Following new regulatory measures from the Reserve Bank of India prohibiting banks from providing services to cryptocurrency businesses, some Indian banks are taking drastic measures to discourage cryptocurrency adoption, reportedly requiring customers to sign contracts stating that they will not use cryptocurrencies of any kind as part of their new terms of service agreement.

Line in The Sand

The new measures effectively force customers to choose between banks and crypto, perhaps a difficult decision for many supporters of the fledgling cryptocurrency movement. While many hope to see cryptocurrency overtake traditional banking entirely, the infrastructure to do that simply isn’t there at the moment, and actions such as these carried out by banks on a large scale only make it more difficult to foster adoption – which, of course, is likely the point.

@DesiCryptoHodlr or “Indian Crypto Girl” on Twitter posted an image of the terms and conditions required by Kotak Mahindra Bank as an example of the new, strict measures being taken against cryptocurrency users.

Image courtesy: @DesiCryptoHodlr

The bank asks users to declare that they “will not deal with any transactions related to Crypto-currency including Bitcoins,” adding that the Bank reserves the right to close their account if they should breach the agreement.

Similar warnings are displayed on the bank’s ATM screens:

Virtual currencies (VCs) are not legal tender and do not have any regulatory permission or protection in India. We request you not to make transactions involving any VCs from any of your account/s. For any such transactions, the bank shall be acting in accordance with the regulatory guidelines which include closing your account without further intimation.

The bank claims to be acting in accordance with IRB regulations, and Crypto Girl stated on Twitter that this is just one of many banks forcing their customers to swear off crypto if they want banking services. Another Twitter user @IAmCryptoLegend commented in the thread to say that that banks are implementing similar measures in neighboring Pakistan.

Indian CryptoGirl@DesiCryptoHodlr · Jan 9, 2019

Indian Banks now forcefully taking permission from us to ‘reserve right to close our account without further intimation’ if we deal in #cryptocurrency transactions

Ability to decide what to do with our own money is the very reason we need to invest, #BUIDL, & believe in #bitcoin

View image on Twitter

TenUp National@IamCryptoLegend

🇵🇰
☹️

Same texts we received on our cells here in Pakistan 26:07 PM – Jan 9, 2019Twitter Ads info and privacySee TenUp National’s other Tweets

This was confirmed by a screenshot of a text message from Faysal Bank warning customers not to use cryptocurrencies:

IRB Vs Crypto

The Indian central bank has taken a stand against cryptocurrency, citing issues of security and volatility. The bank’s governor Raghuram Rajan does concede that bitcoin is “fascinating” to him, and states his belief that India and perhaps humanity, in general, will move towards a cashless society in time.

For us at the Reserve Bank, this may happen in 10 to 20 years from now. [I] think these virtual currencies will certainly get much better, much safer and over time will be the form of transaction, and that’s for sure.

While the IRB has not banned cryptocurrency outright and Indian citizens are still legally free to use cryptocurrencies if they wish, the growing trend of banks refusing services to crypto-users could put many citizens in a tight spot, forcing them to choose between the underdeveloped system of the future and the outdated system of the past.

This post credited to CCN. Featured image from Shutterstock.

United Kingdom-based cryptocurrency exchange CEX.IO now requires its users to disclose their identities, financial trading news outlet Finance Magnates reportedDec. 11.

Established in 2013, CEX is a London-based cryptocurrency trading platform, initially started as a cloud mining provider. Currently, the exchange supports eight major digital currencies and four major fiat currencies, while its adjusted daily trading volume is around $4.9 million, according to CoinMarketCap.

While the situation with Brexit — the scenario in which the U.K. leaves European Union — remains cloudy, CEX.IO does business with clients internationally and therefore aims to comply with relevant international regulations, including the EU’s Fifth Anti-Money Laundering (AML) Directive. The directive entered into force in July 2018, and EU member states have until Jan. 10, 2020 to implement it in their respective national laws.

CEX.IO is also a registered member of the the Financial Crimes Enforcement Network (FinCen) of the United States Department of the Treasury, and still has to perform operations in accordance with U.S. law. CEX Regulatory Affairs Counsel Serhii Mokhniev reportedly commented on the company’s decision:

“We have always understood the importance of dealing with virtual currency within a legal framework, so mandatory verification for customers who transact in fiat currency was introduced long before the Fifth Anti-Money Laundering Directive was adopted in the EU.”

In December 2017, the U.K. and EU jointly announced that they are  planning a crackdown on crypto-enabled money laundering and tax evasion. The increased regulations, in line with directives in the EU, are intended to limit the amount of anonymity possible for cryptocurrency traders. In October, U.K. Economic Secretary to the Treasury Stephen Barclay said:

“The U.K. government is currently negotiating amendments to the Anti-Money Laundering directive that will bring virtual currency exchange platforms and custodian wallet providers into Anti-Money Laundering and counter-terrorist financing regulation, which will result in these firms’ activities being overseen by national competent authorities for these areas.”

This post credited to cointelegraph Image source: Cointelegraph 

The deputy secretary of the Thai Securities and Exchanges Commission (Thai SEC) has declared that Thai-related Security Token Offerings (STOs) launched in an international market break the law, English-language daily Bangkok Post reportsNov. 29.

The aforementioned article states that deputy secretary Tipsuda Thavaramara “said the regulator will have to consider how to deal with STOs for issues such as share ownership, voting rights and dividend.”

There still confusion about how to regulate these kind of offerings, Thavaramara reportedly declared:

“At the moment, we have not decided whether STOs fall under the SEC Act or the Digital Asset Act, but it depends on the STO’s conditions and the details in its white paper.”

Bangkok Post reports that Thavaramara noted that a “STO affiliated with Thai investors launching in an international market at this point would be guilty of wrongdoing under the Digital Asset Act” as it would avoid “regulated fund-raising channels.”

Prinn Panichpakdi, managing director of CLSA Securities Thailand, a Thai securities brokerage provider, stated that “the SEC will have to consider how to deal with this” or STOs will “will launch in other markets.”

As Cointelegraph recently reported, Thailand has revealed plans to legalize Initial Coin Offerings (ICO), authorize cryptocurrency exchanges, and regulate cryptocurrency in a way that legitimizes it. The governor of the Bank of Thailand (BoT) also said in late November that it will take between three and five years for cryptocurrencies to replace cash.

This post credited to cointelegraph Image source: Cointelegraph

Despite attempts to weed out fake cryptocurrency apps on the Android marketplace, the war is far from being won.

Cybersecurity researcher Lukas Stefanko recently came across four fake crypto apps in the Google Play Store that impersonated Ethereum wallet MetaMask, as well as the Tether and NEO cryptocurrencies. According to Stefanko, the apps have been on the Android marketplace for weeks now and had been downloaded several hundred times. The apps were removed from the Google Play Store as soon as they were reported.

‘Phishing’ Expedition

Stefanko identified the MetaMask app as a phishing application intended to harvest the private key and the wallet password of the user. The rest were fake wallets which when launched were intended to dupe users into thinking that a public address had already been generated when it had not. This was with the intention of leading the user to send funds to the wallet, whose private keys are owned by the creator of the fake wallet. Once sent, the user cannot withdraw these funds since they don’t own the private keys.

Per Stefanko, the fake wallets were created using an app builder service that requires little or no coding skills. With such a low barrier of entry, Stefanko warned, the problem of malicious cryptocurrency apps is likely to continue to get worse.

“That means that – once Bitcoin price rises and starts to make it into front pages – than [sic] literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet,” wrote Stefanko in the blog post.

Chrome Web Store

Besides malicious apps on the Google Play Store that the online search giant has had to constantly take down as new ones come up, Google has also experienced similar problems on the marketplace of its Chrome browser. Early last month, Google announced a ban on browser extensions that possess crypto mining capabilities.

CCN@CryptoCoinsNews

Google Bans Obfuscated Chrome Extensions to Cryptojackers’ Woe https://www.ccn.com/google-bans-obfuscated-chrome-extensions-to-cryptojackers-woe/ 

Google Bans Obfuscated Chrome Extensions to Cryptojackers’ Woe

Technology behemoth Google announced it will be taking crucial steps to ban any browser extensions that could potentially be targeting internet users’ digital assets.

ccn.com

15 people are talking about this

Prior to the move, the Chrome Web Store only required developers to explicitly inform users that it was a crypto mining script for such apps to be accepted. This was, however, largely ignored by developers as Google revealed earlier this year that around 90 percent of all the extensions that contained crypto mining scripts had failed to comply with the set policies.

As Google revealed at the time, identifying the offending apps was aided by machine learning:

“We’ve recently taken a number of steps toward improved extension security with the launch of out-of-process iframes, the removal of inline installation, and significant advancements in our ability to detect and block malicious extensions using machine learning.”

This post credited to ccn Image from Shutterstock

Hackers are illegally generating Monero, Bitcoin and other cryptocurrencies by exploiting a software flaw that was leaked from the U.S. government, according to new research, raising questions about the security of one of the fastest-growing corners of financial markets.

Detected cases of illicit cryptocurrency mining — the digital equivalent of minting money — have surged 459 percent in 2018 compared to last year, Cyber Threat Alliance said in a report released Wednesday.

The spike is tied to the 2017 leak of Eternal Blue, a tool to exploit vulnerabilities in outdated Microsoft Systems software. When the tool became known, it tipped hackers to a previously unknown flaw in the software, now the basis of some hackers’ efforts to commandeer computing power of others to generate digital currency.

As of July this year, 85 percent of all illicit cryptocurrency mining has targeted Monero, according to the report. Bitcoin made up about 8 percent, while other cryptocurrencies accounted for 7 percent.

Hackers can “sit back and watch the money roll in,” said Neil Jenkins, chief analytic officer of Cyber Threat Alliance, a group formed in 2014 by a consortium of cyber-security firms to share intelligence about cyber-threats. While the hacks are occurring across the globe, a significant portion are in the U.S., he added.

Bitcoin and other cryptocurrencies are generated through a process of solving complex mathematical equations, which requires significant computing power. Most users and investors lack the means to create, or mine, cryptocurrency and simply buy it from an online exchange. When hackers illicitly generate currency using others’ computers, it creates free money for them and could erode the overall value of the currency by increasing its supply.

Eternal Blue was allegedly stolen from the National Security Agency and leaked last year in an unsolved breach by a hacking group that calls itself the Shadow Brokers. The group has repeatedly released tools from that breach.

The code gained notoriety when Russia and North Korea used it in massive attacks. In the first instance, known as WannaCryNorth Korean hackers shut down computers in dozens of countries, including Britain, where hospitals were hit. In the second, known as NotPetya, Russia used Eternal Blue to hack computers at companies including Denmark’s A.P. Moller-Maersk A/S, leading to billions of dollars of damage, according to the White House.

“A security update was released in March 2017. Customers who applied the update are protected,” Jeff Jones, a senior director at Microsoft Corp., said in a statement.

The NSA declined a request for comment.

“The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals,” according to the report. And the “rapid growth shows no signs of slowing down.”

 

This post credited to bloomberg  Image source: Bloomberg 

Firefox will block cryptojacking malware in future versions of its web browser, according to an announcement August 30.

The move comes as part of an anti-tracking initiative expected to be implemented over the next few months. In the announcement, Firefox cites a study by browser extension Ghostery, stating that 55.4 percent of the total time required to load an average website is spent loading third party trackers.

Future versions of Firefox will reportedly block such practices as cryptomining scripts that “silently mine cryptocurrencies” on users’ devices by default. By blocking tracking and offering a “clear set of controls,” Firefox is looking to provide its users more choice over what data they share with websites.

Back in 2016, Mozilla, the company behind Firefox browser, implementedpractices encouraging users to take care of their online privacy and security in an ongoing shift towards data encryption. Firefox reportedly was going to block connections to HTTPS secure servers employing weak encryption and establish a minimum of 1023 bits for TLS handshakes using Diffie-Hellman keys.

Another major web browser, Opera, included anti-crypto mining in their integrated ad-blocker for desktop in December last year. Later in January, the company announced plans to add the feature to their mobile browser as well.

This month, Opera announced the launch of its desktop web browser with built-in crypto wallet functionality. As with the mobile app, the desktop client will support tokens as well as digital collectibles, with product lead of Opera Crypto Charles Hamel commenting that browser integration represents a further step in “making cryptocurrencies and Web 3.0. mainstream.”

 

This post credited to cointelegraph  Image source: cointelegraph

The concept of ‘Security Tokens’ has been a subject of debate and controversy since they came to prominence . How have they changed since they were first introduced, and where might they be heading next?

Futures, and “All Coins are Securities”

This was around Winter 2017 – 2018. The same time when the Securities and Exchange Commission (SEC) in the USA began focusing their attention on this new and previously unregulated form of cash. Before many other national, government authorities worldwide decided to follow suit.

It was also around the same time when the first ‘bitcoin futures’ contracts were launched and sold by enterprising new and existing firms – with the SEC ruling creating a significant space for traditional investment and old-money to pour into the market.

The opening of crypto-futures arguably exacerbated the pressure on cryptocurrencies which resulted from prying government eyes.

The Two Tokens: Securities & Utilities

Since those early days of regulation in the West, cryptocurrencies have eventually dichotomized into: ‘security tokens’ and ‘utility tokens’.

The definitions used by coin creators and the communities can be flexible, with many fundraisers opting to class their coins as ‘utilities’ to avoid potential additional legal / administrative repercussions – however the most commonly accepted definition is that:

  1. ‘Securities’ are asset backed tokens (AKA fungible, often equivalent to a real-world asset).
  2. ‘Utilities’ are functional assets within the blockchain project in question’s eco-system whose value is based in more abstract terms.

At present, the SEC has declared few tokens as being officially classed as utilities rather than securities and are thus not subject to laws pertinent to traditional securities. Two of these are Bitcoin and Ethereum.

Independent Standards Agencies?

Some companies, such as Luxembourg based Tokeny were able to establish their headquarters in a pro-crypto country in the first place, regardless of their seasoned – international leaders.

This team includes CEO and founder Luc Falempin: supported by a diverse team of executives coming from traditional financial services, as well as global roles in software and IT service companies like IBM and Syniverse.

Tokeny hails itself as “The end-to-end platform to issue, manage and trade Utility and Security tokens” significantly cutting down on needs for otherwise unneccessary intermediaries.

The organisation advertises its proprietary approval program entitled SICOP (AKA The Sustainable Initial Coin Offering Protocol): a standards and regulation process for ICOs and STOs which is independent of government intervention.

Havens: Not Just for Taxes, But Cryptos Too!

If you’ve read some of my writing on CCN or our sister site Hacked.com, you may notice a running theme of discussion surrounding security concerns and government regulations.

This is in addition to the role which many international ‘crypto-havens’ play as independent advocates of cryptocurrencies on the world stage. One example is the ways in which such financially liberal (and often nation-state) countries play in facilitating innovation and business migration from stricter countries.

DSTOQ made its way to the news recently in-part due to being ‘the first fully-licensed cryptocurrency’ – as issued by the tax-haven government of Vanuatu. Also notable was the recent and unexpected surprise public reveal / launch of the company itself and MVP.

The company’s decision to acquire official legislative backing through the ‘Commonwealth of Nations’ member country is a means of bypassing the strict legislation put in place by agencies such as the USA’s SEC.

It also prevents them from allowing investment from citizens of the USA; meaning that they are focusing their efforts in Europe to begin with. A decision which potentially reflects a smaller-scale crypto-flight from the USA – as seen with China.

Binance conversely has been noted for their relocation and international expansion outside of their native China: with various regional offices across South-East Asia, including Japan.

Blue-Chip Big Dogs

World-class asset management firms such as BlackRockMorgan Stanley and Goldman Sachs have been admitting interest repeatedly in potentially implementing crypto investments into their business roadmaps. The same can be said for market leaders in other sectors, such as tech giants like IBM.

According to Sonali Basak of Bloomberg,

“Wall Street’s money managers are in an arms race for technology that will help them gain market share,”

This only further proves the importance of opening as many methods for investment to traditional / old-money as possible.

It also reveals the forthcoming generation of standard creators / bearers as potentially being those current market leaders who are successful in adapting blockchain to the needs of themselves and the general customers and users.

These companies’ likelihood of dominating the discussion would come due to their economic and industry influence and experience, putting potential independent attempts to waste.

Governments and Securities

The SEC has been fickle with their outlook on various cryptocurrencies – starting their public announcements with an aggressive tone regarding all tokens as-of-then being unregulated.

They backed up their bark with a series of bites which came in the form of crackdown operations against crypto companies in the country which had been suspected of carrying out fraudulent actions.

On a positive note, the government financial authority has also been establishing strong relationships with various blockchain companies who are willing to play ball with the recently created, developing ground rules.

This move hasn’t convinced everybody – and US based or US citizen targeted ICO fundraising campaigns are all-but-strictly forbidden under current rulings.

This post credited to ccn Image source: Shutterstock.

Cybersecurity company Trend Micro has revealed that between January and July 2018, its researchers detected unauthorized crypto mining attacks – also known as ‘cryptojacking’ – at a rate nearly 1000 percent higher than in the second half of 2017. The information was revealed in the company’s H1 2018 report titled “Unseen Threats, Imminent Losses.”

From Malware to Cryptojacking

One significant insight contained in the report is that cybercriminals who previously favored the use of malware and ransomware to shake down their victims are increasingly looking toward digital coin mining as a new frontier.

Explaining the new threat, an excerpt from the Trends Micro report reads:

“Throughout the next few months, we also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. These damaging threats — from the miners that quietly leech power from victims’ devices to the dangerous vulnerabilities that leave machines open to covert attacks — split limited security resources and divide the focus of IT administrators.”

A cryptojacking attack, while often escaping detection by network security personnel and users can have debilitating consequences for a network or computer equipment such as increased response time and extreme lags, physical degradation of hardware due to increased workload and overheating, and power usage spikes.

The attack is quite devastating because it makes use of a computer system’s graphics processing capability instead of its processor, which slows down a system’s operating speed with serious effects, particularly for an enterprise level computer operation.

The report states that as predicted in 2017, detection of cryptojacking incidents and attempts has increased twofold, and more pertinently, it continues to expand as cybercriminals increasingly see a future in digital currency crime. According to the report, not only is the number of incidents going up, but the number of cryptojacking malware families is also increasing, which shows that bad actors are investing considerable amounts of time and resources in developing cryptojacking as a new area of criminal enterprise.

Breakdown and Statistics

The security roundup reveals that between January and July 2017, Trend Micro’s researchers documented a 141 percent increase in unauthorized crypto miningincidents. Over the same period, they also found 47 new cryptojacking malware families as hackers evolved and changed their mode of operation.

Strategies used for gaining access to systems to mine crypto included inserting malvertising into Google’s DoubleClick ad program, injecting infected advertisements into websites, deploying Adware downloader ICLoader, and even uploading mining script to AOL’s ad platform.

Over the course of 2018, there have been several reports of cryptojacking incidents affecting hundreds of websites including government websites and high profile platforms by cybercriminals mining Monero. Monero generally remains the cryptocurrency of choice for crypto jackers because it offers almost total anonymity as well as market liquidity.

It is challenging catching crypto jackers by tracing Monero wallet funds. This is because they use crypto blending services to launder their crypto funds before withdrawing them. To avoid becoming victims of cryptojacking, it is recommended that network security administrators should regularly look out for power usage spikes, unusual power usage patterns or other unauthorized activity on their networks.

 

This post credited to Coinjournal   Image source: coinjournal

Japanese cryptocurrency platform Coincheck has taken another step towards repairing its reputation – devastated in January by the biggest exchange hack in history.

The exchange, which was taken over by the Monex Group in April this year, has decided to beef up its security system with a two-step authentication system.

Coincheck issued a notice to all customers stating that all logins will now need to be made via Google Authenticator and SMS (text message) authentication – as part of updates that will be made applicable to web logins and app users. The changes will be enforced via a new update, which will be compulsory to all users as of September 3.

The exchange has been hoping to rebuild consumer confidence and restore its reputation with the regulatory Financial Services Agency by bolstering its security network, as well as cooperating with self-imposed bans on “anonymous” tokens and limiting margin trading.

Coincheck also yesterday resumed trading in the Lisk (LSK) cryptocurrency, per a company tweet, two days after suspending LSK transactions due to the launch of the Lisk mainnet. LSK developers have claimed the launch was a success, and a number of other Japanese exchanges – including market leader bitFlyer – also took to Twitter to announce they were resuming LSK withdrawals and deposits on August 30.

Meanwhile, Monex Group, the new owner Coincheck, said in May that it also plans to expand its operations to the United States.

“We can broaden our customer base at Coincheck. In the end, we should and we can replicate the profitability [the previous owners] achieved before,” Monex CEO Oki Matsumoto said.

For the 12-month period through March 2017 Coincheck generated JPY 980 million (USD 8.8 million) in revenue and JPY 471 million in net income from its core business. Also, the company made JPY 76.3 billion from the sale of investments in cryptocurrencies.

Monex has acquired Coincheck for a total of 3.6 billion yen (USD 32 million). The buyer has also agreed to split profits with former shareholders for the next three years. Founding president Koichiro Wada, who owned a 45% stake in the company, and chief operating officer Yusuke Otsuka (5.5% of the shares), as well as the rest of Coincheck’s management, step down as part of the deal.

 

This post is credited to cryptonews  Image source: iStock/Rawpixel