Search This Blog

Showing posts with label Digital Money. Show all posts

A New Era of Digital Money & Security

 

The increasing use of digital financial services—mobile banking, online purchasing, and peer-to-peer payments—means that money is increasingly passing from computer to computer rather than through human hands. There will be no cash, plastic cards, paper bills, checks, envelopes, or stamps. Digital is no longer just another method of transferring funds. 

Every organisation that moves money must interact with customers through computers, smartphones, and other devices, and provide quick, secure payment services. As consumers worldwide sought to shop without contacting anything or going anywhere, the covid-19 pandemic boosted digital money movement, from online purchases to contactless payments and smartphone wallets.

“The common denominator across almost all post-pandemic behavioural shifts is the growing importance of digital payments. Covid forced a market that was already growing to greatly accelerate,” says Paul Fabara, executive vice president and chief risk officer at Visa, whose worldwide networks handled an estimated $13 trillion worth of transactions last year.

According to the World Bank's Global Findex Database, 76% of adults worldwide have a financial institution or mobile money provider account as of 2021, up from 68% in 2017 and 51% in 2011. 71% of adults in developing countries are included in this figure. By 2021, nearly 95% of adults in high-income economies will have made or received digital payments. During the pandemic, 80 million adults in India and 100 million in China made their first digital payment.

Fraudsters are well-known for going where the money is, and their online activities are expanding in lockstep with the increase in digital transactions. As per FBI's Internet Crime Report for 2021, annual losses from cybercrime in the United States nearly doubled between 2019 and 2021, from $3.5 billion to $6.9 billion.

Driving online transactions

According to Aaron Press, research director of worldwide payment strategies at IDC, who tracks the development and adoption of real-time payments, business-to-business customers are beginning to demand the same seamless real-time transactions that consumers expect.“If you think about the way you shop online for personal things or pay your friends using a mobile-to-mobile app, those expectations are finding their way into the business environment,” he says.

According to an MIT Technology Review Insights survey of global business leaders, digital payment technologies are of high interest across all types and sizes of businesses. Although 36% of respondents are new to digital payments, 43% expect to expand their offerings over the next 18 months, and many are experimenting with cross-border transactions (37%), as well as cryptocurrency (18%).

Press concluded, "Digital payments are more efficient and dramatically reduce errors. You’re much less likely to fill out something the wrong way, because there are checks and balances within the system.”

The full report can be viewed here.

Chinese Loan Apps Fraud: Indian Agency Raids Razorpay, Paytm, Cashfree

 

On Saturday, The Indian law Enforcement Directorate agency (ED) carry out raids at nine premises connected to online payment gateways including Paytm, Cashfree, and Razorpay in Bengaluru. Also, some of these companies are believed to be involved in illegal betting. 

The official said the raids were conducted in connection with a money laundering case — part of an ongoing investigation against some illegal loan apps allegedly run by Chinese Nationals. 

The ED reported that the law enforcement agency successfully seized Rs 17 crore kept in “merchant IDs and bank accounts of these Chinese persons-controlled entities” during the raids. 

In a statement, a Razorpay spokesperson said: “Some of our merchants were being investigated by law enforcement about a year-and-a-half back. As part of the ongoing investigation, the authorities requested additional information to help with the investigation. We have fully cooperated and shared KYC and other details. The authorities were satisfied by our due diligence process”. 

Furthermore, the agency added that after it started working on probes, many of these companies shut down their business and diverted funds through fintech companies to buy crypto assets so the money could be laundered abroad. 

In this connection, the Law enforcement agency searched various premises associated with crypto exchange WazirX and froze Rs 64 crore in its accounts. 

Cashfree said its processes adhere to PMLA directions. “We extended our diligent cooperation to the ED operations, providing them the required and necessary information on the same day of inquiry. Our operations and onboarding processes adhere to the PMLA and KYC directions, and we will continue to do so in the time to follow,” said a company spokesperson. 

Additionally, in August 2020, the agency successfully ran a raid and froze Rs 47 crore belonging to a Chinese company that was running illegal betting and loan apps in India. Also, the agency conducted searches at 15 premises in connection with the company across Delhi, Mumbai Gurgaon, and Pune. 

The Directorate of Enforcement (ED) agency is Indian law enforcement and economic intelligence agency which works for enforcing economic laws and conducting legal battles against economic frauds and crimes in India.

Hackers Steal NFTs Worth $3M in Bored Ape Yacht Club Heist

 

Hackers stole non-fungible tokens (NFTs) estimated to be worth $3 million after getting into the Bored Ape Yacht Club's Instagram account and uploading a link to a replica website that tried to capture marks' assets.

The fake post offered a free airdrop – essentially a promotional token giveaway, to customers who clicked the link and connected their MetaMask crypto-asset wallets to the scammer's wallet. Rather than receiving free items, victims had their digital wallets drained. 

Bored Ape Yacht Club tweeted Monday morning in a warning that came too late for some of its members, "It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,"  

The Bored Ape Yacht Club, or BAYC, is a collection of photographs depicting bored primates in various attitudes and costumes, which can be used as internet profile avatars and sell for hundreds of dollars in crypto coins. 

Miscreants stole four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs, as well as "assorted additional NFTs estimated at a total value of $3 million," according to Yuga Labs, the company that launched Bored Ape Yacht Club. 

"We are actively working to establish contact with affected users," a Yuga Labs spokesperson said, adding that its hijacked Instagram account did have two-factor authentication enabled, "and the security practices surrounding the IG account were tight." 

"Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account," the spokesperson stated. 

This is the second time in less than a month that the NFT collection has been hacked. Bored Ape Yacht Club said on March 31 that their Discord server had been compromised. According to security firm PeckShield, a cybercriminal stole one NFT: Mutant Ape Yacht Club #8662 in a previous incident. 

In March, following the launch of the ApeCoin cryptocurrency by the Bored Ape Yacht Club, fraudsters stole around $1.5 million by claiming a huge amount of tokens using NFTs they did not own and obtaining bogus flash loans. Flash loans are given and repaid in a single blockchain transaction, which might take as little as seconds to get and return the funds. These and other recent hacks have raised security concerns about NFT and cryptocurrency technologies.

Indian Banks Failing to Protect Their Cyber Security

 


Indian Banks Failing to Protect Their Cyber Security In Thane, Maharastra some unidentified fraudsters hacked the server and tampered with the data of a cooperative bank. According to Police, the hackers allegedly siphoned off Rs. 1.51 crore to various accounts from the Dombivli Nagarik Sahkari (DNS) bank on March 12. 
 
Following the attack, a case has been registered against unidentified persons under section 420 (Cheating and dishonestly inducing delivery of property) of the Indian Penal Code (IPC) and section 65 of the Information Technology Act at Manpada police station under the Kalyan division who has started a probe into the incident in collaboration with Thane cyber police.  
 
The security incident draws light on the issue of bank frauds that have become deep-seated in the Indian Financial System. In just over seven years, Indian banks have witnessed frauds surpassing $5 trillion with total fraud loans amounting to Rs. 1.37 lakh crore in the last year alone.  
 
Shocking scams like Punjab National Bank (PNB) scam (2018), Cosmos Bank cyberattack (2018), Canara Bank ATM Hack (2018), along with many other vishing, phishing, ATM skimming, and spamming attacks have continued to plague Indian banks over the recent years. With an increase in digital-based transactions, money cheating cases have also witnessed a sharp rise. The techniques and resistance measures employed by banks to safeguard their customers’ financial data and money have met with progressive and sophisticated hacking techniques used by fraudsters in India.  
 
John Maynard Keynes, after examining the condition of banking in India said banking in India should be conducted on the safest possible principles while calling India a “dangerous country for banking”. The apprehension has proven to be prophetic in the modern world as financial institutions failing to conduct prudent banking have become the center of monetary scams. Reportedly, the State Bank of India (SBI), HDFC Bank, and ICICI Bank constituted a majority of incidents totaling more than 50,000 fraudulent incidents in the last 11 fiscal years.  
 
Digitalization in India has led to the manifestation of ‘Digital Money’ and cashless transactions have been on a continual rise. Consequently, the protection of data and privacy becomes more important as a fragile cybersecurity system can have serious repercussions for any bank’s customer base.  
 
Data breaches have emerged to be a serious threat in the banking sector which further amplifies the need for an impenetrable banking system as recovering from data breaches and regaining control of a breached server can be extremely stressful and time-consuming. In order to strengthen the evolution of the banking system, banks require to identify and plug the gaps in security. Part of the problem can be attributed to the accelerated pace of digitization which has increasingly required the same kind of investment on the cyber hygiene side as well.  
 
Some of the viable measures that banks can undertake include proactive security techniques like ‘Whitelisting’ (blocks unapproved programs while only allowing a limited set of programs to run) and BIOS passwords (prevents external access to systems and servers). Awareness of employees, stringent filtering, and communicating regularly with regional offices are some of the other preventive measures as advised by the security experts.

Hackers Hit 483 Users in Crypto.com Attack That Witnessed $31M+ Coins Withdrawn

 

Crypto.com has issued an official remark on the situation that saw it halt its users' ability to withdraw money after hinting at final numbers earlier in the week. Unauthorized bitcoin withdrawals on 483 individuals' accounts were reported by the firm on Monday.

The company stated, "In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed. Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies." 

The value of ether was just shy of $14 million at the time of writing, whereas the fiat worth of bitcoin was just over $17 million. Overall, depending on the unpredictable cryptocurrency pricing on any given day, the entire sum may be approximately $31 million. Users' two-factor authentication was not used, according to Crypto.com, which noticed transactions early Monday morning UTC. 

"Crypto.com revoked all customer 2FA tokens and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours," it stated.

"In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure." 

The company also announced a new policy requiring customers to wait 24 hours before withdrawing funds to a whitelisted address, as well as a scheme that will reimburse consumers up to $250,000 if unauthorised withdrawals are made and certain requirements are fulfilled. 

Users must employ multi-factor authentication on all transactions when possible, set an anti-phishing code at least 21 days before the unauthorised withdrawal, make a police report and send a copy to the corporation, and undertake a "questionnaire to facilitate a forensic investigation," among other terms. 

"Terms and conditions may vary by market according to local regulations. Crypto.com will make the final determination of eligibility requirements and approval of claims," the company said.

SEC: Stay Vigilant Against Cryptocurrency Related Frauds

 

The U.S. Securities and Exchange Commission has released a new alert that fresh illegal schemes are targeting digital assets. 

According to security experts, individuals and organisations must be cautious against crypto-related frauds or other "get rich fast" schemes since social engineering attempts are rising. 

The SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force states in its advisory, "Fraudsters continue to exploit the increasing popularity of digital assets to entice investors into schemes, frequently leading to severe losses." 

Users should be wary of phishing or impersonation schemes that pretend to provide something innovative or cutting edge, according to the regulator. 

The SEC added, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam." 

The SEC's advisory comes after the authority fined BitConnect, a now-defunct cryptocurrency network, with $2 billion in the alleged fraud. 

The SEC termed the scheme "one of the largest Bitcoin-related Ponzi-like schemes," stating that defendants stole almost $2 billion of investor funds using a platform - a "technology bot" - that promised extravagant profits. The cryptocurrency platform reportedly advertised itself in several countries using testimonial-style YouTube videos and other social media.

As per the SEC, BitConnect ran a pyramid scheme-style referral programme, paid investor withdrawals from incoming investor funds, and "did not trade investors' Bitcoin consistent with its representation". 

Furthermore, according to the US Department of Justice, BitConnect's major U.S. promoter, Glenn Arcaro, pleaded guilty to similar criminal charges last week. Officials say he faces up to 20 years in jail and must refund $24 million to investors gained from the scam. 

Suspicious Signs

According to the Securities and Exchange Commission, suspicious digital asset activities frequently: 
• Are unregistered/unlicensed vendors;
• Demonstrate representations of account values rising; 
• Sounds too good to be true, and it usually is; 
• Promote phoney testimonials since fraudsters frequently pay people to promote a product or service on social media or through video. 

Many security and blockchain researchers attribute these malicious practices and highly complex social engineering tactics or outright misleading advertising, contributing to bad or disastrous crypto investments. 

According to James McQuiggan, the Florida Cyber Alliance's education director and a security awareness advocate for the business KnowBe4, "Cybercriminals will always find emotional lures to exploit users through social engineering. Asking yourself the question, 'Is this too good to be true?' is the first step to determine if the organisation is worthwhile." 

Likewise, Julio Barragan, head of cryptocurrency intelligence at CipherTrace, warned about ongoing schemes in which victims are enticed by a convincing fraudster who sends them direct messages on social media or through a friend's hacked account promising big rewards. 

As per Neil Jones, a cybersecurity evangelist with Egnyte, "Significant change [in the space] will only occur when cryptocurrency platforms become subject to the same standardized IT requirements as traditional investment platforms, and when cryptocurrency exchanges no longer represent a safe haven for payments to ransomware attackers." 

Notwithstanding, Robinson stated, "There is no need for new crypto-specific regulation to handle [these events] since regulators are currently prosecuting these fraudsters under existing laws." According to him, US authorities have penalized over $2.5 billion in fines, primarily for fraud and unregistered securities offerings. 

But authorities like Sen. Elizabeth Warren, D-Mass., continue to push for extensive cryptocurrency regulation. Warren compared many cryptocurrency activities to "shadow banks" that lack standard investor safeguards in an interview with The New York Times on Sunday. 

SEC Chair Gary Gensler highlighted earlier remarks on impending cryptocurrency regulation last week, stating The Financial Times that digital assets must be safe and long-lived within a public policy framework. He also asked the congressional authority to minimize investment risks associated with virtual currencies.

The Hacker Behind the Biggest Crypto Heist is Refusing to Return the Remaining Funds

 

The Poly Network attack took place two weeks ago, but the narrative is far from finished. Mr. White Hat, an unknown hacker, was able to extract $614 million in cryptocurrencies, according to the Poly Network team. They are now declining to assist and delaying the Poly Network team after returning a portion of the cash. 

The hack is regarded as the largest crypto theft to date, and the Poly Network team appears to have fewer options other than to ask the hacker to restore the stolen funds peacefully. The attacker/ attackers are interacting with the Poly Network team via the Ethereum blockchain's transaction data field. The unknown hacker is known as "Poly Network Exploiter 1," as per blockchain-tracking service Etherscan. 

“Your essays are very convincing while your actions are showing your distrust, what a funny game. You don’t [sic] even think to unlock my USDT account,” Poly Network Exploiter 1 wrote on the Ethereum blockchain. 

The attacker is referencing a USDT account with $33 million in stablecoins. The funds have been frozen by Tether, which irritates the offender. The hacker's conversation suggests that he has no issues with keeping the stolen money for an undetermined period. 

The Poly Network team replied, "We still hope you can provide the key to us this week because thousands of people are eager to get their assets back." 

In the response, Poly Network Exploiter 1 replied, “I am not ready to publish the key in this week [sic]… Here is one thing that you can always trust me: [sic] Holding BTC and ETH is better than trading them.” 

On August 10, the Poly Network was hacked, and the intruder returned $256 million worth of coins the next day. As a gesture of cooperation, the hacker produced a token labeled 'The hacker is ready to surrender' and sent it to the assigned Polygon address. 

The Poly Network team has given a $500,000 bounty for identifying the exploit to make things easier for the attacker. It is willing to pay 160 ETH ($500,000) to the hacker's address, a gesture that the hacker has turned down. The attacker has also been given the opportunity to become a consultant for the DeFi initiative (decentralized finance). 

Mr. White Hat, as the hacker is called by Poly Network, is a reference to ethical hackers that look for flaws and assist organizations to patch them. It's unclear why the hacker is preventing the final part of assets from being accessed. Poly Network is in charge of roughly $330 million in stolen funds, while Tether, a stablecoin operator, has frozen $33 million pending legal action. Because the blockchain is transparent, putting every transaction data out in the open, hackers find it difficult to get away from their crime or encash it, according to Chainalysis. 

The company mentioned in its report, "With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?" 

"In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet." 

It's hard to determine whether the hacker was attempting an ethical assault or committing a heist. The underlying reason, however, does not appear to be a concern for the Poly Network team at this time. 

As the pressure from thousands of victims grows, recovering the stolen funds is a prime concern. The attack serves as a reminder to governments and authorities that cryptocurrency legislation must be taken seriously. There is currently near to zero accountability, posing a significant danger to the future of DeFi. 

“Regardless of their intentions, we’re of the belief that this sort of publicity stunt hurts the perception of the virtual asset economy in the eyes of the public,” said AnChain.AI founder and CEO Victor Fang. 

DeFi-related thefts are on the upsurge, the first seven months of the year represented 54% of overall crypto fraud volume, compared to 3% for the entire year last year, according to CipherTrace.

Cyber Criminals Using a New Darknet Tool to Escape Detection

 

There has been an ongoing war between criminals and authorities in cyberspace for years. Although cryptocurrencies are anonymous in nature, new techniques for tracking funds around the cryptocurrency blockchain have led to the arrest of dozens of cyber-criminals in the previous two years. 

But recently a new website has surfaced on the darknet that allows criminals to assess how "clean" their digital currencies are. 

Dr. Tom Robinson, chief scientist and founder at analysis provider Elliptic, who discovered the website explained, "We're seeing criminals start to fight back against blockchain analytics and this service is a first." 

"It's called Antinalysis and criminals are now able to check their own Bitcoin wallets and see whether any association with criminal activity could be flagged by authorities." 

According to Elliptic, the finding demonstrates how complex cybercrime networks are becoming and how concerned criminals are about being detected. 

"It's a very valuable technique. If your funds are tainted, you can then do more laundering and try to remove that association with a criminal activity until you have clean coins," he said. 

According to Dr. Robinson, this new trend is concerning that could make their work and law enforcement difficult. However, as per the researchers who examined it, the service isn't functioning very well right now. 

"It actually wasn't very good at identifying links to criminal sites. However, it will inevitably improve over time. So I think this is going to be a significant capability for criminals and money launderers in the future." 

Authorities all across the world, including China, the United Arab Emirates, and the United Kingdom, are attempting to address the rising problem of money laundering using cryptocurrencies. Cryptocurrency monitoring has resulted in several high-profile arrests, such as US teenager Graham Ivan Clark, who is presently in prison for plotting one of the largest-ever social media hacks. 

Last year, on July 15, Clark hacked into the accounts of dozens of celebrities, including Kim Kardashian, Elon Musk, Bill Gates, and Joe Biden, on Twitter.

"Everyone is asking me to give back," Mr. Gates stated in a tweet purportedly sent from his account. "You send $1,000, and I send you $2,000 back." After that, Clark and his hacking team tweeted an ad for a cryptocurrency fraud, which resulted in hundreds of transfers from people wanting to profit from the fraudulent giveaway. 

Clark gained more than $100,000 (£72,000) in only a few hours and began the process of transferring the money around to cover his tracks. He is now 18 years old, pleaded guilty, and is currently serving a three-year sentence in a Florida jail. 

The growing usage of so-called privacy coins is another trend that authorities are concerned about. Cryptocurrencies like Monero, for example, provide more secrecy than popular coins like Bitcoin. 

Hackers are now urging victims to pay with these currencies in return for a discount in some extortion incidents. This is a trend that is yet to completely take off, and Kim Grauer, director of research at bitcoin monitoring firm Chainalysis, believes that this technique offers disadvantages for criminals. 

"Privacy coins haven't been adopted to the extent that one may expect. The primary reason is they aren't as liquid as Bitcoin and other cryptocurrencies. Cryptocurrency is only useful if you can buy and sell goods and services or cash out into mainstream money, and that is much more difficult with privacy coins."