Crypto enthusiasm prevails in China despite crypto trading prohibition

Wemade joins hands with Dubai Chambers to expand Web3 and gaming endeavors in Middle EastSouth Korean blockchain gaming publisher Wemade has partnered with the Dubai Chambers to support each other’s objectives for making advancements in the Web3 and gaming sphere.Photo by Kent Tupas on UnsplashTheir commitments were exchanged when Wemade CEO Henry Chang met with Mohammad Ali Rashed Lootah, the President and CEO of the Dubai Chambers, during his trip to the United Arab Emirates this week for this year’s Abu Dhabi Finance Week and the Fortune Global Forum, according to industry sources on Tuesday (KST).The Dubai Chambers of the UAE is a non-profit public agency that plays a central role in creating an environment for businesses in Dubai to thrive, thus bolstering the business landscape. It is divided into three sectors — commerce, international and digital economy.A strategic allianceDuring the meeting, the Dubai Chambers pledged to support Wemade’s business expansion in the Middle East region by helping the company establish networks with local organizations and companies. It also vowed to facilitate active exchange between Wemade and the Dubai Chambers’ overseas offices in 27 countries. In turn, Wemade stated that it would strengthen its local business capabilities to contribute to the growth of Dubai’s gaming and Web3 industries.“Dubai is one of the most dynamic regions leading the next-generation gaming industry, and the role of the Dubai Chambers is crucial. Wemade will actively support Dubai’s gaming industry initiatives with the experience and technical expertise that we have accumulated over the years,” Chang said. Lootah also expressed his anticipation for the partnership, reaffirming Dubai’s commitment to fostering a tech-savvy ecosystem.Earlier this month, Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, the Crown Prince of Dubai, announced a new vision to grow Dubai into one of the top ten cities for gaming in the world by creating 30,000 new jobs and increasing GDP by $1 billion by 2033.Strengthening tiesChang and Lootah’s meeting is the latest development in the budding business relationship between Wemade and the UAE. Previously, a delegation from the Dubai Chambers visited South Korea in September, during which it visited Wemade’s headquarters. Wemade also opened an office in Abu Dhabi earlier this year.

Kaspersky Says Crypto Phishing on the Rise in the PhilippinesThe Philippines witnessed a significant increase in detected cryptocurrency-related attacks last year while Vietnam recorded the highest level in Southeast Asia, according to cybersecurity firm Kaspersky.Photo by Markus Spiske on UnsplashEase of crypto accessVietnam topped the list with over 64,000 detections. Meanwhile, the Philippines recorded 24,737 cases of crypto-phishing attacks in 2022, up from 9,164 cases in 2021, making it the second-highest number in Southeast Asia.Adrian Hia, Managing Director for Asia Pacific at Kaspersky, attributed the rise to the ease of accessing cryptocurrency in the Philippines. He explained that as users increasingly turn to mobile devices, they are inadvertently exposing themselves to potential breaches, as malware can be installed through various touch points.Research published by Malaysian crypto data aggregator, CoinGecko, earlier this month, also points to the Philippines as having the second highest level of interest in crypto in Southeast Asia, after Singapore.Targeting popular platformsCybercriminals commonly target accounts of popular online gaming platforms and crypto wallets using advanced stealers or “stalkerware” that allow them to spy on individuals through their mobile devices, Kaspersky stated. The firm’s monitoring data revealed that malware is spreading through legitimate channels such as official marketplaces and advertisements in popular apps.Across Southeast Asia, the total number of crypto-phishing detections decreased to 147,649 in 2022 from 164,330 in 2021, according to Kaspersky. However, only Singapore (down 74%), Thailand (down 51%), and Vietnam (down 15%) observed declines in detections. Besides the Philippines, crypto-related attacks also increased in Indonesia (from 19,584 in 2021 to 24,642 in 2022) and Malaysia (from 16,071 to 16,767).Kaspersky discovered an average of 400,003 new malicious files per day in 2022, representing an increase of 20,000 files per day compared to the previous year. Hia emphasized that scammers are relentless in their efforts to steal cryptocurrency due to its increasing popularity and adoption, particularly in Southeast Asia. He urged cryptocurrency adopters in the region to stay informed about the latest tricks used by crypto phishers to protect their digital assets.Email-based attacksRoman Dedenok, a spam analysis expert at Kaspersky, revealed that crypto phishers often employ email-based attacks to target crypto users. He explained that scammers entice victims with the prospect of participating in a cryptocurrency giveaway, offering popular digital assets such as Bitcoin, Ethereum, Litecoin, Tron, or Ripple.The scammers provide a three-point guide to claim the free cryptocurrency along with a link to the “promotion” website. Clicking on the link leads users to a phishing site where they are prompted to specify the wallet to which they want the funds transferred.In response to the growing cybersecurity concerns, Kaspersky is engaging in discussions with government institutions worldwide. In the Philippines, while the central bank does not directly regulate cryptocurrency, it has established guidelines for virtual asset service providers. The Chairman of the Securities and Exchange Commission (SEC) in the Philippines, Emilio Aquino, recently delayed publication of a regulatory framework for crypto, on the basis of having “to make sure people don’t get burned.”Entities involved with virtual assets are required to obtain a license from the Bangko Sentral ng Pilipinas, the central bank of the Philippines, to comply with regulations.

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.