It's been a tough time for cryptocurrency but, despite volatility, you still need to know how the technology works, said Douglas Boneparth, a certified financial planner based in New York.

The digital currency market dropped by nearly $1.4 trillion in 2022, following a cascade of bankruptcies and liquidity issues, including the high-profile collapse of crypto exchange FTX. In March, crypto-focused Silvergate Capital announced plans to wind down operations and regulators shut down crypto lender Signature Bank.

Although the crypto market rallied at the start of 2023, assets recently tumbled again, with bitcoin falling below $20,000 on Friday, triggered by a stock market sell-off in the U.S. But bitcoin surged by 10% on Monday, following the news of U.S. regulators' plans to safeguard depositors and financial institutions associated with Silicon Valley Bank.

Here are more FA Council perspectives on how to navigate this economy while building wealth.

Boneparth, who is president of Bone Fide Wealth and a member of CNBC's Financial Advisor Council, said the recent events and crypto market volatility have made him even more "bullish" on learning about the technology.

"Clearly, the decentralized financial world is interconnected to the traditional financial world more so now than ever before," he said.

An early adopter of digital currency since 2013, mostly in bitcoin, Boneparth said there's plenty to learn about the technology we'll inevitably see more from in the future.

"This doesn't necessarily mean you should be allocating your money there," he said. But he believes you should be investing your time and energy to see where the technology may be heading.

"I've learned a lot in my journey without having to take an exorbitant amount of risk," Boneparth said.

When it comes to cryptocurrency, he said the "best thing you can do" is learn about the technology and how decentralized finance works. "A little bit would go a long way," he added.

Ive learned a lot in my journey without having to take an exorbitant amount of risk.

Douglas Boneparth

President of Bone Fide Wealth

"That's powerful stuff," Boneparth said. "It's not always putting your money into the latest craze of crypto; it's learning what it's all about."

While many advisors won't recommend clients buy or sell digital currency, Boneparth said investors may come to his practice looking for guidance on existing crypto allocations.

"Some people have amassed quite a bit of money in cryptocurrency," he said. "And it's my job to show them what the risks are, how that concentration and that asset can impact their long-term goals and their portfolio."

Boneparth said it's important to know how owning any particular type of asset may affect your financial goals, especially "volatile assets" like cryptocurrency.

Originally posted here:

Despite market volatility, advisor says he's 'bullish' on crypto education. Here's why - CNBC

Hashdex AG

Hashdex Bitcoin Futures ETF (DEFI) product provides Institutional Investors with access to Bitcoin through a cost-effective and regulated exchange-traded fund

DEFIs structure is well-positioned for potential future conversion to spot-price Bitcoin product

New York / Rio de Janeiro / London, March 16, 2023 Hashdex, a leading global crypto-focused asset manager, is proud to celebrate the six month anniversary of the Hashdex Bitcoin Futures ETF, the worlds first Bitcoin Futures ETF (exchange-traded fund) registered solely under the Securities Act of 1933 (33 Act) by ringing the Opening Bell at the New York Stock Exchange on Wednesday, March 15. The innovative product, developed with Teucrium Trading, LLC (Teucrium), a 33 Act fund specialist focused on commodities funds, was launched on NYSE Arca on September 16, 2022.

The importance of having access to institutional-quality products, processes and service providers cannot be stressed enough, and as institutional investors and wealth managers continue to look for Bitcoin exposure through regulated products we are proud to provide a cutting edge approach to gain exposure through a cost-effective and regulated exchange-traded fund, said Marcelo Sampaio, Co-Founder & CEO of Hashdex. As has been our mission since the founding of Hashdex, we remain steadfast in our commitment to serving as a responsible firm within this evolving, innovative space that, above all else, puts our investors first. We continue to work closely with global regulators to support and fuel growth within the crypto ecosystem and were hopeful that a successful conversion to a Bitcoin spot ETF, such as with our Hashdex Bitcoin Futures ETF, will be the next step for the industry.

Bitcoin has seen roughly a 50% price increase year-to-date which Hashdex believes reinforces the underlying interest and confidence in the asset. Through the Hashdex Bitcoin Futures ETF, investors can participate in Bitcoins long-term growth potential while being confident that their funds remain secure through Hashdexs transparent, risk-aware and diligent approach to working with leading exchanges and custodians. Hashdex serves as the Digital Asset Advisor to the Hashdex Bitcoin Futures ETF, and is responsible for providing its partners with research and analysis regarding bitcoin and bitcoin markets for use in the operation and marketing of DEFI.

Story continues

Recent uncertainty within the banking sector has reiterated Bitcoins use case and reinvigorated enthusiasm from investors in holding an asset class that acts as a decentralized store of value across macroeconomic conditions, said Bruno Caratori, Co-Founder & COO of Hashdex. The resurgence of interest given the strong performance for crypto assets this year, combined with many long-term investors who have been cautiously evaluating increased exposure in the space as part of their asset allocation strategies, has reinforced our commitment to ensuring the products we bring to market meet global investor needs and adhere to the highest standards.

With offices in Brazil, the United States, and Europe, Hashdex is a renowned leader in the development of industry-first crypto offerings that enable global investors to participate in the crypto ecosystem. Nasdaq developed, in partnership with Hashdex, the Nasdaq Crypto Index (NCI), which benchmarks the institutionally investable crypto market, and listed the worlds first crypto ETF in history, the Hashdex Nasdaq Crypto Index ETF, on the Bermuda Stock Exchange.

Hashdex currently has nearly 230,000 investors globally in its products. KPMG has served as the independent auditor for Hashdex's funds since 2018, and Fidelity Digital Assets, Coinbase Custody, and Bitgo Trust serve as custodians of digital assets managed by Hashdex.

The firms Research Team regularly publishes cryptocurrency resources for investors. Recent research published by Hashdex covers topics ranging from: Bitcoins recovery, optimism in the new year as bulls make their case, timing in crypto investing, and more.

About HashdexHashdex is a global pioneer in crypto asset management. Hashdex invites innovative investors to join the emerging crypto economy. Hashdexs mission is to provide educational resources and best-in-class products that advance its efforts to help build pathways by opening the crypto ecosystem to the world. The firm co-developed the Nasdaq Crypto Index (NCI) with Nasdaq to provide global investors with a reliable benchmark for the crypto asset class. In 2021, Hashdex introduced the worlds first crypto ETFs and other innovative products, enabling nearly 230,000 investors to simply and securely add crypto to their portfolios. For more information visit http://www.hashdex.com or follow Hashdex on Twitter or LinkedIn.

About Teucrium Trading LLCTeucrium Trading is an ETF provider focused with a mission to empower investors with the knowledge and tools necessary to intelligently design well-diversified portfolios. Additionally, Teucrium provides Commodity Trading Sub-Advisor services for fund sponsors interested in partnering with an experienced team to help launch and/or manage ongoing fund operations. Teucriums suite of Exchange Traded Products has revolutionized the way commodity ETFs are structured; products are widely available to investors and advisors in traditional brokerage accounts.

Media Contacts:Kendal Till/Josh GerthDukas Linden Public RelationsHashdex@DLPR.com

Important Information

The Fund does not invest directly in bitcoin, but provides price exposure to the crypto asset through bitcoin futures contracts. This gives investors the opportunity to capitalize on the cryptocurrencys growth potential, its store of value characteristics, and the prospect of a decentralized future, without the complexities of self custody.

Certain information contained herein has been obtained from third-party sources and such information has not been independently verified by Hashdex, Teucrium and Victory Capital. No representation, warranty, or undertaking, expressed or implied, is given to the accuracy or completeness of such information by Hashdex, Teucrium, Victory Capital or any other person. All information regarding the Fund strategy is based on information provided either in writing or verbally, and on both a formal and informal basis, from underlying Funds and/or other resources available to Hashdex, Teucrium and Victory Capital. Hashdex, Teucrium and Victory Capital have not necessarily made any attempt to verify all such information and do not guarantee the accuracy of any such information. None of the investments discussed in this document should be viewed as an investment recommendation and are provided for illustrative purposes only.

Fund DescriptionThe Fund is a commodity pool that issues Shares that may be purchased and sold on NYSE Arca. The Funds investment objective is for changes in the Shares NAV to reflect the daily changes of the price of the Benchmark, less expenses from the Funds operations. Under normal market conditions, the Fund invests in Benchmark Component Futures Contracts and cash and cash equivalents. Because the Funds investment objective is to track the price of the Benchmark by investing in Benchmark Futures Contracts rather than bitcoin, changes in the price of the Shares will vary from changes in the spot price of bitcoin.

The Fund employs Foreside Fund Services, LLC as the Distributor for the Fund. The Distribution Services Agreement among the Distributor, the Sponsor, and the Trust calls for the Distributor to work with the Custodian in connection with the receipt and processing of orders for Creation Baskets and Redemption Baskets and the review and approval of all Fund sales literature and advertising material. The Distributors principal business address is Three Canal Plaza, Suite 100, Portland, Maine 04101. The Distributor is a broker-dealer registered with the U.S. Securities and Exchange Commission (SEC) and a member of FINRA.

The Fund is a series of the Teucrium Commodity Trust (the Trust). The sponsor to the Fund is Teucrium Trading, LLC (the Sponsor), which receives a management fee. The Sponsor is registered as a commodity pool operator (CPO) and a commodity trading adviser (CTA) with the Commodity Futures Trading Commission (CFTC) and is a member of the National Futures Association (NFA). Hashdex Asset Management Ltd. (Hashdex) will serve as the Funds Digital Asset Adviser and will assist the Sponsor and Marketing Agents with research and investment analysis regarding bitcoin and bitcoin markets for use in the marketing of the Fund. Hashdex will also provide the Fund with marketing services including, but not limited to, branding, the issuance of press releases, preparation of website data content, holding promotional webinars and engaging in promotional activities through social media outlets.

Toroso Investments, LLC, Tidal ETF Services LLC and Victory Capital Management Inc. (the Marketing Agents) assist the Fund and Sponsor with certain functions and duties relating to marketing, which include the following: marketing, sales strategy, and related services.

Foreside Fund Services, LLC is the distributor for the Hashdex Bitcoin Futures ETF (DEFI) Fund.

Hashdex has no responsibility for the investment or management of the Funds investment portfolio or for the overall performance or operation of the Fund.

For more information pertaining to the relationship of companies involved in the Fund please read the prospectus.

Bitcoin RisksBitcoin and bitcoin futures are a relatively new asset class and the market for bitcoin is subject to rapid changes and uncertainty. Bitcoin and bitcoin futures are subject to unique and substantial risks, including significant price volatility and lack of liquidity. The value of an investment in the ETF could decline significantly and without warning, including to zero.You should be prepared to lose your entire investment. The ETF does not invest directly in or hold bitcoin. The price and performance of bitcoin futures should be expected to differ from the current spot price of bitcoin. These differences could be significant. Bitcoin futures are subject to margin requirements, collateral requirements and other limits that may prevent the ETF from achieving its objective. Margin requirements for futures and costs associated with rolling (buying and selling) futures may have a negative impact on the funds performance and its ability to achieve its investment objective. Bitcoin is largely unregulated and bitcoin investments may be more susceptible to fraud and manipulation than more regulated investments. Bitcoin and bitcoin futures are subject to rapid price swings, including as a result of actions and statements by influencers and the media.

Futures RiskCommodities and futures investing is generally volatile and risky which may not be suitable for all investors. Futures may be affected by Backwardation: a market condition in which a futures price is lower in the distant delivery months than in the near delivery months. As a result, the fund may benefit because it would be selling more expensive contracts and buying less expensive ones on an ongoing basis; and Contango: A condition in which distant delivery prices for futures exceeds spot prices, often due to costs of storing and inuring the underlying commodity. Opposite of backwardation. As a result, the Funds total return may be lower than might otherwise be the case because it would be selling less expensive contracts and buying more expensive one.

Commodities and futures generally are volatile, and instruments whose underlying investments include commodities and futures are not suitable for all investors.

This material must be preceded or accompanied by a prospectus. Please read the prospectus carefully before investing. To obtain a current prospectus visit the link below: http://hashdex-etfs.com

The Fund is a commodity pool regulated by the Commodity Futures Trading Commission.

The Fund, which is an ETP, is not a mutual fund or any other type of investment company within the meaning of the Investment Company Act of 1940, as amended, and is not subject to regulation thereunder.

Because the Fund will invest primarily in BITCOIN futures contracts and other derivative instruments based on the price of BITCOIN, an investment in the Fund will subject the investor to the risks of the BITCOIN market, and this could result in substantial fluctuations in the price of the Funds shares.

Shares of the Fund are not insured by the Federal Deposit Insurance Corporation (FDIC), may lose value and have no bank guarantee.

Unlike mutual funds, the Fund generally will not distribute dividends to its shareholders. Investors may choose to use the Fund as a means of investing indirectly in bitcoin, and there are risks involved in such investments.

This material is not an offer or solicitation of any kind to buy or sell any securities outside of the United States of America.

Definitions:

The Benchmark is HDEFI HASHDEX U.S. BITCOIN FUTURES FUND BENCHMARK INDEX, the average of the closing settlement prices for the first to expire and second to expire Bitcoin Futures Contracts listed on the CME. The index is calculated and disseminated by ICE DATA INDICES, LLC.

Continued here:

Hashdex Celebrates Six-Month Anniversary of World's First Bitcoin ... - Yahoo Finance

ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds

ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers a type of malware that steals or modifies the contents of the clipboard. All of them are after victims cryptocurrency funds, with several targeting cryptocurrency wallets. This was the first time we have seen Android clippers focusing specifically on instant messaging. Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware.

Prior to the establishment of the App Defense Alliance, we discovered the first Android clipper on Google Play, which led to Google improving Android security by restricting system-wide clipboard operations for apps running in the background for Android versions 10 and higher. As is unfortunately shown by our latest findings, this action did not succeed in weeding the problem out completely: not only did we identify the first instant messaging clippers, we uncovered several clusters of them. The main purpose of the clippers we discovered is to intercept the victims messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers. In addition to the trojanized WhatsApp and Telegram Android apps, we also found trojanized Windows versions of the same apps.

Of course, these are not the only copycat applications to go after cryptocurrencies just at the beginning of 2022, we identified threat actors focused on repackaging legitimate cryptocurrency applications that try to steal recovery phrases from their victims wallets.

Due to the different architecture of Telegram and WhatsApp, the threat actors had to choose a different approach to create trojanized versions of each of the two. Since Telegram is an open-source app, altering its code while keeping the apps messaging functionality intact is relatively straightforward. On the other hand, WhatsApps source code is not publicly available, which means that before repackaging the application with malicious code, the threat actors first had to perform an in-depth analysis of the apps functionality to identify the specific places to be modified.

Despite serving the same general purpose, the trojanized versions of these apps contain various additional functionalities. For better ease of analysis and explanation, we split the apps into several clusters based on those functionalities; in this blogpost, we will describe four clusters of Android clippers and two clusters of malicious Windows apps. We will not go into the threat actors behind the apps, as there are several of them.

Before briefly describing those app clusters though, what is a clipper and why would cyberthieves use one? Loosely, in malware circles, a clipper is a piece of malicious code that copies or modifies content in a systems clipboard. Clippers are thus attractive to cybercriminals interested in stealing cryptocurrency because addresses of online cryptocurrency wallets are composed of long strings of characters, and instead of typing them, users tend to copy and paste the addresses using the clipboard. A clipper can take advantage of this by intercepting the content of the clipboard and surreptitiously replacing any cryptocurrency wallet addresses there with one the thieves can access.

Cluster 1 of the Android clippers also constitutes the first instance of Android malware using OCR to read text from screenshots and photos stored on the victims device. OCR is deployed in order to find and steal a seed phrase, which is a mnemonic code comprised of a series of words used for recovering cryptocurrency wallets. Once the malicious actors get hold of a seed phrase, they are free to steal all the cryptocurrency directly from the associated wallet.

Compared to Cluster 1s use of advanced technology, Cluster 2 is very straightforward. This malware simply switches the victims cryptocurrency wallet address for the attackers address in chat communication, with the addresses either being hardcoded or dynamically retrieved from the attackers server. This is the only Android cluster where we identified trojanized WhatsApp samples in addition to Telegram.

Cluster 3 monitors Telegram communication for certain keywords related to cryptocurrencies. Once such a keyword is recognized, the malware sends the full message to the attacker server.

Lastly, the Android clippers in Cluster 4 not only switch the victims wallet address, but they also exfiltrate internal Telegram data and basic device information.

Regarding the Windows malware, there was a cluster of Telegram cryptocurrency clippers whose members simply intercept and modify Telegram messages in order to switch cryptocurrency wallet addresses, just like the second cluster of Android clippers. The difference is in the source code of the Windows version of Telegram, which required additional analysis on the part of the malicious actors, to be able to implement inputting their own wallet address.

In a departure from the established pattern, the second Windows cluster is not comprised of clippers, but of remote access trojans (RATs) that enable full control of the victims system. This way, the RATs are able to steal cryptocurrency wallets without intercepting the application flow.

Based on the language used in the copycat applications, it seems that the operators behind them mainly target Chinese-speaking users.

Because both Telegram and WhatsApp have been blocked in China for several years now, with Telegram being blocked since 2015 and WhatsApp since 2017, people who wish to use these services have to resort to indirect means of obtaining them. Unsurprisingly, this constitutes a ripe opportunity for cybercriminals to abuse the situation.

In the case of the attacks described in this blogpost, the threat actors first set up Google Ads leading to fraudulent YouTube channels, which then redirect the unfortunate viewers to copycat Telegram and WhatsApp websites, as illustrated in Figure 1. On top of that, one particular Telegram group also advertised a malicious version of the app that claimed to have a free proxy service outside of China (see Figure 2). As we discovered these fraudulent ads and related YouTube channels, we reported them to Google, which promptly shuttered them all.

Figure 1. Distribution diagram

Figure 2. Trojanized Telegram app offered in Telegram group

At first glance, it might seem that the way these copycat apps are distributed is quite convoluted. However, it is possible that with Telegram, WhatsApp, and the Google Play app all being blocked in China, Android users there are used to jumping through several hoops if they want to obtain officially unavailable apps. Cybercriminals are aware of this and try to ensnare their victims right from the get-go when the victim searches Google for either a WhatsApp or a Telegram app to download. The threat actors purchased Google Ads (see Figure 3) that redirect to YouTube, which both helps the attackers to get to the top of search results, and also avoids getting their fake websites flagged as scams, since the ads link to a legitimate service that Google Ads presumably considers very trustworthy.

Figure 3. Paid advertisement when searching for Chinese Telegram

The links to the copycat websites can usually be found in the About section of the YouTube channels. An example of such a description can be seen in a very rough translation in Figure 4.

Figure 4. Fraudulent WhatsApp YouTube channel that points to a fake website

During our research, we found hundreds of YouTube channels pointing to dozens of counterfeit Telegram and WhatsApp websites some can be seen in Figure 5. These sites impersonate legitimate services (see Figure 6) and provide both desktop and mobile versions of the app for download. None of the analyzed apps were available on the Google Play store.

Figure 5. Fake channels available on YouTube

Figure 6. Websites mimicking Telegram and WhatsApp

We found various types of malicious code being repackaged with legitimate Telegram and WhatsApp apps. While the analyzed apps have sprung up at more or less at the same time using a very similar pattern, it seems that they were not all developed by the same threat actor. Besides most of the malicious apps being able to replace cryptocurrency addresses in Telegram and WhatsApp communications, there are no indications of further connections between them.

While the fake websites offer download links for all operating systems where Telegram and WhatsApp are available, all Linux and macOS links, as well as most iOS links, redirect to the services official websites. In the case of the few iOS links that do lead to fraudulent websites, the apps were no longer available for download at the time of our analysis. Windows and Android users thus constitute the main targets of the attacks.

The main purpose of the trojanized Android apps is to intercept victims chat messages, and either swap any cryptocurrency wallet addresses for those belonging to the attackers, or exfiltrate sensitive information that would allow attackers to steal victims cryptocurrency funds. This is the first time we have seen clippers that specifically target instant messaging.

To be able to modify messages, the threat actors had to thoroughly analyze the original code of both services apps. Since Telegram is an open-source application, the cybercriminals only had to insert their own malicious code into an existing version and compile it; in the case of WhatsApp, however, the binary had to be modified directly and repackaged to add the malicious functionality.

We observed that when replacing wallet addresses, the trojanized apps for Telegram behave differently from those for WhatsApp. A victim using a malicious Telegram app will keep seeing the original address until the application is restarted, whereupon the displayed address will be the one that belongs to the attacker. In contrast, the victims own address will be seen in sent messages if using a trojanized WhatsApp, while the message recipient will receive the attacker address. This is shown in Figure 7.

Figure 7. Malicious WhatsApp (left) replaced sent wallet address in message for recipient (right)

Cluster 1 is the most intriguing, since its members constitute the first known instance of OCR abuse in any Android malware. In this case, trojanized Telegram apps use a legitimate machine learning plugin called ML Kit on Android to search the victims device for images with .jpg and .png extensions, the most common screenshot formats on Android. The malware looks for screenshots of cryptocurrency wallet recovery phrases (also known as mnemonics) that the victim might have kept on the device as a backup.

Malicious functionality that iterates through files on the device and runs them through the OCR recognizeText function can be seen in Figure 8.

Figure 8. Malicious code responsible for retrieving images and pictures from the device and OCRing them

As shown in Figure 9, if the recognizeText finds the string mnemonic or (mnemonic in Chinese) in the text extracted from the image, it sends both the text and the image to the C&C server. In select cases we have seen the list of keywords expanded to eleven entries, specifically , Mnemonic, memorizing, Memorizing, recovery phrase, Recovery Phrase, wallet, METAMASKA, Phrase, secret, Recovery phrase.

Figure 9. Image and the recognized text within are sent to the attackers C&C server

In contrast with Cluster 1, which employs advanced methods to aid in its malicious activities, the second cluster of Android clippers is the least complicated among the four: these malicious apps simply swap wallet addresses, without further malicious functionality. The trojans in Cluster 2 mostly replace addresses for bitcoin, Ethereum, and TRON coin wallets, with a few of them also being able to switch wallets for Monero and Binance. The way the messages are intercepted and modified can be seen in Figures 10 and11.

Figure 10. Telegram message interception by malicious code

Figure 11. Malicious code responsible for replacing wallet addresses in Telegram messages

Cluster 2 is the only Android cluster where we found not only Telegram, but also WhatsApp samples. Both types of trojanized apps either have a hardcoded list of attacker wallet addresses (as seen in Figure 11) or dynamically request them from a C&C server, as seen in Figure 12.

Figure 12. Bitcoin, Ethereum and TRON wallet addresses received from C&C server

This cluster monitors Telegram communication for particular keywords in Chinese, such as mnemonic, bank, address, account and Yuan. Some of the keywords are hardcoded, while others are received from the C&C server, meaning they could be changed or expanded at any time. Once a Cluster 3 clipper recognizes a keyword, the whole message, along with the username, group or channel name, is sent to the C&C server, as can be seen in Figure 13.

Figure 13. Clipper exfiltrates a message if keyword was detected

The last identified cluster of Android clippers, Cluster 4, can not only replace cryptocurrency addresses, but also exfiltrate the victims Telegram data by obtaining their configuration files, phone number, device information, pictures, Telegram username, and the list of installed apps. Logging into these malicious versions of the Telegram app means that all the personal internal data stored within, such as messages, contacts, and configuration files, become visible to the threat actors.

To demonstrate, lets focus on this clusters most intrusive trojanized app: this malware combs the internal Telegram storage for all files smaller than 5.2MB and without a.jpg extension and steals them. Additionally, it can also exfiltrate basic information about the device, the list of installed applications, and phone numbers. All the stolen files are archived in an info.zip file, which is then exfiltrated to the C&C. All malware within this cluster uses the same ZIP filename, suggesting a common author or codebase. The list of the files exfiltrated from our analysis device can be seen in Figure 14.

Figure 14. Private Telegram user files that are exfiltrated to the C&C server

As opposed to the trojanized Android apps we discovered, the Windows versions consist not only of clippers, but also of remote access trojans. While the clippers focus mainly on cryptostealing, the RATs are capable of a wider variety of malicious actions such as taking screenshots and deleting files. Some of them can also manipulate the clipboard, which would allow them to steal cryptocurrency wallets. The Windows apps were found at the same domains as the Android versions.

We discovered two samples of Windows cryptocurrency clippers. Just like Cluster 2 of the Android clippers, these intercept and modify messages sent via a trojanized Telegram client. They use the same wallet addresses as the Android cluster, meaning that they most probably come from the same threat actor.

The first of the two clipper samples is distributed as a portable executable with all the necessary dependencies and information embedded directly in its binary. This way, no installation takes place after the malicious program is executed, keeping the victim unaware that something is amiss. The malware intercepts not only messages between users, but also all saved messages, channels, and groups.

Similar to the related Android Cluster 2, the code responsible for modifying the messages uses hardcoded patterns to identify the cryptocurrency addresses inside messages. These are highlighted in yellow in Figure 15. If found, the code replaces the original addresses with the corresponding addresses belonging to the attacker (highlighted in red). This clipper focuses on bitcoin, Ethereum, and TRON.

Figure 15. Decompiled code with hardcoded patterns and wallet addresses

The second clipper uses a standard installation process, the same as the legitimate Telegram installer. However, even if the process outwardly appears innocent, the installed executable is far from benign. Compared to legitimate Telegram, it contains two additional files encrypted using a single byte XOR cipher with the key 0xff. The files contain a C&C server address and an agent ID used to communicate with the C&C.

This time, no hardcoded addresses are used. Instead, the clipper obtains both the message patterns and the corresponding cryptocurrency wallet addresses from the C&C via an HTTP POST request. The communication with the C&C works in the same way as shown in Cluster 2 of Android clippers (Figure 12).

In addition to swapping cryptocurrency wallet addresses, this clipper can also steal the victims phone number and Telegram credentials. When a person compromised by this trojanized app tries to log in on a new device, they are requested to put in the login code sent to their Telegram account. Once the code arrives, the notification is automatically intercepted by the malware, and the verification code along with the optional password end up in the hands of the threat actors.

Similar to the first Windows clipper sample, any message sent using this malicious version of Telegram containing bitcoin, Ethereum, or TRON cryptocurrency wallet addresses will be modified to replace the addresses for those provided by the attacker (see Figure 16). However, unlike the Android version, the victims will not be able to discover that their messages have been tampered with without comparing chat histories: even after restarting the app, the sender will always see the original version of the message since the relevant part of the code is executed again on application start; the recipient, on the other hand, will only receive the attacker wallet.

Figure 16. Legitimate Telegram client (left) and trojanized one (right)

The rest of the malicious apps we discovered are distributed in the form of Telegram and WhatsApp installers bundled with remote access trojans. Once the RATs have gained access to the system, neither Telegram nor WhatsApp need to run for the RATs to operate. In the observed samples, malicious code was mostly executed indirectly by using DLL Side-loading, thus allowing the attackers to hide their actions behind the execution of legitimate applications. These RATs differ significantly from the clippers, since they do not explicitly focus on stealing cryptocurrency wallets. Instead, they contain several modules with a wide range of functionalities, allowing the threat actors to perform actions such as stealing clipboard data, logging keystrokes, querying Windows Registry, capturing the screen, obtaining system information, and performing file operations. Each RAT we discovered used a slightly different combination of modules.

With one exception, all the remote access trojans we analyzed were based on the notorious Gh0st RAT, malware that is frequently used by cybercriminals due to its public availability. As an interesting aside, Gh0st RATs code uses a special packet flag set to Gh0st by default, a value that threat actors like to customize. In changing the flag, they can use something that makes more sense for their version of the malware, or they can use no flags at all. They can also, as in one case spotted during our analysis, reveal their deepest desires by changing the flag to lambo (as in, the nickname for the Italian luxury car brand; see Figure 17).

Figure 17. Hex-rays decompiled code with flag lambo

The only RAT among the group that wasnt completely based on Gh0st RAT used the code from the HP-socket library to communicate with its C&C server. Compared to the other RATs, this one uses significantly more anti-analysis runtime checks during its execution chain. While its source code certainly differs from the rest of the trojans discovered, its functionality is basically identical: it is capable of performing file operations, obtaining system information and the list of running programs, deleting profiles of commonly used browsers, downloading and running a potentially malicious file, and so on. We suspect that this is a custom build that could be inspired by the Gh0st implementation.

Install apps only from trustworthy and reliable sources such as the Google Play store.

If you are sharing cryptocurrency wallet addresses via the Android Telegram app, double check whether the address you sent matches the address that is displayed after restarting the application. If not, warn the recipient not to use the address and try to remove the message. Unfortunately, this technique cannot be applied to trojanized WhatsApp for Android.

Be aware that the previous tip does not apply in the case of trojanized Telegram; since the recipient of the wallet address only sees the attacker wallet, they will be unable to tell whether the address is genuine.

Do not store unencrypted pictures or screenshots containing sensitive information, such as mnemonic phrases, passwords, and private keys, on your device.

If you believe you have a trojanized version of Telegram or WhatsApp, manually remove it from your device and download the app either from Google Play, or directly from the legitimate website.

In case you are not sure whether your Telegram installer is legitimate, check if the files digital signature is valid and issued to Telegram FZ-LLC.

If you suspect that your Telegram app is malicious, we advise that you use a security solution to detect the threat and remove it for you. Even if you do not own such software, you can still use the free ESET Online Scanner.

The only official version of WhatsApp for Windows is currently available in the Microsoft store. If you installed the application from any other source, we advise you to delete it and then to scan your device.

During our research of trojanized Telegram and WhatsApp apps distributed through copycat websites, we discovered the first instances of Android clippers that intercept instant messages and swap victims cryptocurrency wallet addresses for the attackers address. Furthermore, some of the clippers abused OCR to extract mnemonic phrases out of images saved on the victims devices, a malicious use of the screen reading technology that we saw for the first time.

We also found Windows versions of the wallet-switching clippers, as well as Telegram and WhatsApp installers for Windows bundled with remote access trojans. Through their various modules, the RATs enable the attackers control over the victims machines.

This table was built using version 12 of the MITRE ATT&CK mobile techniques.

This table was built using version 12 of the MITRE ATT&CK enterprise techniques.

Read more:

Notsoprivate messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets - We Live Security

(Kitco News) - The U.S. is the undisputed leader when it comes to the number of Bitcoin automated teller machines (ATMs), with 32,591 machines installed throughout the country, but a recent study conducted by Tradingbrowser indicates that cryptocurrency and Bitcoin ATM adoption is highest in countries that lack a developed financial infrastructure.

Countries that have high rates of unbanked populations also have higher rates of cryptocurrency adoption due to high cash payments and Bitcoin ATMs, Daniel Larsson, senior editor at Tradingbrowser, wrote. If the projection of installed Bitcoin ATMs continues, these unbanked countries could see exponential growth in adoption.

A total of 14 countries were included in the study, which gathered information related to the number of Bitcoin ATMs installed, cash payments, unbaked population, cryptocurrency ownership, cryptocurrency ownership percentage, and the total population in order to compare adoption rates.

It all boils down to how the population is connected to cash payments and bank accounts, Larsson said.

The countries that were found to have the highest rate of crypto adoption had the highest rates of unbanked populations and were also the most promising locations to install ATMs and promote adoption.

Countries with a high rate of cash payments and unbanked population. Source: Tradingbrowser

Out of the countries surveyed, Mexico had the largest percentage of its population unbanked at 60%, and it also ranks third in terms of the number of Bitcoin ATMs installed, with 46. Only Romania and Hong Kong currently host more ATMs than Mexico. A total of 3.4% of Mexican citizens currently own cryptocurrency, which is nearly triple the adoption rate of more advanced nations like Norway and Denmark.

In South Africa, 31% of the population is unbanked, the country has 21 Bitcoin ATMs, and 10% of its population owns some form of cryptocurrency.

When those numbers are compared to countries whose unbanked population is smaller, the differences become clear.

Countries with a low rate of cash payments and unbanked population. Source: Tradingbrowser

The differences are especially stark in nordic countries like Sweden, Denmark, and Finland, which have the lowest percentage of cash payments (1-2%) while nearly 100% of their populations are connected to the traditional banking system.

Countries where cash payments range from 1-2% and unbanked populations from 0% to 1% including Sweden, Denmark, Norway, and New Zealand have no Bitcoin ATMs installed. These countries also have a much lower adoption rate, Larsson observed.

We can draw many conclusions based on these findings but the most significant driver for the high adoption rates in highly unbanked nations is the number of Bitcoin ATMs that have been installed, Larsson said. In many cases, cryptocurrency is proving to be a viable option where Bitcoin ATMs have been installed.

In areas with no established banking infrastructure, the ability to use ATMs to trade cryptocurrency for cash, or from cash to cryptocurrency, is a feature that is impossible without access to traditional banking or credit cards.

Based on these findings, Larsson speculates that the reason crypto ownership is lower in countries with an established financial infrastructure has to do with the fact that there is no need for the population in these countries to use cryptocurrencies.

The one exception in the study was Hong Kong, which has a highly developed financial system and is considered to be a financial hub and testing ground for Chinese policymakers. Hong Kong ranked second overall in the number of Bitcoin ATMs installed, with 147, while Romania came in first with 156.

The high rate of cash payments and Bitcoin ATMs in developing countries shows a growth of alternative financing solutions such as Bitcoin which provides a fast, secure, and efficient way to transact outside the traditional banking system, Larsson said. Its safe to say that more Bitcoin ATMs are likely going to be installed in highly unbanked countries as the positive trend toward cryptocurrencies continues.

While Bitcoin ATMs are not solely responsible for driving adoption in unbanked regions of the world, there is clearly a correlation, Larsson said. The study shows that cash and Bitcoin ATMs are the two main factors driving the adoption of cryptocurrencies right now and its obvious which parts of the world are in the drivers seat.

It remains to be seen how the trend will progress moving forward, especially amid the spreading banking contagion that is now hitting banks in Europe, including Credit Suisse.

Only time will tell whether the trend of these ATMs and the adoption of cryptocurrency will continue in countries where cash is currently king, Larsson said. Until then, we can not look past the obvious which is that right now, unbanked countries are beating cashless countries in the race to full cryptocurrency adoption.

Disclaimer: The views expressed in this article are those of the author and may not reflect those of Kitco Metals Inc. The author has made every effort to ensure accuracy of information provided; however, neither Kitco Metals Inc. nor the author can guarantee such accuracy. This article is strictly for informational purposes only. It is not a solicitation to make any exchange in commodities, securities or other financial instruments. Kitco Metals Inc. and the author of this article do not accept culpability for losses and/ or damages arising from the use of this publication.

Read the original post:

Crypto and Bitcoin ATM adoption is highest in countries with large ... - Kitco NEWS

What is in the news these days is the Feds action to support the banking system that is severely in crisis, though this is only supporting Bitcoin.

The banking crisis with the failure of four major US banks, and others at risk. Has forced the Fed and the government to take unprecedented measures, and this indirectly brings new life to Bitcoin as well.

As also reported by Watcher Guru on Twitter with the following tweet:

JUST IN: $2 trillion could be injected into the US banking system by the Federal Reserves emergency loan program, JPMorgan says.

The Feds emergency lending consists of the ability of distressed banks to access $2 trillion in liquidity at least, JPMorgan explains.

The aftermath of the collapse of the various Silicon Valley Bank, Silvergate, etc. has sunk the entire banking industry and fear is spreading like wildfire.

Many banks do not have their accounts in order and are not as solid as Silicon Valley Bank was, for example, although it also went bankrupt.

For the investment bank JPMorgan Chase & Co, the program put in place by the Fed and the US government is massive.

Available funds constitute the largest economic intervention ever put in place ($2 trillion) and are only meant to buffer the crisis with an injection of liquidity.

The plan has been under consideration well before the recent industry failures but now its rushed launch was necessary to avert the collapse of the US economy.

The operation will make it unnecessary to sell loss-making securities so banks can survive.

JPMorgan has stated that the Bank Term Funding Program will be sufficient to put the accounts of the entire banking system in order except for the 5 largest investment banks.

Whether or not to use the plan is in strong doubt since it would involve untying the state with a noose around its neck.

The amount allocated on balance is equal to the amount of total existing bank bonds.

For Nikolaos Panigirtzoglous strategy team:

Utilization of the Feds Bank Term Funding Program is likely to be high.

The largest US banks, along with those subject to intervention by the Fed and government, hold $3 trillion in bank reserves.

There have been rumors for a few days now that the Fed no longer intends to raise rates by 50 basis points. There has even been talk of a rate standby.

This news, combined with the banking crisis, has led to, among other things. A drop in the yield on bots of 60 basis points in just one week.

The combination of the banking crisis and the idea of a rate standby is bringing a boost to Bitcoin. Which is up 20% in just four days.

Today Bitcoin stands at $24829 and is up 1.89% in the 24 hours.

Should Bitcoin succeed in breaking through $26.000 then the $30.000 target would be in its grasp.

Lack of confidence and losses by investors in the banking sector have brought liquidity to the crypto sector and especially to Bitcoin.

It is curious (I am being sarcastic) how the currency that was created to counter and give an alternative to the banking system as we know it appreciates in a phase of crisis in the latter.

Excerpt from:

US Fed to the rescue of banks as Bitcoin soars - The Cryptonomist

Although Bitcoin (BTC 1.13%) is often touted as a superior form of money and a premier asset to store wealth due to its scarcity and decentralization, it does have some shortcomings. The most glaring deficiencies are high costs and slowness when sending small transactions.

When sending these smaller transactions, it isn't uncommon for the transaction fee to be larger than the transaction itself. This has been one of the most well-known obstacles that has prevented Bitcoin from becoming a viable option for everyday purchases like a cup of coffee or a meal at a restaurant.

However, this might slowly be changing.

In 2018, developers released a solution called the Lightning Network which would help mitigate these high fees and slow speeds for smaller transactions. The details of how it works can be a little complex, but what is most important to know is that with the Lightning Network, transaction speeds can increase from just 10 per second to more than 1 million per second and cost just a fraction of a penny.

In its infancy, growth of the Lightning Network was slow, but by 2021 an explosion on the network took place as Bitcoin climbed to an all-time high of nearly $69,000, and users looked for cost-effective solutions to send and receive Bitcoin.

But since that peak in 2021, the Lightning Network has remained impressively resilient during the current bear market and has actually continued to grow.

On Feb. 26, the Lightning Network notched a new all-time high in network capacity. This metric measures the amount of Bitcoin locked in the network and serves as a proxy to gauge liquidity. The thinking goes that the greater the liquidity, the greater the network's capacity to process larger transactions faster and cheaper.

We can see this phenomenon in action when taking a look at the median base fee on the network. Despite Bitcoin's price fluctuating, there is a clear and evident trend of the median base fee falling with time. In late 2022, it hit an all-time low of $0.00000016. Talk about cheap.

When considering that the Lightning Network has continued to flourish even in the midst of this crypto winter, there is significant reason to believe that this growth will be sustained should a bull market arrive. As such, thenarrative that Bitcoin is too costly and slow to use for everyday payments will likely dissipate.

Should the Lightning Network continues on its current path of growth, it could lead to Bitcoin truly becoming a superior form of money that can be used not only as a store of value but also an attractive means of payment.

Although some consider it to already be in the upper echelon of all cryptocurrencies, the combination of Bitcoin's use case as a long-term investment and growth of the Lightning Network could solidify Bitcoin's position as the premier digital asset for years to come. When considering that Bitcoin's price is still down more than 70% from its all-time high, an investment today seems almost too good to be true.

RJ Fulton has positions in Bitcoin. The Motley Fool has positions in and recommends Bitcoin. The Motley Fool has a disclosure policy.

See original here:

If This Trend Continues, Bitcoin Could Grow for Years to Come - The Motley Fool

Fear, uncertainty, and doubt (FUD) about Bitcoin stemming from the collapse of a single bank contributed to its downward trend earlier this week.

Yet, the failure of yet another bank may have reversed the publics opinion and brought back support for the king coin. However, Bitcoin may have been affected differently by the Silicon Valley bank run that triggered a drop in USDC.

Read Bitcoin (BTC) Price Prediction 2023-24

The California Financial Institutions Control Board closed Silicon Valley Bank, a significant bank for startups with venture capital backing. It was the first bank insured by the FDIC to go bankrupt in 2023.

The California regulator has designated the FDIC as the receiver to safeguard insured savings, although the reason for the shutdown is unknown. SVB, one of the 20 largest banks in the U.S. by total assets, financed several startups focusing on cryptocurrencies.

Peoples reactions to the SVB failure suggest uncertainty is the current prevalent mood. The process of withdrawing assets for customers with $250,000 or more has sparked discussions based on a thread by Mark Cuban (an American businessman) and the following comments.

In addition, Circle announced in a statement that over $3 billion of its $40 billion was held by SVB. Another negative reaction has been the flight of USDC holders exchanging their holdings for other stablecoins and Bitcoin.

According to Santiment statistics, the accumulation of whales and sharks continued despite the FUD that was caused by the Silvergate crash.

As of this writing, addresses with 10-10,000 BTC had risen to over 67%. Looking at the data, it is clear that on 11 March, there was an upswing in whale and shark accumulation, coinciding with the time that USDC was experiencing a capital flight.

In addition, the volume metric on Santiment revealed some intriguing actions. By 9 a.m. UTC on March 11, BTC volume had already reached 45 billion, and by 17:00 UTC, it had reached 35 billion.

This volume is notable because it is the highest Bitcoin has seen since December. There is little doubt that this is a sign of a rise in business activity. There were more than 39 billion as of this writing.

Even if the amount of trades has increased, most tokens have left exchanges. More and more Bitcoin (BTC) holders are moving their coins off exchanges because of the continuing swap with USDC.

CryptoQuants Netflow measure shows that on 10 March, more BTC left the system than entered; this trend persisted as of this writing.

Looking at the spot price of BTC/USDC at the time of writing, we can see that BTC has increased in value by more than 11% on a daily timeframe. At the time of writing, one Bitcoin was worth roughly $22,600 at the current USDC exchange rate.

Yet, on a daily timeframe, the BTC/USD spot price showed that it had lost almost 1% of its value, trading at around $19,900 and $20,000.

Is your portfolio green? Check out the Bitcoin Profit Calculator

A possible indicator of the degree of interdependence between conventional finance and cryptocurrency is the publics reaction to the SVB failure, which was focused on Bitcoin and stablecoins.

Even so, Bitcoin showed that, despite its volatility, it could be a viable alternative store of wealth.

See the original post here:

Bitcoin: Fall of Silicon Valley Bank might be a silver lining for BTC, heres why - AMBCrypto News

Digital financial assets (DFAs) for a total exceeding $26 million have been issued in Russia in the past year. This new market has been developing since it was regulated in 2021 and the countrys monetary authority started licensing issuers in the following year.

Less than a year since Central Bank of Russia (CBR)-approved entities began issuing digital financial assets, these have issued DFAs for 2 billion rubles (over $26 million). The data was announced by Ekaterina Frolovicheva, general director of the tokenization service Atomyze.

Speaking at a round table in the Digital Financial Assets New Tool for Attracting Liquidity Public Chamber, Frolovicheva explained that the first DFA issuer was added to Bank of Russias register on Feb. 3, 2022, but the issuing of DFAs started several months later.

Quoted by the Tass news agency, she also noted that the unique features of DFAs make them extremely attractive and that demand is on the rise. For example, hybrid digital rights combine the properties of digital financial assets and utilitarian digital rights, simultaneously certifying a monetary claim and right to demand the transfer of an asset.

Stablecoins, when not intended for settlements, as well as non-fungible tokens (NFTs) can be issued as hybrid digital rights in the Russian Federation. Thats possible under the law On Digital Financial Assets which went into force in January 2021. However, the country has yet to regulate operations with decentralized cryptocurrencies like bitcoin.

Atomyze is one of the platforms authorized by the CBR to issue DFAs, alongside the fintech company Lighthouse, as well as Sberbank and Alfa-Bank, Russias largest state-owned and private bank, respectively. Another entity was recently licensed Distributed Registry Systems, which operates the Masterchain blockchain platform.

Russians will soon be able to invest in DFAs along with other instruments, such as stocks and bonds, while avoiding the risks associated with traditional instruments and bypassing financial market intermediaries, commented Maxim Trofimov, CEO of a company called Digital Assets.

Do you expect the digital assets market to continue to expand in Russia? Share your thoughts on the subject in the comments section below.

Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchenss quote: Being a writer is what I am, rather than what I do. Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

More:

Digital Assets Worth 2 Billion Rubles Issued in Russia in Less Than ... - Bitcoin News

Few people understand the key technical issues currently facing the worlds dominant cryptocurrency. Andrew Chow is one of them.

Chow is one of four maintainers for Bitcoin Core (or just Core), the most popular software for connecting to the Bitcoin network.

Maintainers review changes to Bitcoin Core known as commits, which are submitted by fellow Bitcoin developers as pull requests or PRs. Chow and other maintainers then approve or merge those changes into Cores source code. The code review is critical to ensuring no buggy code gets merged.

Chow is a gamer at heart, and only got into Bitcoin in high school to pay for video games he couldnt otherwise afford. His parents wouldnt give him a credit card, open a bank account for him or even give him an allowance. He resorted to freelancing on the BitcoinTalk forum and began writing code in exchange for bitcoin (BTC).

Chow, who says he's now in his mid-20s, gets paid as an engineer at the Bitcoin infrastructure firm Blockstream, where aside from a few corporate tasks, his main priority is working on Bitcoin Core.

He says code review is one of the biggest challenges Bitcoin faces today. Most Core developers are keen on writing code for new features, but few enjoy the more mundane task of reviewing code submitted by their peers. Chow says more contributors need to focus on code review to tackle the 300-plus PRs in Cores GitHub repository. The community has a Bitcoin Core PR Review Club that meets weekly to help newer contributors learn about the review process.

Chow agreed to an interview with CoinDesk at the Advancing Bitcoin conference in London. He elaborated on why code review is so critical, explained what Bitcoin Core contributors do every day, and weighed in on the current debate over op_vault and Speedy Trial. Heres a partial transcript of that interview.

CoinDesk: How did you discover Bitcoin?

Andrew Chow: When I was younger, in high school, I didn't have a bank account because I was under 18. My parents didn't open one for me. I didn't have a credit card even a supervised credit card and I didn't have an allowance. But Steam was selling games for bitcoin. If you do PC gaming, you can download Steam and it has basically all the PC games.

Also, on purse.io, you could sell bitcoin for stuff. Well, I wanted to play games. I wanted to buy them. I mean, I'm okay with pirating but, you know, pirating things is kind of sketchy. You don't know what you're downloading. It could be complete malware.

So I was, like, this bitcoin thing is fully electronic. Maybe I can use that to buy games but how do I get bitcoin? Maybe I can do some work and get paid in bitcoin.

I know a few people who did that. So that's how I learned programming. Id go on BitcoinTalk and people would say, I will pay you however much to write me a script that does this.

Well, that seemed simple enough. I also had a friend in high school. He was, like, Hey, have you heard about this bitcoin thing? I think you might like it. He was definitely buying drugs with bitcoin.

So that's how I got into Bitcoin. And eventually I was like, Well, I'm using this wallet and I'm running into these issues. I clearly know how to write a program. Maybe I can fix this wallet. That's how I got into doing development.

I was running this thing called Armory. Which was basically not maintained. I mean, it's still kind of maintained by one guy, so barely.

By the time I was using it, it was kind of a mess and it didn't always work. I was finding that some of the problems that were happening in Armory were caused by things that Bitcoin Core was doing. So I started going into Bitcoin Core and asking whats Bitcoin Core doing? Oh, Bitcoin Core has this bug that's causing us to have a bug.

Armory was doing something not recommended, which was to read the block files directly from Bitcoin Core you're not supposed to do that. When they changed the format, it broke everything.

I was trying to reconcile the two, and then Armory just kind of fell off my map. That's how I transitioned to Bitcoin Core. I eventually stopped working on Armory because I got more done on Core.

Yesterday we talked about the ratio of Bitcoin contributors who review code versus contributors who write code. Can you share your thoughts on that?

Our main bottleneck in Bitcoin Core has been review. We have 300-plus PRs open and they need to be reviewed. Whether its just to make sure the code is good or just conceptually like, Do we even want this change?

The problem with every PR is that one person usually writes it, but we need multiple people to review it, give an approval or leave comments. Therefore, we must have more reviewers than people writing, but that's just not how it works.

Personally, I find code review to be a little bit boring. It's a little annoying and it can be kind of mind-numbing. But I still do it. I guess it's like a necessary evil and it's because I don't find it fun. If I do it enoug I start feeling like Ill burn out because it's no longer enjoyable.

So you have to find some balance between writing code and reviewing code. Its a bit of a catch-22. We have to have more reviewers than coders, but how do you become competent enough to review code if you're not writing code? It's a conundrum.

We're in a bear market and organizations like Brink that fund Bitcoin development are saying funding is down by about 50%. Why do we need to pay Bitcoin contributors and developers?

Fundamentally, every piece of software has bugs. There will always be bugs to find and bugs to fix. That's just general software maintenance that must happen.

And even then, the software that exists now cannot last forever. Operating systems will evolve and libraries will evolve and change. Eventually the software will just stop compiling on a computer; it might just stop running. And so, there needs to be constant work just to keep it up to date.

So there are always things to update, even without new features. But there are new features and we do want to improve Bitcoin. Not just the consensus rules, but also how we relay transactions, what kind of transactions we accept into the mempool and the peer-to-peer protocol.

There can be DoS vectors we want to fix or change that maybe haven't been discovered yet. There's always something.

If I'm a new Core contributor, what are some of the big issues I would need to know about?

There are currently a number of issues that exist, like pinning attacks, that are pretty well documented. It seems to be that no one exploits them, but that's not a good reason to not fix them.

There's been a lot of work on the mempool how and what transactions are accepted into the mempool, what methods there are for fee bumping, and things like that. It's relevant to Lightning and other [layer 2] networks.

Whats a pinning attack?

If both of us open a Lightning channel together, I can make it so that you can never bump the fee on that transaction. So I can make it perpetually low-fee and it never gets mined, then try to double-spend it later.

There's a bunch of attacks you can do with the existing mempool policy rules. These are documented on the mailing list and they're definitely problems. If someone tried to exploit them it would be annoying, but I don't think we've seen anyone try to exploit them.

We still want to fix them and there's been a lot of work on making improvements so that we don't have these pinning attacks, or at least, if you want to pin a transaction, it'll be really expensive.

We also discussed op_vault and Speed Trial yesterday. There have been some tensions around James OBeirnes recommendation to deploy op_vault using Speedy Trial. Any comments?

With a new proposal like that, deployment should be the last thing to think about.

Some ideas on how to deploy things are, for some reason, contentious. If you want to have a discussion about the proposal, having deployment in there kind of causes it to be derailed.

So I do think James putting that in there was probably a mistake. The Taproot deployment section wasn't defined until after Taproot. The code changes themselves were merged into Bitcoin Core but not active. It's not unusual to just say we'll deal with deployment after we figure out what we want the code changes to be.

Speedy Trial was an experiment for Taproot. We've tried different deployment methods over the years with varying degrees of success.

The rest is here:

Reviewing Code Is Mind-Numbing: Q&A With Bitcoin Maintainer Andrew Chow - CoinDesk

Cryptocurrency on Binance trading app

With the tax deadline just a few weeks agoTax Day is April 18taxpayers are scrambling to finish and file their returns. One thing that may be causing some confusion this year? Cryptocurrency. While it's not a new tax topic, conflicting advice about losses and different wording on Form 1040 are resulting in some head-scratching. Here are five things you need to know about cryptocurrency before you file your tax return.

The IRS is getting serious about cryptocurrencyer, digital assets. This year, the question near the top of your Form 1040 asks, At any time during 2022, did you: (a) receive (as a reward, award, or payment for property or services); or (b) sell, exchange, gift, or otherwise dispose of a digital asset (or a financial interest in a digital asset)?

IRS Form 1040 for 2022

According to the IRS, digital assets are any digital representations of value that are recorded on a cryptographically secured distributed ledger or any similar technology. That includes non-fungible tokens (NFTs) and virtual currencies, such as cryptocurrencies and stablecoins.

And just in case there's any confusion, the IRS notes that if a particular asset has the characteristics of a digital asset, it will be treated as a digital asset for federal income tax purposes. In other words, if it looks like a duck, walks like a duck, and quacks like a duck, it may just be a duck.

Not every digital asset transaction requires you to tick the yes box. For example, just holding a digital asset in a wallet or account, or transferring a digital asset from one wallet or account you own or control to another wallet or account that you own or control doesnt result in a yes. It also doesn't include the purchase of digital assets using cash or other currency, including through the use of electronic platforms like PayPal PYPL and Venmo.

Do not leave the question unanswered. All taxpayers must tick a box, not just those who engaged in a transaction involving digital assets in 2022.

This is true no matter what the income looks like once it gets to you. That means the receipt of cryptocurrency or other digital assets in exchange for services is considered income. That includes income earned as an employee or as an independent contractor.

Income may also be recognized from mining and staking. And if a hard fork is followed by an airdrop and you receive new cryptocurrency, the IRS considers that to be taxable income.

But not all transactions result in the recognition of income. If your cryptocurrency went through a hard fork, and you did not receive any new cryptocurrency, you don't have taxable income to report. Similarly, a soft fork will not result in any taxable income.

The IRS considers cryptocurrency a capital asset. The agency issued guidance in 2014, making it clear that capital gains rules apply to any gains or losses.

For tax purposes, you figure your capital gains or losses by determining how much your basistypically, the cost you pay for assetshas gone up or down from the time that you acquired the asset until theres a taxable event. A taxable event can include a sale, gift, or other disposition.

If you hold an asset for more than one year before a taxable event, it's considered a long-term gain or loss. And if you hold an asset for one year or less before a taxable event, it's considered a short-term gain or loss.

And while cryptocurrency goes up and down, you care the most about the beginning and the endwhat happens in the middle doesn't really count. Thats because, for tax purposes, when cryptocurrency takes a dive, that doesn't equal a realized loss. Similarly, when it goes back up in value, that doesn't equal a realized gain. To realize a gain or a loss for tax purposes, you must do something with the asset, like sell or otherwise dispose of it.

At tax time, you'll report any realized gains and losses on Schedule D. You don't need to file a Schedule D if you don't have any realized gains or losseseven if the value changes, if there's no sale or disposition, there's nothing to report.

Like other capital assets, if any realized losses from digital assets exceed any realized gains, you have a capital loss. You can claim up to $3,000 (or $1,500 if you are married filing separately) of capital losses in a tax yearthe amount of your loss offsets your taxable income. However, if your losses exceed those limits, you can carry them forward to later years, subject to certain limitations and restrictions.

Here's how that works. Let's say that you realized $3,500 in net capital losses in 2022. You can deduct $3,000 in capital losses for the 2022 tax yearthe return you're filing nowand carry forward the remaining $500 in losses to use on next year's tax return.

There's been a lot of speculation about how to treat cryptocurrency that has declined quickly in value to the point of almost being worthless. Specifically, it's been suggested that if your cryptocurrency has substantially dropped in value, you can claim it as a loss under section 165.

In January, the IRS Office of Chief Counsel issued Memorandum 202302011. The non-taxpayer specific advice confirmed two things:

The memorandum references Lakewood Assocs. v. Commissioner, 109 T.C. 450, 459 (1997), claiming, The mere diminution in value of property does not create a deductible loss. In other words, if it's not wholly worthless, you still own something and theres no realized loss.

It's worth re-emphasizing that the IRS memo is a response to a request for non-taxpayer specific advice, which means that it should not be used or cited as precedent. It doesn't carry the same weight as a law or regulation. However, it does offer insight into how the IRS regards an issue, and that's valuable information.

This is a quick look at some of the most common cryptocurrency questionsthere are certainly some more complicated cryptocurrency scenarios not addressed here.

If youre seeking more information, the IRS has some links and FAQs specific to digital assets on its website. And while the internet can offer some useful advice (hey, you're reading this right now), not all cryptocurrency tax advice is created equal. If you have questions, I highly recommend consulting with a knowledgeable tax professional.

Read this article:

Five Things You Need To Know About Cryptocurrency And Taxes - Forbes