On the financial front, traditional powerhouses like Grayscale, BlackRock, and Fidelity are diving into Bitcoin, earning them the moniker 'Bitcoin whales.' These heavyweights are injecting billions into the digital currency, holding a sizable chunk of the finite 21 million bitcoins available.
Out of the 19 million bitcoins currently in circulation, an estimated 3.5 million are lost, either due to forgotten digital wallet details or lingering criminal proceeds. Concerns arise over the 2.3 million bitcoins held by cryptocurrency exchanges, acting as crypto-banks, sparking debates about reliance on centralised systems.
Adding to the mystery are 'unknown whales,' individuals or entities owning over 10,000 bitcoins, accounting for roughly 8% of the total. The remaining 7% of bitcoins are yet to be mined, with the last one expected in 2140. Meanwhile, Satoshi Nakamoto, Bitcoin's enigmatic creator, sits on an estimated 1.1 million bitcoins, securing a spot among the world's wealthiest.
Regulated investment firms, given the green light by US financial authorities, are now in the game. Grayscale, BlackRock, and Fidelity collectively hold about 4.5% of all bitcoins, signalling a significant shift.
Law enforcement's involvement introduces another layer, with nearly 200,000 bitcoins awaiting auction from cyber-crime seizures. MicroStrategy and Tether emerge as noteworthy Bitcoin holders, with MicroStrategy leading as the single largest organisation owner, holding around 193,000 Bitcoins. Tether, recognized for its stablecoin, claims an estimated 67,000 bitcoins.
Publicly listed Bitcoin miners, including Marathon and Hut8, contribute significantly, holding around 40,000 bitcoins collectively. Well-known investors like the Winklevoss Twins, Tim Draper, and companies like Tesla and Block add further diversity to the landscape.
Approximately 10.5 million bitcoins are believed to be held by the general public, constituting roughly 50% of the existing supply. However, the actual number of individual Bitcoin owners remains a mystery.
Interestingly, the recent surge in Bitcoin's value is credited not to individual retail investors but to Bitcoin whales, including major banks. Analysts suggest that these influential entities are steering both the price and demand, reshaping the once peer-to-peer digital cash dynamics.
As big financial players gather more and more bitcoins, it's making us rethink what Bitcoin was supposed to be. Originally, it was all about being decentralised and not controlled by big institutions. Now, with these financial giants holding a lot of bitcoins, we're wondering where Bitcoin is headed and if it's staying true to its roots. The world of cryptocurrency is changing, and it's not just affecting digital money – it's making waves in a much bigger way.
The New York State Department of Financial Services claims that Gemini, which the twins started following their well-known argument with Mark Zuckerberg over who developed Facebook, neglected to "fully vet or sufficiently monitor" Genesis, Gemini Earn's now-bankrupt lending partner.
The Earn program, which promised users up to 8% income on their cryptocurrency deposits, was canceled in November 2022 when Genesis was unable to pay withdrawals due to the fall of infamous scammer Sam Bankman-Fried's FTX enterprise.
Since then, almost 30,000 residents of New York and over 200,000 other Earn users have lost access to their money.
Gemini "engaged in unsafe and unsound practices that ultimately threatened the financial health of the company," according to the state regulator.
NYSDFS Superintendent Adrienne Harris claimed in a statement that "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown."
Customers of Earn, who are entitled to the assets they committed to Gemini, have won with today's settlement.
“Collecting hundreds of millions of dollars in fees from Gemini customers that otherwise could have gone to Gemini, substantially weakening Gemini’s financial condition,” was the unregulated affiliate that dubbed Gemini Liquidity during the crisis.
Although it did not provide any details, the regulator added that it "further identified various management and compliance deficiencies."
Gemini also consented to pay $40 million to Genesis' bankruptcy proceedings as part of the settlement, for the benefit of Earn customers.
"If the company does not fulfill its obligation to return at least $1.1 billion to Earn customers after the resolution of the [Genesis] bankruptcy," the NYSDFS stated that it "has the right to bring further action against Gemini."
Gemini announced that the settlement would "result in all Earn users receiving 100% of their digital assets back in kind" during the following 12 months in a long statement that was posted on X.
The business further stated that final documentation is required for the settlement and that it may take up to two months for the bankruptcy court to approve it.
The New York Department of Financial Services (DFS) was credited by Gemini with helping to reach a settlement that gives Earn users a coin-for-coin recovery.
Attorney General Letitia James of New York filed a lawsuit against Genesis and Gemini in October, accusing them of defrauding Earn consumers out of their money and labeling them as "bad actors."
James tripled the purported scope of the lawsuit earlier this month. The complaint was submitted a few weeks after The Post revealed that, on August 9, 2022, well in advance of Genesis's bankruptcy, Gemini had surreptitiously taken $282 million in cryptocurrency from the company.
Subsequently, the twins stated that the change was made to the advantage of the patrons.
The brothers' actions, however, infuriated Earn customers, with one disgruntled investor telling The Post that "there's no good way that Gemini can spin this."
In a different lawsuit, the SEC is suing Gemini and Genesis because the Earn program was an unregistered security.
The collapse of Earn was a significant blow to the Winklevoss twins' hopes of becoming a dominant force in the industry.
Gemini had built its brand on the idea that it was a reliable player in the wild, mostly uncontrolled cryptocurrency market.
The activity was attributed by the BlackBerry Research and Intelligence Team to an unidentified financially motivated threat actor operating in Latin America. The campaign has been active since 2021, at least.
"Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company said in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud."
The attacks are specifically intended to target big businesses with annual sales of more than $100 million. Retail, agriculture, the public sector, manufacturing, transportation, commercial services, capital goods, and banking are among the industries targeted.
The attack begins with a ZIP file that is either distributed through phishing emails or a drive-by compromise. This file contains an MSI installer file that launches a.NET downloader, which verifies the victim's geolocation in Mexico and retrieves the modified AllaKore RAT, a Delphi-based RAT that was first discovered in 2015.
"AllaKore RAT, although somewhat basic, has the potent capability to keylog, screen capture, upload/download files, and even take remote control of the victim's machine," BlackBerry said.
An additional feature added to the malware comprises support for commands from the threat actors regarding banking frauds, targeting banks and crypto trading platforms, launching a reverse shell, extracting clipboard content, and fetching and executing additional payloads.
The campaign's use of Mexico Starlink IPs and the insertion of Spanish-language instructions to the modified RAT payload provide the threat actor with ties to Latin America. Moreover, the lures used are only effective for businesses big enough to submit reports directly to the Department of the Mexican Social Security Institute (IMSS).
"This threat actor has been persistently targeting Mexican entities for the purposes of financial gain[…]This activity has continued for over two years, and shows no signs of stopping," the company stated.
This research comes with a report by IOActive, revealing it has discovered three vulnerabilities (CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177) in the Lamassu Douro bitcoin ATMs that might provide physical access to an attacker the ability to take complete control of the machines and steal user data.
Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database.
The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.
DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”
In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.
Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.
Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.
In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.
It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.
This initiative, which has a 1,000-participant annual cap, seeks to attract high-net-worth individuals by providing them with residency and eventual citizenship in exchange for their investment.
The initiative will require the ‘participant’ to make a $1 million investment in BTC or USDT, and successful applicants will be eligible for a Salvadoran passport and citizenship. According to a Bitcoin news source, Adriana Mira, El Salvador's Vice Minister of Foreign Affairs, emphasized the program as a critical step for anyone hoping to contribute to El Salvador's economic future.
However, Tether needed to make it clear where the funding will take place.
In September, El Salvador became the first nation to accept Bitcoin as a legal tender. The country required companies to accept the popular cryptocurrency as payment and launched a digital wallet named "Chivo" to encourage its citizens to use it by offering a $30 sign-up bonus in Bitcoin.
However, this plan evoked controversies among the Salvadoran public, with them protecting against the action – and President Nayib Bukele's alarming shift towards autocracy ensued – a vast majority of them continuing the use of cash. According to Fortune, Bitcoin's price fell from an all-time high of over $69,000 in November 2021—when Bukele announced the building of a “Bitcoin City”— to less than $17,000 by the start of 2023 as a result of Bukele's disastrous use of tens of millions of federal funds on the cryptocurrency.
Despite the controversy revolving around the initiative, the country has gained popularity among Bitcoin enthusiasts worldwide. The country’s tourism minister announced in May that travellers were coming to the nation in unprecedented quantities because of its dedication to cryptocurrency. This included a huge number of the most well-known “Bitcoin maxis” in the world, such Swan Bitcoin, a powerful business that established a home in El Zonte, a surf town that is primarily responsible for sparking the nation’s Bitcoin experiment.
However, things take a different turn when he finds out (from a pizza cat), that the NFT ‘craze’ is over.
This episode is gaining wide recognition from the NFT fans and sceptics for the Simpsons makers for creating a parody related to the crypto industry and how it peaked a few years ago but has since quieted down.
According to an analysis of the issue, the famous Non-Fungible Token market witnessed its biggest low recently, with October being labelled as a “Floptober.”
According to researchers at Dapp Radar, the NFT value has hit its lowest since the NFT market peaked.
The overall amount of money sold in the sector, or trading volume, has decreased by 89% since the start of 2022.
It was $12.6 billion (£10.4 billion) in the first quarter of 2022, and as of the third quarter of 2023, it is only $1.39 billion.
Additionally, the sector is shrinking. The makers of the infamous Bored Ape NFTs, Yuga Labs, revealed an undisclosed number of layoffs last month.
Among its most well-known series is Bored Ape Yacht Club. Millions of dollars were once paid for NFTs, which were driven by wealthy customers such as talk show presenter Jimmy Fallon and media sensation Paris Hilton.
Since October 2022, Paris Hilton has not posted on X (formerly Twitter) about the NFTs, despite the fact she has posted almost daily from January and February 2022 to promote her collections.
The value of the cheapest NFT in the collection, Bored Ape NFTs, peaked in the beginning of May 2022 and cost approximately $268,000 (144 Ethereum tokens), according to the NFT Price Floor website. It is now only $56,000.
Due to increasingly poor bids, US collector and artist Taylor Whitley was compelled to sell six of his seven highly valued Bored Ape NFTs.
"I haven't really wanted to sell, but the market is really bad, so it's the smart thing for me to do. I think the NFT market could even go lower," states Taylor in a talk with BBC.
Taylor rejected many better offers for his most prized Bored Ape in the past, but last month he sold it for $212,000 dollars.
If he had sold at the peak, he could have received at least ten times more for his NFTs. Even though it hurt, he was an early investment and still made huge gains. He made 1,000 times more money on his most recent transaction than on his original $200 investment.
For every Bored Ape NFT, there are several other smaller brands and artists that are aiding the NFT industry.
Angie Taylor, a Scottish artist, used to receive up to $8,000 for every NFT piece, but these days she only makes about $600.
She was forced to return to her part-time tutoring work before to NFT.
She says, "I'm still selling bits and pieces here and there, but I am having to do a day job as well. I can't make a living off this anymore with nothing else."
However, she was aware that the bubble would eventually burst.
"I kind of budgeted for this to happen, because I thought, this is a boom and bust type of situation," she says.
Obviously, this is a buyers' market, and many contented purchasers are taking advantage of the slump.
Recently, Adam, also known online as Little Fish, made $663,000 for his crypto-punk artwork NFT.
Although the European full-time cryptocurrency investor recognizes that the sum is substantial, he believes he received a good deal on his CryptoPunk #36009./ After all, its seller turned down a $1.18 million offer a year ago.
"The downturn is exactly why I bought it. People are desperate. In the winter time you can buy summer clothes for cheap," he says.
Adam further says that he believes that summer will come again for NFTs, and he will “enjoy it,” whenever it does.
Among other malware, StripedFly can steal access credentials from targeted systems, and take capture screenshots, obtain databases, private files, movies, or other relevant data, and record audio in real time by breaking into a target's microphone. Interestingly, StripedFly conceals communication and exfiltration between the malware and its command-and-control servers using a novel, proprietary Tor client.
Additionally, there is a ransomware component that has occasionally been used by attackers. Using a modified version of the infamous EternalBlue exploit that was published by the US National Security Agency, it first infects targets.
While StripFly can steal Monera cryptocurrency, that is only a portion of what it is capable of. The researchers found this out last year and thoroughly examined it before making their results public.
Kaspersky researchers Sergey Belov, Vilen Kamalov, and Sergey Lozhkin wrote in the post, "What we discovered was completely unexpected; the cryptocurrency miner was just one component of a much larger entity."
According to the researchers, the platform is essentially "a hallmark of APT malware" since it has update and delivery capabilities via reliable services like Bitbucket, GitHub, and GitLab—all of which use specially encrypted archives—as well as an integrated Tor network tunnel for communication with command-and-control (C2) servers./ The researchers further notes that discovering the breadth of StripedFly is ‘astonishing,’ taking into account its successful evasion from getting detected in six years.
The main structural component of the malware is a monolithic binary code that could be expanded by the attackers through different pluggable modules. Every module, whether for added functionality or to offer a service, is in charge of setting up and maintaining its own callback function in order to communicate with a C2 server.
The platform initially emerges on a network as a PowerShell that seems to leverage a server message block (SMB) attack, which looks to be a modified variant of EternalBlue. EternalBlue was first discovered in April 2017 and is still a danger to unpatched Windows systems.
Depending on the availability of its PowerShell interpreter and certain privileges made available in the process, the malware uses a variety of methods for persistence. The researchers notes that, "typically, the malware would be running with administrative privileges when installed via the exploit, and with user-level privileges when delivered via the Cygwin SSH server," the researchers wrote.
The functionality modules are wide and varied, giving attackers a range of options that enable them to continuously monitor a victim's network activity. The modules include the Monero cryptominer mentioned earlier, as well as a variety of command handlers, a credential harvester, repeatable tasks that can record microphone input, take screenshots, and carry out other tasks on a scheduled basis, a reconnaissance module that gathers a lot of system data, and SMBv1 and SSH infectors for worming and penetration capabilities.
Fundamentally, anyone can access and upload data, thanks to technology; nevertheless, bitcoin has transformed that data into directly valuable economic assets by establishing a bearer asset that can be traded for goods or fiat money. Interestingly, transferring texts is banned in one nation, they are completely legal in another.
Project Spartacus, an effort to employ ordinals to inscribe every war record on Wikileaks, was inspired by this new use case. An interview with Dr. Ai Fen, the first "whistleblower" physician in China during the COVID-19 pandemic, was also banned. It was first posted on the Ethereum blockchain and many of the resources pertaining to her were progressively removed from the Chinese Internet.
A new technique called ordinals makes it possible to associate each sat in a Bitcoin transaction with an equivalent resource in the Bitcoin's memory pool. As a result, it is now possible to generate NFTs on Bitcoin.
Project Spartacus uses ordinals to facilitate the conversion of Wikileaks war log photos into Bitcoin. In this case, the objects in question are a permanent archive of papers related to which Julian Assange was prosecuted. By choosing to commit one of the war logs to every block, they can make sure that the financial power underlying Bitcoin is dedicated to safeguarding the logs. Additionally, there is a section for Bitcoin donations to different nonprofit organizations.
Not only has non-economic data been put into Bitcoin blocks before, but with ordinals, there has never been a greater need or opportunity for programmatic inscription implementation. The secret is to utilize a script and imprint several images or actions such that, to the user, they appear to be a single transaction.
The ideology behind Bitcoin’s creation has led to this new censorship-resistant way of disseminating information. Monero, one of the first Bitcoin forks, gets its name from the Esperanto word for money. Socialist nations like Vietnam and the People's Republic of China co-opted Esperanto, the misguided attempt by anarchists with a global mindset to communicate, in order to strengthen their hold on power.
With its value rooted in far more modern technology and financial incentives for its survival, bitcoin has a far better chance of surviving and spreading.
According to a report by Elliptic – one of the largest providers of blockchain analytics and crypto compliance solutions – the hackers cleverly masked their activity by moving the stolen assets through a series of intricate transactions. They used private wallets and decentralized exchanges to make it more difficult to trace them. Elliptic was able to track the money, though, and discovered that the hackers distributed a sizable percentage of it to several locations after converting a considerable amount into ether. Potential connections to Russian actors are also revealed by Elliptic's on-chain analysis.
According to Elliptic, Russia is potentially behind the FTC hack. Apparently, the hacker’s procedures and the subsequent travel of the stolen funds resemble tactics frequently linked to Russian cybercriminals.
The research firm claimed that the laundering tactics used post-theft are strikingly similar to those typically used by Russian hackers. The method they moved money, the private wallets they preferred, and their affinity for decentralized exchanges are all reminiscent of strategies Russian hackers have employed in the past.
The speed and efficiency with which the stolen fund’s laundering is carried out suggested that the campaign was well-planned by an experienced group of hackers. The suspects so far have included everyone from rogue FTX personnel carrying out an inside job to the North Korean hacking collective Lazarus, which has been linked to a number of crypto protocol flaws. While the suspects could be several in number, Russian threat actors check most of the boxes for the ones behind the hack.
Elliptic stated "A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”
Elliptic’s analysis not only emphasize the significance of advanced blockchain analytics in confronting such challenges but also highlights the geopolitical implications present in cybercrime cases. With the swift developments in the digital currency realm, acquiring an insight into the origins and motivations behind these attacks has become important for both security measures and international diplomatic relations.