Author: Jody McDonald

Jody is a Brisbane-based freelance writer who specialises in writing about business, technology, and the future of work.

Categories
Bitcoin Bitcoin Mining Mining

Vespene Energy Raises $4.3 Million to Turn Landfill Emissions to BTC

Technology developed by Vespene Energy that converts waste methane into electricity will be used to power on-site Bitcoin mining at multiple US landfills enabled by a US$4.3 million financing round announced this week.

Investment firm Polychain Capital led the funding, which will initially see Vespene Energy install its solution – off-grid micro turbines that turn methane into energy – at a pilot site in California, where the company is based. 

Co-founder and CEO Adam Wright said that helping governing authorities make money from landfill methane through bitcoin mining supported the broader goal of prompting a transition to renewable energy to mitigate greenhouse gas emissions.

And because our sites require no connection to the grid or pipeline buildout, we can rapidly turn otherwise harmful and wasted landfill methane into a clean power source for carbon-negative bitcoin mining. This partnership with Polychain will empower us to scale and seize this tremendous opportunity to help solve the climate crisis.

Adam Wright, CEO, Vespene Energy

Greening Bitcoin Mining with Otherwise ‘Wasted’ Energy 

The potential for Vespene Energy’s approach to help transition bitcoin mining towards carbon-neutral energy sources was appealing to investors, as noted by Polychain Capital founder and CEO Olaf Carlson-Wee: 

The continued adoption of Bitcoin will benefit from solutions that make the energy mix for mining more focused on clean energy. We are excited to partner with Vespene as they build a creative solution to use mining to eliminate a potent greenhouse gas source, while making its energy mix greener.

Olaf Carlson-Wee, founder and CEO, Polychain Capital 

While Vespene claims to be the first company to mine bitcoin using methane from landfill waste, it’s not the first to repurpose gas to gain revenue from bitcoin mining.

In April this year, gas miner Bengal Energy trialled using power generated by gas wells for bitcoin mining, after being unable to connect the wells to a pipeline for distribution. Unwanted gas as a byproduct of oil and gas mining operations that would normally be burnt off – known as gas flaring – has also been identified as an emerging opportunity to power bitcoin mining while reducing environmental impacts.

Categories
Crime DeFi Regulation Tornado Cash

US Treasury Sanctions Crypto Mixer ‘Tornado’, Freezing USDC and ETH Addresses  

Tornado Cash, a mixing service that obscures crypto transaction information, has been sanctioned by the US Treasury, which claims the DeFi protocol is regularly used for money laundering to cover up cybercrime.

Treasury added Tornado Cash and 44 of its Ethereum and USDC wallet addresses to its Specially Designated Nationals list of embargoed entities typically used to prohibit people in the US from dealing with terrorists and authoritarian regimes.  

According to Treasury, more than US$7 billion had been laundered via Tornado Cash, including some US$455 million of the US$625 million stolen by North Korean hacking group Lazarus in an exploit of the Ronin Network in March this year. Tornado Cash was also used to conceal the source of more than US$96 million in dirty money from June’s Harmony Bridge heist, Treasury said. 

Protocol Fails to Balance Privacy and Compliance 

Tornado Cash ‘mixes’ crypto transaction details to break the links in on-chain activity, in the interests of preserving users’ privacy. Deposits are made via one address and withdrawn by a different address, meaning transactions are harder to trace – and therefore appealing to criminals.

In April 2022, Tornado Cash moved to block access by addresses sanctioned by Treasury’s Office of Foreign Assets Control (OFAC) in an attempt to demonstrate compliance. More recently, the protocol transitioned to a fully open-source user interface to increase transparency by enabling contributors to suggest code improvements.

However, it’s clear Treasury did not feel the protocol was meeting its anti-money-laundering obligations, making it a threat to US national security.

Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.

Brian E. Nelson, Treasury Under Secretary for Terrorism and Financial Intelligence

Treasury Issues Broader Warning

Treasury also had a warning for the broader crypto ecosystem: “As today’s action demonstrates, mixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.”

Categories
Blockchain Crypto Art Crypto News Flow NFTs Social media

FLOW Pumps 50% Amid Instagram NFT Integration in 100 Countries  

A new Instagram feature that lets people post NFTs minted on the Flow blockchain saw the value of the FLOW token surge over 50 percent within 24 hours.

FLOW rose from less than US$2 on August 4 to US$2.98 the following day after social media giant Meta announced its support for digital collectibles minted on the blockchain. 

So far, the rally has been sustained, with FLOW’s price sitting at US$2.89 at the time of writing – however, it’s still down over 93 percent from its all-time high of US$42.40 in April 2021.

Expanded NFT Integrations on Instagram 

Meta began testing a feature to let Instagram users in the US upload NFTs at no cost in May, with support for crypto art minted on the Ethereum and Polygon blockchains. Meta said that being able to showcase NFTs would help creators build a broader audience and more monetisation opportunities.

The company’s latest announcement opens up the feature to users in 100 countries in Africa, Asia-Pacific, the Middle East and the Americas, as well as adding support for the Flow blockchain.

Digital wallets that can be connected to Instagram now include Coinbase, Dapper, Rainbow, MetaMask and Trust Wallet. Once a user has connected their wallet, they can share NFTs on their Instagram profile and public information will also be drawn in and displayed – such as a description of the NFT and the Instagram usernames of the creator and collector (unless accounts are private).

Categories
Crypto Exchange Hackers Security

‘World’s Most Secure Exchange’ ZB.com Hacked for $5 Million

Formerly China-based ZB.com, which touts itself as the world’s most secure digital asset exchange, has had US$4.8 million pilfered from its hot wallet in a suspected hack:

Blockchain security firm PeckShield disclosed the suspected hack on August 3, identifying that large volumes of more than 20 different digital assets had been transferred out of the exchange’s hot wallet to another address. Most of the transferred assets have since been sold for ETH.

In response to the incident, ZB.com suspended customer withdrawals for what it describes as “temporary maintenance”, explaining in a statement:

Due to the sudden failure of some core applications, it still takes time to troubleshoot the problem. Deposit and withdrawal services are now suspended. Please do not deposit any digital currency before recovery. 

ZB.com statement

Wide Range of Digital Assets Taken

Among the 21 digital assets stolen in this suspected hack were over US$800,000 in Tether (USDT), almost US$300,000 in MATIC and over US$200,000 in IMX.

After being funnelled out of ZB.com’s hot wallet, the majority of the funds were subsequently sent to a number of decentralised exchanges by the hacker and sold for 2,224 ETH, currently valued at US$3.6 million. Another wallet PeckShield believes is also controlled by the hacker still holds just over US$1 million worth of stolen assets, which haven’t yet been sold.

Exchange Has Long History in Crypto

ZB.com is one of the oldest crypto exchanges currently operating, having been founded in China as CHBTC.com in 2013. Following China’s crackdown on crypto in 2017, the exchange ceased its activities inside China, rebranded as ZB.com and moved its headquarters to Switzerland. 

Despite this recent hack, ZB.com continues to flaunt its supposed status as the world’s most secure crypto exchange on its Twitter bio:

In the past year, exchange hacks have become increasingly frequent. In December 2021, US-based exchange BitMart was hacked for almost US$200 million, and in January Liechtenstein-based exchange LCX had one of its hot wallets hacked, losing almost US$8 million.

Categories
Crime Crypto News

North Korea Hackers Use Fake Resumes to Get Hired and Steal Crypto: Report

In a report from Bloomberg, cybersecurity firm Mandiant has claimed that North Korean citizens are plagiarising online resumes and pretending to be from other countries as they attempt to fraudulently obtain remote, freelance employment at crypto firms. 

The warning from Mandiant follows a similar alert issued by the US government in May that North Koreans were seeking to infiltrate tech companies for malicious purposes.

Fake Employees Aim to Aid Regime’s Fundraising

According to Mandiant researchers, North Korean citizens have been copying resumes found on professional networking websites such as LinkedIn and Indeed, claiming to have skills relevant to working on crypto projects. 

In one case, a suspected North Korean applicant claimed to have published a whitepaper about the Bibox crypto exchange. In another, the applicant claimed to be a senior software developer at a blockchain consultancy firm.

Speaking to Bloomberg, Mandiant principal analyst Joe Dobson said the North Korean applicants were seeking to gain access that allowed them to influence an organisation’s direction:

It comes down to insider threats; if someone gets hired onto a crypto project and they become a core developer, that allows them to influence things, whether for good or not. 

Joe Dobson, principal analyst, Mandiant

Fellow Mandiant analyst Michael Barnhart said a central objective for the North Koreans applying for these jobs was to gather insider information on emerging trends in the crypto market, which could allow the North Korean regime to benefit through illicit fundraising efforts to skirt Western sanctions:

These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime. 

Michael Barnhart, principal analyst, Mandiant

Mandiant said the North Korean applicants were mainly located in China and Russia, and presented themselves as being South Korean, Japanese and in some cases American.

North Korea’s Troubled History With Crypto

The North Korean regime has used crypto-based crime as a source of revenue for some time. According to Chainalysis, the regime stole almost US$400 million worth of crypto in 2021 alone – a staggering 2.4 percent of the nation’s total GDP. 

In April this year, the regime-backed Lazarus hacking group was believed to have been behind the US$625 million hack of the Ronin Network. 

In a related story, around the same time former Ethereum developer Virgil Griffith was sentenced to 63 months in prison and fined US$100,000 by a US Federal Court judge for illegally travelling to North Korea in 2019 to teach citizens how they could use crypto to evade US sanctions.

Categories
Crypto Wallets Ethereum MetaMask Scams

MetaMask Users Warned of New Phishing Campaign Targeting Users

Crypto security firm Halborn has warned of a new email phishing campaign targeting MetaMask users. 

In a blog post published July 28, Halborn’s technical education specialist Luis Lubeck analysed the phishing email and highlighted red flags users should look out for to keep their digital assets safe from these types of scams.

How the Scam Works

This latest scam involves an email, ostensibly from MetaMask, asking the recipient to verify their MetaMask wallet’s seed phrase. The recipient is told the seed phrase is needed by MetaMask in order to comply with regulations and that failure to comply will result in their wallet being “restricted”:

Screenshot of the phishing scam email received by MetaMask users.

Clicking on the button to verify the seed phrase takes recipients to a fraudulent imitation of the MetaMask website where they are prompted to input their seed phrase. If the user complies, the scammers gain full access to the wallet, allowing them to steal the user’s assets.

Red Flags and Warning Signs

Lubeck cautioned that to an inexperienced, casual crypto user not paying close attention, the email could appear legitimate. However, he highlighted some important red flags, including:

  • the sending address not being from a legitimate MetaMask domain, but rather from ‘metamaks.auction’;
  • the lack of personalisation, such as the recipient’s real name or other identifying information; and
  • the call to action button linking not to MetaMask’s website, but to a fraudulent URL.

Lubeck stressed that the best defence against phishing attacks is to be extra careful when receiving email requests related to crypto accounts or wallets:

The best defence against phishing attacks like these is to stay vigilant when receiving emails and think twice before doing anything that seems a bit unusual or potentially suspicious. 

Luis Lubeck, technical education specialist, Halborn

MetaMask Frequent Target of Scammers

Due to its status as the most popular wallet for Ethereum, MetaMask is often targeted by scammers. 

In April, MetaMask warned Apple users to disable iCloud backups after it was revealed their MetaMask seed phrases were being automatically backed up to the cloud storage service and then targeted in phishing attacks. In one case, a user lost over US$600,000 worth of assets to this scam.

In November 2021, a Reddit user reported his friend had lost 38 ETH to another MetaMask scam in which a paid Google ad directed users to a fake MetaMask website to install a fraudulent version of the browser extension, allowing scammers to steal users’ assets.

Categories
Blockchain Hackers Harmony

Harmony Community Outraged by Proposal to Repay Victims of $100 Million Hack

Members of the Harmony (ONE) community have reacted angrily to a proposal from the Harmony team to reimburse victims of last month’s Horizon bridge hack in which almost US$100 million of users’ assets were stolen:

The proposed plan would see victims recompensed not from treasury funds but through the minting of billions of new ONE tokens, requiring a hard fork of the blockchain and potentially resulting in further devaluing of the token and more losses for holders.

Harmony Team Offers Two Reimbursement Options

The reimbursement proposal from the Harmony team gives community members two options, the primary difference between them being how many new tokens will need to be minted. ONE holders will have the opportunity to vote on the option they prefer, which will then be implemented by the Harmony team.

The Harmony team claims that issuing new tokens is the best way to compensate victims, explaining that paying compensation directly from the project’s treasury could endanger its very survival:

We decided against using the foundation treasury in the interest of the longevity and wellbeing of the project, as reimbursing from the treasury would greatly hinder the foundation’s ability to support the growth of Harmony and its ecosystem.

Harmony team

Under the first option, victims of the hack will be compensated for 100 percent of their losses, requiring the minting of 4.97 billion new ONE tokens. The second option is reimbursement of only 50 percent of victims’ losses, requiring the minting of 2.48 billion new tokens.

Both options would take three years to complete, with victims required to claim 1/36th of their share of tokens each month over that period. The Harmony team says a slow drip feed of tokens to victims would “prevent market disruptions from a sudden increase in supply of ONE tokens”.

Harmony’s current total token supply is 13.1 billion, meaning that by the end of the reimbursement scheme its supply will have inflated by between 19 and 38 percent.

Community Not Impressed

Unsurprisingly, the Harmony community is generally unimpressed with this proposal. Most holders are concerned about the massive inflation of supply and the effect this will have on the value of their investment:

Holders’ concerns are likely justified – for the price of ONE to grow during the three years of the proposed reimbursement scheme, it would have to overcome the injection of an additional 69 million or 138 million tokens (depending on the option) each and every month.

Categories
Crime Hackers Mining Scams Security

‘Cryptojacking’ in Financial Sector Soars 269% in 2022, Security Firm Report

A report from cybersecurity company SonicWall shows financial firms are now the main victims of so-called ‘cryptojacking’ attacks, following a 269 percent increase in the frequency of cyber-related exploits targeting the finance sector in the first half of 2022.

Cryptojacking refers to a cyber attack where a hacker uses malware to surreptitiously install crypto mining software on a victim’s computer, commandeering the computer’s resources to fraudulently mine crypto. It results in significantly degraded computer performance and high electricity costs for the victim.

Finance and Retail Sectors are Major Targets

In previous years, healthcare and education sectors had been the primary victims of cryptojacking, but that changed recently after what the report’s authors described as a “dramatic reshuffling” in 2022. 

Global cryptojacking volume increased 30 percent compared to the first half of 2021. The financial sector has borne the brunt of the massive increase and it now suffers over five times more cryptojacking attacks than the second-placed retail industry, which itself saw a 63 percent increase in attacks year-to-date.

Last year, partly in response to the number of cyberattacks against domestic businesses, the Australian federal government introduced controversial, far-reaching legislation to increase its powers in the event of a high-risk security attack.

Cryptojacking Increase Related to Fall in Ransomware Attacks

The report argues the huge growth in cryptojacking can be partly attributed to a shift away from ransomware attacks by scammers.

Unlike ransomware, which announces its presence and relies heavily on communication with victims, cryptojacking can succeed without the victim ever being aware of it.

2022 SonicWall Cyber Threat Report

“And for some cybercriminals feeling the heat, the lower risk is worth sacrificing a potentially higher payday.”

As mainstream adoption of crypto has grown, organised criminals have increasingly used the new technology to ply their illicit trade. A 2021 report from Chainalysis estimated US$33 billion had been laundered through crypto in the past five years.

Categories
Dogecoin Markets Regulation Scams

Dogecoin Copycat ‘TeddyDoge’ Drops 99.95% in $4.5 Million Rug Pull

The Dogecoin copycat, TeddyDoge (TEDDY), has lost over 99.95 percent of its value over the past few days after suffering what crypto security firm PeckShield described as a “soft rug pull” last weekend:

PeckShield said wallets connected to the coin’s developers acquired and then swapped over 30 billion TEDDY tokens – valued at approximately US$4.5 million – for wrapped Binance Coin (wBNB).

The wrapped BNB was then converted to BNB and Binance USD (BUSD) and gradually transferred to Binance, sending investor confidence and the price of TEDDY plummeting.

Rogue Developers Plunder Liquidity Pools

The TeddyDoge developers were able to easily steal such a large amount of assets because they controlled the TeddyDoge liquidity pools, meaning they had total access to the token pairs held in their smart contracts.

Regulators are slowly starting to wake up to the risk rogue crypto developers pose to investors. In April, new legislation was filed in New York state to specifically outlaw crypto rug pulls.

Rug pulls in crypto refer to projects that often initially appear legitimate but eventually, when the price has pumped sufficiently, the developers abandon the project and make off with investors’ assets, figuratively pulling the rug out from under them. In the case of TeddyDoge, investigators have labelled it a “soft rug pull” as they’re not yet certain the developers have totally abandoned the project.

Project’s Telegram Admins Not Sure What Happened

The administrators of the TeddyDoge Telegram channel also remain uncertain as to exactly what caused the loss of funds and price crash, saying it could have been either “a bug in our cross-chain bridge or a leaked developer wallet”. 

The admins warned users not to buy any more TEDDY tokens for now, saying they had closed the cross-chain bridge and were “in the process of fixing it”. They also said that TEDDY holders would soon receive a new token called DRAC, as the project was rebranding from TeddyDoge to the DRAC Network.

TeddyDoge is the latest in a long line of crypto projects to have defrauded investors. In November 2021, the founders of the curiously named Monkey Jizz DeFi project made off with approximately US$300,000 of investors’ funds after having gone to great lengths to appear legitimate and assure investors.

Categories
Coinbase Crime Crypto Exchange Cryptocurrency Law

Former Coinbase Employee Charged in First Crypto Insider Trading Case

Three people, including a former Coinbase employee, have been charged with wire fraud conspiracy and wire fraud over an insider trading tip-off scheme that ran from June 2021 until April 2022, netting the accused over US$1.5 million in realised and unrealised profits. 

These charges are the first to be brought against defendants in a cryptocurrency insider trading case and act as a reminder that crypto markets are subject to many of the same laws that govern traditional financial markets.

Employee Tips Off Brother and Friend to Coinbase Listings

The three individuals charged by the US Attorney’s Office are former Coinbase product manager Ishan Wahi, his brother Nikhil, and his friend Sameer Ramani. 

It’s alleged that Ishan Wahi used his detailed knowledge of upcoming Coinbase asset listings to tip off Nikhil Wahi and Ramani, who then purchased large quantities of the assets just prior to the announcements of their listings and sold them for a profit shortly after the announcements. 

It’s alleged the trio used this method on at least 14 separate occasions, trading at least 25 different cryptocurrencies. In an attempt to cover their tracks, Nikhil Wahi and Ramani created accounts at centralised exchanges in other people’s names and transferred their assets through multiple anonymous Ethereum accounts.

Speaking about the charges against the trio, Damian Williams, Attorney General for the Southern District of New York, said:

Today’s charges are a further reminder that Web3 is not a law-free zone.  Just last month, I announced the first ever insider trading case involving NFTs, and today I announce the first ever insider trading case involving cryptocurrency markets.  Our message with these charges is clear: fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street. And the Southern District of New York will continue to be relentless in bringing fraudsters to justice, wherever we may find them. 

Damian Williams, US Attorney General, Southern District, New York

Twitter Post Helps Uncover Scheme

The beginning of the end for the insider trading scheme came on April 12 of this year when a Twitter user noted that an Ethereum wallet had bought hundreds of thousands of dollars’ worth of digital assets just 24 hours before their Coinbase listings were announced. 

The wallet was subsequently found to be under the control of Ramani. Following this tweet, Coinbase opened an investigation into the matter and on May 11, Coinbase’s director of security operations emailed Ishan Wahi to tell him to appear for an in-person meeting at Coinbase’s headquarters in Seattle, Washington, on May 16.

On the evening of May 15, Ishan Wahi bought a one-way ticket to India, which was scheduled to depart the following morning, just before the meeting with Coinbase security. However, before he could board his flight Wahi was intercepted by law enforcement and prevented from leaving the country.

Each of the defendants has been charged with one count of wire fraud conspiracy and one count of wire fraud – each charge carries a maximum sentence of 20 years in prison.

Insider trading is an ongoing issue that undermines confidence in both regulators and markets. Last September, the head of product development for the NFT marketplace OpenSea resigned following allegations of insider trading, and questions were raised about the integrity of the US Federal Reserve following the resignation of two regional Fed presidents over insider trading allegations.