Video Link: https://www.youtube.com/watch?v=IMmJDdLEn8I

Video Download: Hopium Defi

Video Stream: Hopium Defi

Main Website: https://www.hopiumdefi.com

Telegram: t.me/hopiumcommunity

Twitter: https://www.twitter.com/hopiumdefi

 

In an interview Tuesday, Frank defended Signatures business and said it was seized due to an overreaction by a New York state regulatory agency following the collapse of another financial institution, Silicon Valley Bank, last Friday. He also disputed his critics claim that he had supported a 2018 law, signed by then-president Donald Trump, that weakened key provisions of Dodd-Frank.

Regulators seized control of Silicon Valley Bank and Signature Bank after customers suddenly withdrew billions of dollars of deposits last week, and regulators determined the banks could collapse if the withdrawals continued.

The two banks, based in California and New York, respectively, had some features in common that made them vulnerable, industry observers said. Both had exceptionally high levels approximately 90 percent of uninsured deposits, that is funds belonging to a single customer in excess of $250,000, the federal cap for insuring deposits.

And both banks had a high proportion of customers from high-risk industries tech in Silicon Valleys case and cryptocurrency in Signatures. Silicon Valley Bank had also invested a significant portion of customer deposits in long-term bonds, whose value had declined as the federal government hiked interest rates in the past year, making it harder for the bank to meet customer demands for withdrawals.

Signature, which had accepted crypto token deposits since 2018, was affected by an erosion of confidence in cryptocurrency after the bankruptcy of FTX, a cryptocurrency exchange, last November and the announced liquidation of Silvergate Bank, a cryptocurrency-focused bank, this month.

Frank said Signature got hurt when nervous customers rushed to withdraw their deposits Friday. Then, over the weekend, the New York Department of Financial Services stepped in to shut the bank and hand the reins to the Federal Deposit Insurance Corporation as a receiver.

The New York regulators said they had problems with our data, Frank said. I dont think thats a reason you shut people down.

A Department of Financial Services spokesperson said that following the bank run, Signature failed to provide reliable and consistent data, creating a significant crisis of confidence in the banks leadership.

Frank also alleged that bias against cryptocurrency may have played a role in the New York regulators decision to shut down Signature. I thought it was an anti-crypto thing, he said.

The DFS spokesperson said, The decisions made over the weekend had nothing to do with crypto.

Frank has faced criticism this week for allegedly supporting a 2018 bill that eased regulatory oversight of medium-sized banks, such as Signature, while serving on Signatures board. But Frank pushed back on Tuesday, citing a 2018 CNBC op-ed he wrote criticizing the final form that bill took. Why I would vote no on Senate bill to amend Dodd-Frank, the headline said.

The central dispute back in 2018 and the current controversy is the question of which banks are so big, and so important to the broader financial system, that they must be subjected to heightened regulatory scrutiny.

The original Dodd-Frank law set that threshold at $50 billion in assets. Banks above that limit faced strict reporting requirements, were subjected to stress tests to see if they could withstand a severe economic downturn, and had to create plans for how they would safely wind down operations in the event of a collapse. Regulators were also more likely to require them to keep greater amounts of reserve capital on hand.

Frank said Tuesday that he always thought the $50 billion threshold was too low. It placed too great a burden on smaller banks, which inhibited competition. He said Tuesday that he called for an increase of the threshold in 2013 at a conference held at the Chicago Federal Reserve. Id never heard of Signature Bank at that time, he said.

He joined Signatures board in 2015 and earned $2.4 million in stocks and cash while serving there, Frank said.

Signature was under the Dodd-Frank threshold in 2015, with less than $29 billion in assets, according to Federal Reserve statistics. During Franks time on the board, the banks assets more than tripled to more than $110 billion as of last week, according to the FDIC.

In 2018, as the bill amending Dodd-Frank was being considered, Frank advocated raising the $50 billion threshold. He wrote in the CNBC op-ed that $125 billion would be reasonable. He argued that the effect of raising the threshold to that level would be substantively neutral, and politically beneficial, undercutting some criticism of Dodd-Frank and helping to safeguard the laws future.

But when Republicans pushed for a $250 billion limit, he balked. I believe that the price the Republican colleagues are demanding is too high, he wrote at the time.

Senator Elizabeth Warren, in recent days, has sharply criticized the 2018 law and said that leaving the $50 billion threshold in place could have prevented the collapses of Silicon Valley Bank and Signature Bank.

President Trump and congressional Republicans decision to roll back Dodd-Franks too big to fail rules for banks like [Silicon Valley Bank] reducing both oversight and capital requirements contributed to a costly collapse, she said in a statement Friday.

On Tuesday, Warren and other Democratic legislators introduced a bill to repeal the portion of the 2018 law that raised the asset threshold.

Mark Williams, a Boston University finance professor and former Federal Reserve bank examiner, said raising the threshold had caused a reduction in bank oversight. But he said decisions at the banks themselves were more significant factors in their failures than regulatory changes.

Both banks allowed their uninsured deposits to grow to extraordinarily high levels, Williams said. And both aggressively pursued clients in high-risk, high-reward sectors, he said. (Signature also had customers in a wide range of other industries, the Department of Financial Services spokesperson said.)

They bet that those industries would continue to take off and that the industries success would be their success, he said. It was a very risky decision.

Signature changed its risk profile in a very short time, Williams said, referring to the banks pivot in recent years toward cryptocurrency. This was a staid bank that turned into a more risk-taking bank and it was clearly to seek greater profit.

Mike Damiano can be reached at mike.damiano@globe.com.

View original post here:

Barney Frank, coauthor of landmark banking reform, defends his positions after SVB collapse, Signature Bank seizure - The Boston Globe

The cryptocurrency exchange Kraken made big news last month when it announced a groundbreaking settlement with the Securities and Exchange Commission, shutting down the firms staking-as-a-service business in the U.S. and paying a $30 million settlement.

The news came as a jolt, in part because of the reputation of the defendant. Kraken is one of the more responsible actors in an industry characterized by reckless business practices. But a bigger shock came in the form of the SECs interpretation of staking.

To technologists, staking has a straightforward definition based on its purpose in a cryptocurrency network. In proof-of-stake consensus mechanisms, networks are secured by actors running specialized software who are typically required to put funds at stake to deter them from acting maliciously. Under this incentive scheme, funds are destroyed (slashed) by the network if a participant acts dishonestly. Staking refers to using ones funds to participate in the security of a decentralized cryptocurrency network by running softwarerather than burning electricity, like in a proof-of-work consensus chain.

Staking by exchanges, as pioneered by Coinbase, involves a service-based approach. This is where the practice should have begun and endedexchanges could act as savvier participants to secure a blockchain network on behalf of some token holders, passing along to them any rewards accrued in the process. On the Tezos platform, Coinbase acts as a delegate for token holders to assign rights to validate and vote on the blockchain. Coinbase makes money by taking a portion of the rewards accrued by running software on their customers behalf. This is a modest but consistent revenue steam, and an easy option for less-technical token holders to participate in the Tezos network.

At the peak of the 2020 speculative frenzy, known as DeFi summer, however, the definition of staking as a technical practicea security-ensuring mechanism for a network paired with a small incentive structuremorphed into a catchall phrase to describe everything from risky lending practices to providing liquidity to decentralized exchanges. Some even began invoking staking to describe the returns for Ponzi-esque projects like the Terra protocol. The upshot is that many protocols and tokens no longer employ staking to describe securing a network, but rather as a marketing term for a dodgy reward system for new users. This has led to many crypto participants, especially less sophisticated ones, conflating yields and stakes and believing that staking implies double- or triple-digit returns on recently minted tokens.

As Sam Bankman-Fried described in his now-infamous money box analogy, this weird box staking thing starts out as just this sort of like side show to the bigger story of were gonna change the world with the protocol that we just built. Its no surprise, given Bankman-Frieds history with the disgraced FTX exchange, that the weird box staking thing propping up crypto markets in 2020 and 2021 proved to be unsustainable.

This is why we cant have nice things.

Conflating securing a network with marketing a token through the common use of staking is a microcosm of whats plagued the industry rhetorically for the last decade. In blurring the lines between activities like lending, token distribution, Ponzi economics, andtechnical security, staking now means nothing at all. Like all security measures, the concept was at its best when it was boring.

Once, there was a rhetorical distinction between the creation of tokens for network security and the creation of tokens as a distribution strategy to promote a new project. Unfortunately, too many projects appropriated the language of network security to describe a distribution scheme that would create good feelings through unsustainably high yields for early participants. While the market capitalization of the industry expanded, nobody felt the need to clarify these two radically different activities. Now that numbers have gone down, the folks who succumbed to peer pressure have started to watch their chickens come home to roost. (My guess is that stablecoins will be the next meaningless word to invite scrutiny from regulators.)

A call for precise language in the cryptocurrency space has always felt like a shout into the void. The recent staking-as-a-service settlement feels like validation of that lament, and it will be far from the last.

Kathleen Breitman is a cofounder of Tezos. The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs ofFortune.

Read more:

Staking as a disservicehow crypto marketers ruin it for everyone - Fortune

getty

Fidelity Investments has quietly opened access to bitcoin and ether trading to all of its retail traders, filling a void created by the closures in recent days of cryptocurrency-friendly banks that bridged the divide between digital and traditional finance.

The Fidelity Crypto platform, previously available only to institutions and some waitlisted customers, was made available earlier this month. Individual investors can now buy and sell bitcoin and ether and use custodial and trading services provided by Fidelity Digital Assets.

Clients are not yet able to transfer cryptocurrency to or from their Fidelity accounts. The company said it would be exploring cryptocurrency transfers in November, shortly after announcing the waitlist, but hasnt provided a clear timeline.

The separation of investors from the passwords known as private keys that allow direct owners to take custody of their cryptocurrencies combined with the inability to transfer holdings means that Fidelity retains custody of the assets. A string of bankruptcies among crypto exchanges and investment programs last year illustrated the drawbacks of entrusting digital assets to intermediaries, though Fidelitys size and reputation likely mitigates the risk.

The company has not responded to a Forbes request for more information.

Trading is open only to U.S. citizens over the age of 18 who reside in one of the 36 states where Fidelity Digital Assets offers services.

Following the footsteps of stock-trading app Robinhood and crypto exchange Binance.US, the asset manager has touted the offering as commission-free, but theres a catch: a 1% fee will be added to each transaction. The company calls the fee a spread and defines it as the difference between your execution price and the price at which Fidelity Digital Assets fills your order.

The move comes at a time when the U.S. cryptocurrency market is facing regulatory pressure, sparked by multiple high-profile collapses last year, and closures of crypto-friendly banks including the Silicon Valley Bank, Silvergate and Signature.

Still, the Fidelity service provides both the credibility that crypto has needed and the opportunity for investors, most of whom rely on their financial advisors for investment strategies, says Ric Edelman, a financial advisor and founder of Digital Assets Council of Financial Professionals.

In addition to cryptocurrency trading, Fidelity also provides, Fidelity Ethereum Index Fund, which tracks the performance of the coin in U.S dollars. In December, the asset manager filed three trademark applications for providing NFT and metaverse investment services.

More here:

Amid Crypto Bank Crisis, Fidelity Expands Bitcoin, Ether Trading To Most Retail Accounts - Forbes

It's been a tough time for cryptocurrency but, despite volatility, you still need to know how the technology works, said Douglas Boneparth, a certified financial planner based in New York.

The digital currency market dropped by nearly $1.4 trillion in 2022, following a cascade of bankruptcies and liquidity issues, including the high-profile collapse of crypto exchange FTX. In March, crypto-focused Silvergate Capital announced plans to wind down operations and regulators shut down crypto lender Signature Bank.

Although the crypto market rallied at the start of 2023, assets recently tumbled again, with bitcoin falling below $20,000 on Friday, triggered by a stock market sell-off in the U.S. But bitcoin surged by 10% on Monday, following the news of U.S. regulators' plans to safeguard depositors and financial institutions associated with Silicon Valley Bank.

Here are more FA Council perspectives on how to navigate this economy while building wealth.

Boneparth, who is president of Bone Fide Wealth and a member of CNBC's Financial Advisor Council, said the recent events and crypto market volatility have made him even more "bullish" on learning about the technology.

"Clearly, the decentralized financial world is interconnected to the traditional financial world more so now than ever before," he said.

An early adopter of digital currency since 2013, mostly in bitcoin, Boneparth said there's plenty to learn about the technology we'll inevitably see more from in the future.

"This doesn't necessarily mean you should be allocating your money there," he said. But he believes you should be investing your time and energy to see where the technology may be heading.

"I've learned a lot in my journey without having to take an exorbitant amount of risk," Boneparth said.

When it comes to cryptocurrency, he said the "best thing you can do" is learn about the technology and how decentralized finance works. "A little bit would go a long way," he added.

Ive learned a lot in my journey without having to take an exorbitant amount of risk.

Douglas Boneparth

President of Bone Fide Wealth

"That's powerful stuff," Boneparth said. "It's not always putting your money into the latest craze of crypto; it's learning what it's all about."

While many advisors won't recommend clients buy or sell digital currency, Boneparth said investors may come to his practice looking for guidance on existing crypto allocations.

"Some people have amassed quite a bit of money in cryptocurrency," he said. "And it's my job to show them what the risks are, how that concentration and that asset can impact their long-term goals and their portfolio."

Boneparth said it's important to know how owning any particular type of asset may affect your financial goals, especially "volatile assets" like cryptocurrency.

Originally posted here:

Despite market volatility, advisor says he's 'bullish' on crypto education. Here's why - CNBC

ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds

ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers a type of malware that steals or modifies the contents of the clipboard. All of them are after victims cryptocurrency funds, with several targeting cryptocurrency wallets. This was the first time we have seen Android clippers focusing specifically on instant messaging. Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware.

Prior to the establishment of the App Defense Alliance, we discovered the first Android clipper on Google Play, which led to Google improving Android security by restricting system-wide clipboard operations for apps running in the background for Android versions 10 and higher. As is unfortunately shown by our latest findings, this action did not succeed in weeding the problem out completely: not only did we identify the first instant messaging clippers, we uncovered several clusters of them. The main purpose of the clippers we discovered is to intercept the victims messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers. In addition to the trojanized WhatsApp and Telegram Android apps, we also found trojanized Windows versions of the same apps.

Of course, these are not the only copycat applications to go after cryptocurrencies just at the beginning of 2022, we identified threat actors focused on repackaging legitimate cryptocurrency applications that try to steal recovery phrases from their victims wallets.

Due to the different architecture of Telegram and WhatsApp, the threat actors had to choose a different approach to create trojanized versions of each of the two. Since Telegram is an open-source app, altering its code while keeping the apps messaging functionality intact is relatively straightforward. On the other hand, WhatsApps source code is not publicly available, which means that before repackaging the application with malicious code, the threat actors first had to perform an in-depth analysis of the apps functionality to identify the specific places to be modified.

Despite serving the same general purpose, the trojanized versions of these apps contain various additional functionalities. For better ease of analysis and explanation, we split the apps into several clusters based on those functionalities; in this blogpost, we will describe four clusters of Android clippers and two clusters of malicious Windows apps. We will not go into the threat actors behind the apps, as there are several of them.

Before briefly describing those app clusters though, what is a clipper and why would cyberthieves use one? Loosely, in malware circles, a clipper is a piece of malicious code that copies or modifies content in a systems clipboard. Clippers are thus attractive to cybercriminals interested in stealing cryptocurrency because addresses of online cryptocurrency wallets are composed of long strings of characters, and instead of typing them, users tend to copy and paste the addresses using the clipboard. A clipper can take advantage of this by intercepting the content of the clipboard and surreptitiously replacing any cryptocurrency wallet addresses there with one the thieves can access.

Cluster 1 of the Android clippers also constitutes the first instance of Android malware using OCR to read text from screenshots and photos stored on the victims device. OCR is deployed in order to find and steal a seed phrase, which is a mnemonic code comprised of a series of words used for recovering cryptocurrency wallets. Once the malicious actors get hold of a seed phrase, they are free to steal all the cryptocurrency directly from the associated wallet.

Compared to Cluster 1s use of advanced technology, Cluster 2 is very straightforward. This malware simply switches the victims cryptocurrency wallet address for the attackers address in chat communication, with the addresses either being hardcoded or dynamically retrieved from the attackers server. This is the only Android cluster where we identified trojanized WhatsApp samples in addition to Telegram.

Cluster 3 monitors Telegram communication for certain keywords related to cryptocurrencies. Once such a keyword is recognized, the malware sends the full message to the attacker server.

Lastly, the Android clippers in Cluster 4 not only switch the victims wallet address, but they also exfiltrate internal Telegram data and basic device information.

Regarding the Windows malware, there was a cluster of Telegram cryptocurrency clippers whose members simply intercept and modify Telegram messages in order to switch cryptocurrency wallet addresses, just like the second cluster of Android clippers. The difference is in the source code of the Windows version of Telegram, which required additional analysis on the part of the malicious actors, to be able to implement inputting their own wallet address.

In a departure from the established pattern, the second Windows cluster is not comprised of clippers, but of remote access trojans (RATs) that enable full control of the victims system. This way, the RATs are able to steal cryptocurrency wallets without intercepting the application flow.

Based on the language used in the copycat applications, it seems that the operators behind them mainly target Chinese-speaking users.

Because both Telegram and WhatsApp have been blocked in China for several years now, with Telegram being blocked since 2015 and WhatsApp since 2017, people who wish to use these services have to resort to indirect means of obtaining them. Unsurprisingly, this constitutes a ripe opportunity for cybercriminals to abuse the situation.

In the case of the attacks described in this blogpost, the threat actors first set up Google Ads leading to fraudulent YouTube channels, which then redirect the unfortunate viewers to copycat Telegram and WhatsApp websites, as illustrated in Figure 1. On top of that, one particular Telegram group also advertised a malicious version of the app that claimed to have a free proxy service outside of China (see Figure 2). As we discovered these fraudulent ads and related YouTube channels, we reported them to Google, which promptly shuttered them all.

Figure 1. Distribution diagram

Figure 2. Trojanized Telegram app offered in Telegram group

At first glance, it might seem that the way these copycat apps are distributed is quite convoluted. However, it is possible that with Telegram, WhatsApp, and the Google Play app all being blocked in China, Android users there are used to jumping through several hoops if they want to obtain officially unavailable apps. Cybercriminals are aware of this and try to ensnare their victims right from the get-go when the victim searches Google for either a WhatsApp or a Telegram app to download. The threat actors purchased Google Ads (see Figure 3) that redirect to YouTube, which both helps the attackers to get to the top of search results, and also avoids getting their fake websites flagged as scams, since the ads link to a legitimate service that Google Ads presumably considers very trustworthy.

Figure 3. Paid advertisement when searching for Chinese Telegram

The links to the copycat websites can usually be found in the About section of the YouTube channels. An example of such a description can be seen in a very rough translation in Figure 4.

Figure 4. Fraudulent WhatsApp YouTube channel that points to a fake website

During our research, we found hundreds of YouTube channels pointing to dozens of counterfeit Telegram and WhatsApp websites some can be seen in Figure 5. These sites impersonate legitimate services (see Figure 6) and provide both desktop and mobile versions of the app for download. None of the analyzed apps were available on the Google Play store.

Figure 5. Fake channels available on YouTube

Figure 6. Websites mimicking Telegram and WhatsApp

We found various types of malicious code being repackaged with legitimate Telegram and WhatsApp apps. While the analyzed apps have sprung up at more or less at the same time using a very similar pattern, it seems that they were not all developed by the same threat actor. Besides most of the malicious apps being able to replace cryptocurrency addresses in Telegram and WhatsApp communications, there are no indications of further connections between them.

While the fake websites offer download links for all operating systems where Telegram and WhatsApp are available, all Linux and macOS links, as well as most iOS links, redirect to the services official websites. In the case of the few iOS links that do lead to fraudulent websites, the apps were no longer available for download at the time of our analysis. Windows and Android users thus constitute the main targets of the attacks.

The main purpose of the trojanized Android apps is to intercept victims chat messages, and either swap any cryptocurrency wallet addresses for those belonging to the attackers, or exfiltrate sensitive information that would allow attackers to steal victims cryptocurrency funds. This is the first time we have seen clippers that specifically target instant messaging.

To be able to modify messages, the threat actors had to thoroughly analyze the original code of both services apps. Since Telegram is an open-source application, the cybercriminals only had to insert their own malicious code into an existing version and compile it; in the case of WhatsApp, however, the binary had to be modified directly and repackaged to add the malicious functionality.

We observed that when replacing wallet addresses, the trojanized apps for Telegram behave differently from those for WhatsApp. A victim using a malicious Telegram app will keep seeing the original address until the application is restarted, whereupon the displayed address will be the one that belongs to the attacker. In contrast, the victims own address will be seen in sent messages if using a trojanized WhatsApp, while the message recipient will receive the attacker address. This is shown in Figure 7.

Figure 7. Malicious WhatsApp (left) replaced sent wallet address in message for recipient (right)

Cluster 1 is the most intriguing, since its members constitute the first known instance of OCR abuse in any Android malware. In this case, trojanized Telegram apps use a legitimate machine learning plugin called ML Kit on Android to search the victims device for images with .jpg and .png extensions, the most common screenshot formats on Android. The malware looks for screenshots of cryptocurrency wallet recovery phrases (also known as mnemonics) that the victim might have kept on the device as a backup.

Malicious functionality that iterates through files on the device and runs them through the OCR recognizeText function can be seen in Figure 8.

Figure 8. Malicious code responsible for retrieving images and pictures from the device and OCRing them

As shown in Figure 9, if the recognizeText finds the string mnemonic or (mnemonic in Chinese) in the text extracted from the image, it sends both the text and the image to the C&C server. In select cases we have seen the list of keywords expanded to eleven entries, specifically , Mnemonic, memorizing, Memorizing, recovery phrase, Recovery Phrase, wallet, METAMASKA, Phrase, secret, Recovery phrase.

Figure 9. Image and the recognized text within are sent to the attackers C&C server

In contrast with Cluster 1, which employs advanced methods to aid in its malicious activities, the second cluster of Android clippers is the least complicated among the four: these malicious apps simply swap wallet addresses, without further malicious functionality. The trojans in Cluster 2 mostly replace addresses for bitcoin, Ethereum, and TRON coin wallets, with a few of them also being able to switch wallets for Monero and Binance. The way the messages are intercepted and modified can be seen in Figures 10 and11.

Figure 10. Telegram message interception by malicious code

Figure 11. Malicious code responsible for replacing wallet addresses in Telegram messages

Cluster 2 is the only Android cluster where we found not only Telegram, but also WhatsApp samples. Both types of trojanized apps either have a hardcoded list of attacker wallet addresses (as seen in Figure 11) or dynamically request them from a C&C server, as seen in Figure 12.

Figure 12. Bitcoin, Ethereum and TRON wallet addresses received from C&C server

This cluster monitors Telegram communication for particular keywords in Chinese, such as mnemonic, bank, address, account and Yuan. Some of the keywords are hardcoded, while others are received from the C&C server, meaning they could be changed or expanded at any time. Once a Cluster 3 clipper recognizes a keyword, the whole message, along with the username, group or channel name, is sent to the C&C server, as can be seen in Figure 13.

Figure 13. Clipper exfiltrates a message if keyword was detected

The last identified cluster of Android clippers, Cluster 4, can not only replace cryptocurrency addresses, but also exfiltrate the victims Telegram data by obtaining their configuration files, phone number, device information, pictures, Telegram username, and the list of installed apps. Logging into these malicious versions of the Telegram app means that all the personal internal data stored within, such as messages, contacts, and configuration files, become visible to the threat actors.

To demonstrate, lets focus on this clusters most intrusive trojanized app: this malware combs the internal Telegram storage for all files smaller than 5.2MB and without a.jpg extension and steals them. Additionally, it can also exfiltrate basic information about the device, the list of installed applications, and phone numbers. All the stolen files are archived in an info.zip file, which is then exfiltrated to the C&C. All malware within this cluster uses the same ZIP filename, suggesting a common author or codebase. The list of the files exfiltrated from our analysis device can be seen in Figure 14.

Figure 14. Private Telegram user files that are exfiltrated to the C&C server

As opposed to the trojanized Android apps we discovered, the Windows versions consist not only of clippers, but also of remote access trojans. While the clippers focus mainly on cryptostealing, the RATs are capable of a wider variety of malicious actions such as taking screenshots and deleting files. Some of them can also manipulate the clipboard, which would allow them to steal cryptocurrency wallets. The Windows apps were found at the same domains as the Android versions.

We discovered two samples of Windows cryptocurrency clippers. Just like Cluster 2 of the Android clippers, these intercept and modify messages sent via a trojanized Telegram client. They use the same wallet addresses as the Android cluster, meaning that they most probably come from the same threat actor.

The first of the two clipper samples is distributed as a portable executable with all the necessary dependencies and information embedded directly in its binary. This way, no installation takes place after the malicious program is executed, keeping the victim unaware that something is amiss. The malware intercepts not only messages between users, but also all saved messages, channels, and groups.

Similar to the related Android Cluster 2, the code responsible for modifying the messages uses hardcoded patterns to identify the cryptocurrency addresses inside messages. These are highlighted in yellow in Figure 15. If found, the code replaces the original addresses with the corresponding addresses belonging to the attacker (highlighted in red). This clipper focuses on bitcoin, Ethereum, and TRON.

Figure 15. Decompiled code with hardcoded patterns and wallet addresses

The second clipper uses a standard installation process, the same as the legitimate Telegram installer. However, even if the process outwardly appears innocent, the installed executable is far from benign. Compared to legitimate Telegram, it contains two additional files encrypted using a single byte XOR cipher with the key 0xff. The files contain a C&C server address and an agent ID used to communicate with the C&C.

This time, no hardcoded addresses are used. Instead, the clipper obtains both the message patterns and the corresponding cryptocurrency wallet addresses from the C&C via an HTTP POST request. The communication with the C&C works in the same way as shown in Cluster 2 of Android clippers (Figure 12).

In addition to swapping cryptocurrency wallet addresses, this clipper can also steal the victims phone number and Telegram credentials. When a person compromised by this trojanized app tries to log in on a new device, they are requested to put in the login code sent to their Telegram account. Once the code arrives, the notification is automatically intercepted by the malware, and the verification code along with the optional password end up in the hands of the threat actors.

Similar to the first Windows clipper sample, any message sent using this malicious version of Telegram containing bitcoin, Ethereum, or TRON cryptocurrency wallet addresses will be modified to replace the addresses for those provided by the attacker (see Figure 16). However, unlike the Android version, the victims will not be able to discover that their messages have been tampered with without comparing chat histories: even after restarting the app, the sender will always see the original version of the message since the relevant part of the code is executed again on application start; the recipient, on the other hand, will only receive the attacker wallet.

Figure 16. Legitimate Telegram client (left) and trojanized one (right)

The rest of the malicious apps we discovered are distributed in the form of Telegram and WhatsApp installers bundled with remote access trojans. Once the RATs have gained access to the system, neither Telegram nor WhatsApp need to run for the RATs to operate. In the observed samples, malicious code was mostly executed indirectly by using DLL Side-loading, thus allowing the attackers to hide their actions behind the execution of legitimate applications. These RATs differ significantly from the clippers, since they do not explicitly focus on stealing cryptocurrency wallets. Instead, they contain several modules with a wide range of functionalities, allowing the threat actors to perform actions such as stealing clipboard data, logging keystrokes, querying Windows Registry, capturing the screen, obtaining system information, and performing file operations. Each RAT we discovered used a slightly different combination of modules.

With one exception, all the remote access trojans we analyzed were based on the notorious Gh0st RAT, malware that is frequently used by cybercriminals due to its public availability. As an interesting aside, Gh0st RATs code uses a special packet flag set to Gh0st by default, a value that threat actors like to customize. In changing the flag, they can use something that makes more sense for their version of the malware, or they can use no flags at all. They can also, as in one case spotted during our analysis, reveal their deepest desires by changing the flag to lambo (as in, the nickname for the Italian luxury car brand; see Figure 17).

Figure 17. Hex-rays decompiled code with flag lambo

The only RAT among the group that wasnt completely based on Gh0st RAT used the code from the HP-socket library to communicate with its C&C server. Compared to the other RATs, this one uses significantly more anti-analysis runtime checks during its execution chain. While its source code certainly differs from the rest of the trojans discovered, its functionality is basically identical: it is capable of performing file operations, obtaining system information and the list of running programs, deleting profiles of commonly used browsers, downloading and running a potentially malicious file, and so on. We suspect that this is a custom build that could be inspired by the Gh0st implementation.

Install apps only from trustworthy and reliable sources such as the Google Play store.

If you are sharing cryptocurrency wallet addresses via the Android Telegram app, double check whether the address you sent matches the address that is displayed after restarting the application. If not, warn the recipient not to use the address and try to remove the message. Unfortunately, this technique cannot be applied to trojanized WhatsApp for Android.

Be aware that the previous tip does not apply in the case of trojanized Telegram; since the recipient of the wallet address only sees the attacker wallet, they will be unable to tell whether the address is genuine.

Do not store unencrypted pictures or screenshots containing sensitive information, such as mnemonic phrases, passwords, and private keys, on your device.

If you believe you have a trojanized version of Telegram or WhatsApp, manually remove it from your device and download the app either from Google Play, or directly from the legitimate website.

In case you are not sure whether your Telegram installer is legitimate, check if the files digital signature is valid and issued to Telegram FZ-LLC.

If you suspect that your Telegram app is malicious, we advise that you use a security solution to detect the threat and remove it for you. Even if you do not own such software, you can still use the free ESET Online Scanner.

The only official version of WhatsApp for Windows is currently available in the Microsoft store. If you installed the application from any other source, we advise you to delete it and then to scan your device.

During our research of trojanized Telegram and WhatsApp apps distributed through copycat websites, we discovered the first instances of Android clippers that intercept instant messages and swap victims cryptocurrency wallet addresses for the attackers address. Furthermore, some of the clippers abused OCR to extract mnemonic phrases out of images saved on the victims devices, a malicious use of the screen reading technology that we saw for the first time.

We also found Windows versions of the wallet-switching clippers, as well as Telegram and WhatsApp installers for Windows bundled with remote access trojans. Through their various modules, the RATs enable the attackers control over the victims machines.

This table was built using version 12 of the MITRE ATT&CK mobile techniques.

This table was built using version 12 of the MITRE ATT&CK enterprise techniques.

Read more:

Notsoprivate messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets - We Live Security

Cryptocurrency on Binance trading app

With the tax deadline just a few weeks agoTax Day is April 18taxpayers are scrambling to finish and file their returns. One thing that may be causing some confusion this year? Cryptocurrency. While it's not a new tax topic, conflicting advice about losses and different wording on Form 1040 are resulting in some head-scratching. Here are five things you need to know about cryptocurrency before you file your tax return.

The IRS is getting serious about cryptocurrencyer, digital assets. This year, the question near the top of your Form 1040 asks, At any time during 2022, did you: (a) receive (as a reward, award, or payment for property or services); or (b) sell, exchange, gift, or otherwise dispose of a digital asset (or a financial interest in a digital asset)?

IRS Form 1040 for 2022

According to the IRS, digital assets are any digital representations of value that are recorded on a cryptographically secured distributed ledger or any similar technology. That includes non-fungible tokens (NFTs) and virtual currencies, such as cryptocurrencies and stablecoins.

And just in case there's any confusion, the IRS notes that if a particular asset has the characteristics of a digital asset, it will be treated as a digital asset for federal income tax purposes. In other words, if it looks like a duck, walks like a duck, and quacks like a duck, it may just be a duck.

Not every digital asset transaction requires you to tick the yes box. For example, just holding a digital asset in a wallet or account, or transferring a digital asset from one wallet or account you own or control to another wallet or account that you own or control doesnt result in a yes. It also doesn't include the purchase of digital assets using cash or other currency, including through the use of electronic platforms like PayPal PYPL and Venmo.

Do not leave the question unanswered. All taxpayers must tick a box, not just those who engaged in a transaction involving digital assets in 2022.

This is true no matter what the income looks like once it gets to you. That means the receipt of cryptocurrency or other digital assets in exchange for services is considered income. That includes income earned as an employee or as an independent contractor.

Income may also be recognized from mining and staking. And if a hard fork is followed by an airdrop and you receive new cryptocurrency, the IRS considers that to be taxable income.

But not all transactions result in the recognition of income. If your cryptocurrency went through a hard fork, and you did not receive any new cryptocurrency, you don't have taxable income to report. Similarly, a soft fork will not result in any taxable income.

The IRS considers cryptocurrency a capital asset. The agency issued guidance in 2014, making it clear that capital gains rules apply to any gains or losses.

For tax purposes, you figure your capital gains or losses by determining how much your basistypically, the cost you pay for assetshas gone up or down from the time that you acquired the asset until theres a taxable event. A taxable event can include a sale, gift, or other disposition.

If you hold an asset for more than one year before a taxable event, it's considered a long-term gain or loss. And if you hold an asset for one year or less before a taxable event, it's considered a short-term gain or loss.

And while cryptocurrency goes up and down, you care the most about the beginning and the endwhat happens in the middle doesn't really count. Thats because, for tax purposes, when cryptocurrency takes a dive, that doesn't equal a realized loss. Similarly, when it goes back up in value, that doesn't equal a realized gain. To realize a gain or a loss for tax purposes, you must do something with the asset, like sell or otherwise dispose of it.

At tax time, you'll report any realized gains and losses on Schedule D. You don't need to file a Schedule D if you don't have any realized gains or losseseven if the value changes, if there's no sale or disposition, there's nothing to report.

Like other capital assets, if any realized losses from digital assets exceed any realized gains, you have a capital loss. You can claim up to $3,000 (or $1,500 if you are married filing separately) of capital losses in a tax yearthe amount of your loss offsets your taxable income. However, if your losses exceed those limits, you can carry them forward to later years, subject to certain limitations and restrictions.

Here's how that works. Let's say that you realized $3,500 in net capital losses in 2022. You can deduct $3,000 in capital losses for the 2022 tax yearthe return you're filing nowand carry forward the remaining $500 in losses to use on next year's tax return.

There's been a lot of speculation about how to treat cryptocurrency that has declined quickly in value to the point of almost being worthless. Specifically, it's been suggested that if your cryptocurrency has substantially dropped in value, you can claim it as a loss under section 165.

In January, the IRS Office of Chief Counsel issued Memorandum 202302011. The non-taxpayer specific advice confirmed two things:

The memorandum references Lakewood Assocs. v. Commissioner, 109 T.C. 450, 459 (1997), claiming, The mere diminution in value of property does not create a deductible loss. In other words, if it's not wholly worthless, you still own something and theres no realized loss.

It's worth re-emphasizing that the IRS memo is a response to a request for non-taxpayer specific advice, which means that it should not be used or cited as precedent. It doesn't carry the same weight as a law or regulation. However, it does offer insight into how the IRS regards an issue, and that's valuable information.

This is a quick look at some of the most common cryptocurrency questionsthere are certainly some more complicated cryptocurrency scenarios not addressed here.

If youre seeking more information, the IRS has some links and FAQs specific to digital assets on its website. And while the internet can offer some useful advice (hey, you're reading this right now), not all cryptocurrency tax advice is created equal. If you have questions, I highly recommend consulting with a knowledgeable tax professional.

Read this article:

Five Things You Need To Know About Cryptocurrency And Taxes - Forbes

The Justice Department announced today a coordinated international takedown of ChipMixer, a darknet cryptocurrency mixing service responsible for laundering more than $3 billion worth of cryptocurrency, between 2017 and the present, in furtherance of, among other activities, ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes. The operation involved U.S. federal law enforcements court-authorized seizure of two domains that directed users to the ChipMixer service and one Github account, as well as the German Federal Criminal Polices (the Bundeskriminalamt) seizure of the ChipMixer back-end servers and more than $46 million in cryptocurrency.

Coinciding with the ChipMixer takedown efforts, Minh Quc Nguyn, 49, of Hanoi, Vietnam, was charged today in Philadelphia with money laundering, operating an unlicensed money transmitting business and identity theft, connected to the operation of ChipMixer.

This morning, working with partners at home and abroad, the Department of Justice disabled a prolific cryptocurrency mixer, which has fueled ransomware attacks, state-sponsored crypto-heists and darknet purchases across the globe, said Deputy Attorney General Lisa Monaco.Todays coordinated operation reinforces our consistent message: we will use all of our authorities to protect victims and take the fight to our adversaries. Cybercrime seeks to exploit boundaries, but the Department of Justices network of alliances transcends borders and enables disruption of the criminal activity that jeopardizes our global cybersecurity.

Today's announcement demonstrates the FBI's commitment to dismantling technical infrastructure that enables cyber criminals and nation-state actors to illegally launder cryptocurrency funds, said FBI Deputy Director Paul Abbate. We will not allow cyber criminals to hide behind keyboards nor evade the consequences of their illegal actions. Countering cybercrime requires the ultimate level of collaboration between and among all law enforcement partners. The FBI will continue to elevate those partnerships and leverage all available tools to identify, apprehend and hold accountable these bad actors and put an end to their illicit activity.

According to court documents, ChipMixer one of the most widely used mixers to launder criminally-derived funds allowed customers to deposit bitcoin, which ChipMixer then mixed with other ChipMixer users bitcoin, commingling the funds in a way that made it difficult for law enforcement or regulators to trace the transactions. As detailed in the complaint, ChipMixer offered numerous features to enhance its criminal customers anonymity. ChipMixer had a clearnet web domain but operated primarily as a Tor hidden service, concealing the operating location of its servers to prevent seizure by law enforcement. ChipMixer serviced many customers in the United States, but did not register with the U.S. Department of the Treasurys Financial Crimes Enforcement Network (FinCEN) and did not collect identifying information about its customers.

As alleged in the complaint, ChipMixer attracted a significant criminal clientele and became indispensable in obfuscating and laundering funds from multiple criminal schemes. Between August 2017 and March 2023, ChipMixer processed:

Beginning in and around August 2017, as alleged in the complaint, Nguyn created and operated the online infrastructure used by ChipMixer and promoted ChipMixers services online. Nguyn registered domain names, procured hosting services and paid for the services used to run ChipMixer through the use of identity theft, pseudonyms, and anonymous email providers. In online posts, Nguyn publicly derided efforts to curtail money laundering, posting in reference to anti-money laundering (AML) and know-your-customer (KYC) legal requirements that AML/KYC is a sellout to the banks and governments, advising customers please do not use AML/KYC exchanges and instructing them how to use ChipMixer to evade reporting requirements.

ChipMixer facilitated the laundering of cryptocurrency, specifically Bitcoin, on a vast international scale, abetting nefarious actors and criminals of all kinds in evading detection, said U.S. Attorney Jacqueline C. Romero for the Eastern District of Pennsylvania. Platforms like ChipMixer, which are designed to conceal the sources and destinations of staggering amounts of criminal proceeds, undermine the publics confidence in cryptocurrencies and blockchain technology. We thank all our partners at home and abroad for their hard work in this case. Together, we cannot and will not allow criminals exploitation of technology to threaten our national and economic security.

Criminals have long sought to launder the proceeds of their illegal activity through various means, said Special Agent in Charge Jacqueline Maguire of the FBI Philadelphia Field Office. Technology has changed the game, though, with a site like ChipMixer and facilitator like Nguyen enabling bad actors to do so on a grand scale with ease. In response, the FBI continues to evolve in the ways we follow the money of illegal enterprise, employing all the tools and techniques at our disposal and drawing on our strong partnerships at home and around the globe. As a result, theres now one less option for criminals worldwide to launder their dirty money.

Together, with our international partners at HSI The Hague, we are firmly committed to identifying and investigating cyber criminals who pose a serious threat to our economic security by laundering billions of dollars worth of cryptocurrency under the misguided anonymity of the darknet, said Special Agent in Charge Scott Brown of Homeland Securities Investigations (HSI) Arizona. HSI Arizona could not be more proud to work alongside every agent involved in this complex international case. We thank all our domestic and international partners for their support.

Nguyn is charged with operating an unlicensed money transmitting business, money laundering and identity theft. If convicted, he faces a maximum penalty of 40 years in prison.

The FBI, HSI Phoenix and HSI The Hague investigated the case.

The U.S. Attorneys Office for the Eastern District of Pennsylvania is prosecuting the case.

German law enforcement authorities took separate actions today under its authorities. The FBIs Legal Attach in Germany, the HSI office in The Hague, the HSI Cyber Crimes Center, the Justice Departments Office of International Affairs and National Cryptocurrency Enforcement Team, EUROPOL, the Polish Cyber Police (Centralnego Biura Zwalczania Cyberprzestpczoci) and Zurich State Police (Kantonspolizei Zrich) provided assistance in this case.

To report information about ChipMixer and its operators visit rfj.tips/Duhsup.

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Follow this link:

Justice Department Investigation Leads to Takedown of Darknet ... - Department of Justice

But the US cryptocurrency market now faces a death spiral owing to its need for banking services. Two phenomena are worth noting. First, with the crypto crisis and the collapse of FTX (as well as other notable firms), regulators rightly have become concerned about allowing banks to engage with crypto businesses. This connection is often fraught with risk. The fall of Silvergate a go-to crypto banker was triggered by emptier crypto markets following the FTX collapse as customers fled the chaos and institutions (like exchanges) that once maintained thick deposits scaled back. By December 2022, for example, Silvergates noninterest-bearing deposit holdings stood at around $3.9 billion. In September 2022, holdings had been $8.2 billion higher.

Rather than offer guidance or rulemaking about risk mitigation when working with crypto firms, however, bank regulators have instead signaled a blanket disapproval of such relationships no matter the firm or activity. In January, three regulators declared that banks actively engaging in crypto business activities were, by definition, highly likely to fall short of safety standards, pushing many compliance-conscious banks to radically limit or cut ties with customers in the crypto industry.

Regulators have compelling reasons to protect banking from a risky, novel industry like crypto. But closing off or heavily restricting access to US banking also courts problems. Firms have already begun looking abroad for banking partners and payment services. This strategy risks off-shoring customer money, where it will lose the protection of US deposit insurance and make the task of public oversight much harder to implement. US retail participation in crypto markets is unlikely to completely abate.

Domestic crypto bans, in countries like China for example, have proven notoriously tricky to execute. Enthusiasts turn to virtual private networks to gain access to crypto platforms. Major cryptocurrencies like Bitcoin are also typically borderless in their underlying infrastructure, enabling VPNs and creative computing to facilitate trading. Tellingly, despite its ban, China continues to see significant crypto trading activity. In addition, by prohibiting or heavily circumscribing banks from providing services to crypto markets, regulators lose the capacity to use banks as levers to monitor crypto firms (e.g., for money laundering), to safely custody customer assets, and to discipline wayward or inexperienced crypto firms (e.g., through loan covenants). To the extent the United States anticipates being a home to the crypto industry and this decision is one for policymakers to take transparently then drastically limiting access to banking services can end up creating a costly set of unintended consequences down the line.

Shoddy bank risk management and the resulting crisis have placed the crypto industry in further peril. In an unexpected plot twist, crypto firms are absorbing the fallout from bank failures, scrambling to save deposits and suffering profound disruption to services. Silvergate and Signature were essential crypto banking bulwarks each offering a 24/7 US dollar payment network that aligned with the never-closed ethos of the crypto market. The Silvergate Exchange Network, for example, processed about $119 billion between September 22 and December 2022.

A lynchpin of the crypto market, Circle Internet Financial, issuer of a popular stablecoin (a crypto asset that seeks to maintain a one-to-one peg with the US dollar, facilitating payments) was left reeling when $3.3 billion of its deposits with Silicon Valley Bank looked to be in danger as regulators worked over the weekend to decide what to do about protecting uninsured funds. It was also no longer able to use Signatures payment network, Signet. Panic selling caused its stablecoin to lose its one-to-one peg for a time, trading at 87 cents over that weekend. And with Signets future uncertain, Circles payments could only be processed when normal business hours resumed on Monday.

Regulators need a plan to better oversee both the crypto market and banks. Facile assumptions about which industry constitutes the greater public risk no longer hold. Crucially, as long as crypto remains a presence within the US marketplace, it cannot be left to its own dangerous devices when dealing with customer money. Simply banning or heavily curtailing US banks from doing business with crypto firms is unlikely to protect the savings of Americans determined to be a part of the crypto ecosystem. Instead, it risks exposing them to the preferences and resourcing of foreign regulators who are unlikely to put American interests over domestic ones and who may lack the expertise and risk-aversion of US financial supervisors.

Rigorous and thoughtful crypto regulation can make both crypto and banking safer as well as maintain the United States place as global leader in delivering responsive, technical, and innovative regulation. Banks are vulnerable when servicing a crypto market that lacks real oversight. Silvergate is case in point. A regime for classifying crypto assets as securities, commodities, or something else; protecting them through failsafe custody arrangements; usable disclosures for customers; or systematic processes to supervise exchanges represent just some of the obvious and urgent regulatory needs that can bring crypto risks under greater control.

Bans on banking crypto are easy but largely unworkable in a digital, global age. Rulemaking is hard but necessary to protect the financial system and to flex the power of American regulatory policy around the world.

Yesha Yadav is the Milton R. Underwood chair, professor of law, and associate dean at Vanderbilt Law School.

Read the original post:

Regulators need a plan for cryptocurrency - The Boston Globe

A new screenshot from GTA 6 leaked online, is ruffling some feathers in the gaming world. The screenshot shows a female protagonist standing in a dark alley, resembling the character that was leaked in September last year. While a handful of gamers say that the leak is legit, others have questioned its authenticity.

Also Read: Everything You Need to Know About ChatGPT 4

Nonetheless, the latest leak has brought a sense of life to gamers predicting that a GTA 6 trailer could be out soon. Rumors about cryptocurrency, 50 Cent being a part of the game, and a 2025 grand release has spread their wings.

Rumors are doing the rounds that GTA 6 could have an in-built cryptocurrency integration in the game. The speculations first came from Insider Gaming founder, Tom Henderson who tweeted that a source confirmed a cryptocurrency integration. He added that some missions in GTA 6 will reward users with cryptocurrency by anonymous billionaires.

He also stated that the stock market feature could return in GTA 6 and have more meat compared to GTA 5 and GTA 4. In GTA 4, the stock market was shown as an infrastructure but had no features in the game. However, in GTA 5, a mission could manipulate the stock markets and also buy and sell stocks on the players mobile phone in the game.

Also Read: Will Bitcoin Drop Below $20k to Finish the Unfinished Job?

I heard recently that in GTA 6, some missions will reward you in bitcoin instead of cash for completing some missions.

The stock market feature will return, with the addition of a broker for different cryptocurrencies. If GTA 6 incorporates this right, it's huge for crypto.

Another rumor doing the rounds is that the GTA 6 cryptocurrency could be named Bitcoin. Speculations are rife that Rockstar Games wants to parody Bitcoin and the cryptocurrency markets in the game. Also, Rockstar Games has a history of poking fun at things that makes the game stand apart from the rest. You can read more details about the Bitcoin-GTA 6 rumors here.

It is widely speculated that Rockstar Games could have an in-built blockchain and a token named $RSTAR as its native currency. Players could own both cash and RSTAR simultaneously, and use the token for different kind of missions that involves anonymity. However, these are rumors only and none of the developments are confirmed. We will have to wait and watch when GTA 6 releases to find out whats in the game.

More here:

GTA 6: Top 3 Rumors About Cryptocurrency Integration - Watcher Guru