KITC Cooperates with Buysell Standards to Develop Security Token Products in Korea

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly issued an advisory to raise awareness about the escalating use of cryptocurrency drainers in cyberattacks. The advisory aims to inform citizens about the threat and provide recommendations to protect against such attacks, with a specific emphasis on utilizing hardware wallets for enhanced security. Cryptocurrency drainers represent a form of malware that specifically targets crypto wallets. These malicious tools are often employed in phishing attacks to illicitly extract funds from users' wallets without proper authorization.Photo by Junrui Wu on UnsplashDrainer-as-a-service threatOf particular concern are commercial crypto draining kits, which empower less experienced cyber-criminals with sophisticated malware at no upfront costs. Operating on a drainer-as-a-service (DaaS) model, attackers share a predetermined percentage of the stolen funds with the service provider. The SPF and CSA underscored that crypto-drainer-related attacks typically originate from phishing campaigns. These campaigns commonly involve infiltrating verified social media accounts or dispatching fraudulent emails to users from compromised databases of major service providers. Unsuspecting victims who click on phishing links are redirected to counterfeit trading websites that prompt them to connect their Web3 wallets. Subsequently, a malicious smart contract is injected into the victim's system, enabling hackers to withdraw funds without additional authorization. MS Drainer and Inferno DrainerWhile no such attacks have been reported in Singapore to date specifically, the advisory acknowledges the rising recognition of this threat among hackers. Notably, an off-the-shelf crypto drainer called MS Drainer contributed to hackers stealing $59 million worth of cryptocurrency in 2023. Last month, Singapore-based cyber security firm Group-IB produced a report concerning the Inferno Drainer operation. According to the company’s research, the malware operation led to the theft of $80 million in digital assets globally, until the developers behind it shut it down last November. In December, the Pink Drainer hacking group notched up another victim, to the tune of $4.4 million in LINK tokens. Last week blockchain security firm Scam Sniffer reported that $10 million in digital assets had been stolen in phishing-related incidents over the course of just five days. Hardware walletsTo counteract these threats, Singapore authorities recommend the use of hardware wallets as a security measure against wallet drainer attacks. Additionally, the advisory instructs crypto investors to conduct thorough research before engaging with cryptocurrency services or platforms. Singaporeans are encouraged to report any suspicious incidents related to crypto drainers or phishing attacks to both relevant authorities and crypto service providers. In the event of a security breach, victims are urged to revoke any suspicious token approvals and promptly transfer their remaining funds to a different, secure wallet address to prevent further losses. This proactive approach aims to empower individuals with the knowledge and tools needed to navigate the risks associated with crypto drainers and foster cybersecurity awareness within the cryptocurrency ecosystem. As the threat landscape evolves relative to digital assets, this advisory serves as a valuable resource to educate citizens about the risks posed by crypto drainers.  

Korean Financial Watchdog: Investor Protection Boosts Crypto MarketLee Bok-hyun, Governor of the South Korean Financial Supervisory Service (FSS), addressed the issue of investor protection measures in the cryptocurrency market during his speech at the fourth Blockchain Leaders’ Club in Seoul. According to a report by local news agency News1, Governor Lee emphasized that these measures would not hinder the market but instead establish a positive cycle by increasing market confidence and driving industry growth.Photo by Joshua Miranda on PexelsCrypto user protectionTo underscore the importance of safeguarding users in the crypto industry, Governor Lee referred to recent incidents such as the collapse of stablecoin Terra and the failures of Silvergate and Silicon Valley Bank. He highlighted how these examples demonstrate the need for protective measures as the influence of the crypto market extends beyond the financial sector and impacts the real economy.Governor Lee further emphasized the FSS’s commitment to maintaining ongoing communication with the crypto industry and adapting the regulatory system to accommodate the changing landscape. He stated that the FSS would assist the industry in establishing its own self-regulatory system, which includes monitoring suspicious transactions and transparent procedures for virtual asset listing. Additionally, the FSS plans to collaborate with industry insiders to prevent misunderstandings when formulating relevant rules and regulations.Governor Lee also touched on the Virtual Asset User Protection Bill, stating that he expects to see the final draft this summer as it is currently undergoing a legislative process in the National Assembly. He highlighted the government’s commitment to improving market order and minimizing investor losses before the law’s implementation. The government is taking a “same risks, same regulation” approach to prevent regulatory arbitrage and establish effective monitoring systems for virtual asset transactions and on-chain data.Unfamiliar but importantMeanwhile, Lee Yong-woo, a member of the opposition Democratic Party of Korea (DPK), echoed the importance of establishing and improving a regulatory framework for the cryptocurrency industry. He drew parallels between the current situation and the dot-com bubble era, emphasizing the significance of not disregarding the potential of the crypto market due to unfamiliarity.Communication channelLawmaker Lee expressed hope that the Blockchain Leaders’ Club would contribute to shaping a stable crypto market by providing opportunities to listen to the opinions of market participants, which can then be reflected in managing and revising laws and regulations.Today’s event, hosted by News1, saw the gathering of lawmakers, government officials, crypto industry leaders, and academics. Among the participants were People Power Party Lawmaker Yun Chang-hyun, the top executives of the five major Korean crypto exchanges (Upbit, Bithumb, Coinone, Korbit, and Gopax), and the CEO of blockchain gaming company Wemade.

Hot Wallet Exploit Results in $23M Bitrue LossBitrue, a Singapore-based crypto exchange, has fallen prey to a $23 million hack due to a hot wallet exploit. The exchange has been forced to suspend all withdrawals until April 18, to provide an opportunity to conduct a thorough security review.©Pexels/Karolina GrabowskaHot wallet vulnerabilityHot wallets are used by exchanges to store small amounts of cryptocurrencies for easy access. These wallets are connected to the internet and are therefore more vulnerable to attacks compared to cold wallets, which are stored offline. In the case of Bitrue, hackers were able to exploit the hot wallet and steal cryptocurrencies worth $23 million.In a series of Twitter posts, the exchange outlined that the exploit occurred at 07:18 (UTC) on Friday. “We were able to address the matter quickly and prevented the further exploit of funds”, it went on to state.The stolen digital assets include ETH, QNT, GALA, SHIB, HOT and MATIC. Bitrue outlined that the hot wallet funds account for only 5% of overall funds and that the rest of its wallets remain secure and have not been compromised.Blockchain security firm PeckShield outlined how the funds were swapped and drained. A wallet it has labeled as “Bitrue drainer” swapped 173,000 QNT, 22.55 billion SHIB tokens, 46.4 million GALA and 310,000 MATIC for 8,540 ETH. The ether is now being held within the following address:0x1819EDe3B8411EbC613F3603813Bf42aE09bA5A5Reimbursing usersIn response to the hack, Bitrue has promised to reimburse all affected users. However, the process could take some time.The incident underscores the importance of taking precautions when storing cryptocurrencies on exchanges. Users should only keep a minimal amount of cryptocurrencies on an exchange and should not store more than they can afford to lose. Ongoing exploits, hacks and frauds exemplify the need for users to only use reputable platforms with a proven track record of security.Doubling down on securityBitrue has promised to improve its security measures to prevent similar incidents from occurring in the future. The exchange’s response to the hack has been lauded by many in the cryptocurrency community, who have praised the company’s transparency and commitment to reimbursing affected users.The cryptocurrency community has been vocal in its criticism of exchanges that fail to prioritize security. The Bitrue hack is just the latest in a series of incidents that have highlighted the importance of maintaining security in the world of cryptocurrency.It’s not the first security breach that the exchange has encountered. In 2019 Bitrue suffered a $4.7 million loss, with quantities of both XRP and Cardano (ADA) having been stolen. On that occasion, the exchange released tracking details relative to the stolen funds. Thanks to collaboration with Huobi, Bittrex and ChangeNOW, the funds and associated accounts were frozen.According to data from CoinGecko, Bitrue trades an average of $1 billion in digital assets daily, with bitcoin and ether trading pairs accounting for a large proportion of that trading volume. The Bitrue hack has been a wake-up call for the cryptocurrency community and serves as a reminder of the ongoing risks associated with storing cryptocurrencies on exchanges.