Decentralized Venture Ecosystem

Category Archives: Cyber Security, Hack and Fraud Alerts

Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volume

ChainAnalysis | Jan 6, 2022

Crypto scams - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volumeCryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.  BUT those numbers don’t tell the full story.

Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all.

In fact, with the growth of legitimate cryptocurrency usage far outpacing the growth of criminal usage, illicit activity’s share of cryptocurrency transaction volume has never been lower.

See:  NASAA: Crypto scams are the leading threat to investors in 2022

Transactions involving illicit addresses represented just 0.15% of cryptocurrency transaction volume in 2021 despite the raw value of illicit transaction volume reaching its highest level ever.

However, we also have to balance the positives of the growth of legal cryptocurrency usage with the understanding that $14 billion worth of illicit activity represents a significant problem. Criminal abuse of cryptocurrency creates huge impediments for continued adoption, heightens the likelihood of restrictions being imposed by governments, and worst of all victimizes innocent people around the world.

DeFi’s rise leads to new opportunities in crypto crime

In 2020, just under $162 million worth of cryptocurrency was stolen from DeFi platforms, which was 31% of the year’s total amount stolen. That alone represented a 335% increase over the total stolen from DeFi platforms in 2019. In 2021, that figure rose another 1,330%.

percentage of ilicit funds received by service type - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volume

See:  Blockchain Vulnerabilities, Forensics And Legal Challenges

We’ve also seen significant growth in the usage of DeFi protocols for laundering illicit funds, a practice we saw scattered examples of in 2020 and that became more prevalent in 2021. Check out the graph below, which looks at the growth in illicit funds received by different types of services in 2021 compared to 2020.

Continue to the full article --> here


NCFA Jan 2018 resize - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volume The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volumeFF Logo 400 v3 - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volumecommunity social impact - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volume

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Last year, illicit crypto addresses received all-time-high $14 billion but that was only 0.15% of total volume



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

NASAA: Crypto scams are the leading threat to investors in 2022

Investment Executive |James Langton | Jan 10, 2022

illicit share of all crypto transactions - NASAA:  Crypto scams are the leading threat to investors in 2022

Frauds and scams involving crypto and other digital assets are the leading threat to investors in 2022, according to the North American Securities Administrators Association (NASAA).

The umbrella group of U.S. state and Canadian provincial regulators released its annual list of the top investor protection concerns, based on surveys of the regulators themselves.

See:  Over 400 SEC new enforcements in 2021 including Crypto, Dark Web, DeFi targets

Schemes that are linked to crypto (and digital assets generally) were the leading issue, followed by promissory notes frauds, social media scams, and schemes targeting self-directed retirement accounts.

Joseph Borg, Alabama Securities Commission director and co-chair of NASAA’s enforcement committee, said in a release:

“By far, NASAA’s securities regulators revealed that investments related to cryptocurrencies and digital assets is our top investor threat”

NASAA said that the added uncertainty about where digital assets fit within the traditional regulatory framework may make it easier for fraudsters to dupe investors.

“Before you jump into the crypto craze, be mindful that cryptocurrencies and related financial products may be nothing more than public facing fronts for Ponzi schemes and other frauds,” said Joseph Rotunda, Texas State Securities Board enforcement division director, and vice-chair of NASAA’s enforcement committee.

Chain Analysis: Illicit crypto activity reaches all-time high BUT total Crypto activity growing faster

“The most common telltale sign of an investment scam is an offer of guaranteed high returns with no risk. It is important for investors to understand what they are investing in and with whom they are investing,” said Melanie Senter Lubin, president of NASAA and Maryland Securities Commissioner.

Continue to the full article --> here

 


NCFA Jan 2018 resize - NASAA:  Crypto scams are the leading threat to investors in 2022 The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - NASAA:  Crypto scams are the leading threat to investors in 2022FF Logo 400 v3 - NASAA:  Crypto scams are the leading threat to investors in 2022community social impact - NASAA:  Crypto scams are the leading threat to investors in 2022

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - NASAA:  Crypto scams are the leading threat to investors in 2022



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

Fintech Cybersecurity Best Practices

Tech Bullion | Angela Scott-Briggs | Dec 27, 2021

cybersecurity best practices - Fintech Cybersecurity Best PracticesHacking attacks and data theft are more rampant than ever. So cybersecurity is a crucial concern for modern businesses. While threats prevail in all domains, fintech companies need to be extra conscious. You cannot undermine security risks at any point because you hold the financial information of customers.  A single vulnerability in your systems is all a hacker needs to get through. They can steal data and money, causing your business to lose customer trust and reputation in the long run.

See:  Remote Working Cybersecurity Checklist

The pandemic has brought financial technology to the forefront as electronic payment systems, mobile transfers, and automated and algorithmic trading are the need of the hour. Not surprisingly, businesses offering these services need to go the extra mile with cybersecurity. But most organizations fail to do it because they simply have no idea securing their data, applications, and systems. Here are some best practices to keep your business on the safe side.

Prioritize identity and access management

Large fintech companies often struggle to maintain transparency about access to their systems and networks. You cannot rely on manual access management processes as they are time-consuming and risky with ever-changing teams. Integrating an innovative identity and access management system keeps your business secure in the long run. You can depend on it to protect your company from internal threats and cyber attackers. For example, you can use AI technology for online document verification. It lets you eliminate illegitimate documents and prevent unauthorized access and fraudulent activities.

Secure the cloud

Most fintech applications run on the cloud. It is both an opportunity and a risk for businesses. While you can deliver seamless services to your customers on the cloud, it exposes your data and security to attacks. An expanded attack surface can be daunting for any business. Thankfully, implementing a robust cloud security strategy provides the coverage you need to secure your company and customers. Securing the cloud fortifies your business today and even as new threats emerge over time.

Perform architecture and code review

Fintech applications are perhaps the most vulnerable aspect of your business. But you can secure them with proper architecture and code review. Ensure that you define the security requirements and features of the product to your development team before they write even a single line of code.

See:  Quantum computers could crack the cryptography that underpins financial stability

Remember that you should never compromise security at the cost of convenience. Collaborate with a code review team to get flawless applications that deliver only the best to your customers. It takes a massive effort to go through the entire code, but it is worthwhile.

Invest in proactive security assessments

Fintech companies can go the extra mile with cybersecurity by investing in proactive security assessment. Hackers are always at large, so you must do your bit to stay one step ahead. Surprisingly, experts recommend you hire a hacker to do so, though this professional must be an ethical one. They can perform penetration tests on your systems and applications to detect the vulnerabilities therein. Even better, they can suggest relevant measures to patch these flaws and ensure safety in the long run. Knowing that hackers have no way to proliferate your systems gives you peace of mind.

Continue to the full article --> here


NCFA Jan 2018 resize - Fintech Cybersecurity Best Practices The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Fintech Cybersecurity Best PracticesFF Logo 400 v3 - Fintech Cybersecurity Best Practicescommunity social impact - Fintech Cybersecurity Best Practices

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Fintech Cybersecurity Best Practices



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

[Alert]: Saskatchewan’s consumer affairs authority issues warning about crypto platform CoinRise

CBC | Dec 27, 2021

Coinrise not registered to sell securities - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRiseCoinRise Ltd. is not registered to trade or sell securities or derivatives in Saskatchewan, authority says

The Financial and Consumer Affairs Authority of Saskatchewan has issued a warning about a cryptocurrency platform, which claims to be based out of Regina.

The online trading platform CoinRise Ltd. is not registered to trade or sell securities or derivatives in Saskatchewan, according to the warning issued on Dec. 22.

CoinRise Ltd. did not respond to CBC News requests for comment about the financial consumer affairs authority warning.

See:  Over 400 SEC new enforcements in 2021 including Crypto, Dark Web, DeFi targets

CoinRise Ltd.'s website states it helps people "take control of your investments and take your investment skills and abilities to the next level" through cryptocurrency trading and investment opportunities

The company's website said its employees had years of experience working with various partners in "all aspects of dealing with finance."

The company's website listed an address on Hamilton Street in Regina, though an auto-generated response to an email requesting comment for this article listed a different address in the capital along Quance Street E.

The consumer affairs authority warned investors and consumers not to send money to companies not registered in Saskatchewan as they may not be legitimate and their money could be lost.

See:  How you can experiment, learn and improve with OSC TestLab

Anyone who invested with, or was contacted by anyone claiming to act on CoinRise Ltd.'s behalf was asked to call the financial and consumer affairs authority's securities division at 306-787-5936.

Continue to the original article --> here


NCFA Jan 2018 resize - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRise The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRiseFF Logo 400 v3 - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRisecommunity social impact - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRise

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - [Alert]:  Saskatchewan's consumer affairs authority issues warning about crypto platform CoinRise



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

Security advice for emerging tech companies and investors

CPNI and National Cyber Security Centre | Jun-Jul, 2021

Security advice for emerging tech companies and investors - Security advice for emerging tech companies and investors

The following is a list of actions that your startup can take to reduce the likelihood of falling victim to a more common security attack and lay the foundation for strong security as your company grows:

Security guidance for emerging technology companies

  • Set the tone for a positive security culture
  • Determine what you need to protect
  • Build security into your environment
  • As you increase collaboration, do so with security in mind
  • Check and understand as you expand internationally into new markets
  • As your team grows and you can no longer rely  on personal relationships alone to build trust
  • Minimize damage caused by  a breach with a well-planned response

Download the 21 page PDF report --> here

 

Security advice for emerging technology investors

The following questions are intended to help you engage with emerging technology startups that you are considering investing in.  These should be used to inform your due diligence investigations and to encourage companies to take a security-minded approach that will better protect your investment.

ISED: Cyber Security and Policy Statements

You may seek to incorporate some of these as conditions on which your investment depends to minimise risk  of a security incident and maximise the chance of a return on your investment.

What to expect from your portfolio companies

  • As you conduct your pre-investment due diligence
  • Does the company have any overseas investors associated with a country which may be viewed
  • as hostile to the UK or one which has different democratic and ethical values f rom our own?
  • Could the involvement of other investors inhibit future fundraising or the sale of the company because of legal, ethical or compliance issues, particularly in relation to sanctions, the National Security and Investment Act or export control?

See:  Fintech Fridays EP52: Technology Due Diligence Process and Cyber Security Risks

Now the startup is up and running, are you satisfied that:

  • Security is owned and discussed at Board level?
  • The company has identified its most valuable assets and conducted a risk  assessment to determine what mitigations should be in place around those assets?
  • Intellectual Property (IP) protections are in place?
  • Access to information and assets is controlled and limited to just those trusted individuals who need it?
  • Essential security measures have been built into the IT setup?
  • The company has sought suppliers whose security arrangements meet company requirements?

See:  OFSI Publishes Draft Guidelines on Technology and Cyber Risk Management

Protecting your investment

  • As the startup increases collaboration
  • Expands into new markets and through further investment
  • Takes on additional staff
  • In preparation for security incidents

Download the 16 page PDF report --> here


NCFA Jan 2018 resize - Security advice for emerging tech companies and investors The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Security advice for emerging tech companies and investorsFF Logo 400 v3 - Security advice for emerging tech companies and investorscommunity social impact - Security advice for emerging tech companies and investors

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Security advice for emerging tech companies and investors



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

Kickstarter plans to move its crowdfunding platform to the blockchain

TechCrunch via Yahoo Finance | | Dec 8, 2021

kickstarter adding blockchain finance - Kickstarter plans to move its crowdfunding platform to the blockchainCrowdfunding platform Kickstarter is making a big bet on the blockchain, announcing plans to create an open source protocol "that will essentially create a decentralized version of Kickstarter’s core functionality." The company says the goal is for multiple platforms to embrace the protocol, including, eventually, Kickstarter.com.

Kickstarter is launching a new organization called Kickstarter PBC, which will begin development of the protocol. Kickstarter is funding the project, appointing an initial board for the organization and committing to be one of the first platforms on the protocol, though no specific timelines were offered for when such a transition might take place.

See:  FreeRossDAO: Another blueprint for peer to peer Crypto Crowdfunding

The company also announced that they're establishing an "independent governance lab," which will publish research and engage with the community on the topic of protocol governance.

It's an interesting path for Kickstarter, which already shares some philosophical DNA with blockchain products allowing consumers to support projects and build up a community around them while taking a stake in the success of those products. While the "stake" in Kickstarter's model has been a completed physical or digital product, newer blockchain crowdfunding platforms are upending that model by giving users tokens tied to the projects which can accrue in value as the product matures. Some of these efforts are questionably legal, but there are endless ways to obfuscate what exactly is being bought and sold by users.

See:  3 Trends in 2022 Predicted to Shape Investment Crowdfunding

For the time being it seems Kickstarter is aiming to proceed slowly in terms of how the protocol will impact the user experience.

"As a user, the Kickstarter experience you’re familiar with will stay the same. You won’t 'see' the protocol, but you will benefit from its improvements," a blog post from the company reads.

Continue to the full article --> here


NCFA Jan 2018 resize - Kickstarter plans to move its crowdfunding platform to the blockchain The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Kickstarter plans to move its crowdfunding platform to the blockchainFF Logo 400 v3 - Kickstarter plans to move its crowdfunding platform to the blockchaincommunity social impact - Kickstarter plans to move its crowdfunding platform to the blockchain

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Kickstarter plans to move its crowdfunding platform to the blockchain



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate




 

Blockchain Vulnerabilities, Forensics And Legal Challenges

McCarthy Tetrault | Barry B. Sookman | Nov 19, 2021

Hacks scams fraud in blockchain - Blockchain Vulnerabilities, Forensics And Legal ChallengesIt is often assumed that blockchain based digital currencies and applications are safe and secure. In fact, blockchain ecosystems including cryptocurrencies such as bitcoin and Ether, smart contracts that power a plethora of transactions, and blockchain exchanges have many vulnerabilities.

Like many other financial systems, blockchain based systems are subject to all manner of hacks, frauds scams, and vulnerabilities. They happen at the speed and anonymity of the Internet.

There are, understandably, numerous legal challenges when it comes to obtaining civil remedies for these Internet based crimes. This is as true, and perhaps even more so, for blockchain hacks, scams, and frauds as it is for a whole host of other Internet crimes and wrongs.

Blockchain vulnerabilities, hacks, frauds and scams

There are trillions of dollars invested in blockchain based digital currencies. Bloomberg recently estimated that the cryptocurrency market is now worth more than U.S. $3 trillion. There are well recognized financial risks associated with cryptocurrencies volatility. But, this has not seemed to have dampened the market for these items.

See:  Crypto fraud and breaches on pace to exceed $3 billion in 2021

While losses from hacks and vulnerabilities are hard to estimate, by one account hackers have stolen nearly $2 billion worth of cryptocurrencies in the two year period between 2017-2019. Some hacks are by lone hackers, but many are by sophisticated cybercrime organizations. According to a recent article In the MIT Security review, the hype that these assets are unhackable  are “dead wrong”. According to the article:

In short, while blockchain technology has been long touted for its security, under certain conditions it can  be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it’s more of a gray area—the complicated result of interactions between the code, the economics of the blockchain, and human greed. That’s been known in theory since the technology’s beginning. Now that so many blockchains are out in the world, we are learning what it actually means—often the hard way. [ii]

As with every other financial system, there are opportunities for fraud. One vector is fraud associated with online marketplaces.

Private key security attacks are also a known means of allowing malicious actors to steal cryptocurrencies. A private key allows individuals to access funds and verify transactions. An attacker who has discovered a vulnerability in an elliptic curve digital signature algorithm, for example, can recover a user’s private key. If a private key is stolen, it is difficult to track any related criminal activity and recover the relevant blockchain asset.[viii]

See:  Decentralized Finance—Risks, Regulation, and the Road Ahead

Hackers have also been known to steal the keys to cryptocurrency wallets.[ix]

Of course marketplaces, like almost every other organization in Canada are subject to data breaches from a myriad of sources.

Despite all the security features blockchain offers, individuals and organizations are still susceptible to phishing attacks.

SIM swap attacks are also not uncommon.

Hackers have also been known to exploit technical weaknesses in blockchain systems.

Hackers can also engage in Routing Attacks. Blockchains rely on real-time, large data transfers. Hackers can intercept real-time large data transfers such as by hijacking IP prefixes or dropping connections momentarily, preventing the system from reaching consensus.

See: 

Crypto scams, DeFi hacks, and rug pulls: Why the crypto industry needs insurtech

CipherTrace August 2021 Crypto Crime Report: Crypto Fraud Dips as DeFi Hacks Grow

Other examples of technical weaknesses were a cryptographic flaw in the cryptocurency Zcash that could have been exploited to make unlimited counterfeit Zcash and in bitcoin’s main client, Bitcoin Core, that had a flaw that could have let attackers mint more bitcoins than the system was supposed to allow. [xviii]

Research shows that there are also many other security vulnerabilities associated with in smart contracts[xxi] Other types of attacks include the “Balance Attack” and “Sybil Attacks”. [xxii]

Continue to the full article --> here

 


NCFA Jan 2018 resize - Blockchain Vulnerabilities, Forensics And Legal Challenges The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Blockchain Vulnerabilities, Forensics And Legal ChallengesFF Logo 400 v3 - Blockchain Vulnerabilities, Forensics And Legal Challengescommunity social impact - Blockchain Vulnerabilities, Forensics And Legal Challenges

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Blockchain Vulnerabilities, Forensics And Legal Challenges



For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate