Author: Robert Drage

Robert is a freelance researcher, with a background in information science currently interested in blockchain technology and technical developments in the field.

Categories
Blockchain Crypto Exchange Crypto News Hackers Japan

Japan’s Liquid Exchange Hacked for Almost $100 Million

Close to US$100 million has been stolen by hackers from Japan’s Liquid Global exchange, which has since suspended deposits and withdrawals while also moving its assets into offline storage.

According to an August 19 tweet, Liquid exchange confirmed that it had been breached and its hot wallet compromised. The exact amount still needs to be verified, but estimates place it upward of US$90 million.


With such a large amount of crypto compromised, the exchange has moved its digital assets into cold storage. According to Eddie Wang, senior researcher at OKLink, hackers made off with BTC, ETH, TRX, XRP and other ERC-20 tokens.

The cold wallet used for segregation management is safe, and no impact on the assets entrusted to us by our customers has been confirmed.

Liquid (via Quoine)

Blockchain analytics company Elliptic says US$45 million in tokens were being converted to Ethereum through decentralised exchanges – blockchain-based platforms that require no intermediaries – such as Uniswap.

Destination Wallets Blacklisted by KuCoin

In the meantime, the wallets that received the stolen tokens have been blacklisted by KuCoin and other exchanges are expected to soon follow suit.

Liquid exchange also announced that “under these circumstances, we will suspend the warehousing and withdrawal of cryptographic assets until the security of all wallets is confirmed”.

How It Was Done

According to a blog post by Liquid, “the MPC wallet [used for warehousing/delivery management of cryptographic assets] held by our Singapore subsidiary Quoine was damaged by hacking. The impact on us is currently being confirmed.”

MPC is an advanced cryptographic technique in which the private key controlling funds is generated collectively by a set of parties, none of which can see the fragments calculated by the others. Liquid Global’s blog post did not explain how this security arrangement was circumvented. However, an investigation is under way.

This breach comes in the same week as a record-breaking DeFi hack against PolyNetwork, which siphoned off around US$600 million from the protocol.

Categories
Australia Blockchain Industries

Australia and Singapore Border Blockchain ID Verification Trial a Success

The Australian Border Force (ABF) and Infocomm Media Development Authority (IMDA) of Singapore have successfully completed a trial of blockchain technology to increase the effectiveness of trade flow between Australia and the island city-state.

According to the joint media release from the ABF, IMDA Singapore and Singapore Customs, the three institutions have been able to demonstrate trade documents can be issued and verified digitally across two independent systems.

As part of the Australia-Singapore Digital Economy Agreement, announced in November 2020, the project aimed to simplify cross-border trade. The trial successfully tested the interoperability of two digital verification systems – the ABF’s Intergovernmental Ledger (IGL) and IMDA’s TradeTrust reference implementation.

ABF commissioner Michael Outram said the positive results of the trial would help improve cross-border processes for the Australian trading community. Source: Joel Carrett/AAP

ABF is proud to pioneer cutting-edge digital verification projects in Australia. We understand this collaboration is among the first to involve multiple government agencies from two countries to achieve cross-border document interoperability.

Michael Outram, ABF commissioner

By using the blockchain-based, decentralised approach, transactions can become more cost-effective and offer scalability without the need for expensive data exchange infrastructure, lowering barriers to the adoption of paperless cross-border trade.

Digital Verification and Verifiable Documents Show Promise as a ‘Circuit-Breaker’ 

The goal of the IGL platform is to progressively remove the need for paper documents and reduce cross-border transaction costs for Australian business, as mentioned in the Simplified Trade System reform agenda.

“Digital verification and verifiable documents show promise as a ‘circuit-breaker’ to disrupt persistent paper-based evidence required by authorities,” Outram said.

A Successful First Test Case

The first test case for the project was issuing certificates of origin (COOs), which contained QR codes with unique blockchain-based proofs that verified the authenticity and integrity of the documents.

Certificates of origin are usually issued on paper and businesses usually wait days to receive the hard-copy document via courier before dispatching it to multiple parties, including customs agencies, brokers and banks. Paper trade documents are generally required by authorities to prove authenticity and integrity.

Ho Chee Pong,  director-general of Singapore Customs, stated that the Covid-19 pandemic had accelerated trade digitalisation and demonstrated the importance of cross-border paperless trade.

With these systems in place, documents can be verified much faster, allowing for seamless administration and an improved flow of information.

Categories
DeFi Ethereum Hackers

White Hat Hacker Group Prevents $350 Million SushiSwap DeFi Heist

A collective effort from the crypto community has saved SushiSwap’s token fundraising platform from a potential US$350 million heist. A vulnerability was found in the code by a partner of Paradigm, which could have led to an auction being hacked if discovered by a malicious actor.

SushiSwap’s token fundraising platform, MISO, had one of its smart contracts used in a “Dutch auction”. The vulnerability created a ticking time bomb situation for the platform to potentially lose 109,000 ETH (US$350 million) before the auction ended.

According to a post published by SushiSwap on Monday, Paradigm security researcher Sam Sun (aka samczsun) and colleagues Georgios Konstantopoulos and Daniel Robinson worked together to solve the problem with the “Dutch auction” contract on the Miso platform. Sun was scanning through the code when he came upon the vulnerability:

Complex Smart Contracts in DeFi Need to be Secure

In Sun’s words: “Unfortunately, while composing two components might be safe most of the time, it only takes one vulnerability to cause serious financial damage to hundreds if not thousands of innocent users.”

This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behaviour. There’s no catch-all advice to apply here, like ‘check-effect-interaction’, so you need to be cognisant of what additional interactions new components are introducing.

Samczsun

According to SushiSwap, the issue created a “two-pronged issue where a user can both put up a commitment higher than ‘msg.value’, thereby draining any unsold tokens, and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment”.

“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” adds Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

I had gone from encounter to discovery in a little over half an hour, disclosure in 20 minutes, war room in another 30, and a fix in three hours. All in all, it took only five hours to protect 350 million USD from falling into the wrong hands.

Samszsun

Preventing Attacks with Secure DeFi Contracts

In the case of the SushiSwap vulnerability, many in the crypto community have taken to social media to praise and show support for the collective rescue efforts led by the research arm at Paradigm.

This event took place after the biggest DeFi exploit to date last week when cross-chain DeFi site Poly Network was attacked, losing more than US$600 million worth of cryptocurrencies, due to a bug.

Other recent instances such as the Thorchain attack or ICX coding flaw exploit have also been due to vulnerabilities in code.

The DeFi space is one of blockchain’s newest innovations with lots of potential for growth and wealth creation. However, the industry is in its infancy with much to be learned, and since there’s so much money on the table there will usually be vultures circling around.

Categories
Blockchain Crypto News Ethereum

Microsoft Employs Blockchain to Create World’s ‘First Public Anti-Piracy System’

Researchers from Microsoft, Alibaba group and Carnegie Mellon University have released a white paper outlining a new blockchain-based solution for piracy, said to be running on the Ethereum (ETH) public blockchain.

The paper outlines ‘Argus: A Fully Transparent Incentive System for Anti-Piracy Campaigns’, which is designed to curb piracy through incentivising reporting of fraudulent items and by using blockchain and cryptography in its anti-piracy solution.

Built on Ethereum’s public blockchain, Argus is described as superior to existing solutions and is also thought to be the first public anti-piracy system which:

  • does not hinge on any “trusted” role;
  • treats every participant fairly (in particular, it is resilient to greed and abuse, and resolves conclusively every foreseeable conflict); and
  • is efficient and economically practical to run on a public blockchain.

The system achieves an impressive off-chain throughput, and incurs only a negligible on-chain cost equivalent to sending “14 ETH-transfer transactions per report on the public Ethereum network”.

Protecting Intellectual Property

Intellectual property (IP) is one of the most valuable assets for modern tech companies, especially in the software, film, gaming and digital publishing industries. Companies worldwide have become increasingly concerned with IP protection and the fight against digital piracy.

According to the team of researchers, “Anti-piracy is fundamentally a procedure that relies on collecting data from the open anonymous population, so how to incentivise credible reports is a question at the centre of the problem.”

Relying on the transparency of Ethereum, Argus aims to provide a trustless incentive mechanism while protecting data collected from the open anonymous population of piracy reporters. The system enables back-tracing of pirated content to the source with a corresponding watermark algorithm, which is detailed in the paper.

Dubbed “proof of leakage”, each report of leaked content involves an information-hiding procedure. This way, no one but the informer can report the same watermarked copy without actually owning it, and it also prevents an informer from reporting the same leaked content under different names.

NFTs Also Used to Protect Against Piracy

Non-fungible tokens (NFTs) can also be used to prevent piracy through cryptography. Zero Contact, a new blockbuster film starring Anthony Hopkins, is set to premiere later this year on the NFT platform Vuele where it will be sold as an NFT.

The idea with Zero Contact is to make the movie an NFT, basically a digital asset that is placed on an encrypted blockchain with unique serial numbers. In doing so, it protects the film from piracy and adds fun extra content for the buyer, which can also be traded on the platform.

Categories
ATM Banking Blockchain Cryptocurrencies

ATMs Run Out of Money in Afghanistan as Taliban Occupies Major Cities

Afghanistan is under siege by the Taliban and with the president fleeing the capital, the state has fallen to the self-proclaimed Islamic Emirate of Afghanistan.

With many trying to flee the country, the frantic search for cash has led to banks and ATMs running empty.

According to reports by Al Jazeera and other news services, Taliban forces started capturing cities inside Afghanistan over the past week and have since taken Kabul, the nation’s capital.

Taliban fighters take control of the Afghan presidential palace after President Ashraf Ghani fled the country last week. Source: Zabi Karimi/AP/ Al Jazeera

More recent reports indicate that flights to Kabul have been re-routed and those to nearby provinces, Herat and Kandahar, have been cancelled.

When the news broke, Afghans and foreigners alike flocked to the airport seeking a way out, trying desperately to get their hands on money for supplies and flight tickets.

“The ATMs were all out of money, [and] the banks were full of hundreds of people lining up trying to take out as much money as they could,” said Afghani citizen Abdul Wahab, who was in Mazar on a business trip. The liquidity crisis has had serious repercussions for people who need some form of money to survive.

A similar situation occurred in Lebanon in 2019 where ATMs ran out of cash and banks capped withdrawals.

Blockchain Solutions to Broken Infrastructure

During crises like these, the internet can be suspended in a country cut off from the rest of the world, or provided solely to critical institutions. In a case such as that unfolding in Afghanistan, the military can stop routing traffic outside the country, making it nearly impossible to enact a bank transfer or any kind of transaction.

Even without internet access, however, people inside the country can still use peer-to-peer infrastructure or other bandwidths to transact if they have wallets on their phones containing crypto. The actual bitcoin balances are stored on the blockchain “public ledger”, which is constantly being updated by the bitcoin network even when holders are offline.

According to Richard Myers, a decentralised applications engineer at Global Mesh Labs, “In many parts of the rural and developing world, internet connectivity is both expensive and intermittent. Bitcoin transactions can be made over alternative low-bandwidth transport layers like mesh radios and SMS.”

The deployment of mesh networks and long-range radios can act as a substitute for internet connectivity. Using SMS bridges or meshnets, users can broadcast transactions throughout the network, without requiring an internet connection.

As in the current situation in Afghanistan and other countries in the world with infrastructure problems, blockchain and cryptocurrency are a solution to transact when the internet goes down, but when the power goes out that’s a different story.

Categories
Crypto News Cryptocurrency Tax Regulation

Lawmaker Makes Last-Ditch Attempt to Save Crypto from $1.2 Trillion US Infrastructure Bill

With the massive US$1.2 trillion American infrastructure bill reaching its next stage, a last-ditch effort is being made to change some potentially damaging wording contained within the bill. If the bill is passed as is, it may have some negative ramifications for the American crypto industry.

In a letter to House of Representatives Speaker Nancy Pelosi, Democrat Anna Eshoo calls once again for an amendment to the bipartisan infrastructure bill that aims to implement possibly damaging regulations to the cryptocurrency industry.

The August 12 letter urges Pelosi to amend “the problematic broker definition” in the Senate-passed bill that now faces the lower chamber.

According to a leadership aide, the final language in the infrastructure bill will be reviewed. After the first attempt to amend the language fell short by one vote, Eshoo urged Pelosi to reconsider the wording.

According to the cryptocurrency groups and digital rights groups that combined to lobby for an amendment in the Senate, they will be taking the fight to the House after failing to secure changes in the upper chamber.

Reporting Could Be Used as Financial Surveillance

The infrastructure bill contains a provision that aims to implement additional reporting requirements for the crypto industry to help raise tax revenue for the trillion-dollar infrastructure bill. The requirements could raise US$28 billion over 10 years, according to the Joint Committee on Taxation.

The bill will be looked at again at the end of the month after the House returns from recess. According to Jake Chervinsky, general counsel for Compound Labs, “the good news is the language doesn’t take effect until 2023. In fact, it doesn’t require any new reporting until after December 31 of 2023, meaning reports filed in 2024 will have to include transactions that are subject to the provision from fiscal year 2023.”

Ultimately, Chervinsky believes the bill might contain some “Fourth Amendment concerns”. With the government being allowed to use such a broad range of private actors to take part in financial reporting of American citizens and companies, there are worries about possible surveillance issues if government were to obtain this information.

Categories
Australia Blockchain Industries

Fake Australian Covid Vaccine Certificates Are Growing: We Need Blockchain

With the increase of fake Covid-19 vaccine certificates circulating on the web, Australian specialists are calling for a nationwide roll-out of a blockchain-based vaccine certificate system.

According to a report published by The Australian newspaper, international fraudsters are selling fake Australian Covid-19 certificates for as little as A$120, claiming they have sold over 200 certificates to their alleged 900 interested customers.

The counterfeiters claim their certificates are so realistic, “You’ll be the only one to know you’ve not been vaccinated”. Another group of forgers claims it can convince medical doctors to enter false information straight into the Australian Immunisation Registry.

With networks spanning the globe, some providers claim they have partners in Australia, the US, Europe, and some parts of Asia. Darknet marketplaces have also been a source of fake certificates and stolen vaccines where clients can pay with cryptocurrencies. With so many sources of fraudulent certificates, a system needs to be designed to combat the criminals.

Why Use Blockchain?

According to Robert Potter of cybersecurity firm Internet 2.0, it would be a good move for Australia to utilise blockchain technology to create a vaccine certificate system to ensure the current certificate system isn’t compromised.

We are able to give you a foolproof system that we solely are able to use, however we really need a worldwide system that everybody can use.

Robert Potter, Internet 2.0

However, Services Australia general manager Hank Jongen insists the current Covid-19 certificate application has “enhanced anti-fraud features” and that “where there are discrepancies […] Services Australia will contact the provider to ensure accuracy of this information and correct the record if required”.

By using blockchain technology, certificates can be digitally verified to check someone’s vaccination status, and its immutable properties mean issued certificates can’t be tampered with. However, our fallible brethren might still be persuaded to add fake certificates to the system.

Denmark’s Digital COVID-19 passport

Reforming How Health Information is Shared

Previously there has been some talk of Australia creating vaccine passports, but so far nothing has come of it. This would not be a groundbreaking endeavour, as the republic of San Marino in central Italy has already started implementing its blockchain-based vaccine passport through VeChain.

International conglomerate IBM has also developed a blockchain-powered digital health pass built-in with Amadeus, an airline reservations system utilised by more than 450 carriers around the globe.

Blockchain Australia deputy chair Karen Cohen believes a blockchain-based Covid certificate system may pave the way for the safe exchange of health information worldwide, stating: “This would be a really wonderful test case as a globally secured way of sharing health data.”

Categories
Crypto News Cryptocurrency Law Regulation

US Amendment Has Far-Reaching Implications for the Crypto Industry

A hotly debated US$1 trillion infrastructure bill has been passed by the Senate, which may have some problematic repercussions for the American and wider crypto community.

Cryptocurrency took centre-stage in US Congress on August 10 when the massive infrastructure bill was discussed. One section of the bill aims to generate tax revenue and customer information from cryptocurrency brokers, which in its current definition looks at taxing everyone who plays a part in a crypto transaction.

Advocates for the crypto industry pushed back on the provision, leading to lawmakers introducing amendments in an attempt to modify the language. Republican Senators Pat Toomey and colleagues proposed explicitly defining which types of entities are brokers, while a competing amendment introduced by Senators Rob Portman (Republican) and Democrats Mark Warner and Kyrsten Sinema proposed a more narrow modification that only exempted Proof-of-Work (PoW) miners.

A Problematic Definition

The bill drew controversy due to its plan to collect US$28 billion in tax revenue from the crypto sector. One of the main problems crypto advocates have with the bill is its definition of “broker”, currently defined as anyone who facilitates a transaction.

According to legal experts, this term may be broadened to encompass PoW miners, Proof-of-Stake (PoS) validators, and even protocol creators, affecting nearly everyone in the crypto ecosystem.

Additionally, brokers will be required to go through Know Your Customer (KYC) processes and follow rigorous tax reporting standards under the new laws.

The overly broad definition will hurt blockchain innovation, may possibly cost jobs, and most importantly will endanger the privacy of many American users. Senators have been urged to take a step back and implement incremental regulations, as many of them don’t yet understand what they are trying to regulate.

Banks Don’t Like Crypto

In a failed last effort to get the amendment passed, Republican Senator Richard Shelby objected to the provision after his effort to add a military funding amendment was blocked by Democrat Senator Bernie Sanders. The vote fell short by one.

Following the rejection of the amendment, Charles Hoskinson, founder of Cardano (ADA), stated that “it was a really tense moment, listening to senators speaking [about] how badly this bill can damage the crypto industry. I have no intention of living in a dying empire.”

Senator Shelby also has connections to banks in the US, with Citadel and others showing up as some of the biggest donors to his previous campaigns.

Richard Shelby campaign ‘contributions‘ in 2016

The infrastructure bill represents the first time that crypto has entered the highest echelons of political discourse in the US. Instead of pushing quiet legislation through, this crypto provision gave the industry an unprecedented platform and relevance in the eyes of lawmakers.

The bill now moves to the House for further deliberation, though it is unclear how much room there will be for modifications once it gets there.

The Potential Impact on Australia

Landmark regulatory standards and legislation are very important in the expanding crypto industry. New legislation created by frontrunner countries has the potential to set a precedent that could be followed by other countries also developing their own legislation.

The passing of this bill has various knock-on effects, not only in the legislative environment but for new crypto start-ups and innovators in the US, stifling growth of one of the sector’s major players. If the industry takes a hit like this, it could spell danger for ongoing innovation in the crypto space.

The decision may also hurt the market value of some projects based in the US, in turn having an effect on overseas investors.

Categories
Australia Investing Markets Regulation

What is Delaying the Aussie Crypto ETF?

One of the final pieces of the cryptocurrency ETF puzzle is deciding how the arrangements with custodians will work. To that end, the Australian Securities and Investments Commission (ASIC) is in the final stages of consultation to decide if a crypto ETF will be traded locally.

This year, ASIC is expected to finalise its market consultation on the potential for digital currency ETFs for the Australian market. While it is still in discussion with relevant stakeholders, a few more creases need to be ironed out.

However, earlier in the year, it was reported that the Aussie crypto ETF could launch on the ASX in 2021.

Australian Securities and Investments Commission (ASIC).

Issues Still to be Finalised

Custodianship is an issue. According to Caroline Bowler, CEO of digital currency exchange BTC Markets, “The trend is for ETFs to physically hold the underlying digital currencies they reference. This raises the question of how custody of these assets would be managed.”

As it stands, there isn’t a suitable onshore custodial solution. So that’s something that needs to be worked out with custodial providers.

Caroline Bowler, BTC Markets

The current lack of relevant regulation and standards for custodians and exchanges is casting a shadow of uncertainty. Standards still need to be set and a regulatory body chosen to ensure the protection of investors.

The composition of crypto ETFs and their benchmark reference are also issues to be considered before local crypto ETFs can be traded.

But as ASIC recently noted as part of its consultation on crypto-asset-based ETPs and other investment products, there is real risk of harm to consumers if these products are not developed and operated properly, given the unique features and risks associated with them.

Alex Vynokur, CEO, BetaShares

It remains to be decided which method of ETF will work the best for the market, considering the needs of investors and their security and safety. With many Australian millennials planning on retiring at 50 with the help of crypto and ETFs, it’s obvious that there is a demand.

Different Kinds of ETFs

Depending on which products investors prefer, both active and passively managed ETFs could be traded.

A passive ETF is an investment that replicates the performance of the asset it references, and the portfolio is updated regularly (generally quarterly) to reflect changes in the reference index – for instance, the S&P/ASX 200.

On the other hand, actively managed ETFs invest in assets that are bought and sold by a portfolio manager on a more dynamic basis, depending on the manager’s view of the market and investment thesis.

Another model might be for an ETF to hold not just digital currencies but also companies whose products are built on distributed ledger technology, digital currency exchanges, and other listed and unlisted firms that are exposed to blockchain through their operations. This could be similar to a basket investment like ‘FAANG’, where investors can invest in a basket of industry leaders.

To successfully launch a crypto ETF in Australia, an issuer will need to show evidence that the underlying crypto asset has robust liquidity, transparency and price discovery, which we believe will only apply to a small subset of crypto assets.

Alex Vynokur, BetaShares

ETFs Provide Safety for Investors

Some of the risks associated with investing in the digital asset class may be mitigated by accessing digital currencies through an ETF, traded through a highly regulated environment such as a national stock market.

Fund managers who seek to offer such investment products should be required to demonstrate a track record of risk management and organisational competency in managing retail investment products.

Alex Vynokur, BetaShares
Categories
Australia Crypto Exchange Regulation

Billions of Investor Money at Stake as Australian Crypto Exchanges Worry About Regulation

As the crypto industry continues to boom in Australia, investors and some members of the Senate are pushing for a more regulated environment. With current regulation setting the bar a little low, it could pose possible risks to investors and businesses alike.

On August 6, some of the largest crypto exchanges in Australia including Blockchain Australia, Independent Reserve, Kraken, Swyftx and various asset managers made an appeal to the Committee on Australia as a Technology and Financial Centre. They asked for minimum operating standards to be implemented to protect investors, with the ultimate aim of aligning consumer protection and industry growth.

While Australia is in a good position to participate in the global development of digital assets, a team of legal experts has highlighted current gaps in the framework that leave consumers exposed.

The Need For Regulation

Currently, the only cryptocurrency licence that exists in Australia is administered by AUSTRAC and is focused on identifying tax evaders and money laundering. With a lack of rules and entities to enforce them, individuals and businesses in the crypto space are at risk.

According to Adrian Przelozny, founder of crypto exchange Independent Reserve, there are no rules, external audits or IT security standards for the community to follow. “This is ridiculous and needs to change to protect consumers,” he says. “How can we hold A$1 billion worth of client assets without having to prove to an auditor these assets exist?”

There also are no rules that prescribe how assets should be stored. Consumers are just hoping custodians are following a procedure that keeps their assets from being lost, but there’s no regulator that ensures this actually happens.

Adrian Przelozny, founder, Independent Reserve

The Consequences of Regulatory Uncertainty

The lack of regulation in Australia is leading Aussie investors to engage in international crypto trading, which could be unsafe. Regulators and enforcers ensure that investors are protected by regularly verifying that exchanges comply with all required security protocols.

Crypto businesses are scared to move forward and create new products. In the murky regulatory state crypto is in now, if a business spends time and money creating a new financial product, it may be a futile exercise or one that has consequences for new investors, such as last month’s changes to leverage trading by major crypto exchanges to protect new investors.

Australia needs to follow in the footsteps of Singapore, Hong Kong, Europe and the US, all of which have successfully regulated digital financial products. In recent months, Australian crypto companies have been urging regulators to provide some regulatory clarity.

The Aussie Commitment to Crypto

Generally speaking, Australia is quite progressive in its regulatory approach towards cryptocurrencies compared to other countries.

Australia needs to prepare for the future of finance. We believe prioritising digital financial legislation will have a significant longer-term impact across our entire economy.

Caroline Bowler, chief executive, BTC Markets

For now, the Australian Securities and Investments Commission (ASIC) has released a report detailing the current regulations around crypto trading. The challenge for investors is that the ASX and ASIC have been reluctant to allow exchange-traded funds linked to bitcoin to be listed, which could lead to investors buying BTC and other crypto elsewhere.