Safeheron Weekly Dispatch | AUG 26 '22

Security Incidents

Forged Twitter Account of Pudgy Penguins And Its Pishing Site Detected

PeckShield detected a phishing site xn--pudgypengun-lcb[.]com and a forged Twitter account that impersonates Pudgy Penguins. 22 NFTs have transferred to the scammer's address, including VeeFriends & Pudgy Penguin.

Hackers Steal Crypto From Bitcoin ATMs by Exploiting Zero-Day Bug

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. The attacker exploited the bug to add a default admin user named 'gb' to the CAS and modified the 'buy' and 'sell' crypto settings and 'invalid payment address' to use a cryptocurrency wallet under the hacker's control.

Kaoyaswap on BSC Was Attacked

Kaoyaswap on BSC appears to have been attacked, with hackers making 37,294 BUSD and 271.2 WBNB, caused by faulty logic in the Swap function.

Industry Updates

MakerDAO Partners With Huntingdon Valley Bank (HVBank)

This integration between MakerDAO and HVBank involves a 100 million DAI participation facility to support the growth of HVBank’s existing and new businesses. HVBank and RWA Master Participation Trust (established for the benefit of Maker) will not have a borrower-lender relationship. The Trust will have access to DAI liquidity in exchange for the sale of participation interests in the underlying whole loans originated by HVBank.

PayPal Joins Coinbase's TRUST Network

PayPal will work on increasing compliance with the so-called Travel Rule required of U.S. financial institutions by the Bank Secrecy Act, to share information about customers when those customers make transactions over a certain amount. Coinbase’s TRUST network aims to disclose the necessary data while protecting user privacy. It will avoid using a central store of user data and ensure its members are trustworthy through a compliance and risk management solution from Exiger.

NewsFlash

• Mexican Bitso signs agreement with Mastercard to offer credit card.

• Latin American crypto firm Ripio launches prepaid crypto card in Brazil.

• Cosmos ecosystem wallet Keplr launched a beta version of Keplr wallet for Firefox.

• Samsung Securities is considering launching its own cryptocurrency exchange next year. Six other major companies listed on the exchange also have plans to have a crypto trading platform in 2023.

• Moscow Exchange (MOEX) plans to release a product based on digital financial assets (DFAs) in 2022.

• Web3 software development Thirdweb closes $24 million round at a $160 million valuation.

• Spectral, a credit risk assessment infrastructure web3 startup, has raised $23 million in a round.

• Inworld AI, a developer platform for creating AI-driven virtual characters, closes $50M Series A.

• Ready Player Me, a platform to build dynamic cross-game avatars raises $56M.

• Hidden Road closes $50 million Series A funding.

Market Regulation

North America

• The Ontario Securities Commission (OSC) has issued another consumer alert warning residents of unregistered crypto platforms, including Kucoin.

• Huobi Tech’s Subsidiary Obtained MSB License in Canada.

Europe

• Blockchain for Europe and the Digital Euro Association sent a letter to MiCA suggesting fewer restrictions on non-Euro-referencing stablecoins.

• A new bill that could bring digital assets like stablecoins into the scope of local payments regulation is scheduled to be debated in Parliament for the first time in September.

Asia

• Philippines central bank approves two more digital banks, UnionDigital Bank, Inc. (UDB) and GoTyme Bank Corporation (GTYME), adding up to a total of six digital banks are now allowed to operate in the Philippines.

• Bhex, a Singapore-based crypto exchange, has secured a standard payment institution license from the Monetary Authority of Singapore (MAS).

Industry Briefing

Investors are taking note of the growing demand for protection. Venture capital firms have poured $257 million into crypto auditing and security companies so far this year, up from $185 million for all of 2021, according to CB Insights. 1,161 external projects have asked ConsenSys to audit their smart-contract code, close to the number for all of 2021 and up from 247 requests in 2020.

Their rising fortunes underscore how the industry is waking up to the threat of sophisticated hackers who have stolen roughly $2 billion from digital-asset protocols this year, according to researcher Chainalysis.

Over $100 million in NFTs have been stolen, netting perpetrators $300,000 per scam on average, according to a new report by blockchain analysis firm Elliptic covering nefarious crypto activity between July 2021 to July 2022.

With so much at stake, crypto security services are moving from the “nice to have” spending category to the “must have” bucket, even for bootstrapping startups and community-driven projects.