Coindesk News

Blockchain Bites: BlockFi Hacked, Sued, BitMEX Down

Today, BlockFi disclosed a SIM-swapping attack that revealed personal information related to a large swath of the firm’s clients. While customer funds are secure, BlockFi said, their names and addresses were compromised along with their activity histories.

This security breach comes on the heels of a cryptojacking exploit targeting European supercomputers researching COVID-19. Elsewhere, class-action lawsuits have been brought against and chip-maker Nvidia, while the little-known firm BMA is suing BitMEX for allegedly orchestrating the largest financial crime in American history. Here’s the story:

You’re reading Blockchain Bites, the daily roundup of the most pivotal stories in blockchain and crypto news, and why they’re significant. You can subscribe to this and all of CoinDesk’s newsletters here. 

Top Shelf

BlockFi Hack
BlockFi said an attacker got hold of users’ data by compromising an employee’s phone and taking control of the person’s phone number through a SIM-swap attack. The New York-based crypto lending platform announced in a memo to users on Tuesday that a hacker – whose identity remains unknown – gained access to some of its retail marketing systems for just over an hour early on May 14. The hacker accessed confidential data such as names, dates of birth, postal addresses and activity histories but was unable to withdraw user funds or access other sensitive account information including bank account details, Social Security and tax identification numbers.

BitMEX Down
The trading engine for BitMEX, formerly the largest bitcoin derivatives exchange measured by open interest, went down on Tuesday, according to the exchange’s status page. BitMEX supported roughly $2.2 billion in bitcoin futures trading volume over the last 24 hours, according to Skew, and is investigating the incident.  

RICO Violations?
BMA LLC, the Puerto Rican company that two weeks ago filed a lawsuit again Ripple, has accused the BitMEX derivatives exchange of orchestrating the largest financial crime in American history. The filing envisions a vast racketeering conspiracy designed to reap billions in illegal profit through wire fraud, money laundering, unlicensed money transmission, interstate transport of stolen property and violations of the Racketeer Influenced and Corrupt Organizations Act, or RICO. CEO Brendan Blumer speaks at the Voice launch event, June 2019. (Photo courtesy of CEO Brendan Blumer speaking at the launch of the Voice social media network (Photo from CoinDesk archives)

EOS Class-Action
A cryptocurrency investment fund has launched a class-action lawsuit against and EOS’ high command, arguing the “fraudulent scheme” failed to deliver on its primary promise of decentralization. In a recent filing, plaintiffs argue CEO Brendan Blumer, CTO Dan Larimer, former Chief Strategy Officer Brock Pierce and former partner Ian Grigg purposefully misled investors and artificially inflated the EOS token price during the yearlong ICO, which raised a total of $4.1 billion between June 2017 and June 2018. Last year, reached a settlement with the Securities and Exchange Commission over running an unregistered security sale. 

Misleading Games
A recent filing shows that disgruntled investors are still pursuing action against Nvidia, the multinational chip-making giant, accused of under-reporting its sales of hardware used to mine cryptocurrency. The shareholder class-action lawsuit accuses CEO Jensen Huang, CFO Collette Kress and Jeff Fisher, senior vice president and head of gaming, of misleading investors by saying increased sales of its chips came from gamers rather than the unsustainable 2017 crypto mining boom. 

Smashing Private Keys
Tornado Cash, a privacy tool for obfuscating the history of ether transactions, is now fully permissionless. Developers used a cryptographic method known as multi-party computation (MPC), to eliminate their private keys and make the protocol completely trustless. 

Vitalik Buterin photo from CoinDesk archives

Monopoly Busting Blockchain
Vitalik Buterin has called for lawmakers to be more accommodating to blockchain protocols, saying they can help antitrust agencies fight monopolies and anti-competitive behavior. Together with a Harvard economist, the creator of Ethereum argued in a newly-published paper that blockchain and antitrust agencies “share a common goal” in decentralizing economies. 

Giancarlo Joins 
Former U.S. Commodity Futures Trading Commission (CFTC) Chairman J. Christopher Giancarlo is advising a coronavirus relief effort. The Open Initiative is prepared to grant more than $200,000 to tech-driven – and preferably blockchain – solutions to the current crisis. 

Libra Hire
Libra has added a former U.S. government official as its general counsel, its second add from the Financial Crimes Enforcement Network (FinCEN). Announced by the Libra Association Tuesday, Robert Werner joins the project with “a wealth of regulatory, financial crime compliance and enforcement experience” from his previous roles as FinCEN director and director of the Office of Foreign Assets Control (OFAC).

European supercomputers programmed to search for a coronavirus vaccine were hijacked last week to mine the privacy crypto monero. The hackers had gained entry via stolen remote access credentials from individuals authorized to operate the machines, and many of the affected computers are still down pending investigation. 

Black Market Mixing
Bitfury’s crypto analytics unit Crystal Blockchain issued a report showing bitcoin mixing services are on the rise. According to the report, the share of bitcoin sent to mixers by darknet entities rose to 20% in Q1 2020 as compared to just 1% in Q1 2019, The Block reports.
DTCC’s Jennifer Peve, image from CoinDesk archives

Eying Blockchain
Depository Trust & Clearing Corporation (DTCC), a giant of financial markets infrastructure, is studying whether distributed ledger technology (DLT) could accelerate its processing of securities. DTCC revealed two projects Monday aimed at integrating DLT with capital markets: Ion, a proof-of-concept alternative settlement service and Whitney, a security token method of private securities issuance and exchange. The corporation handles nearly $2 quadrillion in securities every year, almost the entirety of the U.S. securities market. 

tBTC Bug
After pausing the tBTC protocol, which brought Bitcoin onto Ethereum, developer Matt Luongo clarified his decision without going into detail as to what went wrong. The Thesis team said it discovered a bug, but will not disclose details until all funds have been safely withdrawn from this iteration of tBTC. The team is helping users withdraw deposited BTC.

Proof of Societal Value
“Much ink has been spilled on the question of bitcoin’s energy footprint. But amid the clarifying details and the energy mix calculations we have lost sight of the most important questions,” CoinDesk columnist Nic Carter writes in his latest op-ed. Central to the debate are the inefficiencies baked into the global energy sector, including line-loses and the overbuilding of energy infrastructure in Chinese provinces, as well as bitcoin’s considerable consumption and CO2 externalities. Ultimately, it’s about tradeoffs. The Bitcoin network is an open system, “which is paid for,” both in fees and energy consumption. 

Market Intel

Difficult Adjustments?
Days after the biggest non-event of the year, the Bitcoin halving, holders are counting down to the next milestone on the blockchain: the latest “difficulty adjustment,” expected Tuesday around 5 p.m. ET. This automatic mechanism occurs roughly every two weeks, and is expected to make mining easier. “And like the halving, it’s expected to be uneventful,” the First Mover team said. However, it’s an essential way to regulate the network, enticing miners to stay on, reducing confirmation times and also ensuring more equitable payouts. You can get First Mover in yer mailbox here.

Bitcoin Burst
Wrapped Bitcoin on the Ethereum blockchain in the form of the WBTC ERC20 token has doubled to nearly $23 million worth in tokens in the last two weeks. This follows a vote at Maker to introduce the token as a form of collateral on the protocol. (Decrypt)

Yesterday, Tether, the largest stablecoin tied to the U.S dollar, had fallen below par value for the longest stretch since bitcoin hit 12-month lows in March. This deviation is partially explained by increased demand for bitcoin and bitcoin futures, with investors trading in stable assets for the cryptocurrency. Tether’s dip below $1 also coincides with a brief respite of new token issuances. 

The Breakdown

Albert Wenger on World Historical Shifts
Albert Wenger is a partner at Union Square Ventures and the latest guest on The Breakdown podcast. The conversation touches on core ideas in Wenger’s “World After Capital,” an evolving digital book project that looks at a set of megatrends as the world moves between economic paradigms from the Industrial Age to the Knowledge Age. 

Who Won #CryptoTwitter?

Subscribe to receive Blockchain Bites in your inbox, every weekday.
Disclosure Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Source link

News Sputnik

European Supercomputers Researching COVID-19 Outbreak Reportedly Hacked to Mine Cryptocurrency


Get short URL

Many of the supercomputers that suffered “security incidents” over the last week were reportedly being used for conducting research on the novel coronavirus outbreak, work that was apparently obstructed by the attacks.

Supercomputers in European countries including Germany, the UK and Switzerland were forced to shut down amid a series of intrusions made with the goal of installing cryptocurrency-mining malware, according to ZDNet. A similar “security incident” was reported from a high-performance computing centre in Spain. The malware reportedly saw the shutdown of the supercomputers as a means of restoring “a safe environment” and rewriting passwords and credentials.

Several intrusions reportedly took place over the last week, beginning with a Monday attack reported by the University of Edinburgh running the ARCHER supercomputer and followed by similar reports from Germany, Spain and Switzerland. The attacks were aimed at nodes that control computing clusters, which were then apparently infected with malware. 

According to a European Grid Infrastructure (EGI) security team report, the attacks – originating in Poland and China – were carried out by stealing SSH credentials from authorized users. 

Chris Doman, co-founder of Cado Security, told ZDNet that there was no clear evidence that all attacks were conducted by the same group. The malware filenames and network indicators, however, leave space for alleging that the source of the threats could be the same. 

According to Doman, hackers installed malware that mined the Monero (XMR) cryptocurrency, after accessing the supercomputers’ controlling nodes using an exploit for a CVE-2019-15666 vulnerability, allowing root access to the computers. 

Several supercomputers targeted in the attacks, including Edinburgh’s ARCHER, were prioritizing COVID-19 research, work which has now likely been obstructed by the intrusion and the resulting shutdown.

Amid the ongoing COVID-19 pandemic, there have been many reports on hacker attacks directed at the World Health Organization, the Wuhan Institute of Virology, as well as possible security breaches and personal data protection issues revolving around the apps used to track those who have contacted COVID-19-positive victims.

Source link

Gateway Pundit News

Jesse Watters at Watters’ World Confirms Our Reporting That There Is No Evidence Russia Hacked the DNC and Gave Emails to WikiLeaks

Apelbaum next discusses Guccifer 2.0 –

In June 21, 2016, Lorenzo Franceschi-Bicchierai from Vice Motherboard interviewed a person who identified himself as “Guccifer 2.0”. During their on-line chat session, the individual claimed that he was Romanian (see transcript of the interview below). His poor Romanian language skills were later used to unmask his Russian identify.

…I’m not a scientific linguist nor do I even know where to find one if my life depended on it, but I’m certain that you can’t reliably determine nationality based on someone impersonating another language or from the use of fake metadata in files. This elaborate theory also has the obvious flaw of assuming that the Russian intelligence services are dumb enough to show up to an interview posing as Romanians without actually being able to read and write flaunt Romanian.

After providing a couple more examples of why the Russian story doesn’t stick, Apelbaum closes with this –

The bottom line is that if we want to go beyond the speculative trivia, the pseudo science, and the bombastic unverified claims, we have to ask the real tough questions, mainly: is Guccifer 2.0 even the real attacker and how did he circumvent all of the logs during several weeks of repeated visits while downloading close to 2 GB of data?

Esteemed NSA whistleblower Bill Binney reported in June 2019 that there was no way Russians hacked the DNC based on the speed of the transfer of the data that was hacked. But according to Apelbaum the transfer speeds is a minor issue here. It’s just an indicator that it would have been difficult for Guccifer 2 who was sitting in Romania to access the DNC system remotely.

Per an illustration from Apelbaum, Guccifer 2 is depicted as the red devil icon below:

This illustration shows the Crowdstrike was obviously false in its claims that Russia hacked the DNC.

This is because:

1. If Guccifer 2 did it from Romania (the red devil icon on the left of the illustration), he needed a 23 Mbit/s transfer rate. At the time of this hack in 2016, Romania was only supporting 16Mbit/s speeds. But to do that he had to go through all of the red hell in the middle of the illustration, which I don’t believe he did based on the poor technical skill set he demonstrated during his interview with Motherboard vice.

2. If the leak came from the inside (the half green half red icon in the right side of illustration), he had the full 23 Mbit/s transfer rate because he just plugged-in a USB drive to the computer. He also didn’t need any hacking skills because he most likely had full system access.

Finally, we know that WikiLeaks stated numerous times that Russia did not provide them with the emails they leaked in 2016 and Julian Assange stated that WikiLeaks had nothing to do with Russia.

But of course the Mueller gang never interviewed WikiLeaks in an effort to determine how they received the Clinton emails. Of course the Mueller team could not risk WikiLeaks saying the emails were not received from Russia which would destroy their ‘Russia hacked the DNC’ fairy tale.

Aaron Mate from The Gray Zone joined Jesse Watters to discuss the Russian “hacking” scandal and Crowdstrike.

The entire Russia collusion scam is so full of lies but the biggest was Russia hacked the DNC and gave the emails to WikiLeaks. It was all a big lie.

Source link