In today's digitised world, safeguarding personal information and digital assets is of great importance. One emerging threat is the SIM swap scam, a sophisticated form of identity theft where fraudsters manipulate mobile carriers to transfer a victim's phone number to a SIM card under their control. This can lead to unauthorised access to accounts, especially those reliant on SMS-based two-factor authentication (2FA).
For Bitcoin users, SIM swap scams pose an even greater risk, particularly on centralised exchanges using SMS-based 2FA. Unauthorised access to these accounts could result in substantial financial loss. However, utilising self-custodial wallets, where users control their private keys, significantly reduces this risk by eliminating reliance on telecom-based authentication methods.
1. Switch to Authenticator Apps: Transitioning from SMS-based 2FA to authenticator apps like Google Authenticator or Authy enhances security by eliminating the vulnerability to SIM swap attacks.
2. Implement Additional Security Measures: Make use of platform-provided security features such as withdrawal address whitelisting and multi-factor authentication whenever possible to add layers of protection to your assets.
3. Stay Careful Against Phishing: Be cautious of unsolicited communications and verify the authenticity of requests for personal information or urgent actions related to your accounts.
4. Inform Your Mobile Carrier: Make your mobile carrier aware of the risks associated with SIM swap scams and inquire about additional security measures to safeguard your account.
5. Prioritise Non-Custodial Wallets: Opt for storing Bitcoin in hardware or reputable software wallets where you control your private keys, ensuring maximum security.
While achieving perfect security may seem daunting, taking practical steps such as enabling authenticator apps and transitioning to non-custodial wallets significantly reduces vulnerability to SIM swap scams. Rather than pursuing perfection, adopting proactive security measures is key to mitigating risks and protecting valuable assets.
In the face of multiplying threats like SIM swap scams, prioritising security measures is essential, especially for Bitcoin holders. By following best practices and embracing non-custodial solutions, individuals can shield their digital assets and minimise the risk of falling victim to cyberattacks. Stay informed, stay vigilant, and take proactive steps to protect yourself in the digital realm.
On the financial front, traditional powerhouses like Grayscale, BlackRock, and Fidelity are diving into Bitcoin, earning them the moniker 'Bitcoin whales.' These heavyweights are injecting billions into the digital currency, holding a sizable chunk of the finite 21 million bitcoins available.
Out of the 19 million bitcoins currently in circulation, an estimated 3.5 million are lost, either due to forgotten digital wallet details or lingering criminal proceeds. Concerns arise over the 2.3 million bitcoins held by cryptocurrency exchanges, acting as crypto-banks, sparking debates about reliance on centralised systems.
Adding to the mystery are 'unknown whales,' individuals or entities owning over 10,000 bitcoins, accounting for roughly 8% of the total. The remaining 7% of bitcoins are yet to be mined, with the last one expected in 2140. Meanwhile, Satoshi Nakamoto, Bitcoin's enigmatic creator, sits on an estimated 1.1 million bitcoins, securing a spot among the world's wealthiest.
Regulated investment firms, given the green light by US financial authorities, are now in the game. Grayscale, BlackRock, and Fidelity collectively hold about 4.5% of all bitcoins, signalling a significant shift.
Law enforcement's involvement introduces another layer, with nearly 200,000 bitcoins awaiting auction from cyber-crime seizures. MicroStrategy and Tether emerge as noteworthy Bitcoin holders, with MicroStrategy leading as the single largest organisation owner, holding around 193,000 Bitcoins. Tether, recognized for its stablecoin, claims an estimated 67,000 bitcoins.
Publicly listed Bitcoin miners, including Marathon and Hut8, contribute significantly, holding around 40,000 bitcoins collectively. Well-known investors like the Winklevoss Twins, Tim Draper, and companies like Tesla and Block add further diversity to the landscape.
Approximately 10.5 million bitcoins are believed to be held by the general public, constituting roughly 50% of the existing supply. However, the actual number of individual Bitcoin owners remains a mystery.
Interestingly, the recent surge in Bitcoin's value is credited not to individual retail investors but to Bitcoin whales, including major banks. Analysts suggest that these influential entities are steering both the price and demand, reshaping the once peer-to-peer digital cash dynamics.
As big financial players gather more and more bitcoins, it's making us rethink what Bitcoin was supposed to be. Originally, it was all about being decentralised and not controlled by big institutions. Now, with these financial giants holding a lot of bitcoins, we're wondering where Bitcoin is headed and if it's staying true to its roots. The world of cryptocurrency is changing, and it's not just affecting digital money – it's making waves in a much bigger way.
Blackbaud, a major player in U.S. donor data management, recently settled with the Federal Trade Commission (FTC) after facing scrutiny for a ransomware attack in May 2020. This attack led to a substantial data breach affecting millions of individuals. The FTC's concerns revolved around security lapses, including weak passwords and insufficient monitoring of hacking attempts. The settlement marks a crucial step for Blackbaud, emphasising the need for enhanced security measures and data protection.
The FTC's complaint highlighted various security lapses by Blackbaud, including a failure to monitor hacking attempts, inadequate data segmentation, weak password practices, and a lack of multifactor authentication. As part of the settlement, Blackbaud is now mandated to enhance its security measures and delete unnecessary customer data from its systems.
One crucial aspect of the settlement requires Blackbaud to establish a data retention schedule, outlining the rationale behind retaining personal data and specifying a timeline for its deletion. The company is also obligated to promptly notify the FTC in the event of a data breach requiring reporting to relevant authorities.
The FTC alleges that Blackbaud paid a ransom of 24 Bitcoin (worth around $250,000 at the time) to the ransomware gang that stole sensitive personal data. However, the complaint reveals that the company did not verify whether the hacker actually deleted the stolen data. The breach, disclosed in July 2020, impacted over 13,000 Blackbaud business customers and their clients across the U.S., Canada, the U.K., and the Netherlands, exposing banking information, social security numbers, and plaintext credentials.
The aftermath of the breach saw Blackbaud facing 23 proposed class-action lawsuits in the U.S. and Canada by November 2020. In March 2023, the company agreed to pay $3 million to settle SEC charges for failing to disclose the full impact of the ransomware attack. Additionally, in October, Blackbaud agreed to a $49.5 million settlement to resolve a multi-state investigation supported by attorneys general from 49 U.S. states.
FTC Chair Lina M. Khan emphasised the severity of Blackbaud's failure to accurately convey the breach's scope, stating that it kept victims in the dark and delayed necessary protective actions. The settlement not only addresses security measures but also requires Blackbaud to avoid misrepresenting its data security and retention protocols in the future.
This settlement serves as a reminder of the responsibility companies bear in securing and managing the data they handle. It underscores the importance of robust cybersecurity practices, regular monitoring, and prompt disclosure in the event of a breach. As we move through our online experiences, these incidents show how important it is for companies to protect data and be clear with their clients and stakeholders.
This initiative, which has a 1,000-participant annual cap, seeks to attract high-net-worth individuals by providing them with residency and eventual citizenship in exchange for their investment.
The initiative will require the ‘participant’ to make a $1 million investment in BTC or USDT, and successful applicants will be eligible for a Salvadoran passport and citizenship. According to a Bitcoin news source, Adriana Mira, El Salvador's Vice Minister of Foreign Affairs, emphasized the program as a critical step for anyone hoping to contribute to El Salvador's economic future.
However, Tether needed to make it clear where the funding will take place.
In September, El Salvador became the first nation to accept Bitcoin as a legal tender. The country required companies to accept the popular cryptocurrency as payment and launched a digital wallet named "Chivo" to encourage its citizens to use it by offering a $30 sign-up bonus in Bitcoin.
However, this plan evoked controversies among the Salvadoran public, with them protecting against the action – and President Nayib Bukele's alarming shift towards autocracy ensued – a vast majority of them continuing the use of cash. According to Fortune, Bitcoin's price fell from an all-time high of over $69,000 in November 2021—when Bukele announced the building of a “Bitcoin City”— to less than $17,000 by the start of 2023 as a result of Bukele's disastrous use of tens of millions of federal funds on the cryptocurrency.
Despite the controversy revolving around the initiative, the country has gained popularity among Bitcoin enthusiasts worldwide. The country’s tourism minister announced in May that travellers were coming to the nation in unprecedented quantities because of its dedication to cryptocurrency. This included a huge number of the most well-known “Bitcoin maxis” in the world, such Swan Bitcoin, a powerful business that established a home in El Zonte, a surf town that is primarily responsible for sparking the nation’s Bitcoin experiment.
However, things take a different turn when he finds out (from a pizza cat), that the NFT ‘craze’ is over.
This episode is gaining wide recognition from the NFT fans and sceptics for the Simpsons makers for creating a parody related to the crypto industry and how it peaked a few years ago but has since quieted down.
According to an analysis of the issue, the famous Non-Fungible Token market witnessed its biggest low recently, with October being labelled as a “Floptober.”
According to researchers at Dapp Radar, the NFT value has hit its lowest since the NFT market peaked.
The overall amount of money sold in the sector, or trading volume, has decreased by 89% since the start of 2022.
It was $12.6 billion (£10.4 billion) in the first quarter of 2022, and as of the third quarter of 2023, it is only $1.39 billion.
Additionally, the sector is shrinking. The makers of the infamous Bored Ape NFTs, Yuga Labs, revealed an undisclosed number of layoffs last month.
Among its most well-known series is Bored Ape Yacht Club. Millions of dollars were once paid for NFTs, which were driven by wealthy customers such as talk show presenter Jimmy Fallon and media sensation Paris Hilton.
Since October 2022, Paris Hilton has not posted on X (formerly Twitter) about the NFTs, despite the fact she has posted almost daily from January and February 2022 to promote her collections.
The value of the cheapest NFT in the collection, Bored Ape NFTs, peaked in the beginning of May 2022 and cost approximately $268,000 (144 Ethereum tokens), according to the NFT Price Floor website. It is now only $56,000.
Due to increasingly poor bids, US collector and artist Taylor Whitley was compelled to sell six of his seven highly valued Bored Ape NFTs.
"I haven't really wanted to sell, but the market is really bad, so it's the smart thing for me to do. I think the NFT market could even go lower," states Taylor in a talk with BBC.
Taylor rejected many better offers for his most prized Bored Ape in the past, but last month he sold it for $212,000 dollars.
If he had sold at the peak, he could have received at least ten times more for his NFTs. Even though it hurt, he was an early investment and still made huge gains. He made 1,000 times more money on his most recent transaction than on his original $200 investment.
For every Bored Ape NFT, there are several other smaller brands and artists that are aiding the NFT industry.
Angie Taylor, a Scottish artist, used to receive up to $8,000 for every NFT piece, but these days she only makes about $600.
She was forced to return to her part-time tutoring work before to NFT.
She says, "I'm still selling bits and pieces here and there, but I am having to do a day job as well. I can't make a living off this anymore with nothing else."
However, she was aware that the bubble would eventually burst.
"I kind of budgeted for this to happen, because I thought, this is a boom and bust type of situation," she says.
Obviously, this is a buyers' market, and many contented purchasers are taking advantage of the slump.
Recently, Adam, also known online as Little Fish, made $663,000 for his crypto-punk artwork NFT.
Although the European full-time cryptocurrency investor recognizes that the sum is substantial, he believes he received a good deal on his CryptoPunk #36009./ After all, its seller turned down a $1.18 million offer a year ago.
"The downturn is exactly why I bought it. People are desperate. In the winter time you can buy summer clothes for cheap," he says.
Adam further says that he believes that summer will come again for NFTs, and he will “enjoy it,” whenever it does.
Fundamentally, anyone can access and upload data, thanks to technology; nevertheless, bitcoin has transformed that data into directly valuable economic assets by establishing a bearer asset that can be traded for goods or fiat money. Interestingly, transferring texts is banned in one nation, they are completely legal in another.
Project Spartacus, an effort to employ ordinals to inscribe every war record on Wikileaks, was inspired by this new use case. An interview with Dr. Ai Fen, the first "whistleblower" physician in China during the COVID-19 pandemic, was also banned. It was first posted on the Ethereum blockchain and many of the resources pertaining to her were progressively removed from the Chinese Internet.
A new technique called ordinals makes it possible to associate each sat in a Bitcoin transaction with an equivalent resource in the Bitcoin's memory pool. As a result, it is now possible to generate NFTs on Bitcoin.
Project Spartacus uses ordinals to facilitate the conversion of Wikileaks war log photos into Bitcoin. In this case, the objects in question are a permanent archive of papers related to which Julian Assange was prosecuted. By choosing to commit one of the war logs to every block, they can make sure that the financial power underlying Bitcoin is dedicated to safeguarding the logs. Additionally, there is a section for Bitcoin donations to different nonprofit organizations.
Not only has non-economic data been put into Bitcoin blocks before, but with ordinals, there has never been a greater need or opportunity for programmatic inscription implementation. The secret is to utilize a script and imprint several images or actions such that, to the user, they appear to be a single transaction.
The ideology behind Bitcoin’s creation has led to this new censorship-resistant way of disseminating information. Monero, one of the first Bitcoin forks, gets its name from the Esperanto word for money. Socialist nations like Vietnam and the People's Republic of China co-opted Esperanto, the misguided attempt by anarchists with a global mindset to communicate, in order to strengthen their hold on power.
With its value rooted in far more modern technology and financial incentives for its survival, bitcoin has a far better chance of surviving and spreading.
Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.
The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.
FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.
The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.
Kennedy officially declared his 2024 presidential bid last month. He stated that the Federal Deposit Insurance Corporation (FDIC) and the Securities and Exchange Commission (SEC) have "no authority to wage an extra-legal war on crypto that leaves major banks as collateral damage."
Kennedy cited an article by Ellen Brown titled "How the War on Crypto Triggered a Banking Crisis," in which Brown makes a "strong case" that a government-sponsored campaign against the digital assets sector was responsible for several historic bank failures in March, including Silicon Valley Bank, Signature Bank, and Silvergate Bank.
It is debatable whether there is a coordinated attempt to remove cryptocurrency from the American financial system. According to Barney Frank, an ex-congressman who served on the board of directors of Signature Bank, “the institution was shut down to send an anti-crypto message.” These assertions were later denied by a New York regulator.. On May 2, Kennedy criticized Biden on May 2 for calling the US banking system "safe and sound.” “Today, bank stocks are crashing. The American people deserve more than glib assurances and perception management,” he tweeted.
Following this, on May 3, he criticized the Biden administration's proposed tax on crypto mining. An environmental lawyer, Kennedy called the proposed 30% tax on energy used by crypto miners "a bad idea" He said mining's energy use was a concern (though somewhat overstated), stating, “The environmental argument is a selective pretext to suppress anything that threatens elite power structures, Bitcoint for example.”
Days after Kennedy's anti-CBDC comments, the Federal Reserve clarified its position, stating that the FedNow payments system, which Kennedy claimed to equate with a CBDC, is neither a digital currency nor a replacement for cash.
While some Democrats, such as Elizabeth Warren, have repeatedly criticized cryptocurrency and made it a centerpiece of their political platforms, others, such as New York City Mayor Eric Adams, have been outspoken in their support for the emerging asset class.
The libraries were discovered by software supply chain security firm Phylum, which said the ongoing activity is a continuation of a campaign that was first made public in November 2022.
In an initial finding, it was discovered that popular packages including beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow were being mimicked via typosquatting.
For each of the aforementioned, the threat actors deploy between 13 and 38 typosquatting variations in an effort to account for a wide variety of potential mistypes that could lead to the download of the malicious package.
In order to evade detection, the malicious actors deployed a new obfuscation tactic that was not being utilized in the November 2022 wave. Instead, they are now using a random 16-bit combination of Chinese ideographs for function and variable identifiers.
Researchers at Phylum emphasized that the code makes use of the built-in Python functions and a series of arithmetic operations for the string generation system. This way, even if the obfuscation produces a visually striking outcome, it is not extremely difficult to unravel.
"While this obfuscation is interesting and builds up extremely complex and highly obfuscated looking code, from a dynamic standpoint, this is trivial[…]Python is an interpreted language, and the code must run. We simply have to evaluate these instances, and it reveals exactly what the code is doing,” reads a Phylum report.
For taking control of the cryptocurrency transactions, the malicious PyPi packages create a malicious Chromium browser extension in the ‘%AppData%\Extension’ folder, similar to the November 2022 attacks.
It then looks for Windows shortcuts pertaining to Google Chrome, Microsoft Edge, Brave, and Opera, followed by hijacking them to load the malevolent browser extension using the '--load-extension' command line argument.
For example, a Google Chrome shortcut would be hijacked to "C:\Program Files\Google\Chrome\Application\chrome.exe --load-extension=%AppData%\\Extension".
After the web browser is launched, the extension will load, and malicious JavaScript will monitor for cryptocurrency addresses copied to the Windows clipboard. When a crypto address is found, the browser extension will swap it out for a list of addresses that are hardcoded and under the control of the threat actor. By doing this, any sent cryptocurrency transaction funds will be sent to the wallet of the threat actor rather than the intended receiver.
By including cryptocurrency addresses for Bitcoin, Ethereum, TRON, Binance Chain, Litecoin, Ripple, Dash, Bitcoin Cash, and Cosmos in this new campaign, the threat actor has increased the number of wallets that are supported.
These findings illustrate the ever-emerging threats that developers face from supply chain attacks, with threat actors inclining to methods like typosquatting to scam users into installing fraudulent packages.
AI crypto tokens will surely be the next big thing in the industry, an image of Metaverse mania, Defi boom, or meme coin explosion.
ChatGPT and other AI-based technologies have been viral across social media and the business world. Will this make three altcoins stand-out winners in the next bull market?
Narratives are important for incredible rallies or declines, does not matter if they are accurate or not. For instance, the last Bitcoin narrative was aggravated by its use as an inflation hedge. But when the inflation hedge surfaced, the top cryptocurrency was hit by one of its worst downtrends to date.
Other latest narratives include Defi driving Ethereum and similar coins higher, or when Metaverse tokens rose rapidly after Mark Zuckerberg changed the parent company's name to Mera (earlier Facebook).
NFTs also helped Ethereum and newbies like Solana. Elon Musk made meme coins go viral by just tweeting about it.
The one thing common in all these assets is that the narratives made money while being in markets, it is all that matters. For savvy cryptocurrency investors exploring the next big narrative, you don't have to look beyond two letters: AI.
OpenAI's ChatGPT is currently all over social media. The AI tool has already passed the Medical License Exam, Bar Exam, and MBA exam. People are using it to write articles, solve questions, and tweets, do homework, and perform tasks automatically. People are even using it for Bitcoin as various celebrities. The platform has shown sheer potential.
Although no AI crypto tokes share any resemblance with ChatGPT, projects with links with anything AI has recovered more significantly from cryptocurrency bear market lows.
For instance, Fetch.ai(FET), is up roughly 480% from its lows and is up over 200% in January 2023 itself. Ocean Protocol (OCEAN) is another great example, with a 230% recovery from lows and more than 100% year-to-date. SingularlyNet (AGIX) beats them both with a low put in three months before and more than 600% gains from the low. AGIX jumped over 460% during January 2023 with a full week still left.
The results are surprising, but there's still a lot more to see. Jason Soni, Crypto and Currency Analyst at Elliott Wave International recently made a video on three AI-based crypto tokens that may be on the verge of a new bull cycle.
The three cryptocurrencies analyzed in the video are AGIX, FET, and OCEAN. You can find Soni's analysis on Elliott Wave international's Crypto Trader's Classroom, which brings three new videos every week. The video explains where these altcoins are in their current market cycle and breaks down why there could be more upside in the future.
The typosquatting-based software supply chain threat, which targets explicitly Python and JavaScript programmers, is being warned off by Phylum security researchers.
What is Typosquatting?
Cybercriminals that practice typosquatting register domains with purposeful misspellings of the names of popular websites. Typically for malevolent intentions, hackers use this tactic to entice unwary users to other websites. These fake websites could deceive users into inputting private information. These sites can seriously harm an organization's reputation if attacked by these perpetrators.
PYPI &NPM
Researchers alerted developers to malicious dependencies that contained code to download Golang payloads on Friday, saying a threat actor was typosquatting well-known PyPI packages.
The Python Software Foundation is responsible for maintaining PyPI, the largest code repository for the Python programming language. Over 350,000 software programs are stored there. Meanwhile, NPM, which hosts over a million packages, serves as the primary repository for javascript programming.
About the hack
The aim of the hack is to infect users with a ransomware variant. A number of files with nearly identical names, like Python Requests, are being used by hackers to mimic the Python Requests package on PyPI.
After being downloaded, the malware encrypts files in the background while changing the victim's desktop wallpaper to a picture controlled by the hacker, and looks like it came from the CIA.
When a Readme file created by malware is opened, a message from the attacker requesting $100, usually in a cryptocurrency, for the decryption key is displayed.
The malware used is referred to as W4SP Stealer. It is able to access a variety of private information, including Telegram data, crypto wallets, Discord tokens, cookies, and saved passwords.
One of the binaries is ransomware, which encrypts specific files and changes the victim's desktop wallpaper when executed. However, soon the malicious actors published numerous npm packages with identical behaviors. For the decryption key, they demand $100 in Bitcoin, XMR, Ethereum, or Litecoin.