SEC - Page 266

A zero transfer phishing attack recently orchestrated by a scammer resulted in the theft of $20 million worth of Tether (USDT) on August 1.

The incident unfolded when the scammer managed to get hold of 20 million USDT from the victim’s address, which was identified as 0x4071…9Cbc.

The victim intended to send the money to address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570, but due to the scammer’s cunning manipulation, it was redirected to a phishing address, 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.

The scammer’s ploy started with the victim’s wallet receiving $10 million from a Binance account. After sending it to another address, the victim unknowingly fell prey to the scammer’s trickery.

The scammer initiated a fabricated Zero USDT token transfer from the victim’s account to the phishing address.

When the victim later attempted to transfer 20 million USDT, they mistakenly believed they were sending it to their desired address.

However, they were, in fact, transferring the amount to the scammer.

Upon discovering the scam, Tether promptly blacklisted the victim’s wallet, raising concerns about the swiftness of the issuer’s response.

READ MORE: Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset

The success of this type of phishing attack is partially attributed to the common practice among users of only checking the first or last five digits of a wallet address, rather than verifying the entire address. This oversight causes them to send assets to a phishing address unknowingly.

The mechanics of the zero transfer scam can be explained as follows: When a victim sends a certain amount of coins to an address for an exchange deposit, the attacker duplicates a similar-looking address under their control.

They then execute a transaction for zero coins from the victim’s wallet to this mimic address.

When the victim reviews their transaction history, they might mistake the phishing address for the actual deposit address and proceed to send their coins to it.

Unfortunately, such zero transfer phishing scams have become increasingly common within the cryptocurrency ecosystem over the past year.

In fact, the first known instance of this type of scam occurred in December 2022, and it has since caused losses exceeding $40 million due to various reported attacks.

In conclusion, the prevalence of zero transfer phishing attacks highlights the need for increased vigilance and awareness among cryptocurrency users.

By verifying complete wallet addresses and staying informed about emerging scam techniques, users can better protect their digital assets from falling into the hands of malicious actors.

Additionally, issuers and platforms within the crypto industry should continue to develop robust security measures to mitigate the impact of these scams and safeguard their users’ funds.

Other Stories:

BNB Smart Chain (BSC) Hit by Copycat Attacks

Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal

SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market

Circle’s USD Coin (USDC) and other stablecoins are facing potential compliance challenges due to a new amendment in the 2024 National Defense Authorization Act (NDAA) recently passed by the United States Senate.

According to Berenberg analyst Mark Palmer’s July 31 investment note, the amendment could introduce new Know Your Customer (KYC) and Anti-Money Laundering (AML) measures that stablecoin issuers might struggle to comply with.

The proposed amendment requires the U.S. Treasury Secretary to establish examination standards for crypto assets to ensure compliance with money laundering and sanctions laws.

If it remains in the final version of the NDAA, it could present problems for stablecoin issuers.

Palmer pointed out that identifying stablecoin holders is only possible during issuance and redemption, and this requirement could lead to a deterioration in USDC’s market cap.

Over the past few months, USDC’s market cap has declined by approximately 39%, amounting to $17.5 billion since March 5.

This development not only impacts Circle but also poses challenges for Coinbase.

READ MORE: Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal

Palmer highlighted that in the first quarter of the year, 27% of Coinbase’s net revenue came from interest income on USDC. The potential setbacks for both Circle and Coinbase could be concerning for investors.

Coinbase’s shares have shown significant outperformance in the traditional equities market since the beginning of the year, surging 170% from $33 on January 1 to $98.61 at the time of the publication of the investment note.

Berenberg attributed this outperformance to favorable rulings for Ripple Labs and the interest generated by major institutions like BlackRock and Fidelity in filing for spot Bitcoin exchange-traded funds (ETFs).

However, the bullish factors for Coinbase might be on shaky ground. SEC Chair Gary Gensler’s recent comments have raised uncertainty among investors.

Gensler stated that cryptocurrencies could fall under the purview of the SEC, implying that regulations might be on the horizon.

Additionally, his response to Bitcoin ETF applications suggested potential opposition to their approvals.

Despite these uncertainties, Berenberg maintained a “hold” rating for Coinbase stock.

The company’s large balance of cash and equivalents offers financial cushion and flexibility for navigating the uncertain landscape of the cryptocurrency market.

Other Stories:

BNB Smart Chain (BSC) Hit by Copycat Attacks

SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market

Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset

In Miri, Borneo, authorities have taken decisive action against an illegal cryptocurrency mining operation, thanks to a tip-off from the public.

The operation, discovered by Sarawak Energy, involved 34 cryptocurrency mining servers that were illicitly powered through cable tapping, using stolen electricity.

Following the tip-off, a swift crackdown ensued, resulting in the seizure of all equipment used in the illegal mining endeavor, including servers and tapping cables.

Local police have initiated an investigation into the matter, marking a significant victory against cryptocurrency-related crimes on the island.

According to Sarawak Energy’s estimates, the operation was siphoning approximately 6,000 Malaysian ringgits per month (equivalent to $1300) worth of stolen electricity.

This incident sheds light on the persistent issue of energy theft, despite the fact that Sarawak offers some of the lowest energy prices in Malaysia.

Interestingly, this was not the only instance of cryptocurrency mining illegalities in the region.

Earlier in 2023, another public tip-off led to the seizure of more than 137 cryptocurrency mining servers in the nearby state of Senadin, where Miri is situated.

Meanwhile, the global cryptocurrency market, particularly Bitcoin (BTC), has been experiencing a prolonged bear market that has strained many mining operations.

READ MORE: SEC Suffers Setback as Court Overturns Ruling on SPIKES Index Securities Classification

Consequently, numerous mining firms and operators have resorted to selling BTC in unprecedented amounts to cope with the challenging market conditions.

On the other hand, the Bitcoin mining ecosystem has reached significant milestones in terms of network hash rate, which hit all-time highs in 2023, along with record network difficulty levels.

While this generally indicates the network’s resilience and increased competition among miners, it also poses challenges for smaller operators lacking the economies of scale enjoyed by larger players.

Operators benefiting from lower electricity prices tend to be more profitable, which is a contributing factor driving illegal mining operators to resort to stealing electricity from the grid.

By eliminating electricity costs, unlawful operators can generate profits and offset hardware expenses more easily.

As authorities continue their efforts to combat illegal cryptocurrency mining, the incident in Miri serves as a reminder of the importance of public vigilance and cooperation in safeguarding communities from such illicit activities.

Additionally, the broader cryptocurrency mining landscape must find ways to support smaller operators and address the challenges posed by volatile market conditions, ensuring a more sustainable and secure future for the industry.

Other Stories:

Margot Robbie’s Comparison of Bitcoin to Ken from Barbie Ignites Debate

Blockchain Could Save Financial Institutions $10 Billion by 2030: Ripple-FPC Report

Tech Firms Call on European Union to Support Open-Source AI in New Regulations

On July 30, several liquidity pools within Curve Finance, a significant decentralized finance (DeFi) protocol, were targeted in an attack stemming from a vulnerability discovered in the Vyper programming language.

Vyper is specifically designed for the Ethereum Virtual Machine (EVM) to facilitate smart contract development.

Curve Finance’s prominence in the DeFi space is largely attributed to its vital liquidity services.

However, the recent code vulnerability jeopardized approximately $100 million worth of digital assets, raising concerns within the community.

The flaw was identified in versions 0.2.15, 0.2.16, and 0.3.0 of the Vyper language, resulting in a malfunctioning reentrancy lock.

As a consequence, millions of dollars were drained from four Curve pools, namely aETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH.

Moreover, the impact of this vulnerability on three of its variations has the potential to affect other protocols in the DeFi ecosystem.

Following the attack, the native token of Curve Finance, CRV, experienced a sharp decline in value on decentralized exchanges.

However, the situation was salvaged when centralized exchange price feeds came into play.

READ MORE: SEC Suffers Setback as Court Overturns Ruling on SPIKES Index Securities Classification

The CRV price plummeted to $0.086 on decentralized exchanges, while maintaining a trading value of $0.60 on centralized exchanges (CEXs), thereby preventing the token’s total collapse.

The recovery was attributed to the integration of Chainlink’s oracle system within Curve pools, which incorporates price feeds from various sources, including centralized exchanges.

If it weren’t for the CEX price feed, Curve Finance would have faced a complete collapse.

This irony caught the attention of Binance CEO Changpeng Zhao, who found humor in the fact that a CEX price feed ultimately saved the DeFi protocol.

Zhao clarified that the Vyper vulnerability had no impact on Binance, as the exchange had promptly updated its code to the latest version. He also emphasized the significance of regularly upgrading code libraries to maintain robust security measures.

The bug within the earlier Vyper versions is estimated to be at least 1.5 years old, suggesting that the attacker invested substantial time and resources in exploiting this weakness within a high-value protocol.

A Vyper program contributor on Twitter even suggested that the level of effort put into the exploit indicated a potential state-sponsored attack.

As the DeFi space continues to evolve and gain traction, incidents like these underscore the importance of thorough code audits, prompt upgrades, and vigilance in the face of potential vulnerabilities to ensure the security and resilience of decentralized finance protocols.

Other Stories:

Margot Robbie’s Comparison of Bitcoin to Ken from Barbie Ignites Debate

Blockchain Could Save Financial Institutions $10 Billion by 2030: Ripple-FPC Report

Tech Firms Call on European Union to Support Open-Source AI in New Regulations

The Curve Finance exploit that occurred recently resulted in one of the largest ever maximal extractable value (MEV) reward blocks, totaling 584.05 Ether (ETH).

Ethereum core developer, known as “eric.eth,” reported on July 31 that the day had witnessed some of the most substantial MEV reward blocks in the history of Ethereum, all of which were caused by the exploitation of Curve Finance stable pools on July 30.

However, it’s worth noting that a larger MEV reward block of 692 ETH was recorded back in March.

MEV bots are responsible for generating additional revenue by reordering or inserting transactions within a regular block, effectively creating arbitrage opportunities.

These bots can also identify pending liquidation transactions and front-run them, purchasing the liquidated assets at discounted prices.

To carry out such actions, MEV bots pay a considerable amount of ETH to the block producer to secure a position at the front of the transaction line.

Validators propose a block using a relay, outsourcing block production to specialized entities that extract this extra revenue.

In return for allowing MEV bots to front-run transactions, validators receive a share of the generated revenue, commonly known as the “block reward.”

One of the highest MEV bot block rewards amounted to 584.05 ETH, approximately valued at $1 million. This reward was confirmed at 1.34 am UTC on July 31, according to Beaconcha.in.

There were also other notable block rewards of 345 ETH and 247 ETH around the same time.

READ MORE: Pro-XRP Lawyer Alleges SEC’s Actions Driven by Safeguarding Corporate Capitalism

In response to the news, moral concerns were raised regarding the implications of potentially illicit funds being used to pay validators, allowing for the front-running of transactions.

Some individuals questioned the ethics of MEV rewards going to miners, particularly when these rewards are essentially sourced from hacked funds.

Prior instances have shown how MEV exploitation can lead to significant profits.

For example, in April, a Subway-themed trading bot leveraged “sandwich attacks” during the memecoin trading frenzy, making millions in extractable value.

These recent developments in the MEV landscape have sparked discussions about the ethical considerations surrounding such practices and how they may affect the overall integrity and trustworthiness of blockchain ecosystems.

Other Stories:

Worldcoin’s Iris Scanning Project Raises Privacy and Sovereignty Concern

French Data Protection Agency Investigates Worldcoin

Kyrgyzstan Expands Cryptocurrency Mining with Government Backing at Hydro Power Plant

In a recent hacking incident involving the decentralized finance (DeFi) protocol, Curve Finance, an ethical hacker successfully reclaimed approximately 2,879 Ether (ETH), equivalent to around $5.4 million, from a hacker.

Curve Finance experienced an exploit of several stablepools due to malfunctioning reentrancy locks in certain versions of the Vyper programming language on July 30.

The damages Curve Finance faced are speculated to be around $47 million.

Simultaneously, other DeFi protocols that were utilizing the susceptible versions of Vyper were exploited as well, posing a significant challenge to the DeFi ecosystem.

Identified as “c0ffeebabe.eth”, an operator of a maximal extractable value bot, used a front-running bot against the malevolent hacker, securing nearly 3,000 ETH. These reclaimed funds were returned to the Curve deployer address, the expected rightful holder.

READ MORE: SEC Suffers Setback as Court Overturns Ruling on SPIKES Index Securities Classification

In the aftermath of this incident, fraudulent refund schemes are being propagated on Twitter.

Impersonators of Curve Finance and victims of the hack are advocating a counterfeit refund scheme, aiming at those who already suffered losses due to the hack. Curve Finance’s official account has yet to discuss a refund plan.

Simultaneously, BNB Smart Chain has encountered similar attacks due to the Vyper vulnerability, as shared by BlockSec, a blockchain security firm. An approximate amount of $73,000 was stolen in three different exploits.

In related news, the U.S. Securities and Exchange Commission has enforced new regulations for cybersecurity incidents involving publicly-traded U.S. companies.

These rules mandate disclosure of a cyberattack four days after it’s deemed “material” and also periodic reporting on policies to manage and identify cybersecurity risks.

Other Stories:

Tech Firms Call on European Union to Support Open-Source AI in New Regulations

Blockchain Could Save Financial Institutions $10 Billion by 2030: Ripple-FPC Report

Margot Robbie’s Comparison of Bitcoin to Ken from Barbie Ignites Debate