Top

Crypto vulnerability uncovered with $1B in digital asset exposure

Policy & Regulation·November 22, 2023, 3:00 AM

Security vulnerabilities in the validator infrastructure of InfStones, an established infrastructure provider, have been disclosed by Tel Aviv-headquartered cybersecurity firm dWallet Labs.

Photo by Brett Jordan on Unsplash

 

Blockchain network validator vulnerability

In a detailed Medium blog post published on Tuesday, dWallet Labs shed light on a series of vulnerabilities that, when exploited, could potentially allow attackers to gain full control, execute code and extract private keys from numerous validators on major blockchain networks. Cryptocurrencies such as ETH, BNB, SUI, APT and others were identified as at risk, with potential direct losses estimated to exceed one billion dollars.

The vulnerabilities discovered by dWallet Labs opened the door for attackers to compromise the private keys of validators across multiple blockchain networks, putting over one billion dollars of staked assets at risk. In response to the findings, InfStones, a Web3 infrastructure platform, also released a statement on Tuesday acknowledging the potential threat. However, its representative, Darko Radunovic, disputed the figures provided by dWallet Labs in a statement sent to Cointelegraph. Radunovic stated that the vulnerabilities identified in the production environment account for below 0.1% of their active nodes launched to date, emphasizing that the impact would be limited to a small fraction of their operational nodes.

According to InfStones, “237 instances were in scope, of which 212 instances were deployed for our development and testing purposes, and 25 freshly deployed instances in the production environment.”

 

Mitigating steps taken

The company detailed the immediate actions taken to mitigate the vulnerabilities, including shutting down the affected ports, as well as rotating all credentials and keys within their platform. An internal review conducted by InfStones revealed no additional adverse effects. Notwithstanding that, the company took the additional step of hiring an external security firm to audit its systems and policies.

Meanwhile, dWallet Labs Founder and CEO Omer Sadika shared his thoughts on the X platform as to how he believes such events should be handled. Sadika wrote:

”The worst way to handle a cybersecurity vulnerability is not taking responsibility and lying. We were super open and transparent with the goal of eliminating the risk to web3. My take: it’s not about whether you are fully secure or not, because no one is, it’s about how you handle it and maintain the trust with your partners and customers.”

The collaboration between dWallet Labs and InfStones sheds light on the ongoing challenges faced by the cryptocurrency industry in maintaining the security and integrity of blockchain networks. While vulnerabilities were identified and addressed, the incident underscores the importance of proactive security measures to safeguard the assets and data within the rapidly evolving landscape of digital assets.

More to Read
View All
Policy & Regulation·

Dec 19, 2023

Palau proceeds with Ripple to Phase 2 of PSC currency program launch

Palau proceeds with Ripple to Phase 2 of PSC currency program launchThe Ministry of Finance of Palau has officially initiated the second phase of its Palau Stablecoin (PSC) program, a move aimed at expanding the digital ecosystem and enhancing user engagement.The launch was confirmed by Jay Hunter Anson, a cybersecurity consultant in Palau and adviser to the Ministry of Finance. Taking to the X social media platform on Friday, Anson outlined that “the Republic of Palau Ministry of #Finance seeks to expand accessibility and user participation, reaching a wider audience through educational initiatives.”PSC is a digital currency issued and managed by the Palau Ministry of Finance. It’s pegged to the United States dollar and operates on Ripple’s XRP Ledger. It first emerged that the authorities in Palau were collaborating with Ripple on this project back in July.Photo by Kurt Cotoaga on UnsplashBuilding on phase 1 successIn this next phase, Palau seeks to extend its collaboration with Ripple, leveraging Ripple’s central bank digital currency (CBDC) platform and technical expertise.The Ministry of Finance in Palau had previously announced the success of the first phase of the PSC program earlier this month. This initial three-month phase involved 168 volunteers from government employees who received 100 PSC each to use at local retailers participating in the program. Payments were made through mobile phones by scanning a QR code, and both retailers and volunteers provided positive feedback about their experience with the digital currency.Anson highlighted that the focus of the second phase of the PSC pilot program includes establishing new collaborations for marketing and sustainable development goals. Furthermore, the program prioritizes the development of a digital ecosystem and increased user engagement, with a strong emphasis on regulatory compliance.Anthony Welfare, CBDC Strategic Adviser at Ripple, shared his insights on the launch of the PSC pilot program’s second phase via social media. He underscored the advantages of blockchain-based digital currency, citing reduced transaction fees and the potential to address the environmental impact of money circulation. However, Welfare also acknowledged specific challenges, including the complexity of moving traditional currencies across Palau’s 340 islands and the high mobile data costs in the country.Welfare pointed out a notable feature of PSC, emphasizing that Palau residents can conduct offline transactions using this blockchain-based digital currency, even during power outages.Agile technological adoptionEarlier this month Ripple President Monica Long was featured by the New York Times in an article where she set out expectations for 2024. Long articulated that she believes that “people cannot maintain their faith in a financial system that relies on systems built decades ago to move money.”With the rise of cryptocurrency and blockchain technologies, it’s clear that our financial rails can and will be internet-native, in turn bringing greater accessibility and affordability to financial services for everyone,” Long added.Smaller nations like the Micronesian Republic of Palau have been more nimble in adjusting to the changes that Long refers to. This PSC stablecoin project demonstrates that reality.Palau is not alone. It emerged a few weeks ago that the Solomon Islands had entered into a collaboration with Japanese blockchain technology firm Soramitsu. As part of that project, a CBDC named Bokolo Cash has been unveiled as a proof of concept.

news
Policy & Regulation·

Dec 04, 2025

U.S. seizes web domains tied to Burma-based crypto investment fraud ring

The U.S. Department of Justice said on Dec. 2 that it had seized the web domain tickmilleas.com, which was used to facilitate cryptocurrency investment fraud (CIF) schemes, adding to two others seized last month as part of actions against the same Burma-based network. According to the announcement, the domains were operated by scammers based in Kyaukhat, Burma, who presented the site as a legitimate investment platform in order to solicit deposits from victims.Photo by Markus Spiske on UnsplashPromises of high returns as baitVictims who reported the activity to the Federal Bureau of Investigation (FBI) indicated that the recently seized website displayed fabricated investment returns and showed purported deposits credited to their online accounts. These figures appeared during guided walkthroughs of falsified trades, creating the appearance of a functioning platform. The Justice Department said the domain seizures are among the first actions taken since it established its first district-level CIF strike force, known as the Scam Center Strike Force, three weeks earlier. The unit operates under the U.S. Attorney’s Office for the District of Columbia. According to the DOJ, the group behind the scheme is known as the Tai Chang scam compound. The network is described as being affiliated with the Democratic Karen Benevolent Army (DKBA) in Burma, Trans Asia International Holding Group Thailand Company Limited, and other entities. The U.S. Treasury listed these parties as specially designated nationals on Nov. 12, citing their ties to Chinese organized crime and their involvement in developing scam hubs across Southeast Asia. Russia probes crypto briberyWhile the U.S. case focused on fraud targeting individual investors, a separate development in Russia involved alleged corruption tied to cryptocurrency. DL News, citing a local media report, said Russian prosecutors are seeking to seize a portfolio of luxury assets linked to Georgy Satyukov, a fugitive former employee of the Ministry of Internal Affairs, after investigators concluded he had accepted illicit payments in Bitcoin and Ethereum, described as the world’s largest cryptocurrencies. Russian authorities allege that between March and October 2021, Satyukov received $184 million in Bitcoin and $30 million in Ethereum from operators of the failed WEX crypto exchange in return for shielding them from a criminal investigation. WEX had taken over the operations of the BTC-e trading platform in 2017. Investigators say Satyukov liquidated much of his cryptocurrency holdings and used the proceeds to purchase residential and commercial properties in several cities, as well as high-end cars, luxury watches, and jewelry. They have identified $29.6 million in assets believed to be linked to the alleged bribes, which could be transferred to the Federal Treasury if prosecutors win a conviction. The U.S. domain seizures and the separate corruption investigation in Russia illustrate the varied ways cryptocurrency has been implicated in recent criminal cases. Both developments underscore the continued attention authorities are giving to the risks surrounding digital assets. 

news
Web3 & Enterprise·

Jan 05, 2024

Ethereum Foundation targets Asian expansion with Bangkok set for Devcon 7

The Ethereum Foundation is set to make a significant impact on the Southeast Asian Ethereum community as it announces Bangkok as the location for Devcon 7.Photo by Viktor Forgacs on UnsplashFocusing on Southeast AsiaThe Ethereum developer conference will be held in the Thai capital from Nov. 12 to 15. The decision signifies a broadened vision for the event, shifting from a city-focused approach to embracing the entire Southeast Asia region as the backdrop for this community gathering. To underscore the Foundation’s intent, it has renamed the event from Devcon 7 to "Devcon Southeast Asia." Expressing enthusiasm about the potential and rapid growth of the Ethereum community in Southeast Asia, the Ethereum Foundation sees the scheduling of Devcon 7 for 2024 as an opportunity to deeply engage with local communities, providing meaningful support and empowerment. This shift aims to make Devcon 7 a more inclusive and regionally focused event, aptly named "Devcon Southeast Asia" to highlight its broader reach and impact. There has already been a positive reaction from crypto community members in the region in response to the choice of Bangkok for the conference. Navaporn Nalita, the founder of Crypto City Connext in Thailand wrote that “Bangkok's collaborative ecosystem, welcomes Devcon 2024 with open arms (and open blockchains)! Thailand's vibrant dev scene is primed to ignite alongside the world's brightest minds.” In short order, community builders have been looking to make the most out of the opportunity. Aligning with crypto growth potentialAccording to the blog post published by the Ethereum Foundation outlining the announcement, the choice of Bangkok as the host city aligns with the region's crypto adoption growth. Countries like Vietnam, the Philippines, Indonesia and Thailand have shown remarkable positions in the Global Crypto Adoption Index, underscoring the pivotal role of Southeast Asia in the global Ethereum landscape. To support Ethereum events, grassroots communities and educational initiatives in Southeast Asia, the Ethereum Foundation (EF) initiated the Road to Devcon (RTD) Grants round on June 29. This grant round is specifically aimed at individuals in Southeast Asia actively building communities, developing educational activities, and contributing to the growth of the Ethereum ecosystem. Encouraging smaller meet-ups over large events, the EF set the maximum grant at $1,000. The initiative aims to empower the Southeast Asian Ethereum community by providing support along the Road to Devcon. In a recent Chainalysis research report, Vietnam has emerged as the leader in cryptocurrency adoption within Southeast Asia, claiming the top spot in the region and ranking third globally in the Global Crypto Adoption Index for 2023. This index considers transaction volumes, protocols, web traffic patterns and factors like population size and purchasing power. The competition among Southeast Asian countries to establish themselves as crypto hubs is evident. Each nation adopts different regulatory approaches, with Singapore and Thailand implementing stricter measures. There has been a steady stream of Ethereum developer-centric conferences in recent years. 2022 featured EthDenver, Avax Barcelona, Devconnect Amsterdam, Devcon Bogota and EthSF (San Francisco). EthDenver, EthCC Paris and Devconnect Istanbul followed in 2023. As Devcon Southeast Asia approaches, the Ethereum Foundation anticipates fostering deeper connections and collaboration in this vibrant and evolving ecosystem. 

news
Loading