transaction

Jan 21 2021

President Biden Walks Back FinCEN’s Self Hosted Wallet Proposal

There have been many discussions over what the Biden administration has in store for the crypto industry once it settles in. So far, the 46th President appears to be showing promising signs towards the industry with his latest move.

A Great Start

Less than a day after taking office, President Joe Biden has enforced a freeze on all federal regulatory processes. In a White House memorandum for all federal agencies’ heads, the President confirmed that he would halt all agency rules that are pending reviews for at least sixty days.

While the memorandum doesn’t mention it explicitly, it will also apply to a recent controversial ruling from former Treasury Secretary Steve Mnuchin. Last month, the FinCEN published a proposal to limit money services businesses, including crypto exchanges registered in the United States, from doing business with self-hosted wallets.

As the announcement explained, the rules will require crypto exchanges to verify their customers’ identities if a counterparty uses an unhosted wallet and the transaction exceeds $3,000. The rue’s proposal was open for comments, and reactions have been swift.

The latest company to react to the ruling is VC firm Andreessen Horowitz. A blog post from the company earlier this month described the ruling as “a rushed, non-vetted rule under the cloak of the holidays that violates the government’s own established rulemaking procedures.”

Kathryn Haun, Andreessen Horowitz’s general partner, added that such a stringent ruling doesn’t apply to any other type of financial institution. She added that apart from failing to solve any of the problems it claims to address, the rule also violated the Fourth Amendment by expanding the Bank Secrecy Act’s scope.

Now that the Biden administration has put a clamp on it, the new President has a chance to approach crypto regulations from a more nuanced perspective.

Mnuchin’s Many Failures

The 11th-hour ruling isn’t the only legislation that had caused a significant headache for many crypto companies. Through the Financial Crimes Enforcement Network (FinCEN), the former Treasury Secretary, along with the Federal Reserve, published a notice to modify a long-standing anti-money laundering (AML) rule from the government.

The notice, published last October, proposed reducing the $3,000 threshold for international transactions that had been in place since 1995. It essentially meant that financial institutions would need to exchange client information for all transactions greater than the new threshold of $250. Compliance with the new rule would have especially put pressure on crypto exchanges.

The FinCEN and Federal Reserve published the notice and asked for comments, and many in the crypto space immediately voiced their dissent towards it. Jack Dorsey, the chief executive of payment processor Square, sent a letter earlier this month warning that the rule change would drive customers out of the United States en masse.

As Dorsey explained, the rule change goes far beyond what is expected for cash transactions. He also asserted that some companies could be forced to collect “unreliable data about people who have not opted into our service or signed up as our customers.” Eventually, the rule could drive cryptocurrency users towards non-custodial, unregulated crypto services based outside the United States, effectively damaging the country’s stance in the digital finance space.

President Biden Walks Back FinCEN’s Self Hosted Wallet Proposal

Source

Jan 20 2021

Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’

Zimperium, in collaboration with a leading Asian bank, have uncovered the early stages of a coordinated effort by scammers to defraud existing and new bank customers. In this blog, we will:

Alert the general public about the scam before it gains traction;
Outline the entire scam around the fake bank app; and
Show how it is also targeting other financial services, including another bank.

The campaign coincided with the bank’s announcement about its development of a digital exchange, enabling institutional investors and accredited investors to tap into a fully integrated tokenization, trading, and custody ecosystem for digital assets.

Thus far, dozens have downloaded the app and have lost an average of $1,500 each. The app – first seen on VirusTotal on December 22, 2020 – has still not been identified as malware or scamware by any anti-virus companies.

The campaign remains active and is, in fact, growing:

It appears to be downloadable via third party sites and/or phishing links;
The command and control servers are still operational;
The elaborate scam itself features, among other aspects, active customer support; and
We’ve learned of a similar campaign targeting a second bank. We are reaching out to that bank directly, before revealing the name.

Downloading the app

Once the app is downloaded from a third party store or phishing link and is opened, the victim is presented with the following login page:

Figures 1, 2: Fake login and registration page along with the “password retrieval” option

As part of the registration process, users are asked to provide an email address, account number, “rganization code” (note the typo appears in the app itself) and other details.

In an attempt to appear legitimate, registration generates an automated email containing a verification code trying to impersonate a legitimate email from the bank (including using the bank’s name in the email address). We received verification codes when we registered with legitimate and fake information.

Figure 3: Fake email for registration with verification code. (Note: “If not my operation”)

The entire communication takes place with a server that does not belong to the impersonated institution. Instead, the user has unknowingly shared personal and financial information with the attackers.

Figure 4: The communication with C&C when trying to login with credentials

App experience

Once logged in, the application presents the victim with a seemingly legit cryptocurrency trading platform using the brand value of the impersonated organization as a lure. It looks more convincing with the dynamically changing prices.

Figures 5, 6: The Home and Trade pages that make use of information from Figure 8

Figure 7: The continuous pings to get the updated prices as seen in Figure 7

Customer support

Moreover, the presence of a customer support option provides the victim with additional confidence of being able to contact the financial institution (the scammers) with any questions or issues.

When we attempted this, we received the following:

Figures 8, 9: The customer support chat box presents the offer image and convincing text

Figure 10: Scam poster encouraging victims to “invest”

Customer support would be the first choice for the victim to complain about discrepancies, but the scammers cleverly set it up in such a way that it convinces the victim to “Recharge” and invest to reap (non-existent) benefits.

Making use of legitimate platforms that offer services to communicate with customers through customer support, the scammers offer “Customer Service Solutions” as seen below with this command and control’s response:

Figure 11: The URL for customer support as received from the C&C server

If the upward trend makes the victim interested in investing, the scammers have set up a “Funds Management” page allowing for the continued exploitation of the victim as seen below:

Figures 12, 13: The option to recharge and add funds to the account

The Recharge option mentioned above is the first go-to for a new victim to begin investing through the platform.

The two investment options offered are “Online Pay” and “USDT,” where the victims were asked to chat with the customer support and pay online or transfer the funds to a provided BTC or ETH wallet and attach proof of the transaction.

Figures 14, 15, 16: The recharge options- Online Pay, BTC, ETH with “Important Notice”

Figures 17, 18: The BTC and ETH wallet’s transactions

What can you do?

It’s clear this campaign is just beginning and – as we mentioned – targeting a different bank already. Here’s what you can do:

From a consumer perspective, never download apps from third-party sites; rely solely on the App Store and Google Play. Be leery of apps that may have grammatical or other errors – like “rganization code” which appeared in the app itself.

From an enterprise perspective, Zimperium is the global leader in mobile device and app security, offering the only real-time, on-device, machine learning-based protection against Android, iOS and Chromebooks threats. We detect this attack and others like it.

Please contact us to learn more.

Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’

Source

Jan 15 2021

Capitol Insurrectionists Were Funded in Part By Bitcoin: Chainalysis

Terrorist financing has always been one of the primary concerns about cryptocurrency use worldwide. In the wake of what many have called a terrorist attack on the United States, Bitcoin appears to have played a role.

According to a recent report from blockchain forensics company Chainalysis, donors had helped bankroll the recent riots that shook the United States Capitol last week.

Possible Dead Donor

Chainalysis’s report confirmed that on December 8, a French-based entity had donated 28.15 BTC (about $522,000 at the time) to several addresses linked to far-right internet personalities and activists.

An additional report from Yahoo! News confirmed that many of these activists had been present at the riots on the United States Capitol on January 6.

Yahoo! News reported that of the 22 addresses that got part of the funds included Nick Fuentes, a white nationalist commentator and podcaster. Daily Stormer, a news source with white supremacist links, was also among the recipients, as was Gab – the free speech-based social media platform credited for the rise of hate speech.

Chaunalysis added that the donor appeared to have committed suicide the day after donating.

A suicide note from the donor read that Western civilization is dying, and that he felt like leaving his wealth with specific causes to ensure that his name lives on following his death.

Federal investigators are still looking to track the donor.

Riot Fallout Continues

The January 6 riots had come from supporters of outgoing U.S. President Donald Trump. The supporters had been protesting the results of the November General Elections that saw their preferred candidate lose to President-Elect Joe R. Biden.

Following multiple lawsuits and a substantial lack of proof, the Trump campaign had run out of resources to fight Biden’s win.

Trump supporters eventually gathered in Washington on January 6 – the same day that Congress was set to certify Biden’s win officially.

After hours of protests and the death of five people (and counting), the rioters were eventually cleared, and the repercussions have been swift since.

Biden’s win is now certified, and social media platforms have cracked down on Trump’s accounts. His accounts on social media platforms have been taken down, and several payment processors have blocked donations to anything Trump-related. Apple, Google, and Amazon have also taken down Parler – a conservative-focused social media site.

The report of Bitcoin donations to the cause aren’t exactly surprising. Bitcoin holders have been known to support controversial causes in the past, leveraging the asset’s privacy to keep their identities secret.

Last week, Whale Alert noted that crypto donations had been pouring into the legal defense fund of Julian Assange, the founder of the whistleblower site WikiLeaks. In one transaction, someone sent 8.48 BTC – about $280,000 at the time. Another transaction was worth 4.51 BTC ($125,000).

Assange remains in a U.K. prison and is facing charges of violating the 1917 Espionage Act. District Judge Vanessa Baraister ruled against his extradition to the United States last week, citing health issues.

Capitol Insurrectionists Were Funded in Part By Bitcoin: Chainalysis

Source

Jan 13 2021

Plaid Has Decided to Terminate Pending Acquisition By Visa & Remain An Independent Company

Plaid, an open banking platform, announced on Tuesday it has decided to terminate its pending acquisition by Visa and will remain an independent company. The latest news on the acquisition was made just a little over two months after it was revealed that the U.S. Department of Justice has filed suit in federal court pertaining to the acquisition.

As previously reported, Visa announced in January 2020 it was planning to acquire Plaid for $5.3 billion. In purchasing Plaid, Visa was reportedly to jumpstart its push for digital prominence. Kelly called the acquisition a “natural evolution” as it connects consumers with digital financial services. At the time Al Kelly, CEO and Chairman of Visa, stated:

“The combination of Visa and Plaid will put us at the epicenter of the Fintech world, expanding our total addressable market and accelerating our long-term revenue growth trajectory.”

At the time of the lawsuit’s announcements, Visa refuted the suit:

“Visa strongly disagrees with the Department of Justice (DOJ), whose attempt to block Visa’s acquisition of Plaid is legally flawed and contradicted by the facts. This action reflects a lack of understanding of Plaid’s business and the highly competitive payments landscape in which Visa operates. The combination of Visa and Plaid will deliver substantial benefits for consumers seeking accessto a broader rangeof financial-related services, and Visa intends to defend the transaction vigorously.  As we explained to the DOJ, Plaid is not a payments company. Visa’s business faces intense competition from a variety of players – but Plaid is not one of them. Plaid is a data network that enables individuals to connect their financial accounts to the apps and services they use to manage their financial lives, and its capabilities complement Visa’s. Together, Visa and Plaid will deliver better digital experiences and more choice for consumers in managing their money and financial data. Visa is confident that this transaction is good for consumers and good for competition.”

Speaking about Plaid remaining an independent company, Zachary Perret, Co-Founder and CEO of Plaid, shared:

“Since founding Plaid 8 years ago, we have been maniacally focused on expanding access and improving financial outcomes for consumers, developers, and financial institutions – and the intent of joining Visa was to accelerate that work. Unfortunately, the pace of a multi-year regulatory review is not compatible with the fast-moving realities of a startup – and delaying close another year or more is not in the best interest of our customers, the financial system, or consumers themselves.”

Perret further revealed despite the struggles that happened in 2020 globally, the past year has been one of exciting growth for Plaid, with hundreds of new banks joined the Plaid platform, and more than 4,000 companies turned to the platform’s service as the infrastructure to support their businesses, including many of the largest Fortune 500 companies who are focused on bringing digital financial products to their customers. In regards to his 2021 predicts, Perret added he expects the year to be more of the same as 2020.

“In addition to our ongoing focus on helping companies of all sizes deliver digital financial products, we have made significant progress in the ways that we work with financial institutions. Delivering on the promise of open finance is in everyone’s best interest, and we’ll be working in lockstep with our customers and financial institutions to bring this to fruition globally.”

Source

Jan 11 2021

Kava DeFi Platform to Release Robo-Advisor Service to Automate Strategies for Financial Services and Other 2021 Updates

The Kava decentralized finance (DeFi) platform is “coming out the gates swinging” in 2021 with a “feature-packed” product roadmap – which includes two new native apps and crypto tokens, “decentralized bridges” to onboard major cross-chain digital assets, and several other features to “reinforce the safety and security measures already enjoyed by all users of Kava’s DeFi applications and services,” according to Scott Stuart, who works on Product at Kava Labs Inc.

As noted by Stuart, Kava’s 4-month “major release cycles are targeted for Kava 2021 Development.” The platform’s HARD Protocol Version 2 will include “borrowing with variable interest rates and a distribution of HARD [tokens] to both asset suppliers and borrowers.” As confirmed by the Kava team, HARD Governance will be enhanced to include “more protocol parameters quickly by the HARD community.”

The DeFi platform’s developers revealed:

“Kava has seen significant usage in 2020, as such a number of software optimizations are needed to be made in order for validators to validate blocks in a timely manner, there are also consensus tweaks to improve system performance based on production data.”

They further noted:

“Kava services including cross-chain claim and refund bots, app front-ends, price reference software, Full nodes, historical nodes, REST and API endpoints, and others are run on Kava Cloud infrastructure. Significant enhancements in standardization, security, monitoring and alerting tools have been added to Kava Cloud services that drive infrastructural and end-user services.”

An Autonomous Market Making (AMM) service and application will reportedly be launched and will operate as an on-chain liquidity pool for Kava users so that they can swap different assets on the platform for use in other financial services.

The Kava SAFU fund will be proposed in order to provide more protection to Kava users by insuring and underwriting “some portion of infrastructure and cross-chain activities on Kava.”

As noted in the announcement, the KAVA staking derivative is an asset “derived from KAVA that is staked for POS security.” KAVA staking derivatives “allow more KAVA (derivative) liquidity to be used in various financial services on Kava while not foregoing the security and rewards offered by KAVA POS staking.”

The platform’s developers claim that the safety of Kava users’ assets is “the number one objective which guides development of the Kava DeFi platform.” The Kava team further noted that risk management optimizations such as the enhanced Tendermint mempool queuing and “prioritization of critical services in the mempool will improve transaction safety.”

As confirmed in the update:

“A Robo Advisor service and application will be released to help automate strategies amongst the various financial services offered on Kava, and will increase user onboarding by opening up a larger pool of less hands-on Kava users to participate in yield generating strategies.”

A direct Ethereum bridge to Kava will also be introduced in order to onboard native Ethereum-based assets such as ETH and ERC-20 tokens including LINK and DAI. A fairly large number of users have reportedly requested that they should be able to transfer Ethereum assets directly to Kava and “this bridge should be their service of choice.”

As noted in the announcement, Kava is currently evaluating assets which will use Kava’s “audited Issuance module for USDT, USDC, WBTC, and HBTC amongst others, and will continue to do so through the first half of 2021.”

Kava has moved more than $100 million in asset value “automatically between Binance Chain and Kava.” There have reportedly been many requests to “apply a similar technology to Ethereum assets and Kava will deliver this in Kava 6, such that any project partners built on Ethereum will have access to Kava decentralized financial applications and services,” the update confirmed.

Kava remains focused on helping more users join the DeFi space. The Kava API will be launched as a standardized plugin for application developers and financial institutions to “unlock DeFi services for their users initially including borrowing, lending, and trading.” Prototypes have been integrated with partners such as Binance and Bitmax.io with “many more business integrations to come in 2021.”

Source