FreeCryptoCurrency.Me

Crypto ransomware payments have generated more than $69.3 million from the top 10 attacks since 2020. The $40 million paid in bitcoin by the Chicago-based insurance company CNA Financial represents 57.7% of that total.

As the use of cryptocurrencies like bitcoin has grown, so has their popularity among ransomware groups, since they offer a different level of risk than using traditional banking methods, which generally allow for the seizure of funds.

The top crypto ransomware payments have been identified in a new report from the web3-focused bug bounty platform Immunefi, connected to eight specific malware strains.

JBS, CWT, Brenntag, Colonial Pipeline, Travelex, UCSF, BRB Bank, Jackson County and the University of Maastricht join CNA Financial in the top 10, with ransom payments ranging from $218,000 to $40 million. All payments were made in bitcoin with the ransomware strains originating from Russia, Eastern Europe and Iran.

Source: Immunefi

Only two of the companies involved were able to recover any of the payments made. Colonial Pipeline recovered $2.3 million of its $4.4 million ransom payment, while the University of Maastricht managed to recover the full $218,000 it paid. In total, those recoveries make up just 3.6% of the top crypto ransomware payments.

According to Immunefi’s report, researchers detected eight specific malware strains related to the ransom payments. Ransomware-as-a-Service operators REvil/Sodinokibi and Darkside were the most used. Phoenix CryptoLocker, a variant of the ransomware family released by Russian-based cybercriminal group Evil Corp, was the most profitable and was behind the extortion of CNA Financial.

To protect from ransomware attacks, Immunefi recommended that organizations ensure they have extensive and regular backups of vital data and a recovery plan for restoration in the event of an attack. It also suggested keeping systems and applications up to date, training staff on common phishing techniques and using intrusion detection and antivirus software.

Why bitcoin?

Despite the wide range of crypto assets now available, bitcoin was the currency of choice for the ransomware groups, likely due to its recognizability and accessibility, according to Immunefi.

Bitcoin transactions are pseudonymous rather than anonymous and can be tracked by combining blockchain analytics with other data, with a growing industry of on-chain specialists like Chainalysis and Elliptic finding connections between bitcoin addresses and real-world entities.

However, ransomware groups are correct that the decentralized nature of crypto can facilitate larger payments due to the challenges of transferring millions of dollars through the legacy banking system without being caught.

In terms of cashing out into fiat currency, the report suggests ransomware groups use centralized exchanges with fake IDs, private OFAC-sanctioned exchanges or government connections in jurisdictions that do not cooperate with foreign subpoenas. 

Alternatives to fiat off-ramps include using bitcoin directly to purchase goods and services, trying to obfuscate funds via a crypto mixer or swapping assets between blockchains.

Crypto bug bounties

Decentralized applications are also an attractive target to malicious actors keen to exploit weaknesses in blockchain-based protocols. 

Immunefi has come to dominate crypto bug bounty rewards as a result — paying out over $52 million to ethical hackers for finding vulnerabilities in web3 protocols last year. In comparison, the second-most popular platform, HackenProof, has paid less than $850,000 in total, according to its website.

Since its inception in 2020, Immunefi claims to have paid out more than $65 million in total bounties, helping to secure $25 billion in user funds across protocols like Chainlink, MakerDAO, Compound, Polygon and Synthetix. The highest bounty facilitated by Immunefi was a $10 million award for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol. 

An Immunefi security researcher was awarded a $1 million bounty earlier this month after saving a potential theft of $200 million from three Polkadot parachains. In September, Immunefi raised $24 million in a Series A round led by Framework Ventures.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto security firm Web3 Builders released five new APIs designed to prevent financial crimes from occurring in web3 spaces. 

Web3 Builders’s main product is called TrustCheck, a browser plug-in that aims to alert users of potential web3 scams. Through these five APIs, TrustCheck can now be applied to web3 exchanges, dApps, wallets, marketplaces and other platforms to spot malicious transfers or scams before they happen.

The plug-in doesn’t require extensive crypto or security knowledge to use, and adds a layer of security, the company said. Pricing for TrustCheck will be based on a combination of API request volume and support level, a representative of Web3 Builders told The Block. 

The firm raised $7 million in October in a seed funding round led by Road Capital, with additional support from OpenSea Ventures, Sparkle Ventures, Global Founders Capital and others. 

Scam-alerting wallet plug-ins took on added significance after the million dollar hack of Moonbirds and Proof Collective creator Kevin Rose. At the time, Rose wrote on Twitter that he had been experimenting with protective wallet plugins, such as one called Stelo that alerts the user to malicious wallet transfers before they occur. 

Moonbirds founder Kevin Rose announcing he has installed wallet protection plug-ins following his million-dollar NFT hack.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

ZK tech developer Nil Foundation, which is written as =nil; Foundation, says a new technology it’s releasing will make building chains and applications on top of Ethereum and other blockchains much easier.

Called zkLLVM, the technology gives developers the ability to build a fully compatible Ethereum chain or application using popular coding languages Rust and C++. It also could open the door to many new use cases by bridging the gap between crypto and the traditional gaming and machine learning sectors, according to Nil founder Mikhail Komarov.

ZK technology has gained a lot of attention this year because of its potential to increase blockchain scalability and reduce transaction costs, all while having built-in privacy capabilities. It can be expensive, though, and Nil is taking a different approach to make it easier to onboard new developers.

“Many people think creating a fully compatible zkEVM from scratch is the only way that developers can launch useful ZK-enabled products,” said Komarov.

Several chains built on top of Ethereum, such as zkSync and Polygon Hermez, allow ZK developers to build and port applications to their chains using the most popular blockchain coding language, Solidity. ZkSync and Polygon, meanwhile, use a technology called ZkEVM to remove the need for developers to learn how to code in ZK, which requires higher level math skills and a deeper understanding of cryptography compared to Solidity.

Nil’s new technology could be used by existing bridges to integrate ZK into their platforms, which could increase security in what was one of the main hack vectors this past year. It also could open the door for traditional trading firms, market makers and institutions that rely on machine-learning models for trading strategies.

Nil raised $22 million in January. It developed what is known as the Proof Market Protocol, which allows developers to easily generate and build ZK proofs.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Ethereum Layer 2 network Optimism will release Bedrock, its first major upgrade, on Mar. 16, with the goal of improving network performance.

The upgrade will enable improvements in transaction costs, speeds, and compatibility with the Ethereum Virtual Machine. In addition to these performance enhancements, the upgrade will also create a foundation for future improvements, such as decentralizing sequencing — the part that collates the transactions together — and improving on-chain security. Sequencing allows the network to derive security from Ethereum.

The team at Optimism stated that the majority of users will not be impacted by the upgrade. However, users and projects that run full nodes will need to take action to prepare for the upgrade.

The team estimates that the upgrade to Bedrock will take less than four hours and will not require a network reset, also known as “regenesis.” Historic chain data will still be accessible after the upgrade, ensuring that users will not lose any important information. The Optimism Goerli testnet has already successfully upgraded to Bedrock.

What is Optimism?

Optimism is a Layer 2 scaling solution for Ethereum, designed to provide faster and cheaper transactions while maintaining the security and compatibility of the Ethereum mainnet.

It uses optimistic rollups, a technology that allows for the bundling of many transactions into a single transaction that is then recorded on the Ethereum blockchain. By doing so, Optimism reduces the number of transactions that need to be processed by the Ethereum network, leading to lower transaction fees and faster transaction times.

Optimism also provides developers with a platform to build and deploy decentralized applications with scalability. Currently, the network has more than 50 decentralized applications running on its chain and close to $745 million in total value of assets staked.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The European Union’s plans to regulate crypto smart contracts, the infrastructural underpinnings of decentralized finance, look to be heading in a less onerous direction. 

After lawmakers in the European Parliament reached agreement on a new text of the Data Act, the article on smart contracts shed some of its weight and reduced its scope, a draft proposal obtained by The Block shows.

The draft shows that sellers or offerers of smart contracts, for example, will no longer need to perform a conformity assessment and sign a mandatory declaration that they comply with EU requirements. Expectations for smart contracts to meet so-called harmonized standards, or technical compliance specifications, were also dropped. 

The text also reduces the scope to only cover “the contractual party offering a smart contract,” instead of a broader group covering vendors or professionals involved in the deployment of smart contracts.

The EU plans to regulate smart contacts under its broader strategy on data markets. The legislation is likely to have far-reaching effects on crypto, as such contracts — written in software code — underpin the infrastructure of DeFi. 

‘Rigorous’ control mechanisms

Despite the signs of the EU loosening its grip, the draft legislation still contains some firm moves to regulate crypto technology. Provisions include “rigorous access control mechanisms” and protection of trade secrets integrated into the design of smart contracts. There will need to be a possibility to terminate or interrupt transaction mechanisms and lawmakers will need to decide which conditions would make that permissible.

On top of that, smart contracts will be expected to face the same “level of protection and legal certainty as any other contracts generated through different means,” according to the draft.

The committee on industry leading negotiations on the file will vote to adopt the text on Feb. 9. Then it will need to go through a plenary vote in Parliament, currently expected in March. If passed, the file would then move forward to inter-institutional negotiations together with the European Commission and European Council.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Bitcoin mining company Luxor mined the largest ever Bitcoin block on Feb. 1 in order to promote what seems to be a potential NFT collection.

The block contained an NFT based on the original “magic internet money” meme but featuring the name Taproot Wizards. The block was 3.96 MB in size, just shy of Bitcoin’s 4 MB limit, and the NFT cost $209 in transaction fees (although potentially just paid to itself). 

The NFT took advantage of the same discount used by NFT project Ordinals when placing extra text in the Bitcoin blockchain — something that was mostly introduced by Segwit in 2017 (but has been largely associated with Taproot due to a widely read blog post on the topic).

“Behold, the Taproot Wizard, untethered and freed from his bondage!” said Luxor on Twitter. “He refuses to be censored, he refuses to be silenced.”

The NFT comes amidst a debate in the Bitcoin community over whether these NFTs are a reasonable use of the blockchain, or if they are spam and should be discouraged, or even eliminated. Luxor appears to be making the case that these belong on Bitcoin.

Udi’s brainchild?

Digging into the project a bit more, it seems to be some sort of a collaboration between the mining company and well-known crypto developer Udi Wertheimer. A dedicated Discord server has been set up for the project where Wertheimer outlined the dilemma facing the community.

“Will you join the Keepers and try to revive the Curse? Or will you join the Taproot Wizards and storm the Gates?” he said in the server.

Wertheimer added that the project’s followers should stay tuned with updates to be posted in the Discord server — suggesting this may not be a one-off. On Twitter, he tweeted the NFT transaction and said, “we do a lil magic.”

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Orion Finance pulled off a $320,000 rug pull on investors who deposited funds in the project’s presale despite warnings that such a thing was bound to happen.

Marco Paladin, crypto security auditor and founder of Paladin Security, warned investors to avoid the Orion Finance presale. Paladin stated an hour before the presale that Orion’s smart contract was similar to one previously deployed by serial scammers. 

“It wasn’t exactly a smoking gun, at this point, I was judging the odds of them rugging at 30%,” Paladin told The Block. The security researcher stated that the similarities in the contracts could have been a coincidence.

“But as I said previously, this is already a losing game, if your odds decrease further you should just stay out. So, I decided to write my thread and recommend people to stay out,” said Paladin.

Despite this warning, investors piled into the presale. The project achieved its $320,000 funding target in a matter of minutes. As predicted, the anonymous team behind the project removed the funds in a textbook rug pull. Rug pulling in crypto is when a project team or a hacker drains all the liquidity from the protocol leaving investors with virtually worthless coins.

The scammers funneled the funds from the presale into many wallets. These funds have since been bridged to the Ethereum chain via Synapse, a cross-chain bridge protocol. The team has also deleted its social media presence including the Twitter page, Discord server, and Medium blog pages.

Orion Finance did generate significant hype within the Arbitrum space. Orion Finance was supposed to be a decentralized reserve currency platform on the Arbitrum network.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Solana-based DeFi lending protocol Everlend Finance has shut down its app platform, despite having sufficient runway to continue operating in the current business environment, the team said on Feb. 1.

The Everlend team has moved the platform to withdraw-only mode. Users have been urged to remove their assets. The app will continue to operate until all withdrawals have been processed, the announcement stated. The team also outlined plans to cover all raised and unused funds within the next two weeks.

Everlend attributed the decision to shut down to the liquidity crunch facing DeFi lending participants. The team stated that continuing to operate in these conditions would be a gamble.

Wednesday’s shutdown notice only concerns the Everland app front end. The Everlend team says it will open-source its codebase so others can continue to build solutions using its technology stack.

Solana lending wind down

Everlend becomes the latest Solana-based DeFi lender to shutter in recent times. Friktion, another Solana-based DeFi yield platform shut down its front-end app in January citing numerous challenges facing the crypto ecosystem as a whole.

Everlend controlled almost $400,000 in total value locked at the peak of its powers, according to DeFiLlama. This figure declined significantly in November amid the fallout of the FTX collapse when funds exited protocols in the Solana ecosystem.

Founded in 2021, Everlend previously raised funds from backers such as Serum, Everstake Capital and GSR. The Ukrainian lending platform had plans to transition into a community-controlled DAO in Q1 2023.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

RuneScape is the sort of game metaverse enthusiasts dream about.  

It’s a mass multiplayer online role-playing game (MMORPG) set in the vast, virtual realm of Gielinor, a fantasyland brimming with quests and, according to estimates, half a million players each day. It boasts a dynamic in-game economy and currency, thousands of tradable items, countless ways to flaunt wealth and power — all without a blockchain in sight. The first version of the game was launched in 2001, yet to this day it has a tangible influence on the crypto set.  

For crypto gaming builders, RuneScape arguably tops a list of formative games that also includes World of Warcraft, Dota 2, Diablo, MIR4 and EVE Online. Now, many are trying to build virtual worlds just as engaging, but with the benefit of a blockchain base.  

“Looking back, it seems like the seed for all of this is in RuneScape,” said Alisha Anderson, international general manager at Sino Global Games. “It at least trained us to want and do what we’re doing in gaming and NFTs. Simply looking at the economy, there was P2P and DeFi, scarcity, grinding, flexing, miracles of RNG (random number generation), flipping — all have parallels to crypto.” 

There are few surer paths to virality on crypto Twitter than musing about how the web3 experience in some way recalls playing RuneScape as a kid. Quinn Slocum, co-founder of Metav3rse, produced a classic of the genre on Jan. 15.  

if you played RuneScape growing up your odds of getting scammed through social engineering go down 99.9%

— quinn (@quinnslcm) January 15, 2023

“More than anywhere else online, it was where so many of us learned to trade, fell for scams, wised up to scams, figured out the grind, skilled up, took out monsters and each other, got taken out, and counted our achievements in a seemingly endless world,” Anderson said.  

What is it about Jagex’s smash hit that still appeals crypto folk twenty years later? 

Digital riches 

To understand the RuneScape-to-crypto pipeline, look no further than the way RuneScape’s economy functions — and has flourished.  

Broadly speaking, players train up their skills to acquire items. Those items can be harvested through various kinds of hard virtual labor, such as fishing, woodcutting and cooking; through combat; or in other more esoteric ways. Whatever their chosen path, players accumulate both inventory and skill, paving the way to greater riches.  

The process of training up and gathering materials is often painstaking; repeatedly clicking on ore-rich rocks to mine their contents, for instance. “People used to grind a lot playing Runescape to get the item they wanted,” explained Howard Xu, co-founder of Ancient8, a DAO developing infrastructure for GameFi. The game’s P2P and NPC combat scenarios offer a more thrilling, if riskier, path to riches.  

There are also items to be gained from quests and seasonal drops. Masks and party hats acquired from Halloween and Christmas giveaways in RuneScape’s early days became some of the game’s most valuable items. They had no ostensible use beyond display. Their sole value was their scarcity — a term that excites many a crypto enthusiast. 

But it’s what RuneScape players could do with their money and rare items, once acquired, that so imprinted the game on the minds of web3 folk. From its early days, trade was an integral part of the game. 

“One thing that really stood out to me in RuneScape was the way that players could trade items and currency with each other,” said Salvino D’Armati, founder of a luxury fashion brand backed by Nouns DAO. “It was really fascinating to see how different items and currencies had different values based on scarcity and demand. I think that’s something that’s really important in the crypto gaming and NFT space as well — understanding how value is created and exchanged.” 

At its most basic level, two RuneScape players choosing to trade with one another involves bartering over the exchange of a combination of goods and gold pieces (GP). In time, clusters of hundreds of players began forming in hotspots like Falador Park and a bank in the west of Varrock. Here, sellers would advertise their wares with colorful floating messages, while buyers hunted for a bargain.  

The game even appealed to arbitrageurs, who made a living trading off price inefficiencies in these informal market hubs. (And while this happens in all sorts of markets, it may be worth noting that crypto arbitrageurs, too, have long made a killing trading off price inefficiencies between exchanges.) In RuneScape, this process is known as “merching.” Metav3rse’s Slocum, who played RuneScape from age seven up to 19 and would skip school “a few times a week” to stay up playing until 4 a.m., said merching taught players the basics of supply and demand.  

The Grand Exchange 

The makers of RuneScape soon gave players a more efficient means of price discovery through the launch, in 2007, of the Grand Exchange, an automated trading system that gave buyers and sellers a way to post orders without interacting with other players directly, with prices varying based on supply and demand. As crypto Twitter puts it, the Grand Exchange became for RuneScape what OpenSea is to NFTs. 

“More than anything, RuneScape and its Grand Exchange showed that there is actual value in the time gamers put into the games they play and the associated rewards they gain,” said Sam Lehman, an investor at Symbolic Capital, the $50 million web3 venture fund. “The concept is so inherent to web3 gaming it may sound obvious, but around the time of RuneScape it was a largely novel concept to let gamers sell, buy, and trade the items they earned in game.”  

Evidence for Lehman’s case — that players care about their stuff — may be found in the fact that RuneScape offers PIN-protected, in-game bank accounts in which gp and loot can be stowed. While such accounts may fall short of offering an immutable record of ownership, they’ve certainly proven somewhat durable. A player could be absent from the RuneScape for a decade and check in to find their estate just as they left it.  

Similar marketplaces to RuneScape’s Grand Exchange have since emerged elsewhere in the gaming sector, Lehman added. One prominent example is the platform on which players can trade skins used in Counter-Strike: Global Offensive. That Counter-Strike site deals in fiat money, however, meaning it’s more akin to a micro-transaction platform than an embedded exchange. There is a similar site for buying and selling Dota 2 skins, and many more besides.  

RuneScape’s marketplaces were unusual, though, in that they proved people place a value on in-game wealth without tying it to fiat money.  

Web3 proponents argue that games such as these, whose players clearly value their loot, could be augmented through the introduction of blockchain technology. Slocum called RuneScape “the perfect example of an open world where you’re known for your avatar and digital footprint,” but added that it departs from the idea of a true metaverse because it lacks interoperability outside of Gielinor.  

With blockchain, players could in theory cash out of games they lose interest in, or even in time port items from that game into a wider gaming ecosystem. But the blockchain gaming faithful are going about realizing this vision backwards, according to Lehman and other experts in the field.  

“The issue in applying this to web3 right now is that game makers are too focused on the economic side and start building out token models, exchanges, NFT items before actually having gameplay that’s engaging enough to create a sticky game people want to play and devote their time to,” Lehman said.  

Building backwards  

Crypto games are often bafflingly financialized from the outset. To the point, in some cases, that they appear to offer more in the way of financial apparatus — tools for staking, liquidity pools, token swaps and so on — than gameplay. Just visit DeFi Kingdoms.  

Aleksander Leonard Larsen, co-founder and COO of Axie Infinity developer Sky Mavis, thinks the rise of NFT and token sales as a funding method are to blame. “You have this new part of the games industry where you can tap into crowdfunding in a brand-new way, so you get a lot of amateur game developers,” he said.  

Such developers tend to over-promise and under-deliver. After raising heaps of money through early token sales, they are then forced defend their token price while simultaneously wrestling with the reality that top-tier games take many years to deliver. There are countless examples in the crypto sector. Axie Infinity itself experienced a massive price spike in late 2021, in which its AXS token topped $160. Today, it trades at around $12. “It’s almost like you’re a public company from day one,” Leonard Larsen said.

Another issue for web3 game makers is how to infuse tokens into their games without becoming overwhelmed by mercenaries, who care more about financial rewards than the game itself. “It’s better to have an organic place where people meet, and even they might get a surprise drop or something like that, because then you might find the true believers who love your game,” Leonard Larsen said. 

How, then, to make players love a game? If there’s a lesson for web3 to draw from RuneScape’s success, it’s surely that players didn’t value their treasures because of the game’s financial tools; financial tools were necessary because they valued them.  

Then again, there are many ways to value something. RuneScape players valued their loot, but not in the same way that they valued real-world money and possessions. Many fear that with fiat money at stake, levity will be lost from gaming. That’s part of the reason so many gamers have pushed back against plans from companies like Discord to adopt web3 software.  

Ancient8’s Xu likened it to playing poker. “Only when there’s a stake on the table, you have a stake in the game, then you start to play with a lot more strategy,” he said. “It enhances the experience to make it more intense or it creates a new experience for people.”  

That may explain why the majority of web3 games, to date, offer relatively simple gameplay: they simply don’t need to do more to raise gamers’ pulses.  

Yet promises of so-called “AAA” games abound in the crypto sector and a tidal wave of venture capital has been gambled on them coming true. For all the inspiration the sector draws from RuneScape and other category-defining games, then, can web3 produce one of its own?  

“For a lot of us RuneScape, Minecraft, World of Warcraft, or Grand Theft Auto was our starter metaverse. We didn’t call it that, living and being online wasn’t the point, the game was the point,” said Sino Global Games’ Anderson.  

“We wanted to enjoy ourselves, and RuneScape provided — we met, gathered, explored, quested, achieved, skilled, killed, and died together in a world that was expansive enough to feel unending. That collective base layer for a metaverse, now we’re growing bigger and more encompassing.” 

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.