FreeCryptoCurrency.Me

A rather cunning attack is playing out in the cryptosphere, one that has so far stolen $76,000 in tokens — and it’s only been going for a few hours.

In short, a bad actor is giving out — or airdropping — tokens to various crypto users. This might seem like free money, but it’s a trap. If the recipients spent the tokens, it can enable the perpetrator to steal any Thorchain (RUNE) tokens they happen to own.

“This is a unique exploit that has rarely been used in recent years. But since the attack is so underhanded, it could be quite effective,” explained The Block Research’s Eden Au.

How the attack works

What’s happening is the perpetrator has been airdropping UniH tokens to at least 76,000 Ethereum addresses. The intention is that recipients will see these free tokens and try to sell them on a decentralized exchange.

But these tokens come with a malicious contract. And if the person does indeed sell their newly received UniH tokens (or even just approves them to be sold), then the perpetrator can also steal any RUNE tokens they possess in their wallet.

This is able to happen because RUNE tokens use a non-standard token contract, called “tx.origin.” This specific token contract is not used in the ERC-20 token standard — used by most Ethereum-based tokens — because of its risks. 

What happens is that the UniH tokens carry malicious code that will automatically transfer the user’s RUNE tokens to another wallet (presumably owned by the perpetrator) if approved. 

The only thing it needs is for the user to “call” the contract (i.e. set it in motion). But if the user goes to a decentralized exchange to sell the UniH tokens, it does exactly that — automatically displacing their RUNE tokens.

According to Thorchain’s RUNE token contract code, it was aware that this type of attack could happen. “Beware phishing contracts that could steal tokens by intercepting tx.origin,” it states, when referring to the approval of transactions.

This exploit comes on the same day that Thorchain suffered its third exploit in a month. The network for running cross-chain swaps has now lost a total of $13 million due to a variety of bugs. Supporters maintain that it’s still in a kind of beta form — albeit with real money — and that bugs are expected; hence why they affectionately refer to the network as a “Chaosnet.”

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

State Street made headlines last month, announcing a brand new division covering crypto, digital assets, and tokenization.

State Street VP and Head of Global Markets, Nadine Chakar, is leading that charge. Despite the recent price slump in crypto-assets, interest has not abated, she noted in an interview for the latest episode of The Scoop:

“The price depreciation has not impacted demand and interest at all. I think we’re still seeing a lot of people enthusiastically embracing digital in general, crypto in certain cases. And there’s not a day that goes by that you don’t see some large hedge fund or some large investor, you know, outlining their support for digital.”

To meet that demand, State Street is working with clients on developing solutions that help them allocate to bitcoin and other crypto-assets. It is also a partner to several fund managers looking to offer exchange-traded funds–although, it’s not clear when financial regulators will approve such a product. 

Still, Chakar said the bank isn’t ready to dive into the market with a custody offering:

 “We’re not going to rush into this unless we can feel very comfortable that we could support the new digital assets with the same rigor that we support the old ones where we’re going to continue to work on fine-tuning our models.”

Chakar also does not believe that a decentralized banking ecosystem will be built to replace banks or traditional finance institutions. Chakar mentioned pensions plans as an example of a traditional finance structure that DeFi may not be able to execute on. Though it’s not an impossibility one day, she noted:

“There’ll always, always be a role for the banks to play, albeit and maybe in a different role. What that role will be, I think it’s a bit too early to tell, but I hate to disappoint people that think the banks are just going to up and disappear and be totally replaced by blockchain.”

Nadine sees the balance between the integration of DeFi traditional finance as that “sweet spot” but sees the industry as still at a starting point.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

HM Treasury, the U.K. government’s finance ministry, unveiled Thursday a public consultation on, among other subjects, its planned implementation of the Financial Action Task Force (FATF)’s so-called travel rule for cryptocurrency transactions.

On July 22, the Treasury said that the consultation represents a key step toward amending UK regulations covering terrorism financing, money laundering and the transfer of funds. The consultation runs from now until October 14, according to the government’s report, eyeing a legislative move in the spring of 2022.

“The government has been kept informed of technological developments, such as the development of common data standards and the progress of a large number of software solutions, and considers that the time is now right to begin planning for the implementation of the travel rule,” the consultation report states.

This process includes FATF’s recommended rules for crypto transfers, which were debuted in the summer of 2019 and have been the subject of debate and adoption since then. Earlier this week, the European Commission — the executive branch of the European Union — unveiled its own draft legislation for formally adopting the FATF travel rule. 

Notably, HM Treasury said that it has held off on formal adoption “in order to allow compliance solutions to be developed” by crypto firms. The chief UK regulator for crypto firms is the Financial Conduct Authority, which is building a registry of approved companies. So far, just five crypto companies have been approved within this regime.

The report goes on to note:

“The government’s approach to implementation is guided by the principle that the application of [the travel rule] should be consistent across the financial services industry, regardless of the technology being used to facilitate transfers, unless there is a compelling reason to adopt a different approach. The requirements will apply to cryptoasset exchange providers and custodian wallet providers, as defined in The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which are carrying on business in the UK.”

Specific details include applying the de minimis reporting threshold to the British pound.

“The FTR sets the de minimis threshold, below which more limited beneficiary and originator information may be sent with a transfer, at EUR 1,000. The government proposes that the threshold for cryptoasset transfers should be GBP 1,000. It will therefore be necessary for firms to calculate the value in GBP of, for example, a transfer of Bitcoin,” the report states.

More information about the consultation can be found in the HM Treasury report. 

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto exchange Binance US could go public, Binance CEO Changpeng “CZ” Zhao has said.

“Our partner in the U.S. is looking at the potential IPO [initial public offering] route,” Zhao said on Friday at the “Redefine Tomorrow” event organized by SCB 10X — the venture arm of Thailand’s oldest Siam Commercial Bank. The IPO route, however, “is not 100% fixed yet,” he said.

After Coinbase’s listing earlier this year on Nasdaq, the U.S. now has an ecosystem where crypto companies can go public, according to Zhao. Indeed, several U.S.-based crypto firms, including Gemini, Kraken, and Circle, are looking to do just that.

As for Binance itself, Zhao said an IPO is not in immediate plans, but that might change in the future. This is a notable change from what Zhao told The Block earlier this year. At the time, he said Binance wants to take a more crypto-native “path” forward, i.e., expanding the utility of its “utility token” BNB, instead of doing a traditional IPO.

But now before Binance itself could go for an IPO, it will need to change its company structure, said Zhao, because most regulators want to see a headquarters, an office, or a legal entity.

“We are setting up those structures,” he said. “Once those structures are in place, you may make it easier for an IPO to happen. So that’s not out of the question. But right now, we are still in the early stages.”

Compliance efforts

The crypto space is now “relatively heavily regulated,” according to Zhao. To that end, Binance has to make a “big pivot from a technology startup into a financial services company,” said Zhao.

Crypto now is “very much understood as a financial asset type, we just got to treat it as such, and we have got to run the company as such,” he said.

And given increased regulatory attention, Binance is also stepping up its compliance efforts, said Zhao. “We are hiring many traditional compliance people, also ex regulators” to improve Binance’s communication with regulators, he said. He acknowledged that communicating with regulators is currently not one of Binance’s core strengths.

Now Zhao is, in fact, looking for a new Binance CEO, one he hopes will have a “very strong regulatory background.” He first disclosed his plans to step down to The Block earlier this year. At the time, he said he would like to resign from the CEO role in the next two to five years to focus entirely on growing the BNB and Binance Smart Chain ecosystems. Those plans now appear to be firmer.

Binance has long been subject to global regulatory scrutiny, with an increased focus in recent weeks. Government agencies in the U.S., the U.K., Japan, Italy, Thailand, Poland, and the Cayman Islands, have all either issued warnings or taken action against the exchange.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The U.S. National Credit Union Administration’s governing board approved Thursday a request for information (RFI) that seeks to learn more from the credit union industry about their views and positions on digital assets, with a significant focus on decentralized finance or DeFi.

The RFI notice invokes the topic of DeFi repeatedly, as well as digital assets more broadly. One question honed in on the subject of stablecoins, asking participants, “[a]re there distinctions or similarities between stablecoins…and stored value products where the underlying funds are held at FICUs and, for which pass-through share insurance may be available to members in limited scenarios?”

In a broader sense, the RFI indicates that some of the leading areas of development in the crypto space are being scrutinized by the top regulator for credit unions in the U.S. The intersection of digital assets and banking has drawn the attention of other American regulators as well, including the Office of the Comptroller of the Currency (OCC). Regulators worldwide have recently honed in on aspects of the crypto space, from stablecoins to exchanges to crypto-tied financial products, as areas for tighter regulation. 

“The NCUA is publishing this request for information with the aim of engaging the broad credit union industry and other stakeholders and learning how emerging DLT and DeFi applications are viewed and used,” the document notes. “The NCUA hopes to learn how the credit union community is using these emerging technologies and gain additional feedback as to the role the NCUA can play in safeguarding the financial system and consumers in the context of these emerging technologies.”

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Thorchain has been exploited for the third time in a month, bringing total losses to around $13 million. The platform, which has a $900 million market cap, is designed for exchanging crypto tokens across different blockchains.

In this attack, the platform was exploited for $8 million as the hacker was able to trick the network into thinking they had deposited a range of funds, when they hadn’t, and then somehow getting a refund. But the hacker made sure to leave a note explaining that the attack could have been much more damaging.

In the input data field for one of the transactions, the hacker wrote that they could have taken further coins including bitcoin (BTC), ether (ETH) and BNB. They said there were multiple critical issues and they “wanted to teach lesson (sic) minimizing damage.” 

“Do not rush code that controls 9 figures,” they added.

Thorchain acknowledged that it had suffered a “sophisticated attack” and that the hacker knowingly limited its impact. It said that the hacker requested a 10% bounty of the stolen funds and that the treasury has the money to cover the exploit. But it added that now’s the “time to slow down.”

Thorchain said that it plans to keep the network halted for now as it reviews the code. Then it will restore solvency (which could include paying the bounty). Once everyone is satisfied with the security of the network, it will be restarted. It hasn’t given specific dates for when each stage will happen.

Prior to this attack, Thorchain suffered a relatively minor $140,000 incident in late June and a $5 million hack just a week ago.

The price of thorchain (RUNE) has continued to slide, down 17% today. It has fallen further from its peak of $20.30 in May to its current value of $3.85 — down 81% over this time period.

How this affects ShapeShift

On a related note, Thorchain is one of the main technologies used by ShapeShift — a service for swapping tokens that plans to go fully decentralized. During this move, it will become more dependent on technologies such as Uniswap and 0x for Ethereum-based trades.

In a recent interview prior to this exploit, ShapeShift CEO Erik Voorhees told The Block — in reference to Thorchain’s $5 million hack — “It’s certainly concerning.” But he argued that the network is in an experimental phase, kind of like a beta version, but with real money. So it’s no surprise that it has faced some issues.

Voorhees said, “I don’t want to sugarcoat it. That’s not good. And there were mistakes made there. But ultimately, these systems just have to iterate and improve and become more resilient by being out in the wild.”

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Twitter CEO Jack Dorsey has said that bitcoin will be a “big part” of the company’s future. This is the first time Dorsey has publicly spoken in such depth about how the world’s largest cryptocurrency could be integrated into Twitter’s products.

On Twitter’s second-quarter 2021 earnings conference call on Thursday, Dorsey said bitcoin is the “best candidate” to become the “native currency” of the internet and that it will mean “people and companies can freely trade goods and services anywhere on the planet.”

“If the internet has a native currency, a global currency, we are able to move so much faster with products such as Super Follows, Commerce, Subscriptions, Tip Jar, and we can reach every single person on the planet because of that instead of going down a market-by-market-by-market approach,” Dorsey explained.

“I think this is a big part of our future. I think there is a lot of innovation above just currency to be had, especially as we think about decentralizing social media more and providing more economic incentive. So I think it’s hugely important to Twitter and to Twitter shareholders that we continue to look at the space and invest aggressively in it,” he added.

Dorsey went on to say that Twitter is not alone to think in that direction. He gave an example of Facebook and its crypto project Diem (formerly Libra), saying that “there’s an obvious need for this, and appreciation for it. And I think that an open standard that’s native to the internet is the right way to go, which is why my focus and our focus eventually will be on bitcoin.”

Bitcoin enables speed, more innovation, and opens up entirely new use cases, according to Dorsey.

Dorsey has been a staunch supporter of bitcoin. His other company, payments firm Square, already bets big on crypto. Square’s Cash App, which allows users to buy and sell bitcoin, generated $3.51 billion in bitcoin revenue during the first quarter of this year and $75 million in bitcoin gross profit during the same period.

Square also holds bitcoin on its balance sheet and recently committed to building a bitcoin hardware wallet. Plus Square has its own crypto team, Square Crypto, which works on bitcoin development kits and other open-source code.

Bitcoin reminds Dorsey of the “early internet,” he said at the recent “B-Word” conference — alongside Tesla CEO Elon Musk. “It’s deeply principled, it’s weird as hell [and] it’s always evolving. It just reminded me of the internet as a kid,” Dorsey said.

Dorsey eventually hopes that bitcoin will create or help create “world peace.”

Besides bitcoin, Twitter is also focused on decentralization, Dorsey said on the earnings call. Twitter is pursuing an initiative called “Bluesky” to build up an “open, decentralized standard for social media.”

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Quick Take

• This research report is part of a series produced by The Block Research to provide insights and due diligence on some of the leading companies in the digital asset ecosystem. 
• Founded in 2014, ConsenSys is building a suite of software tools and services for blockchain developers.
• All data presented in this report has been updated as of July 09, 2021.

This research piece is available to
members of The Block Genesis.
You can continue reading
this Genesis research on The Block.

Quick Take

• Disclaimer: The Block Research team has, is, and will be experimenting with the various protocols, projects, and applications mentioned in this series. The projects mentioned in our reports are not recommendations from our team and should not be misconstrued as investment advice. Many projects that appear in this series are highly experimental and, as such, will come with risks. Readers should evaluate their own risk tolerance before experimenting with these projects.
• DeFi Digest is a b-weekly digest that summarizes recently launched projects and applications that our research team found interesting.
• This week’s digest looks at JellyFi and Kong Land.

This research piece is available to
members of The Block Genesis.
You can continue reading
this Genesis research on The Block.

According to data provided to The Block, blockchain analytics firm Chainalysis has confirmed over $208 million in ransomware payouts thus far in 2021.

Source: Chainalysis

In 2020, the firm confirmed $416,432 in ransomware. While the total for 2021 (through July 13) would seem to be almost exactly half of that for 2020, Chainalysis’ ability to confirm these payouts based on association with ransomware wallet addresses depends on the identification of those addresses, which grows retroactively. 

Chainalysis’ Madeleine Kennedy told The Block:

“As always, this is a lower bound estimate as these are only payments we have been able to confirm so far. So, our data lags a bit, suggesting 2021 will likely be bigger than 2020.”

Among the identified ransomware payouts, the firm’s information suggests that the bulk flowed through uncompliant global exchanges. A remarkably small range of deposit addresses are at the other end of these cashouts, suggesting a concentration of actors behind the most successful attacks. Then again, analytics firms like Chainalysis are better at identifying these sorts of transactions, which don’t include more aggressive privatizing measures like the use of Monero.

Less technologically notable but no less relevant: Many firms paying ransomware attackers do so discretely, not wishing to attract public attention or, worse still, the ire of authorities. The Treasury’s Office of Foreign Asset Control warned of potential enforcement actions against firms paying attacks as office suspected sanctioned entities of residing at the end of many ransomware schemes.

“The true cost of ransomware ransoms is likely significantly higher, as many organizations quietly pay ransoms,” wrote Kennedy.

The issue of global ransomware attacks has grown in prominence over 2021, which has resulted in mass capital inflows to analytics and forensics firms like Chainalysis. Ransomware-as-a-service groups have facilitated attacks against increasingly visible targets and critical infrastructure. This trend has moved ransomware into the realm of national security. 

Earlier this week, a congressional subcommittee held a hearing on the subject. Ransomware’s role as an auxiliary of state actors, especially Russia and China, loomed large, in keeping with the Biden administration’s recent emphasis on their respective cyber programs. 

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.