Crypto.com moves to further global reach with Hong Kong license application

HeyBit to Cease Virtual Asset Deposit Services in OctoberSouth Korean centralized finance (CeFi) company HeyBit announced on Monday that it will terminate its virtual asset deposit service, Harvest, on October 2 in line with regulatory guidelines.Photo by Andre Taissin on UnsplashRegulatory limitations“Although we have made efforts to pay promised returns and provide stable digital asset investment products, we have ultimately decided to terminate the Harvest service in accordance with the policy guidelines of regulatory authorities,” the company said in a statement.It further emphasized that the service termination is solely due to regulatory restrictions, rather than questions of financial integrity or credit issues, while also citing its judgment call that running a deposit business is practically impossible at the moment.“Although some customers of other businesses have faced damages due to operational issues, the results of our due diligence report for the second quarter of 2023 were consistent with that of our last four reports, stating that the value of the assets we own exceeds that of deposited assets,” HeyBit said, seemingly referring to the recent class-action lawsuits against the Korean crypto platforms Haru Invest and Delio, who had unexpectedly suspended customer deposits and withdrawals, inciting KRW 50 billion (approximately $39 million at the time of the incident) in damages in the process. The company stressed that it was unrelated to this debacle and was securely storing all customer assets, alleviating potential investor concerns.The company has thus been able to properly handle management operations involving promised returns, additional deposits, and withdrawals for Harvest users up until now.However, it has decided to comply with the Virtual Asset User Protection Act, which is set to take effect next year in Korea. Article 7, Paragraph 2 of this act outlines that virtual asset companies must keep their own virtual assets and customers’ virtual assets separate, and they must own the same quantity and type of virtual assets — including deposited assets — as those that have been entrusted by customers.“We are thus unable to use the assets entrusted to us by our customers as a source of return,” HeyBit said.Planned reboundDespite this setback, the company promised to resume services based on regulatory and policy changes in the future, including revamping virtual asset deposit services.

Ripple Pursues International Growth Via Dubai ExpansionThe Dubai Fintech Summit was held in the Venice of the Gulf earlier this week, bringing with it an announcement from Ripple outlining its plans to expand in the Middle Eastern location.Photo by Christoph Schulz on UnsplashResponding to the regulatory environmentRipple CEO Brad Garlinghouse was a keynote speaker at the Summit on Monday, and he took that opportunity to outline the company’s plans within the region. Immediately following his speech, Garlinghouse took to social media to confirm those plans. He tweeted out:“As I just shared on stage at #DubaiFintechSummit, @Ripple is expanding in Dubai. With 20% of our customers based in MENA and clear regulatory regimes being developed, it’s no surprise that Dubai is emerging as a key global financial hub for crypto innovation to thrive.”It’s no coincidence that at the very same event, Coinbase CEO Brian Armstrong was present alongside the company’s executive team. Armstrong also spoke at the event and the outcome of that involvement saw Coinbase too, signaling that it sees potential in setting up a regional base in the United Arab Emirates (UAE).In Coinbase’s case, it’s understood that it is considering the Emirate of Abu Dhabi as opposed to Dubai. Nonetheless, the rationale for pursuing such a move by both leading digital assets companies is the same. Both have been outspoken about the issues they have with the regulatory situation as it exists in the United States right now, relative to digital assets.Office presenceAs an initial step in that Middle East expansion, Ripple is opening an office in Dubai. The office will be located within the Dubai International Financial Centre (DFIC). In what appears like an effort to underscore the company’s official arrival in the United Arab Emirates, Ripple is holding its seventh annual customer conference in the country’s capital later this year.This week, Garlinghouse confirmed that the company’s prolonged legal battle with the Securities and Exchange Commission (SEC) in the United States is projected to cost the company a whopping $200 million. The Biden administration is using all the major financial agencies in the US to clamp down on the sector. It’s little wonder, therefore, that companies like Ripple and Coinbase are seeking refuge overseas.That regulatory and administrative landscape in the United States relative to crypto stands in total contrast to the experience of Navin Gupta, Ripple’s Managing Director of South Asia & MENA in respect of the UAE. In an interview with CoinDesk TV Gupta said that the “UAE as a market is very attractive to us, the Middle East as a market is doing very well.”Gupta drew on his experience in working in Silicon Valley previously and recalling how back then it had three ingredients that made it function that he believes is now the case for the UAE: talent, venture capital investment and a workable regulatory approach.

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.