Sri Lanka’s blockchain KYC platform to initiate Shortly Central Bank

Sri Lanka’s blockchain KYC platform to initiate ‘Shortly’: Central Bank

According to Daily Mirror Online, the Monetary Board has now finalized three software development firms to give the task of designing a proof-of-concept (PoC) know-your-customer (KYC) platform.

The Central Bank Director of Payments said that the final decision about the starting of development will be taken shortly. The KYC platform is planned to enable the banking sector and the government to share and update customer data on a blockchain. 

Kumaratunge stated that different banks have consented to join the project.

The open call was on a voluntary basis; 36 national and international candidates applied for the project last November. One of the three finalists in an international technology firm.

The system is expected to be developed in six to nine months. The project is expected to enable banks to onboard customers without delays for manual verification, as well as save costs linked with traditional methods of document verification.

Sri Lanka has been taking a number of steps to improve its financial sector to meet international standards. In 2019, the nation was removed from the FATF’s anti-money laundering/counter the financing of terrorism (AML/CFT) “strategic deficiencies” blacklist, to which it had been added in 2017.

DC lawyers can now accept cryptofor legal fees

DC lawyers can now accept crypto for legal fees

According to a report by Bloomberg Law, cryptocurrency can now be used to pay for legal services as long as the fee agreement is fair and is only permissible if the lawyer can safely store the payment, stated the District of Columbia Bar.

The organization said, “[Attorneys] cannot hold back the tides of change even if they would like to, and cryptocurrency is increasingly accepted as a payment method by vendors and service providers, including lawyers.”

The committee agreed to the unpredictable nature of cryptocurrencies and stated that honesty to the client should be maintained in fee arrangements. The clients of District lawyers are permitted to discuss with outside legal counsel on any crypto-payment deal, and attorneys need to obtain written consent from clients regarding the fee agreement.

Lawyers also must be proficient in blockchain, the underlying technology of bitcoin and other cryptocurrencies, to maintain the security and protection of all advance fees. The bar wants lawyers to understand and safeguard against the numerous ways how cryptocurrency can be misused, stolen, or lost.

Bar associations in other jurisdictions, such as New York City, North Carolina, and Nebraska have approved the acceptance of cryptocurrency as payment earlier.

UK court orders crypto exchange to shut down after clients lose $2M

UK court orders crypto exchange to shut down after clients lose $2M

In a recent statement, the U.K. government stated that 108 of their clients had lost a total of about £1.5 million ($1.9 million) through GPay.

Although clients had the option to deposit without completing know-your-customer (KYC) processes, GPay asked for various ID documents to stop clients from withdrawing funds. GPay also sold insurance to customers in order to protect them from trading losses, but the exchange did not always payout. GPay did not contest the dissolution order. 

A member of the U.K. Insolvency Service stated that GPay persuaded clients to part with large amounts of money to invest in cryptocurrency trading. This was a scam since GPay deceived its clients to use their digital platform under false pretenses. In 2018, the U.K.’s financial watchdog warned that GPay was offering financial services without its permission. 

GPay had first faced its first dissolution order in November 2018, but this was discontinued in January 2019. GPay extensively promoted itself on social media and falsely claimed to be supported by Martin Lewis, the founder of a popular finance website in the United Kingdom.

Lewis stated on the news: “I don’t know whether to dance a jig that these despicable scum have been shut down or cry that they managed to take so many people’s money.”

California university pays a million dollar crypto ransom

California university pays a million-dollar crypto ransom

As per reports, the University of California reportedly paid a huge ransom of $1.14 million in cryptocurrencies to the hackers behind a ransomware attack on June 1.

CBS San Francisco claimed that the UCSF IT staff initially noticed the security incident, stating that the attack initiated by the NetWalker group affected a limited number of servers in the School of Medicine.”

Even though the areas were secluded by experts from the internal network, the hackers made the servers inaccessible and managed to successfully deploy the ransomware. The University of California stated that the encrypted data that was crucial to some of the academic work pursued by the university to serve the public. Therefore, the difficult decision to pay a portion of the ransom was made, which was about $1.14 million, to the hackers behind the malware attack in return for a decryption tool to unlock the encrypted data.

BBC News reported that a secret negotiation took palace between the UCSF officials and the gang, but was unsuccessful.

The university’s officials initially proposed the gang to decrease the ransom payment amount to $780,000, but the hackers did not accept the offer, claiming that if they accepted the proposed amount, it would be as if they had “worked for nothing.”

Netwalker group claimed that they will not accept an amount less than $1.5 million. A few hours later, the UCSF staff asked for the method to send the payment and gave a final offer of $1,140,895, which was accepted by Netwalker.

A ransomware payment of 116.4 Bitcoin (BTC) was then made to the ransomers’ wallets by the university and the decryption software was received by them.

At the beginning of June, Michigan State University had been attacked by the NetWalker ransomware gang, which had threatened to reveal students’ data and financial information. At the time, university officials stated that they would not pay the ransom.

Fraudulent crypto exchange shut down by UK High Court

Fraudulent crypto exchange shut down by UK High Court

The UK High Court has designated the Official Receiver as liquidator of GPay Ltd, the cryptocurrency trading platform.

As per an announcement by the UK Insolvency Service, the cryptocurrency exchange displayed signs of being “nothing but a scam”.

The firm, also previously known as XtraderFX and Cryptopoint, promoted its services on the internet and through various social media channels. The Insolvency Service states that the adverts falsely accused that the service was recommended by entrepreneurs who appeared in an unnamed UK TV show and a high-profile money saving website.

After complaints by the local authorities, the Insolvency Service begun with confidential inquiries into GPay’s activities. These released that at least 108 clients had lost around £1.5 million ($1.84 million) while trading on the platform.

The Court was also reported that clients were refused withdrawal requests if they had not actively transferred their deposited funds within GPay. On June 23, GPay’s case was concluded with a petition given by the Secretary of State for BEIS.

Recently, the United Kingdom Advertising Standards Authority and the Internet Advertising Bureau started a new system to identify and remove fraudulent ads online.

The Financial Conduct Authority claimed that crypto investors in the country lost about $34 million because of cryptocurrency and forex scams between 2018–2019.

Bitcoin scam exposes thousands to a data breach

Bitcoin scam exposes thousands to a data breach

Fraud websites have successfully stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain, and more. The attack was carried out as a targeted multistage Bitcoin (BTC) scam circulated by a number of fake websites.

As per a Singapore-based intelligence company Group-IB, the attack revealed personal data for thousands of people.

Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs to redirect people towards websites. These sites constituted as local news outlets, even including fabricated comments from key local personalities.

Analysis performed on the leaked numbers allowed Group-IB to find out where most of the data had leaked from. It was discovered that the U.K. was the most affected place with 147,610 personal records.

The report states that victims commonly received a text message which mentioned the name of the recipient. This was followed by a phishing message meant to impersonate a recognized media outlet.

The head of Group-IB’s brand protection team, Ilia Rozhnov, stated:

“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that are hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”

Researchers identified six active domains with the same Bitcoin investment platform. Each however operated with a unique name. Some of these are Crypto Cash, Bitcoin Supreme, Banking on Blockchain, and Bitcoin Rejoin.

The Group-IB team has detected the exposed data through a number of data breach repositories. They have also examined a number of underground marketplaces for the presence of this data. So far, they have not found any evidence of the information.

The source of the leak has not yet been established. The team has reported the study’s findings to the proper authorities in each affected country.

Massive Cyberattack

Massive Cyberattack on Australia Uses Cryptojacking Exploits

According to the Australian Cyber Security Centre, a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks.

As per a report, the threat actors utilized four crucial vulnerabilities in Telerik UI, including CVE-2019-18935, which was influenced by the Blue Mockingbird malware gang to damage thousands of systems with a Monero (XMR) mining software called XMRRig.

It was not mentioned if hackers had installed cryptojacking malware during the recent cyberattack, such susceptibility is preferred by cybercriminals for the installation of crypto-mining applications within the corporate systems. 

The vulnerability of CVE-2019-18935 has been explained by the report, which is also similar to the ones on the Blue Mockingbird’s attack, although it doesn’t suggest that such a gang participated in the cyberattack against Australia.

About 10 Chinese hacker groups – took part in espionage activities and reportedly have links with the Chinese government – have PlugX malware along with their weapons, which was one of the malware identified in the report of the Australian government.

According to some Australian officials, China could be responsible for the massive cyberattack, as the diplomatic issues have been increasing between the two countries. It was claimed that the attack could have come after Australia sought for an investigation on the origins of the Coronavirus, something that was not well-received the dragon nation officials, as they considered it a “discriminatory” allegation and responded with trade retaliation against the Oceanic country.

The Chinese government has rejected the claims.

Ransomware attacks increase as more people work from home

Ransomware attacks increase as more people work from home

According to a study published by the cybersecurity firm, Proofpoint, there has been an increase in the number of email-based phishing attacks used to deliver ransomware over the past few months.

As per the report, first-stage deployments of ransomware are reportedly increasing and have mostly targetted the United States, France, Germany, Greece, and Italy.

The attacks seem to be capitalizing on the large number of people now working from home during the Coronavirus pandemic. Research indicates that the ransom demands are very low in comparison to the amounts usually noticed in these attacks.

Previously, a ransomware application called “Mr. Robot” has successfully targeted numerous people and businesses across the United States. Findings imply that this has changed in previous months, however, with home users becoming the major victims of the attack. To display the software’s new utilization, ransom amounts have reduced to as low as $100 in Bitcoin (BTC).

Ransomware is known as Avaddon distributed over one million messages in a single week. It too is known to target U.S. companies and individuals.

The hackers behind Avaddon usually demand $800 ransom payments, that too, in digital currency. Surprisingly, this particular team provides a “24/7 support” service to its victims, offering them advice on how to pay the ransom and how cryptocurrencies work.

Recently, the Cybersecurity firm Symantec blocked a ransomware attack focused at 30 U.S.-based firms and Fortune 500 companies.


Ransomware gang failed to deploy an attack against 30 US firms

A ransomware attack was blocked by a group by the Cybersecurity firm Symantec known for demanding payment in Bitcoin (BTC) focused at 30 U.S.-based firms and Fortune 500 companies.

The cybersecurity firm states that the malware gang, Evil Group, that was behind the attacks, targeted the IT frameworks of the companies. Still, the firms were notified in time to block the deployment of the ransomware. The ransomware WastedLocker was selected to breach the security of the victims’ networks and unsuccessfully tried to lay the ground for conducting the attacks.

The Evil Group gang is reputed for requesting its victims to pay million-dollar ransom payments in digital currencies. It is reported that the group had been asking for a combined total of $10 from a number of U.S. companies that were recently attacked.

Symantec’s Targeted Attack Cloud Analytics team identified the WastedLocker attacks in the early stages via advanced machine learning to spot patterns of activity linked to recent targeted attacks. 31 companies were attacked in the attack, out of which one of the firms is a U.S.-based subsidiary of an overseas multinational.

The cybersecurity firm’s report stated that the manufacturing sector was most influenced, as the gang focused on five organizations relevant to that industry.

According to Symantec, if the attackers not been caught, “successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains.”

Evil Group had stopped its operations until January 2020 because of the indictment of professed members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets.

Ghost Icon

Ghost Coin deployed as payment for vending machines in Hong Kong

Ghost Coin, the privacy coin headed by John McAfee, can now be installed in vending machines in Hong Kong.

Ghost announced that it collaborated with ivendPay, the crypto payment system, for installation of the coin in over 60 vending machines around Hong Kong, even those in Hong Kong Disneyland. 

Ghost stated, “When we 1st launched $GHOST our vision was not only to focus on #Privacy but also on real user adoption.”

Last week, the privacy coin and distributed exchange were launched in spite of the ongoing controversy surrounding it. In the process, Ghost distributed exchange replaced the McAfeeDEX distributed exchange. 

The controversial and eccentric McAfee faced issues after it was noticed that some parts of the Ghost white paper were “copy-pasted” from open-source protocol PIVX’s white paper. McAfee confessed that plagiarism was present but still intimidated to sue PIVX for defamation. PIVX is also planning to launch a zk-SNARKS-based privacy protocol from Zcash by the end of the year.

Italian banking

Italian banking association ready to accept digital euro

The Italian Banking Association (ABI) has disclosed that it is willing to support the introduction of digital currency from the European Central Bank.

An update on the ABI website claimed that the association had accepted directions to manage its stance on digital currency and central bank digital currencies (CBDCs). 

The ABI stated it was ready to “participate in projects and experiments regarding a digital currency from the European Central Bank […] to speed up the implementation of a European-level initiative.”

The digital currency has to be fully trusted by citizens. To this end, it is crucial that the highest standards of regulatory compliance, security, and supervision are adhered to, the group stated. The ABI mentioned monetary stability and following regulations related to a digital euro as two of its top priorities.

The association said that the introduction of a European CBDC may lead to a greater number of cross-border P2P transactions, reduce the clash of the interest and exchange rates, and overall just lessen the bureaucratic process for payments. 

ABI states that developing a digital currency in the European Union (EU) could replace the demand for cryptocurrencies. On May 20, France became the first country to successfully test a digital euro, functioning on a blockchain.

 The Dutch Central Bank is ready to play a leading role in CBDCs in the EU.

The ABI already uses distributed ledger technology (DLT) for its blockchain-powered inter-banking system. The project, called Spunta, is linked with Italy’s inclusion in a group of six other European nations—Malta, France, Cyprus, Portugal, Spain, and Greece—who consented to promote the use of DLT in the EU.

PayPal is hiring crypto engineers amid rumors of Bitcoin integration

PayPal is hiring crypto engineers amid rumors of Bitcoin integration

Crypto and blockchain experts are being hired by Paypal as rumors circulate that the global payment platform will enable direct cryptocurrency purchases for its 305 million users. The job descriptions are publicly available on the company’s job board.

“Technical Lead – Crypto Engineer” is the title for the first job on the website. The further listing describes that this person will be responsible for “new initiatives for PayPal global with a focus on agility, time-to-market, and innovation. The role includes designing, developing, and maintaining key crypto products/features targeted towards availability, performance, and scalability of PayPal services.”

The second listing is for a blockchain research engineer to operate within the company’s research group: This is about a recently formed group in the Strategic Technology Enablement team designated with establishing proficiency and opinions on the latest blockchain technologies and their potential uses within PayPal.

The job listings remain live while the crypto community talks over the recent rumors about PayPal formally throwing its hat into the cryptocurrency ring. The job requires a number of skills that overlap with Bitcoin (BTC) development, such as knowledge with C++, asymmetric cryptography, and cryptographic libraries.

PayPal considers rapid developments in blockchain and virtual currencies as a risk factor that could negatively influence the company. It’s is highly likely that the company strikes against these potential risks.

gambling dapps

Japanese financial watchdog frowns on gambling dapps

Regulators in Japan may be more likely to accept new digital currencies for trading if they have greater financial transparency and aren’t taking part in gambling Dapps.

As per a report, the country’s financial regulator, Financial Services Agency (FSA), has instructed that crypto firms will only be approved if they do not support decentralized applications (Dapps) with gambling or other such features.

Quantum (QTUM), the cryptocurrency recently added on Coincheck as a result of meeting the necessary requirements by the country’s regulatory group, is now named as the Japan Crypto Asset Exchange Agency (JVCEA). QTUM was reported to be transparent in its answers to the JVCEA, owned enough liquidity to be present on major exchanges, and was not included in “gambling or casino Dapps”.

Cryptocurrencies such as Huobi Token (HT), and Brave’s Basic Attention Token (BAT) listed on Huobi Japan and GMO Coin respectively, and were still among the projects whitelisted by regulators that had “proved their financial stability and complied with the national standards”. The digital currencies BAT, HT, and QTUM had successfully achieved financial transparency, compliance with regulatory requests, and technical stability.

A representative from Qtum said in an interview that its approval from the FSA might have been because of proving that it has authentic technology in its three-year history and having decentralized and transparent networks. 

Qtum representative claimed that the Japanese listing regulations are some of the most scrupulous guidelines in the world. These new listings depict that Japanese regulators are open-minded about digital currency but also quite strict with the rules to protect investors.

fraud claim

Fraud claim filed against HSBC Bank for ‘sham’ investment scheme

A fraud claim worth £1.3 billion has been submitted by 371 investors against HSBC UK Bank for losses incurred due to their Eclipse Partnerships film investment scheme, which they claimed they were instigated to invest in on “false promises”.

The Eclipse scheme was formed, enhanced, and promoted by HSBC to fund a number of blockbuster Disney films such as Pirates of the Caribbean 2 and 3, National Treasure 2, Enchanted, Underdogs, and Confessions of a Shopaholic.

However, the claimants – who have registered their complaint with law firm Edwin Coe LLP – stated that none of these film rights were ever traded actively, resulting in significant losses and potential liabilities.

HSBC reportedly received more than £25 million in fees for its part in Eclipse, which was available to investors between the years 2006 and 2008. About 750 people invested a combined £2.3 billion of capital in Eclipse – all of whom gathered loans to finance the investment which was believed to be paid off with the return they made.

According to Edwin Coe, a number of investors in the scheme – which was publicized as “a legitimate tax-efficient investment” – have gone bankrupt or are facing huge demands from HMRC that are about as much as ten times than their original investments, as no trade-in film rights were ever made by Eclipse with Disney.

David Greene, the senior partner at Edwin Coe, said: “Eclipse was a sham investment opportunity.” It seems that the investments made by clients were easily transferred between funder and Disney entities in a circular manner.

He further stated: “It was a risk-free income stream for Disney, HSBC, and the lending banks – but financially catastrophic for its unwitting investors.” Eclipse did not exploit, or otherwise trade in, any meaningful film rights of any value from Disney at any point. 

HSBC has declined to comment on the issue, as yet. 

Online Fraud

Online fraudsters steal £17m over COVID-19 lockdown

About £17 million have been lost due to online fraud over the Coronavirus lockdown period with young shoppers being the most affected, as per Action Fraud.

According to the United Kingdom’s National Fraud and Cybercrime Reporting Center, online scams had trapped 16,352 victims with online shopping fraud since physical stores were closed on March 23.

That amounts to approximately £16.6 million in losses, with the largest number of victims (24%) between the age bracket of 18 to 26 and living in cities such as London, Birmingham, Manchester, Leeds, Sheffield, Liverpool, Bristol, and Nottingham.

In most of the cases, consumers bought items including cell phones (19%), vehicles (22%), electronics (10%) including gaming kit and laptops, and footwear (4%) but they never arrived. Fraudulent sellers were most likely to be found on eBay (18%), Facebook (18%), Gumtree (10%), and Depop (6%).

The Head of Action Fraud, Pauline Smith, informed that the increase in the number of younger consumers falling victim frequently existed long before Coronavirus.

She stated, “It’s important to shop on sites you know and trust. If you’re using a site you’ve not used before, do your research and check reviews before making a purchase.”

Online shoppers should always be aware of emails, texts, and social media posts that provide products for a considerably lesser price than normal  – this is a common practice used by scammers. It is advised to use a credit card to make online purchases as this will offer you greater protection if anything goes wrong.

AML Investigation

AML investigation results in NZ police freezing $140 million

Police have collected $140 million from the Canton Business Corporation and its owner Alexander Vinnik, who were holding funds in a New Zealand firm. It is the largest money concealment of its kind in New Zealand history.

Vinnik previously operated BTC-e, a crypto exchange that functions from the United States. As per reports, the exchange lacked proper anti-money laundering (AML) controls and policies.

The police’s asset recovery unit has impeded a total of approximately $165.4 million in cash and bank accounts and assets worth $63 million in the last 11 months.
Cyber-criminals laundered the funds of various criminal enterprises through the company, including computer hacking, ransomware attacks, fraud, corruption, and drug crime via BTC-e.

Vinnik was detained in Greece in 2017 and has since been extradited to France where he is still in Police custody. The law enforcement agencies worked closely with the US Internal Revenue Service on the case.

Andrew Coster, the Police Commissioner said:
“These funds are likely to reflect the profit gained from the victimization of thousands, if not hundreds of thousands, of people globally as a result of cyber-crime and organized crime,”

Since money-laundering was happening everywhere across the globe, there was always a risk that New Zealand companies could become involved unintentionally, but the legal action demonstrated that New Zealand was not a safe haven for the proceeds of money laundering.

According to Coster, “The global criminal community needs to understand New Zealand’s financial system, and companies established here, are not the places to try to hide illicit income.”  The investigation is ongoing and an application is sent to the High Court seeking confiscation of the funds.

More posts