Digital Article Repository: CryptoCurrency

 


April 22, 2022

Hackers Breached Mailchimp to Phish Cryptocurrency Wallets

Courtesy of Corin Faife, TheVerge.com

Users of the Trezor hardware wallet were sent sophisticated phishing emails after the hack, with other crypto mailing lists potentially affected

Mailchimp, the veteran email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mount phishing attacks on the users of cryptocurrency services.

The breach was confirmed to the press by Mailchimp on Monday, but it had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.

In a statement sent to The Verge, Mailchimp CISO Siobhan Smyth said that the company had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams. Although Mailchimp deactivated the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them, Smyth said.

“We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”

 Listen to or read more of this article here.

Related reading:

Three Rules to Remember After Mailchimp Breach
As crypto holdings grow in value, criminals are becoming ever-more creative and audacious in their attempts to steal coins. Join “Speaking of Bitcoin” hosts Adam B. Levine, Andreas M. Antonopoulos and Stephanie Murphy for a look at a recent insider compromise at Mailchimp that put crypto holders in the crosshairs. In this episode, we discuss what happened, what the scam was and three simple rules that, if followed, will help protect you from similar breaches.


 

April 22, 2022

U.S. Agency Links North Korea Crime Ring to $540 Million Axie Infinity Crypto Hack

Courtesy of Paul Vigna, Wall Street Journal

Lazarus Group has allegedly stolen nearly $2 billion of crypto since 2017

U.S. law enforcement linked the Lazarus Group, an online crime syndicate connected to the North Korean government, to the $540 million hack of the online game Axie Infinity last month.

The theft, infiltrating the network upon which the game is run, was one of the largest in the 13-year history of cryptocurrencies. The perpetrators stole 173,600 ether and 25.5 million of the stablecoin USD Coin, or USDC, worth about $540 million at the time of the attack.

The Treasury Department’s Office of Foreign Assets Control maintains a database of sanctioned groups that are illegal to do business with. On Thursday, the agency updated sanctions to say that the Lazarus Group is the owner of the cryptocurrency address that was used in the hack.

The North Korean government has increasingly relied on illicit activities including cybercrime to generate revenue for its weapons of mass destruction and ballistic-missile programs, a Treasury spokesperson said. The Axie-hack wallet was discovered through a joint investigation of the Treasury Department and Federal Bureau of Investigation.

Because the stolen funds need to be laundered to be turned into hard cash, the spokesperson said crypto enterprises that enforce anti-money-laundering laws are a “critical chokepoint” to block the movement of those funds. Moreover, anybody transacting with the sanctioned wallet themselves would risk exposure to U.S. sanctions.

“We would like to extend a thank you to all law enforcement agencies who have supported us in this ongoing investigation,” Vietnam-based Sky Mavis, which created the game, wrote Thursday in an update on its Substack newsletter about the hack.

Lazarus Group is a cybercriminal syndicate that works on behalf of the North Korean government, according to crypto forensics firm Chainalysis. The group stole about $1.75 billion worth of cryptocurrencies between 2017 and 2020, Chainalysis estimated, including the largest hack of 2020, the $275 million hack of the exchange KuCoin.

Read More Here

Related Reading: Cyber Alert – North Korean State-Sponsored APT Targets Blockchain Companies

CISA,  the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have released a joint Cybersecurity Advisory (CSA) that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) actor known as the Lazarus Group.

 


March 18, 2022

Mexico May be Next Country to Give Bitcoin Legal Status

Courtesy of CUToday.info

March 15, 2022 — MEXICO CITY—Mexico might soon become the next country to follow El Salvador’s footsteps and grant Bitcoin legal tender status in its jurisdiction.

A Mexican senator plans to propose a crypto law to the Mexican Congress this year, one that is based on El Salvador’s Bitcoin Law, according to TokenPost.

Indira Kempis, a senator representing Nuevo León state, is convinced that Mexico should grant Bitcoin legal tender status as adopting the crypto could potentially drive global financial inclusion, TokenPost said.

“It is clear to me that financial exclusion is one of the public problems that few of us have addressed with feasible alternatives, and that this type of technology is allowing us to generate an alternative, a path, a solution so that millions of people can be included in the financial system,” the senator was quoted as saying.

Bitcoin adoption has changed the perception of the global community towards El Salvador as they are now focused on the newly opened opportunities brought by the move, TokenPost noted.

“It is a historic opportunity that this type of project is being carried out in a Central American country,” the senator added.

 


 

April 8, 2022

A Rousing Week at Treasury

This week, Secretary of the Treasury, Janet L. Yellen not only testified before the U.S. House Financial Services Committee to “discuss Treasury’s oversight of the International Financial Institutions (IFIs) and our role in promoting inclusive and sustainable growth, global monetary and financial stability, and development,” Treasury escalated sanctions on Russia, including Russian-based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex and made an official statement on potential policies and regulations around digital assets.

Tuesday, The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the world’s largest and most prominent darknet market, Hydra Market (Hydra), in a coordinated international effort to disrupt the proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site. The operation targeting Hydra was a collaborative initiative joined by the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations. This action was enhanced by international cooperation with the German Federal Criminal Police, who today shut down Hydra servers in Germany and seized $25 million worth of bitcoin.

By Wednesday, Treasury has escalated the sanctions, targeting critical arteries of the Russian Federation economy, fully blocking the largest public and private banks, and imposing new sanctions on Putin’s Family and architects of war in response to Russia’s continued brutal war against Ukraine and atrocities against Ukrainian citizens. Treasury imposed full blocking sanctions on Sberbank, Russia’s largest state-owned bank, and Alfa-Bank, Russia’s largest private bank. Treasury also targeted family members of President Vladimir Putin (Putin) and Foreign Minster Sergey Lavrov (Lavrov), as well as Russian Security Council members who are complicit in the war against Ukraine.

Then, in a statement delivered Thursday to the American University’s Kogod School of Business Center for Innovation, Secretary Yellen closed out a busy week of activities with a statement on digital assets policy and remarking that crypto-asset regulations should support responsible innovation while managing risks.

Yellen commented that in many cases regulators already have authorities that can manage crypto risks and provide appropriate oversight of new types of intermediaries such as digital asset exchanges. “Our regulatory frameworks should be designed to support responsible innovation while managing risks – especially those that could disrupt the financial system and economy,” Yellen commented.

As banks and other traditional financial firms become more involved in digital asset markets, regulatory frameworks will need to appropriately reflect the risks of these new activities,” she said.

Within her remarks, Yellen shared 5 lessons to apply when navigating the challenges and opportunities associated with emerging technologies.

1. Our financial system benefits from responsible innovation
Although new technologies have made our financial system more efficient for most Americans, many transactions still take too long to settle. A combination of technological factors and business incentives have produced a common frustrating experience shared by tens of millions of Americans every week: their employer sends their paycheck, but it takes up to two days for the check to hit their bank account.

Proponents of digital assets envision a more efficient payment system with instantaneous transactions and lower costs no matter where you live. Under the Executive Order, the Administration will publish a report on the future of money and payments. The report will analyze possible design choices related to a potential Central Bank Digital Currency (CBDC) and implications for payment systems, economic growth, financial stability, financial inclusion, and national security.

2. When regulation fails to keep pace with innovation, vulnerable people often suffer the greatest harm
We learned this painful lesson during the Global Financial Crisis. Financial institutions called “shadow banks” and an explosion of new financial products allowed dangerous levels of risks to accumulate. Stablecoins raise policy concerns, including those related to illicit finance, user protection, and systemic risk. And, they are currently subject to inconsistent and fragmented oversight.

Of course, stablecoins are just one piece of a much larger ecosystem of digital assets. Our regulatory frameworks should be designed to support responsible innovation while managing risks – especially those that could disrupt the financial system and economy. As banks and other traditional financial firms become more involved in digital asset markets, regulatory frameworks will need to appropriately reflect the risks of these new activities. And, new types of intermediaries, such as digital asset exchanges and other digital native intermediaries, should be subject to appropriate forms of oversight.

3. Regulation should be based on risks and activities, not specific technologies
When new technologies enable new activities, products, and services, financial regulations need to adjust. But, that process should be guided by the risks associated with the services provided to households and businesses, not the underlying technology.

Wherever possible, regulation should be “tech neutral.” For example, consumers, investors, and businesses should be protected from fraud and misleading statements regardless of whether assets are stored on a balance sheet or distributed ledger. Similarly, firms that hold customer assets should be required to ensure those assets are not lost, stolen, or used without the customer’s permission. And, taxpayers should receive the same type of tax reporting on digital asset transactions that they receive for transactions in stocks and bonds, so that they have the information they need to report their income to the IRS.

To the extent there are gaps, we will make policy recommendations, including assessment of potential regulatory actions and legislative changes. Continuing to update and improve our regulatory architecture will support US economic competitiveness and reinforce leadership in the global financial system.

4. Sovereign money is the core of a well-functioning financial system and the US benefits from the central role the dollar and US financial institutions play in global finance
The development of our currency to its current form has been a dynamic process that took place over centuries. Today, monetary sovereignty and uniform currency have brought clear benefits for economic growth and stability. Our approach to digital assets must be guided by the appreciation of those benefits. Some have suggested a CBDC could be the next evolution in our currency. We need to consider these important questions in the context of the central role the dollar plays in the world economy.

The dollar’s international prominence is strongly supported by US institutions and policies; US economic performance; open, deep and liquid financial markets; rule of law; and a commitment to a free-floating currency. The President’s Executive Order asks us to consider whether and how the issuance of a public CBDC would support this role…I don’t yet know the conclusions we will reach, but we must be clear that issuing a CBDC would likely present a major design and engineering challenge that would require years of development, not months.

As we consider these big choices, we must also remember that technology-driven financial innovation is inherently cross-border and requires international cooperation.

5. We need to work together to ensure responsible innovation
Many of the most groundbreaking innovations in our history have involved all of us: policymakers and businesspeople, advocates, scholars, inventors, and citizens. People have a wide range of views when it comes to digital assets. On one hand, some proponents speak as if the technology is so radically and beneficially transformative that the government should step back completely and let innovation take its course. On the other hand, skeptics see limited, if any, value in this technology and associated products and advocate that the government take a much more restrictive approach. Such divergence of perspectives has often been associated with new and transformative technologies.

Additional Resources/Links to full statements

 


 

Fed’s Lael Brainard Sees Case for U.S. Central Bank Digital Currency

Courtesy of Ann Saphir, Reuters

Published February 18, 2022  Federal Reserve Board Governor Lael Brainard on Friday laid out a case for the role a U.S. central bank digital currency could play in bolstering financial stability as the use of stablecoins and cryptocurrency grows and other countries issue their own CBDCs.

“It is essential that policymakers, including the Federal Reserve, plan for the future of the payment system and consider the full range of possible options to bring forward the potential benefits of new technologies, while safeguarding stability,” Brainard said in remarks prepared for delivery to the U.S Monetary Policy Forum in New York. “A U.S. CBDC may be one potential way to ensure that people around the world who use the dollar can continue to rely on the strength and safety of U.S. currency to transact and conduct business in the digital financial system.”

Fed policymakers are divided on the need for a central bank digital currency, even as many other central banks globally are pressing ahead on such plans.

Brainard has emerged as a supporter of the idea, though in her remarks she emphasized the importance of considering the potential impact of a U.S. CBDC rather than making any outright claims for the need to adopt it.

Read the entire speech “Preparing for the Financial System of the Future” by Governor Lael Brainard

Read the remainder of the article from Reuters here

 


 Idaho Central Credit Union Launches Bitcoin Services

Partnerships allow members to buy, hold, and sell cryptocurrency.

Courtesy of Brock Fritz, Credit Union National Association

February 3, 2021 — Idaho Central Credit Union has partnered with NYDIG to offer bitcoin services through the Alkami Technology platform. Members of the $7.3 billion asset credit union in Chubbuck, Idaho, will be able to buy, hold, and sell bitcoin within its mobile app and online banking platform.

“Idaho Central can now offer a cutting-edge bitcoin solution,” Idaho Central Chief Information Officer Mark Willden says. “This solution is seamless and safely accessible to all. End users will gain access to a crypto dashboard with their bitcoin balance, market value, activity, and educational content.

“Our online platform provider supports cryptocurrency account type permissions, transaction limits, eligibility checks, and seamless onboarding for new bitcoin holders,” he adds.

Idaho Central will receive a percentage of the transaction fee on each trade. The credit union anticipates the integration will further drive end-user acquisition, retention, and engagement. According to a survey conducted by NYDIG, about 22% of Americans own bitcoin, while 80% of bitcoin holders would store it with their bank or credit union if they had the option.

 Read More About This Story Here

 


 

SEC’s Crypto Crusade at Risk in Looming Legal Battles

Courtesy of Sam Sutton, Politico – JAN. 29, 2022

Cryptocurrency payments firm Ripple has started to rack up procedural court victories as it fends off the SEC in a case that could redefine how the agency polices digital assets.

In 2021, the SEC went after crypto. In 2022, crypto is coming for the SEC.

Securities and Exchange Commission Chair Gary Gensler has vowed to rein in what he’s dubbed “Wild West” abuses in the $1.6 trillion market. Industry leaders, flush with cash and deep-pocketed investors following a trading boom in Bitcoin and other digital assets, are aiming their lawyers at the sheriff of Wall Street in an intensifying legal fight.

Cryptocurrency payments firm Ripple, the de facto leader of the revolt, has started to rack up procedural court victories as it fends off the SEC in a case that could redefine how the agency polices digital assets. Grayscale Investments, which wants to launch a Bitcoin fund for the masses, tapped the white-shoe law firm Davis Polk to publicly outline a legal case that could be brought against the agency if it obstructs the company’s ambitions. The CEO of another startup, Terraform Labs, sued the SEC after it tried to serve him with a subpoena.

The emerging legal assault, which is being cheered on by crypto-friendly lawmakers who say the agency is overstepping its authority, could limit the SEC’s reach for years to come and remove what many in the industry see as their biggest regulatory obstacle to launching even more virtual currency products.

Read More at Politico Here