims its mobile The Copay app securely
stores multiple, distinct bitcoin wallets, allowing both business and
privacy-conscious users to keep funds carefully separated. GitHub issued a memo to users reporting an ‘event-stream` dependency attack steals wallets from users of copay. For details take
a look at the YCombinator news feed on this attack. The bottom line: For
individual digital asset traders software wallets are immensely more convenient
than hardware and paper wallets, however, they are far more prone to cyber-attacks
– quantum password processing, malware and adware … just to name a few. If you
do use a software wallet we highly recommend using any and all security
features at both the application and OS levels. The Copay breach reminds us
that the cryptocurrencies are no more secure than the weakest link in the
crypto ecosystem. Share a comment while
visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, Bittrex, BitMex and now Binance have banned Iranian
cryptocurrency traders in an effort to avoid penalties in the wake of US economic sanctions.
The exchanges issue a warning to users based in Iran to withdraw their funds or
face the confiscation of their assets. There are surely legitimate crypto
traders in the Persian state, however, the goal is to place an embargo on any
state-sponsored entities from circumventing US trade sanctions. Binance has
moved from China to Japan, while BitMex HQ is in Hong Kong and Bittrex is
located in the US. Exchanges, whether with large or modest trading volumes,
face penalties for aiding and abetting Iranian
actors from participating – even on the margins – in the global economy.
Will other crypto exchanges follow their lead? We believe the strategies of
other crypto platforms will depend on the rigor of direct or indirect US
penalties. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, East Asia has become a hotbed for multi-level
marketing schemes which exploit the allure of and poor transparency of
cryptocurrencies, namely Bitcoin. Whether this past May in China
($47m) or more recently in South
Korea ($20m) and Japan
($68m), crypto fraud schemes are running rampant across the region. Bottom
line: Despite many efforts by credible members of the global crypto ecosystem,
digital such as Bitcoin, Ethereum, Ripple and others, are wrought with the
potential for scams and related cybercrimes. Government enforcement entities
such as China’s Ministry
of Public Security or the US SEC only have the bandwidth
to track and prosecute a small minority of crypto fraud cases. We do not
foresee a significant reduction in crypto cybercrimes until government agencies
have both the cyber tools and manpower to launch a counter-offensive which is
likely to be 2-3+ years in the future. Post a comment while visiting us today! Lawrence
– Cyber Security Defender
(https://cybersecuritydefender.blogspot.com/)
Colleagues,
the world’s thirty-eight largest crypto exchange Gate.io was successfully
hacked via the injection of code into StatCounter’s
URI “myaccount/withdraw/BTC”. Reported by security
firm ESET WeLiveSecurity
indicated that although Gate.io is the only known crypto exchange effected, all
of StatCounter’s some 2 million customer sites are at risk. For readers with a
programming background the code was injected via the Dean Edwards JS packer in
the middle of the script. We assume that economic gain is the chief motive
although the ESET report did not provide corroborating details. This cyber-attack
raises two questions. First, how susceptible are URIs (uniform
resource identifiers) to injections via the Dean Edwards packer? And second, how
many more web sites which use StatCounter – a competitor to Google Analytics –
are effected? We will continue to research answers to both questions. Post a comment while visiting us today! Lawrence
– Cyber Security Defender
(https://cybersecuritydefender.blogspot.com/)
Colleagues, Blockchain
technology is about to meet once of its biggest challenges to date – the Japanese Banks'
Payment Clearing Network consortium. The
critical success factors include performance, security and dependability when
processing of low-cost transfer of small-scale transactions using RTGS.for nine commercial banks. Fujitsu has been selected to develop the new Blockchain-based
system. If this test proves successful, it will clearly distinguish Japan as a
“first mover” when it comes to the industrial use of Blockchain technology
among the world’s leading economies. One advantage here is the fact that all
the players are Japanese owned and operated entities and may benefit from both
technological and well as cultural synergies. China, South Korea and the US
will closely monitor this stress test as they seek to implement comparable
systems. Share a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, we have written
extensively on the propensity of central sovereign banks to issue their own
cryptocurrencies. The US Federal Reserve and the PBoC appear to be on opposite
ends of the adoption continuum. New research published by the OMFIF (Official Monetary and Financial Institutions Forum) and IBM point us to the Occam’s razor of CBCD
adoption: Distributed Ledger Technology (DLT). Download the CBDC report here.
Private sector ICOs continue to rise with no end in sight. While they
understand that their underlying Blockchain technology likely has bugs and
security vulnerabilities, financial institutions in particular – such as JP Morgan,
Fidelity,
BlackRock,
etc. – clearly see the benefits of trans-border remittances, increased
transaction speed and lower OPEX. In aggregate central bankers have major
reservations on the security and dependability of DLT. The report states that the
goal is to “construct a convincing RTGS replacement that
can be properly benchmarked against existing systems and meet the high
standards for security, robustness, efficiency and speed.” The PBOC is hiring staff
to develop its CBDC as we speak, whereas the US Fed is cautiously assessing its
options. Many other central banks are somewhere in between. Our prediction: By 2023,
most G20 nations will have launched their own CBDC. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, does the global cryptosphere truly need another hardware
wallet? The CEO of Blockchain clearly believes the answer is yes, indeed. The firm has announced
plans to begin shipping its new LockBox device this November. LockBox’s distinguishing features is that it
enables the exchange between different cryptocurrencies in partnership with SWAP brokerage. The value proposition is that traders can exchange Bitcoin for
Ethereum, XRP for LiteCoin, Ripple for Ether … you get the idea. Two key
factors will determine the success of LockBox. First is the Total Addressable Market
from “crypto-to-crypto” transfers. With a global market cap of some $209B we anticipate that roughly 10% of crypto traders will need to make such
a transfer during their financial careers. Second is the infamous security
challenge – how secure is the hardware wallet when connected to the Internet as
well as the security of LockBox’s interface with the SWAP brokerage when making
transactions. Our recommendation: Proceed with caution. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, under mounting political and economic pressure
from the US – and to lesser extent China and Russia – North Korea’s infamous Lazarus
Group appears to have cryptocurrency exchanges in the center of its
radar screen. The highly respected Group-IB
cyber intelligence firm reports that the DPRK was the source of some 14
cyber attacks targeting cryptocurrencies exchanges during the past
one and a half years yielding $571m
in illicit digital assets. Allow us to make two rather obvious
assumptions: One, the cash-starved North Korean government has no viable
exports other than the sale of rogue military hardware. Two, despite its
economic deprivation, the DPRK funnels as disproportionate level of the financial
resources it does have to the Lazarus Group’s cyber
warfare ventures. These assumptions lead us to a fundamental
question: How does North Korea use the crypto assets acquired by Lazarus? We
believe the answer is two-fold. First, to build and acquire the country’s
military arsenal. Second, the widespread and ongoing disinformation campaign
needed to prop-up the ill-fated Kim political dynasty. Post a comment while visiting us today! Lawrence
– Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, as the debate continues regarding whether cryptocurrencies
are securities or commodities, a parallel debate is emerging which concerns the
legality of including predictive code in smart contracts. The Commodities Futures Trading Commission governs the use of binary options, derivatives and event
contracts for US-based traders and investors. The centerpiece of CFTC
enforcement is protecting the “public interest”. Crypto smart contract security issues, which may lead
to financial losses, are under particular scrutiny by the CFTC. Best practices
concerning smart contracts vary by the Blockchain used by each
cryptocurrency. If your prediction is right, the
contract automatically sends you the remittance as long as it is in the public
interest. The issue of nefarious uses of cryptocurrencies let alone betting on
illicit financial transactions (e.g. money-laundering, evading economic
sanctions and payment for drug trafficking). Smart contract security audits are key to uncovering vulnerabilities in the
underlying Blockchain. The CFTC’s chief concern is the prohibition of so-called
“prediction markets”. Bottom line: When it comes to US-based cryptos and developers
including predictive code in smart contracts raises a red flag by the CFTC.
Until the CFTC issues formal guidelines, our recommendation is to avoid
predictive code in crypto Blockchain. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
Colleagues, crypto time
warp attacks occur when miners collude to report incorrect timestamps that are farther
apart, messing with the rate at which blocks can be mined. Incorrect timestamps
are do occur and can be innocuous. Chain Analysis reports that timestamp errors have steadily
decline since 2018. However, specific manipulation by miners who bends the
rules with the goal of creating illegitimate tokens is cybercrime … pure and
simple. Bitcoin (along with Litecoin) are most susceptible to time warp
attacks. However, some argue that the same Blockchain bug which allows these
attacks have favorable unintended positive side effects … faster transaction speeds and attraction of
more users. By contrast, if the
difficulty of creating a new block is low, a cyber-criminal can mine many fast
coins, or in the case of a small chain, a criminal with 51% hash power could reduce the difficulty to one and mine a new fork from the original block.
The debate continues within the Bitcoin developer community. While consensus
will be hard to reach, the community needs to reach at least a majority vote or
risk a division, which split BTC into Bitcoin and Bitcoin Cash in 2017. Post a comment while visiting us today! Lawrence – Cyber
Security Defender (https://cybersecuritydefender.blogspot.com/)
