6th Annual Summer Kickoff Mixer July 14 at SPACES, Toronto

Category Archives: Cyber Security, Hack and Fraud Alerts

Hacker steals $625 million from Ronin blockchain NFT game Axie Infinity

The Verge | | Mar 29, 2022

Ronin and Axie Infinity - Hacker steals $625 million from Ronin blockchain NFT game Axie InfinityRoughly $625 million worth of cryptocurrency has been stolen from Ronin, the blockchain underlying popular crypto game Axie Infinity. Ronin and Axie Infinity operator Sky Mavis revealed the breach on Tuesday and froze transactions on the Ronin bridge, which allows depositing and withdrawing funds from the company’s blockchain.

Sky Mavis says it’s working with law enforcement to recover 173,600 Ethereum (currently worth around $600 million) and 25.5 million USDC (a cryptocurrency pegged to the US dollar) from the culprit, who withdrew it from the network on March 23rd. The attack focused on the bridge to Sky Mavis’ Ronin blockchain, an intermediary between Axie Infinity and other cryptocurrency blockchains like Ethereum.

See:  How someone used a flash loan and loose airdrop to claim $1.1 million APE tokens

According to Sky Mavis, an attacker used hacked private security keys to compromise the network nodes that validate transfers to and from the Ronin blockchain. That let the attacker quietly withdraw large quantities of Ethereum and USDC. The transfer was discovered today — nearly a week later — when another user attempted to withdraw 5,000 Ethereum through the bridge.

“As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of prioritizing security, remaining vigilant, and mitigating all threats,” the company said in its announcement. “We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.”

See: 

Wormhole Portal Exploit: Hackers Steal Nearly $320 Million of Wrapped ETH

Crypto.com $34 million stolen in user account hack | Data Breach Lessons

CipherTrace August 2021 Crypto Crime Report: Crypto Fraud Dips as DeFi Hacks Grow

According to Sky Mavis, the Ronin attack was possible partly because of a shortcut the company had taken to relieve an “immense user load” on its network in November of last year — months after the game exploded in popularity in the Philippines and other countries where players relied on it as a full-time job. The system was discontinued in December, but the permissions that allowed it were never revoked.

Continue to the full article --> here


NCFA Jan 2018 resize - Hacker steals $625 million from Ronin blockchain NFT game Axie InfinityThe National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Hacker steals $625 million from Ronin blockchain NFT game Axie InfinityFF Logo 400 v3 - Hacker steals $625 million from Ronin blockchain NFT game Axie Infinitycommunity social impact - Hacker steals $625 million from Ronin blockchain NFT game Axie Infinity

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Hacker steals $625 million from Ronin blockchain NFT game Axie Infinity



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - Hacker steals $625 million from Ronin blockchain NFT game Axie Infinity




 

Why Blockchain analytics are catching Washington’s attention

Protocol | Benjamin Pimentel | Mar 16, 2022

Chain analysis and BIGG - Why Blockchain analytics are catching Washington’s attention

In warning against the use of crypto by Russian oligarchs to evade war sanctions, Senate Democrats led by Elizabeth Warren cited data tools familiar to Wall Street and Silicon Valley but still obscure in Washington circles.

The senators, in a letter to the Treasury Department, pointed to the work of Elliptic and Chainalysis, whose programs scour billions of blockchain accounts and transactions in a global hunt for illicit transactions and hidden assets.

See:  SEC Inks Deal With Blockchain Analytics Firm AnChain.AI to Monitor DeFi Transactions

The Ukraine war is giving new urgency to the already brewing battle over crypto regulations. And it has turned the spotlight on blockchain analytics as a key way to unmask the inner workings of crypto, particularly the way funds and assets are moved and stored in blockchain networks designed to be transparent but quasi-anonymous.

Chris DePow, a senior adviser for financial institution regulation and compliance at Elliptic:

“There has been a steady uptick in the demand for blockchain analytics services, with a particular spike in interest over the past month or so.  The potential for the use of crypto for sanctions evasion … underscored the need for the implementation of adequate crypto transaction monitoring, wallet screening, forensics and crypto service provider due diligence.”

Blockchain analytics sprang from a need to crack down on bad actors when Mt. Gox, the crypto exchange, was hacked in 2014, the year Chainalysis launched.  Eventually, the field began to attract the interest of law enforcement agencies as crypto increasingly became associated with money laundering and other crimes.

See:  Department of Justice Publishes Cryptocurrency Enforcement Framework: “We see criminals using cryptocurrency to try to prevent us from following the money”

The Department of Homeland Security was the first major customer of Blockchain Intelligence Group, said Lance Morginn:

“Criminals are in the business of running and law enforcement is in the business of waiting — and waiting for them to slip up. Crypto may be “a pseudo-anonymous space,” he added. “But mistakes happen and then they can reveal who that person is by going to a choke point.”

The arrest of Ilya Lichtenstein and Heather Morgan on charges of laundering billions of dollars, for example, was unraveled in part by tracing a transaction on the blockchain from a wallet to a service used to buy a prepaid Walmart gift card.

Crypto’s rapid growth over the past few years led to more interest from other entities. These included big banks which, Morginn said, realized

“that if [banks] don't start today, they're going to be left behind and the Coinbases are going to become the new digital banks and threaten their existing business model.”

Blockchain analytics also drew more attention with the heightened focus on regulation and the need to comply with anti-money-laundering and KYC rules.

Continue to the full article --> here


NCFA Jan 2018 resize - Why Blockchain analytics are catching Washington’s attention The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Why Blockchain analytics are catching Washington’s attentionFF Logo 400 v3 - Why Blockchain analytics are catching Washington’s attentioncommunity social impact - Why Blockchain analytics are catching Washington’s attention

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Why Blockchain analytics are catching Washington’s attention



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - Why Blockchain analytics are catching Washington’s attention




 

90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)

Info Security | James Coker | Mar 10, 2022

cyber security threats - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)Adapting to a changing environment

IT managed services providers (MSPs) have faced extraordinary challenges during the pandemic. In many cases, they have carried the burden of responsibility for ensuring their customers have been able to continue to operate in the face of an uncertain and constantly changing business environment. At the same time, they have also had to adapt in order to continue to operate and survive.

Nine in 10 (90%) managed service providers (MSPs) experienced a successful cyber-attack in the past 18 months, according to new research by N-able.  More than four-fifths (82%) of MSPs reported seeing attacks on their customers rise in the past 18 months, preventing an average of 18 attacks per month.

See:  U.S. CISA Agency warns of potential increase in Cyber threats

The research reflected the views of 500 senior decision-makers at MSPs about their security experiences both before the pandemic and today.

Dave MacKinnon, chief security officer at N-able, commented: “MSPs have worked tirelessly throughout the pandemic to ensure that the businesses they support can stay online and connected as circumstances changed.  But the cyber-criminals they’re protecting against are working equally as hard to make use of these shifts against their targets. MSPs need to understand how the threat landscape continues to evolve and make the changes needed to protect both their customers and themselves and make the most of the enormous opportunity that enhancing security provides.”

Over half of respondents experienced financial loss and business disruption following an attack. At the same time, 46% said they had lost business, 45% suffered reputational effects and 28% saw their customers suffer a loss of trust.

See:  Fintech Cybersecurity Best Practices

The most common attack methods detected by MSPs were phishing (75%), DDoS (56%) and ransomware (42%).

cyber attacks 1 - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)

Attachs on MSPs are on the rise.  SMEs are increasing their security budgets.

Continue to the full article --> here


NCFA Jan 2018 resize - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months) The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)FF Logo 400 v3 - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)community social impact - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - 90% of IT Managed Service Providers Experienced a Successful Cyber-Attack (in the Past 18 months)




 

U.S. CISA Agency warns of potential increase in Cyber threats

Radical Compliance |   | Feb 23, 2022

cyber threats - U.S. CISA Agency warns of potential increase in Cyber threatsThe United States’ top cybersecurity regulator published a special bulletin this week listing numerous measures companies should implement immediately to ward off possible attacks from Russia during its Ukraine invasion.

CISA, the Cybersecurity Infrastructure and Security Agency, issued the bulletin on Tuesday in conjunction with the Department of Homeland Security. Both agencies stressed that they have no evidence of any specific cyber attacks Russia might be planning, but “we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”

See:  4 Tips for high growth fintechs looking to do compliance right

In other words — head in the game, people! Corporations around the world need to prepare now for any distractions or disruptions Vladimir Putin might cause abroad while he tries to take over Ukraine.

Steps to Reduce the Chance of an Intrusion

  • Confirm that all remote access to the organization’s network, as well as privileged or administrative access even within the network, requires multi-factor authentication.
  • Assure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that IT personnel have disabled all ports and protocols that aren’t essential for business purposes.
  • If the organization is using cloud services, assure that IT personnel have reviewed and implemented strong controls. (CISA has guidance on this if you need it.)

See: 

Steps to Detect Potential Intrusions Quickly

  • Assure that IT personnel are focused on identifying and assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
  • Confirm that the company’s entire network is protected by antivirus and anti-malware software, and that signatures in these tools are updated.
  • If you work with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Continue to the full article --> here

 


NCFA Jan 2018 resize - U.S. CISA Agency warns of potential increase in Cyber threats The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - U.S. CISA Agency warns of potential increase in Cyber threatsFF Logo 400 v3 - U.S. CISA Agency warns of potential increase in Cyber threatscommunity social impact - U.S. CISA Agency warns of potential increase in Cyber threats

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - U.S. CISA Agency warns of potential increase in Cyber threats



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - U.S. CISA Agency warns of potential increase in Cyber threats




 

Wormhole Portal Exploit: Hackers Steal Nearly $320 Million of Wrapped ETH

Finance Magnates | Bilal Jafar  | Feb 3, 2022

wormhole portal hack - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETHIn one of the largest crypto thefts of all time, Wormhole Portal, a bridge between Solana (SOL) and other blockchains, was exploited for approximately 120k wrapped ETH. The total value of the stolen crypto assets currently stands at around $320 million.

Wormhole has offered a bounty worth $10 million to hackers to return the funds. According to the company, its relevant department is working to resolve the issues.

See:  Crypto.com $34 million stolen in user account hack | Data Breach Lessons

“The wormhole network was exploited for 120k wETH. ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly. We are working to get the network back up quickly. Thanks for your patience,” Wormhole mentioned in a recent Tweet.

"Similar to previous large-scale DeFi hacks, potential victims and donation-seekers have begun to send the hacker on-chain messages through Ethereum transactions. These have ranged from small transfers of worthless tokens or those seeking donations using blockchain names such as 'hackerplsdonate.eth' to get the hacker's attention. One individual claimed to have lost $100,000 in the hack. This adds to the more than $2 billion in direct losses suffered by DeFi services due to hacks and exploits,” Elliptic highlighted.

DeFi hacks are surging. With growing popularity and adoption, the decentralized finance sector has seen a jump in theft and scams during the past 12 months. In January 2022, DeFi protocol Qubit Finance was attacked, and the network suffered a loss of nearly $80 million.

Continue to the full article --> here

 


NCFA Jan 2018 resize - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETH The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETHFF Logo 400 v3 - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETHcommunity social impact - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETH

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETH



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - Wormhole Portal Exploit:  Hackers Steal Nearly $320 Million of Wrapped ETH




 

IIROC Investor Alert: Hash​min​er​.io

IIROC | Release | Feb 9, 2022

IIROC investor alert - IIROC Investor Alert:  Hash​min​er​.ioBe an informed investor - Don't be fooled by fraudsters misrepresenting themselves

February 9, 2022 (Toronto, Ontario) – The Investment Industry Regulatory Organization of Canada (IIROC) is warning Canadian investors not to be fooled by Hashminer.io.

Investors have recently contacted IIROC asking about companies that claim to require account insurance through regulatory bodies like IIROC, including companies doing business as Hashminer.io or possibly as SaveFunds-Trading.com.

IIROC-regulated investment firms and individuals must meet our high standards and deal fairly, honestly and in good faith with Canadian investors. We urge Canadian investors to exercise caution when dealing with non IIROC-regulated firms.

IIROC also does not play a role in providing insurance or approving withdrawals from investor accounts. Any company asking for payment or to increase the amount on deposit with them before approving a withdrawal is likely fraudulent.

Learn more about red flags with IIROC's Tips to Spot and Prevent Fraud.

See:  IRS Special Agent “Seeing ‘Mountains Of Fraud in Cryptocurrencies, NFTs”

Certain crypto assets have generated a lot of hype. All investors must be informed and ask themselves important questions before purchasing higher-risk investment products that do not trade on stock exchanges.

Canadian investors should always confirm investment firms are registered with IIROC or with the CSA.

Investors can also check the background, qualifications and any disciplinary history of investment advisors registered with IIROC by checking the free AdvisorReport.

View the original release --> here


NCFA Jan 2018 resize - IIROC Investor Alert:  Hash​min​er​.io The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - IIROC Investor Alert:  Hash​min​er​.ioFF Logo 400 v3 - IIROC Investor Alert:  Hash​min​er​.iocommunity social impact - IIROC Investor Alert:  Hash​min​er​.io

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - IIROC Investor Alert:  Hash​min​er​.io



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - IIROC Investor Alert:  Hash​min​er​.io




 

Is Open Sea doing enough to combat NFT fraud?

The Guardian | Lois Beckett | Jan 29, 2022

open sea - Is Open Sea doing enough to combat NFT fraud?The digital marketplace for NFTs grew to an estimated $22bn last year but companies face challenges monitoring stolen art

Van Baarle is a popular digital artist, with millions of followers on social media. She’s one of a growing number of artists who have had online images of their art stolen, minted as unique digital assets on a blockchain, and offered up to trade in cryptocurrency on the NFT platform OpenSea.

The rise in such thefts comes as the market for non-fungible tokens, or NFTs, exploded last year, growing to an estimated $22bn, attracting Sotheby’s and Christie’s, and driving multimillion-dollar auctions for these new certificates of ownership of digital assets.

See:  NFT Boom Will Surely Lead to Questions Over Copyright, Control and Plagiarism

OpenSea has grown at a dizzying pace, and is now valued at $13bn. But amid its spectacular rise, the company is doing far too little to prevent the trade in fraudulent NFTs, some artists charge, and is placing much of the burden of policing art fraud on the artists themselves.

OpenSea said in a statement: “It is against our policy to sell NFTs using plagiarized content,” adding that it regularly delisted and banned accounts that did so. The company said it was working to build new image recognition and other tools that would quickly recognize stolen content and protect creators, and that it planned to launch some of them in the first half of this year.

A boon and nightmare for artists

“We’re in an incredible mushrooming of opportunity for digital artists,” said Schachter. “It’s 1,000% better than a year ago, two years ago, when there was no marketplace for any of this art.”

But other artists say that the past year’s crypto boom has been a nightmare. Among the problems is that anyone can “mint” a digital file as an NFT, whether or not they have rights to it in the first place, and the process is anonymous by default.

See:  Are NFTs More Than Just Art?

“It is much easier to make forgeries in the blockchain space than in the traditional art world. It’s as simple as right-click, save,” said Tina Rivers Ryan, a curator and expert in digital art at the Albright-Knox gallery in Buffalo, New York. “It’s also harder to fight forgers. How do you sue the anonymous holder of a crypto wallet? In which jurisdiction?”

‘How much of their valuation is from stolen art?’

Aja Trier, a Texas-based artist who has found viral fame for painting riffs on Van Gogh’s Starry Night featuring various breeds of dog, said she discovered 87,000 NFTs based on images of her work for sale on OpenSea, many of them priced at $9.88 each.

See:  Walmart Files Several Crypto, NFT and VR Gaming Patents

Trier said 500 listings of her stolen work were added in a single night, suggesting the theft was being automated and carried out by bots.

More than half of the company’s current staff works either full-time or extensively on issues of plagiarism and content moderation, OpenSea said:

[We are] developing “smart moderation” tools to speed up the company’s response to reports of plagiarism.

Continue to the full article --> here


NCFA Jan 2018 resize - Is Open Sea doing enough to combat NFT fraud? The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Is Open Sea doing enough to combat NFT fraud?FF Logo 400 v3 - Is Open Sea doing enough to combat NFT fraud?community social impact - Is Open Sea doing enough to combat NFT fraud?

Support NCFA by Following us on Twitter!






NCFA Sign up for our newsletter - Is Open Sea doing enough to combat NFT fraud?



Not to be missed! Registration NOW OPEN!

Help us kickoff the Summer in style


NCFA Summer Kickoff Jul 14 2022 800 - Is Open Sea doing enough to combat NFT fraud?