Singapore’s UniPass Plays Role in ERC-4337 Vulnerability Fix

Recent reports from local media outlets indicate that Indonesian authorities have conducted raids on crypto mining sites, accusing them of illicitly siphoning electricity from the utility poles of the state-owned electricity company. The government’s intervention comes as part of a broader effort to address energy theft and regulate the cryptocurrency mining industry in the country.Photo by Fré Sonneveld on UnsplashTen mining sites raidedOfficials from the state-owned electricity company PLN highlighted the importance of coordinated efforts in exposing the unauthorized mining operations that were tapping into the national grid without approval. According to the reports, the ten illegal bitcoin mining sites which were raided incurred a financial loss of approximately 1.4 billion Indonesian rupees, equivalent to $100,000 for the state. The impact of energy theft extended beyond financial concerns, raising environmental and community-related concerns. Local students, alarmed by the potential consequences, urged PLN and regional police to investigate the mining operations. Subsequent action revealed that the theft was indeed taking place, prompting PLN officers from the Bukit Barisan Customer Service Implementation Unit (UP3) to conduct a raid. However, the officers faced threats and resistance, leading to a close coordination between PLN and the North Sumatra Regional Police. The raid uncovered a total of 1,300 bitcoin mining machines engaged in illegal operations, with each machine consuming a substantial 1,800 watts of electricity. Inspector General Agung Effendi, the North Sumatra Police Chief, disclosed that the illicit activities had been ongoing for an estimated six months, resulting in the arrest of 26 individuals across the ten locations.PLN reassured stakeholders of continued collaboration with the police to prevent further electricity theft and safeguard the national grid from such unauthorized activities. Worldwide concernThe incident in Indonesia reflects a global concern over the energy consumption of cryptocurrency mining operations generally, but also with regard to illegal activity. In recent years, the environmental impact of these operations has become a focal point in public policy debates, with climate activists emphasizing the harm caused. Government officials, on the other hand, express concerns about the potential disruption to the total distribution network if not properly regulated. In September, neighboring Malaysia identified illegal crypto mining activities in the state of Sarawak as the reason for recurrent power disruption. Meanwhile, in Singapore in August, authorities uncovered a crypto mining scam that cheated investors out of $1.3 million dollars. Indonesia joins other countries that have conducted raids on crypto mining operations accused of running large-scale, unregistered facilities. Malaysia has witnessed multiple arrests related to digital asset mines, while in Venezuela, authorities seized bitcoin machines and weapons from a recaptured prison controlled by a criminal gang. Legitimate mining potentialNotably, this marks the first such incident in Indonesia, and energy theft charges in the country are punishable by up to five years in prison or 200% of the stolen energy’s value. Despite these problems, Indonesia also understands the opportunity that exists where legal bitcoin mining is carried out. In May, Ridwan Kamil, Governor of the province of West Java, participated in a fireside chat titled “The Indonesia Bitcoin Mining Campaign.” During that event, Governor Kamil recognized the potential that bitcoin mining offers Indonesia. He stated: “[Indonesia has] the second most geothermal potential in the world — more than 800 rivers with hydropower. As bitcoin allows the transformation of energy into money, bitcoin could be transformative for Indonesia.” The global trend of addressing energy consumption in crypto mining is evident in Kazakhstan, where regulators seek to limit miners’ access to the national grid unless they operate solar-powered mines. Indonesia, with its pro-crypto population, is also moving towards increased regulation, mandating all crypto exchanges to register with the Commodity Futures Exchange (CFX) to continue operations beyond August 2024.  

The crypto space continues to suffer a disproportionate share of hacks and scams that were further exacerbated on Wednesday, with Malaysian crypto data aggregator the latest to succumb to a security breach. Serving as yet another stark reminder of the persistent threats plaguing the sector, a phishing scam targeted CoinGecko's X account, leading to a brief compromise that raised concerns about the safety of user information.Photo by GuerrillaBuzz on UnsplashPhishing scamDuring this incident, hackers posted a phishing link on CoinGecko's X account, falsely advertising a token airdrop for a cryptocurrency named GCKO. The deceptive post claimed that GCKO could be used for API services, including the cryptocurrency ANKR. Swift action by CoinGecko involved the removal of the fraudulent post and a public warning urging users to avoid interacting with any suspicious links or content. In an X post, CoinGecko wrote:”Our Twitter accounts @CoinGecko and @GeckoTerminal have been compromised. We're taking immediate steps to investigate the situation and secure our accounts. Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.” Employee errorThe firm followed up with an update on Thursday, attributing the breach to a team member inadvertently clicking on a fraudulent Calendly link, granting unauthorized access to the hacker. Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko emphasized that the inadvertent click allowed unauthorized access. The compromised accounts were then exploited to disseminate misleading information and potentially engage in malicious activities. CoinGecko expressed sincere apologies for any confusion or inconvenience caused by the incident. The company reiterated its commitment to platform security and continuous improvement of internal controls, assuring users that corrective measures were promptly implemented. SEC incompetenceCoinGecko's security incident occurred within 24 hours of a similar occurrence involving the U.S. Securities and Exchange Commission (SEC). The SEC's X account was compromised, with scammers posting a false message from Chair Gary Gensler about the approval of spot bitcoin exchange-traded funds (ETFs). While CoinGecko identified a vulnerability in its security regimen, the SEC later confirmed that the breach in its case was far more basic. It was not due to infrastructure attacks but rather the lack of 2-factor authentication (2FA) tied to the SEC's account, the most basic form of operations security. Gensler and the SEC have come in for major criticism from the crypto community in the U.S. due to a policy of regulation by enforcement that has been pursued. With that, the Commission came in for swift and harsh criticism in the immediate aftermath of its X account hack. Many pointed out the irony of Gensler advising consumers to secure their accounts back in October when the SEC itself had failed to do so. Others queried who would be responsible for what some interpreted as an episode of market manipulation, something that the SEC has perennially associated the crypto markets with. During the time that the account was compromised, millions of dollars of value were liquidated in short and long trading positions. CoinGecko's quick response serves as a valuable lesson in the importance of vigilance and proactive security measures amid the growing threats facing the cryptocurrency community.

Bybit Extends Service Offering to Include LendingDubai-headquartered crypto spot and derivatives trading platform Bybit announced on Tuesday that it has expanded the range of services it offers to now also encompass crypto lending.Photo by Traxer on UnsplashHourly interestIn the announcement which has been published to the platform’s website, the company set out the nature of the Bybit Lending product. “With Bybit Lending, users can deposit their unused cryptocurrencies into Asset Pools, which will be lent out to borrowers,” the service update outlines.Expanding on the features that the new service offering brings with it, the crypto platform outlines that customers will have the ability to accrue interest on an hourly basis. That interest will be calculated at a variable rate, with a variance in the rate depending upon the level of borrowing activity. “In extreme cases where there are no borrowers at all, the interest rate could drop to 0%,” the company clarified.Low risk claimsBybit points out that “loaned assets are kept safe by Bybit’s strict risk management system, enabling you to earn returns with peace of mind.” While this is comforting to hear, it remains to be seen to what extent crypto market participants will take this statement at face value.2022 proved itself to be a graveyard for most of the leading crypto lending firms, and with that, such failures also proved to be a graveyard for the hard earned funds of retail market participants in their hundreds of thousands. Many are dubious about the integrity and sustainability of the crypto lending model, at least at a retail level.Withdrawal restrictionsBybit added that the product facilitates flexible redemptions. However, in an accompanying note, it added that the withdrawal of funds is dependent upon “ the funds in the Asset Pool [not being] fully lent out and you have not exceeded your Daily Withdrawal Limit.”It’s important to note that as many of the failed crypto lenders were getting further and further into difficulty in 2022, they added more arduous withdrawal limits and withdrawal conditions as a mechanism to stem the bleeding that was the outward flow of deposits against a backdrop of a deficit in customer funds held by these platforms.In further marketing of the product on Twitter, the company is claiming that customers can benefit from interest rates of up to 16.46%. While one could take the view that limited promotion of exceptionally high interest rates is harmless, the lesson learned from recent crypto lender failures is that such platforms were offering excessive and unsustainable interest rates as a mechanism to reel in retail deposits, only to later proceed to mismanage those funds.Competing offeringsBybit is not alone in offering this service. While a plethora of lending services exited the market via bankruptcy, exchanges such as OKX and KuCoin have their own variations on lending. OKX extends a loan facility to platform users proportionate to digital assets the user has deposited on the platform. Seychelles-based KuCoin offers a lending service across a broad spectrum of crypto assets.The intent of US based platforms Coinbase and Kraken in this regard has been retarded due to the actions of US regulators. Kraken fell foul of the Securities and Exchange Commission (SEC) relative to its staking service and paid a $30 million fine as a consequence. Meanwhile, Coinbase shelved plans to launch lending-based services in September 2021 having been warded off the idea by the SEC.