Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Firms. Show all posts

Modern Cryptographic Methodologies Are Essential for Cybersecurity

Robust cybersecurity measures are more important than ever in a time when technological breakthroughs rule the day. A major risk to an organization's security is outdated cryptographic protocols, which make it open to cyberattacks. According to recent reports, organizations must immediately upgrade their cryptography methods in order to keep up with the constantly changing landscape of cyber threats.

The cybersecurity landscape is constantly evolving, and cybercriminals are becoming increasingly sophisticated in their techniques. This means that older cryptographic protocols, once considered secure, may now be vulnerable to attacks. The use of outdated protocols can expose sensitive data and leave organizations susceptible to breaches.

According to a recent article on Help Net Security, organizations can mitigate these risks by adopting modern cryptographic protocols. By staying informed about the latest advancements and best practices in encryption, businesses can ensure that their data remains secure.

One company at the forefront of modern encryption solutions is Virtru. Their platform offers state-of-the-art encryption tools designed to protect sensitive information across various platforms and applications. By leveraging Virtru's technology, organizations can enhance their data security and safeguard against potential breaches.

Moreover, maintaining robust cybersecurity practices can also have financial benefits. A report from Help Net Security suggests that organizations can decrease their cyber insurance premiums while still maintaining adequate coverage. By demonstrating a commitment to strong security measures, companies can negotiate better insurance rates, ultimately saving on costs.

In addition to updating cryptographic protocols, it's essential for organizations to implement a multi-layered approach to security. This includes regular security assessments, employee training, and proactive monitoring for potential threats. By taking a comprehensive approach to cybersecurity, businesses can fortify their defenses against evolving cyber threats.

Keeping up with cryptographic protocols is essential to ensuring strong cybersecurity. Organizations must maintain constant awareness and implement proactive security measures due to the ever-changing world of cyber threats. Businesses may strengthen their defenses and protect their sensitive data from potential intrusions by adopting modern encryption technologies and putting in place a multifaceted security approach.



Kraken to Provide 42,000 Consumers' Data with IRS Following Court Order

 

Kraken, a cryptocurrency exchange, has announced that it will comply with a June court order by providing the Internal Revenue Service (IRS) with data on tens of thousands of its users. 

In particular, the company will divulge data on cryptocurrency transactions that Kraken customers made between 2016 and 2020 that valued more than $20,000. Users with addresses in the United States who made these sorts of transactions will have their account history, name, date of birth, Tax ID, address, and contact details forwarded to the IRS. 

The company stated last week that emails were sent to every Kraken customer who was impacted by the announcement. A representative for Kraken also verified the development with Decrypt. The firm intends to share the user data in early November. 

After two years of litigation over data sharing between the federal government and the privacy-minded cryptocurrency company Kraken, a federal judge in June ordered Kraken to provide such information to the IRS. 42,017 Kraken accounts are expected to be impacted by the decision, according to court documents in that case. 

Even though Kraken has adamantly refused to give the IRS the information it is now obligated to provide, the company is portraying the situation as a win for privacy advocates and its legal battle with the IRS as having ultimately stopped a larger breach of users' personal data. 

“We objected to the IRS’s demands and fought the summons, because it sought intrusive and unnecessary information about U.S. clients, including IP addresses, employment information, sources of wealth, net worth, and banking details,” a Kraken spokesperson said in a statement shared with a local media outlet. “We convinced the court to reject these demands. Kraken will always stand up for the privacy of its clients as it did here.”

The exchange is not the first cryptocurrency firm to be compelled to abide by the IRS's requirements. In 2018, a federal judge ordered the American cryptocurrency exchange Coinbase to hand over certain user data to the tax collection agency. 

Another federal court in 2020 granted the IRS legal authority to search the records of cryptocurrency payments company Circle for data related to similar transactions of $20,000 or more made between 2016 and 2020. In addition, the agency secured a court order last year to acquire the same information from crypto prime brokerage SFOX.

Confidential Report Highlights Bitfinex Security Breach in Massive 2016 Hack

 

In 2016, a hacker or hackers gained access to the Bitfinex cryptocurrency exchange and took 119,754 bitcoins worth a total of $72 million. The stolen coins' worth had risen to almost $4 billion by the time US police detained rapper Heather Morgan and her husband, startup founder Ilya Lichtenstein, last year on suspicion of laundering them. The US Department of Justice's single greatest recovery in its history. However, the hack's culprit is still at large.

Ledger Labs, a Canadian cryptocurrency consulting and development company, was hired by one of Bitfinex's owners, iFinex, to conduct an investigation. The secret report from that inquiry was never made public. However, a copy of the study with specific conclusions has been obtained by the Organised Crime and Corruption Reporting Project. 

According to the document's in-depth findings, conclusions, and suggestions, Bitfinex failed to put the operational, financial, and technological controls recommended by its partner in cyber security, Bitgo, into place.

Although Bitfinex did not question the legitimacy of the report in contacts with journalists, OCCRP was unable to independently confirm the facts. Bitgo opted out of commenting but did not expressly deny the report's existence or its conclusions. Requests for response from Ledger Labs went unanswered, and the study's author, Michael Perklin, stated that he was unable to do so because his work on the iFinex report was subject to a non-disclosure agreement.

OCCRP was unable to independently verify the results, however in interactions with journalists, Bitfinex did not contest the validity of the study. Bitgo declined to comment, but did not expressly contest the report's validity or conclusions. An inquiry for response was not answered by Ledger Labs, and the study's author, Michael Perklin, declined to speak because his work on the iFinex research was subject to a non-disclosure agreement. 

For cryptocurrency sites, strict digital security is essential since mistakes cost users real money.

“When you’re dealing with the internet of money, the stakes are that much higher,” stated Hugh Brooks, director of security operations at blockchain security firm CertiK. “If you get breached or make a mistake, it’s not just some usernames and passwords, it’s someone’s life savings or potentially a massive amount of funds.”

According to the Ledger Labs report that OCCRP was able to receive, Bitfinex used a security mechanism that required an administrator to possess two out of the three security keys in order to do any substantial exchange activities, including moving bitcoin. 

However, it discovered that Bitfinex made a crucial mistake by putting two of these three keys on the same piece of hardware. An attacker who managed to hack that one device would have complete access to Bitfinex's internal systems and to "security tokens" that gave them control over the operating system. According to the paper, "the hacker was able to take two...security tokens," and in less than a minute, he was able to increase the daily cap on the number of transactions that were allowed in order to fast drain as much bitcoin as possible. 

According to the Ledger Labs report, the hacker obtained tokens associated with a generic "admin" email account and another tied to "giancarlo," which belonged to Bitfinex CFO and shareholder Giancarlo Devasini, a former Italian plastic surgeon with a shady business past. The document did not assign blame for the hack to Devasini.

The paper stated that holding numerous keys and tokens on a single device constituted "a violation of the CryptoCurrency Security Standard," alluding to an industry-led best-practice initiative, however it is unclear whether this particular device was compromised in the hack. It also claimed that other fundamental security precautions, such as monitoring server activities outside of the server, and a "withdrawal whitelist" - a security feature that only allows cryptocurrency transfers to confirmed or approved addresses — were missing.

Based on a rigorous study of source IP addresses, the Ledger Labs document found that the attack most likely started in Poland. 

Although the hacker is still at large, US authorities detained dual Russian-American citizen Ilya Lichtenstein and his wife, Heather Morgan, last year for allegedly laundering stolen bitcoins. Both have pled not guilty and await trial. 

Lichtenstein is a self-described digital entrepreneur and investor who has created a few tiny apps, while Morgan, a trained economist and Forbes.com contributor, has taken over as CEO of some of Lichtenstein's software initiatives. Morgan has an interesting backstory that includes a rapping alter ego known as "Razzlekhan." Nonetheless, US authorities highlighted in an official Department of Justice document that Morgan used her own name to cash out some of the stolen cryptocurrency's online purchases.

Binance Head Plans to Design Recovery Funds for Struggling Crypto Businesses

 

Changpeng Zhao, the founder of Binance, the world's largest cryptocurrency exchange, has called for more regulation of the cryptocurrency industry. 

Zhao was speaking at a conference in Bali, Indonesia, attended by leaders of the G20 group of nations. His comments came as the tension rose from the collapse of rival firm FTX, founded by Sam Bankman-Fried. The crypto exchange filed for bankruptcy last week after customers rushed to withdraw $6 billion in crypto tokens in just 72 hours. 

According to Zhao, there are some bad players in the industry who are specifically targeting struggling crypto enterprises that do not have enough cash or assets to cover their immediate requirements. To ensure a smooth pathway, he announced plans for a recovery that would reduce the threat of "cascading negative effects" following FTX's collapse. 

“So, but the regulators do have a role. We do need slightly more, we do need to increase the clarity of regulations, and the sophistication of regulations in the crypto space,” Zhang stated. “So, over the last week, there’s so much turmoil in our industry. But I want everybody to understand that that’s not reflective of everything in the industry. The industry goes through ups and downs. We have one, or maybe worse players in the industry, but the is still growing, so we’re still building.” 

Irreparable Damage 

The FTX's sudden collapse has also eroded confidence in the digital asset market as a whole. Even the most established digital currency, Bitcoin, hit a two-year low following trouble at FTX. The crypto token was trading at around $16,000 on Monday, having witnessed a fall of nearly 22% last week. 

In a statement earlier this week, the Royal Bahamas Police said they were looking into whether any "criminal misconduct occurred" at FTX. That's after Reuters reported that at least $1 billion of user funds had vanished from the crypto platform. 

According to Reuters sources, Sam Bankman-Fried had transferred $10 billion of customer funds to his trading firm, Alameda Research. 

FTX shifted its headquarters last year in September from Hong Kong to the crypto-friendly Bahamas. Bankman-Fried stated at the time that the Caribbean tax haven had more regulator leverage than the Asian city and was a perfect spot to run business.

FTX Filed for Bankruptcy Protection in US

Facing the digital equivalent of a banking collapse, the financially troubled cryptocurrency exchange FTX filed for US bankruptcy protection on Friday.

Bitcoin fell to a two-year low this week after a week of reports regarding the platform's financial difficulties, and by Friday night, the price of the cryptocurrency was trading at $16,861 (€16,256).

The company revealed that Sam Bankman-Fried, its former CEO, has also left after a remarkable turn of events at the second-largest cryptocurrency exchange in the world. His FTX empire crumbled in a little more than a week, shattering trust in the already unstable cryptocurrency market.

Coindesk and customer reports on social media claim that the unstable platform has finally permitted some users to withdraw money for the first time in days.

Summary of FXT company

According to a tweet from the company, FTX, Alameda Research, a cryptocurrency trading company that is linked with it, and roughly 130 of its other businesses have started voluntary Chapter 11 bankruptcy procedures in Delaware. In the US, a firm can use Chapter 11 to reorganize its debts while still operating under court supervision.

FTX Trading claimed in its bankruptcy filing that the firm has assets worth between $10 billion and $50 billion, liabilities between $10 billion and $50 billion, and more than 100,000 creditors.

Customers left FTX earlier this week because of concern about a lack of capital, leading to an agreement to sell the company to larger rival Binance.

Kingston student Thomas, 22, who has been a customer of FTX for over a year, calls it a 'hub for crypto.'For the £2,000 he claimed to have on the exchange, which he calls a 'fairly large amount of money,' he claims he was able to submit a withdrawal request.

However, he is worried about the number of requests being made by FTX consumers and is unsure if all of them will be fulfilled as the business struggles.

The cryptocurrency community had hoped that Binance, the biggest cryptocurrency exchange in the world, could be able to save FTX and its depositors.

After reviewing FTX's financial records, Binance came to the conclusion that the issues facing the smaller exchange were insurmountable, and it withdrew from the agreement. A business that was once the pride of the cryptocurrency market had a dramatic fall in popularity.

In January, FTX collected $400 million from investors, valuing the business at $32 billion.






HubSpot Hack Results in Data Leak at Prominent Cryptocurrency Firms

 

HubSpot, a marketing and sales platform suffered a data breach over the weekend impacting multiple firms including Circle, BlockFi, Pantera Capital, and NYDIG.

In emails to clients, the companies revealed their operations were not impacted and their treasuries were not at risk. Although user information was leaked to hackers, passwords and other internal information were not stolen. 

The breach was the result of a hacker securing access to an employee account and using it to target our customers in the cryptocurrency industry. Threat actors stole data from 30 HubSpot portals, and the company has notified all affected firms, terminated the account, and reworked its account privileges to ensure something like this doesn’t repeat, HubSpot explained in a blog post. 

Although HubSpot did not publish a full list of impacted firms, some media managed to identify a few names. Decrypt, a crypto news platform revealed that Pantera Capital, an American Crypto venture capital firm, sent out a letter to its customers, which said "Pantera uses Hubspot as a client relationship management platform. The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications." 

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve,” HubSpot concluded. At this time, a timeline of events is unknown as HubSpot has not revealed when its systems were compromised. 

“SaaS and managed service providers are enticing targets for cybercriminals as they know that if they successfully compromise the provider, they will likely gain access to the data or networks of hundreds or thousands of the providers’ downstream customers,” Chris Clements, vice president of solutions architecture at information technology service management firm Cerberus Cyber Sentinel Corp., stated. “It’s a shortcut to mass exploitation that could otherwise take the attacker months or even years to achieve independently.” 

It’s essential that firms understand that the data they share with third-party vendors largely passes out of their control and with little recourse should it be stolen if the third party is compromised, Clements concluded.