In the midst of grappling with the aftermath of the recent $100 million Poloniex hack, the cryptocurrency community faces yet another cybersecurity menace that threatens to jeopardize billions of dollars in crypto assets.
A group of blockchain security experts uncovered this threat, which could have far-reaching implications for the crypto ecosystem.
On November 14, cybersecurity firm Unciphered divulged details about a vulnerability they’ve named “Randstorm.”
This vulnerability, they assert, has the potential to impact numerous crypto wallets created through web browsers from 2011 to 2015.
The discovery came about when the company was attempting to recover a Bitcoin wallet, revealing a potential issue with wallets generated by BitcoinJS and its associated projects.
According to Unciphered’s assessment, this issue has the potential to affect millions of wallets, collectively holding approximately $2.1 billion in cryptocurrencies.
Furthermore, Unciphered has raised concerns about the broader scope of this vulnerability, suggesting that it may extend to multiple blockchains and projects.
Beyond Bitcoin (BTC), the company has specifically pointed out that cryptocurrencies such as Dogecoin, Litecoin, and Zcash may also harbor this vulnerability.
The urgency of the situation is underscored by Unciphered’s assertion that many individuals have already received alerts regarding this problem.
READ MORE: Blockchain Association Challenges IRS Over Cryptocurrency Tax Regulations
For those who utilized web browsers to generate crypto wallets between 2011 and 2015, Unciphered strongly recommends transferring their assets to wallets generated using more recent and trusted software. Their advice is clear:
“If you are an individual who has generated a self-custody wallet using a web browser before 2016, you should consider moving your funds to a more recently created wallet generated by trusted software.”
Although Unciphered confirmed that not all affected wallets are equally vulnerable, they stressed that the vulnerability is exploitable.
However, they have refrained from disclosing specific details about the exploit to prevent any potential misuse by malicious actors within the crypto space.
In conclusion, the crypto community faces a new and potentially significant cybersecurity threat in the form of the Randstorm vulnerability.
This discovery serves as a reminder of the importance of regularly updating and securing crypto wallets, especially for those who generated wallets during the 2011-2015 timeframe, as their assets may be at risk.
As the crypto landscape continues to evolve, vigilance and proactive security measures are paramount to safeguarding valuable assets in this digital realm.
Despite undergoing multiple security audits, Raft, a decentralized U.S. dollar stablecoin protocol, recently fell victim to a security breach resulting in a substantial loss of $6.7 million.
The incident, detailed in a post-mortem report released on November 13th, involved a hacker who had borrowed 6,000 Coinbase-wrapped staked Ether (cbETH) from the decentralized finance platform Aave.
This borrowed cbETH was then transferred to Raft, where the attacker exploited a smart contract glitch to mint an astonishing 6.7 million R tokens, which constitute Raft’s stablecoin.
The ill-gotten funds were promptly funneled off the platform through liquidity pools on decentralized exchanges Balancer and Uniswap, ultimately yielding the hacker $3.6 million in gains.
The attack had a detrimental impact on the R stablecoin’s peg to the U.S. dollar.
The post-mortem report identified the primary cause of the incident as a precision calculation issue when minting share tokens, enabling the attacker to amass extra share tokens.
The attacker capitalized on the amplified index value, significantly boosting the value of their shares.
This security lapse went unnoticed despite the smart contracts having undergone audits by blockchain security firms Trail of Bits and Hats Finance, highlighting the unfortunate inability of these audits to detect the vulnerabilities that led to the breach.
READ MORE: Spanish Regulator Takes Action Against Fraudulent Crypto Promoters
In response to the incident, Raft has taken a series of measures.
They have filed a police report and are collaborating with centralized exchanges to trace the flow of the stolen funds.
Currently, all of Raft’s smart contracts remain suspended. However, users who had minted R tokens still have the option to settle their positions and recover their collateral.
This event serves as another sobering reminder of the ongoing challenges and risks associated with decentralized stablecoins.
It underscores the critical importance of implementing robust security measures and maintaining vigilance within the DeFi space.
This incident is not an isolated case within the decentralized stablecoin realm.
In December 2022, the decentralized stablecoin HAY also experienced a depegging from the U.S. dollar due to a hacker exploiting a smart contract glitch, enabling them to mint 16 million HAY tokens without proper collateral.
HAY has since managed to reestablish its peg, partly due to the protocol’s requirement of a collateralization ratio of 152% at the time of the exploit, which served as a risk management safeguard.
The Asia-Pacific Economic Cooperation (APEC) summit kicked off on November 11th in San Francisco, promising an eventful week of discussions and meetings.
While the anticipated meeting between United States President Joe Biden and Chinese leader Xi Jinping on November 15th captures the spotlight, the finance ministers’ gathering also holds significant importance within the organization.
U.S. Treasury Secretary Janet Yellen, addressing the finance ministers’ meeting on November 13th, outlined their agenda, emphasizing a focus on long-term priorities with a strong emphasis on sustainability.
Two key sessions are planned, one dedicated to supply-side economics and another to digital assets.
Yellen specifically highlighted unbacked crypto assets, stablecoins, and central bank digital currencies as topics of discussion.
Yellen expressed the importance of engaging with the private sector to gain a deeper understanding of the tools that policymakers can utilize to ensure the responsible development and utilization of digital assets.
She invited perspectives on the role of digital assets and blockchain technologies in financial systems and inquired about regulatory oversight strategies.
READ MORE: Bitcoin Mining Soars to Annual All-Time High, Surpasses $44 Million in Daily Rewards
In the lead-up to the summit, Yellen had a meeting with top Chinese economic official He Lifeng on November 9th and 10th. It’s worth noting that China has effectively banned cryptocurrency trading since 2021 but has emerged as a global leader in central bank digital currency development.
The perspectives shared during the November 13th meeting may diverge from Yellen’s own stance, as the Biden administration is generally perceived as cautious or less favorable toward cryptocurrencies.
Meanwhile, many view Asia as taking the lead in blockchain development, with notable advancements in the metaverse, cryptocurrency trading, and adoption across various Asian economies.
APEC comprises 21 Pacific-region “economies” spanning Asia, North America, and South America.
Its unique membership structure accommodates economies rather than countries, enabling participation from entities like Hong Kong and Taiwan without generating controversy.
Notably, Ripple played a significant role as a diamond-level sponsor of the summit, underscoring the growing influence of blockchain and digital assets in the global economic landscape.
In summary, the APEC summit’s finance ministers’ meeting underscores the growing importance of digital assets and sustainability in the regional economy.
While the U.S. and China differ in their approaches to cryptocurrency, the summit provides a platform for dialogue and collaboration among diverse economies seeking to navigate the evolving financial landscape.
The price of a memecoin named after Elon Musk’s AI project “Grok” took a nosedive, plummeting by over 70% after blockchain investigator ZachXBT alleged that the token’s social media presence was recycled from a previous scam token project.
In a tweet on November 13, ZachXBT shared screenshots revealing that various social media accounts and websites associated with the Grok (GROK) token were repurposed from abandoned projects, including a memecoin called ANDY, which had seen a significant decline from its all-time high.
In the aftermath of ZachXBT’s tweet, the memecoin community witnessed GROK’s price plummet by a staggering 74%, dropping from its all-time high of $0.027 to a low of $0.007 in just five hours.
Subsequently, the price partially recovered to $0.011, as per data from DexTools.
In a subsequent post, ZachXBT highlighted an Etherscan transaction that showed the GROK team sending approximately $1.7 million worth of the token to a burn address, a move aimed at reducing the token’s supply and restoring confidence in it.
READ MORE: Bitcoin Mining Soars to Annual All-Time High, Surpasses $44 Million in Daily Rewards
The official GROK token account, in a November 14 post, claimed that the development team had burned all the tokens from the deployer address, totaling around 180 million GROK, valued at approximately $2 million at the current market prices.
At its peak price of $0.027 on November 13, GROK had a market capitalization of nearly $200 million, establishing itself as one of the largest new memecoins in the current cycle.
GROK was launched on November 5, coinciding with Elon Musk’s announcement of Grok AI, purportedly a competitor to OpenAI’s ChatGPT.
In the following week, the memecoin’s value experienced an astonishing 33,650% surge, driven by memecoin traders looking to capitalize on the hype.
In summary, the price of the Grok memecoin experienced a dramatic drop following allegations of recycled social media accounts and a subsequent token burn attempt by the development team.
This rollercoaster ride in value occurred amid the fervor surrounding Elon Musk’s Grok AI project, which had initially fueled the memecoin’s meteoric rise.
In less than two months, institutional investment in Bitcoin has witnessed a staggering influx of over $1 billion, signaling a resurgence in interest in cryptocurrencies.
CoinShares, a prominent crypto asset management firm, highlighted this remarkable trend in its latest weekly report on November 13, underscoring the growing capital flow into Bitcoin and altcoins.
The surge in Bitcoin, Ether, and select altcoin prices can be attributed to the mounting excitement surrounding the potential approval of the United States’ first spot exchange-traded fund (ETF).
Since November 2022, the total market capitalization of the cryptocurrency market has skyrocketed by $600 billion, according to data from TradingView.
However, the past two months have witnessed a substantial uptick in funds allocated to crypto investment products, with CoinShares revealing, “Digital asset investment products saw inflows totaling US$293 million last week, bringing this 7-week run of inflows past the US$1 billion mark, leaving year-to-date inflows at US$1.14 billion, making it the third-highest yearly inflows on record.”
One of the most noteworthy statistics indicating the resurgence of crypto in 2023 is the Assets Under Management (AUM) of crypto exchange-traded products (ETPs).
Since the beginning of the year, this figure has nearly doubled, with a remarkable 10% increase occurring in just the past week.
CoinShares noted, “At US$44.3 billion, total AuM is now the highest since the major crypto fund failures in May 2022.”
READ MORE: Ripple CEO Advocates Multichain Future and Regulatory Clarity at Ripple Swell 2023
Moreover, the report highlighted that investors seeking long positions in Bitcoin accounted for the majority of the trading volume.
“Bitcoin saw inflows totaling US$240 million last week, pushing year-to-date inflows to US$1.08 billion, while short-bitcoin saw US$7 million outflows, indicative of continued positive sentiment,” the report stated.
This renewed interest has also spurred on-chain analytics firm Glassnode to reevaluate Bitcoin supply dynamics.
As the fourth halving event approaches, Bitcoin holdings for storage now exceed the amount mined by a factor of 2.4.
This development signifies a significant milestone for Bitcoin, attracting intrigue from investors due to its impressive historical returns.
Furthermore, Philip Swift, the creator of the statistics platform Look Into Bitcoin, pointed out the increasing number of wallet entities, both large and small, as a sign of growing adoption.
It’s important to note that this article does not offer investment advice or recommendations.
All investment and trading decisions involve risk, and readers are advised to conduct their own research and due diligence before making any investment decisions.
An employee of FTX’s charity division, Ross Rheingans-Yoo, is currently embroiled in a legal battle to receive the remaining $275,000 of his 2022 salary bonus.
Rheingans-Yoo’s lawyers argue that only $375,000 out of his $650,000 bonus has been paid by FTX, claiming that the remaining funds were owed when the crypto exchange filed for bankruptcy in November 2022.
This latest development comes as a response to FTX’s objection, which was filed on October 30th.
In his response, Rheingans-Yoo shared a portion of a Google Doc created by FTX co-founder Sam Bankman-Fried, outlining his employment terms at the FTX Foundation, including a $100,000 base salary.
He stated that Bankman-Fried had informed him about this in a memo.
Rheingans-Yoo emphasized that he was not part of Bankman-Fried’s “inner circle” and had no knowledge of FTX’s alleged misappropriation of customer funds.
According to his lawyers, he was merely a loyal employee caught in a situation not of his making.
Rheingans-Yoo asserts that he is entitled to an additional $650,000 designated for charitable donations, a prepetition salary payment of approximately $5,700, and a post-petition salary of at least $62,800.
READ MORE: Spanish Regulator Takes Action Against Fraudulent Crypto Promoters
FTX’s advisers contend that Rheingans-Yoo has already received his full bonus because he had chosen to have a portion of it repaid via options in the company’s corporate affiliates before the bankruptcy filing. However, Rheingans-Yoo disputes this claim.
The ultimate decision regarding Rheingans-Yoo’s bonus will rest with a Delaware bankruptcy judge overseeing FTX’s Chapter 11 bankruptcy proceedings.
Notably, FTX had previously sued Rheingans-Yoo’s Latona Biosciences Group, Sam Bankman-Fried, and several other defendants in July.
The lawsuit sought the return of $71.6 million in investments and donations allegedly directed to various life science companies. FTX alleges that Rheingans-Yoo and Bankman-Fried personally benefited from these transactions, while FTX and Alameda Research did not.
The crypto exchange claims that these transfers were made with the intent to hinder, delay, or defraud present or future creditors, a fact known by the FTX Foundation, Latona, and Bankman-Fried.
Rheingans-Yoo maintains that his work at Latona involved analyzing potential recipients, engaging with their founders and executives, and conducting due diligence, all with the aim of producing positive societal outcomes.
The outcome of this legal dispute will undoubtedly have significant implications for both parties involved.
Taiwanese cryptocurrency exchange Bitgin finds itself under intense scrutiny as it faces allegations of money laundering, prompting an investigation by the country’s law enforcement agencies.
The unfolding saga centers around the arrest of Yuting Zhang, the firm’s Chief Operating Officer, who has been detained by Taiwanese authorities due to his purported involvement in the “Eighty-Eight Guild Hall” money laundering incident.
Earlier, Zhemin Guo and Chengwen Tu, both local businessmen, were accused by the police of orchestrating a colossal money laundering operation worth billions of dollars.
Their scheme allegedly involved the utilization of foreign exchange offices and cryptocurrency exchange accounts to launder illicit proceeds obtained through wire fraud activities conducted overseas.
Furthermore, Tu stands accused of deceiving the country’s tax authorities by falsely claiming 300 million New Taiwan dollars (equivalent to $9.28 million) in fraudulent export tax refunds through the illicit overseas sale of video game credits.
A notable aspect of this incident is Taiwan’s lack of an official licensing framework for cryptocurrency exchanges.
In a bid for self-regulation and to engage with political officials, Bitgin and its industry peers established the Virtual Asset Service Provider Preparatory Office back in September.
READ MORE: China’s New Phishing Scam Targets Crypto Users Through Fake Skype App
Commenting on the situation, Yuling Tsai, the General Counsel of the Taiwan VASP Association, remarked, “This time, a member of the preparatory group was involved in the investigation case.
The preparatory group immediately held a meeting and issued a public response.
The members involved in the case also took the initiative to suspend participation in the work of the preparatory group.”
Bitgin has sought to reassure its users, stating that its operations remain unaffected, and user rights are safeguarded.
According to the exchange, Chief Operating Officer Zhang’s involvement in the Eighty-Eight Guild Hall money laundering incident transpired from late 2021 to March 2022.
The exchange claims that Zhang ceased all communications with the implicated parties after discovering allegations of money laundering.
The exchange has also pledged full cooperation with the investigative authorities, offering all necessary assistance to ensure a smooth and expeditious investigation.
Bitgin expresses a hope that the facts surrounding the case can be clarified promptly, indicating its commitment to resolving the matter transparently.
On November 12, the Bitcoin mining community reached an annual all-time high (ATH), generating more than $44 million in combined block rewards and transaction fees.
Bitcoin mining relies on specialized computer equipment, known as mining rigs, to confirm transactions and create new blocks. Miners currently earn 6.25 BTC for successfully creating a block, along with transaction fees.
This milestone marked the first time in 2023 that daily Bitcoin mining rewards surpassed the $44 million mark, a level previously observed in April 2022, as reported by data from blockchain.com.
Between April 2022 and November 2023, Bitcoin miners faced several challenges that contributed to a decline in their revenue.
These included a prolonged bear market, negative investor sentiment stemming from scams and ecosystem collapses, and regulatory restrictions hindering Bitcoin transactions.
However, 2023 marked a turnaround for the industry, driven by crypto entrepreneurs who worked to restore investor confidence. Increasing market prices and growing public interest led to a year-long uptrend in mining revenue.
READ MORE: Former FTX Executives Launch Backpack Exchange in Dubai
Marathon Digital Holdings, a prominent Bitcoin mining firm, reported a staggering 670% year-on-year revenue surge in the third quarter of 2023, alongside a nearly five-fold increase in Bitcoin production.
Beyond individual miners and companies, many countries actively participate in securing the Bitcoin network through mining operations.
For instance, Bhutan, a landlocked Asian nation, has been engaged in Bitcoin mining powered by hydropower since the cryptocurrency’s price was at $5,000 in April 2019.
Bhutan is now exploring partnerships to expand its mining endeavors further, including negotiations with the Nasdaq-listed mining company Bitdeer to secure 100 megawatts of power for a Bitcoin mining data center within its borders.
This collaboration could boost Bitdeer’s mining capacity by approximately 12%.
In summary, the Bitcoin mining community achieved a significant milestone in November 2023, reaching an annual all-time high in revenue.
While the industry faced challenges in previous months, it experienced a resurgence in 2023, fueled by market dynamics, increased interest, and strategic efforts by key players in the crypto space.
In the ever-evolving landscape of cryptocurrencies, a debate rages on between proponents of a singular blockchain and those who envision a future comprising multiple blockchains working in harmony.
Ripple CEO Brad Garlinghouse recently weighed in on this discourse during a keynote fireside chat at the Ripple Swell 2023 event in Dubai.
Garlinghouse, while acknowledging the diversity within the crypto sphere, actively discouraged the concept of maximalism.
Garlinghouse’s vision for the future is one of a “multichain world.” He stressed the importance of avoiding maximalism and instead embracing the idea that various cryptocurrencies and blockchains will coexist and collaborate to form a dynamic ecosystem.
During his address, the Ripple CEO also identified two critical factors that could fuel greater institutional adoption of digital assets worldwide.
Firstly, he emphasized the need for clear regulatory frameworks, highlighting that while the United States contributes significantly to the global economy, it lags behind in establishing comprehensive crypto regulations.
Garlinghouse contrasted this with regions like Dubai, where regulators engage constructively with the crypto sector.
READ MORE: Bitcoin Argentina Proposes Progressive Cryptocurrency Regulation Framework
In Garlinghouse’s view, regulatory clarity is essential for large institutions to feel confident about entering the crypto space.
Without a well-defined framework, institutional participation remains hampered by uncertainty.
Additionally, Garlinghouse stressed the significance of “demonstrated utility” in the crypto space.
He argued that the primary goal should not be speculative trading but rather showcasing practical uses for cryptocurrencies.
Speculation alone, in his judgment, does not lead to the promised land of crypto’s full potential.
In essence, Brad Garlinghouse’s perspective at Ripple Swell 2023 presented a vision of the crypto future characterized by diversity and cooperation among various blockchains.
He advocated for regulatory clarity as a catalyst for institutional adoption and underscored the importance of cryptocurrencies demonstrating their practical utility.
As the crypto landscape continues to evolve, it remains to be seen how these insights will shape the industry’s trajectory in the years to come.
A new phishing scheme has emerged in China, specifically targeting cryptocurrency users. This fraudulent operation utilizes a counterfeit Skype video app to carry out its malicious activities.
According to a report by SlowMist, a crypto security analytics firm, the scammers behind this scheme have capitalized on China’s ban on international applications as the foundation of their fraud.
Many mainland users often resort to third-party platforms to search for these banned applications, making them susceptible targets.
Mainland users frequently seek social media applications like Telegram, WhatsApp, and Skype, which are among the most commonly searched for applications.
Scammers exploit this vulnerability by distributing fake, cloned applications embedded with malware designed to attack cryptocurrency wallets.
SlowMist’s analysis unveiled that the fraudulent Skype application, which was recently created, displayed a version number of 8.87.0.403. In contrast, the latest official Skype version is 8.107.0.215.
The security team also identified that the phishing back-end domain initially impersonated the Binance exchange on November 23, 2022, but later transformed to mimic a Skype back-end domain on May 23, 2023.
The existence of this fake Skype app was first brought to light by a user who fell victim to the scam and lost a substantial amount of money.
Further investigation of the fake app’s signature revealed that it had been tampered with to insert malware.
READ MORE: FTX Bankruptcy Estate Files $1 Billion Lawsuit Against ByBit and Executives
Upon decompiling the app, the security team discovered a modified Android network framework called “okhttp3,” which was adapted to target cryptocurrency users.
The modified okhttp3 framework, unlike the default version that handles regular Android traffic requests, obtains images from various directories on the user’s device and monitors for new images in real time.
The malicious okhttp3 requests users to grant access to internal files and images, a request that often goes unnoticed as many social media applications require similar permissions.
Subsequently, the fake Skype app commences uploading images, device information, user IDs, phone numbers, and other data to its back end.
Once the fake app gains access, it continuously scans for images and messages containing strings resembling cryptocurrency addresses, such as those for TroN and Ether.
If such addresses are detected, the fake app automatically replaces them with pre-set malicious addresses chosen by the phishing gang.
However, as of November 8, SlowMist’s testing revealed that the wallet address replacement had ceased, and the phishing interface’s back end was no longer returning malicious addresses.
The SlowMist team promptly flagged and blacklisted all wallet addresses associated with this scam to protect potential victims from falling prey to the scheme.