Korean crypto exchanges to face new crypto accounting standards

Mocaverse, a membership-based NFT collection initiative enabled by Hong Kong’s Animoca Brands, revealed on Friday the establishment of strategic alliances with prominent Web3 wallets OKX Wallet, Crypto.com DeFi Wallet and Halo Wallet. In a separate announcement, it also revealed a similar partnership with crypto exchange platform KuCoin. Extending Moca IDs to OKX, Crypto.com and Halo usersIn a statement released by Animoca Brands, it was highlighted that through the deployment of its recently introduced decentralized identity (DID) Moca ID, Mocaverse is set to catalyze user expansion by integrating with the aforementioned leading self-custodial wallets. The statement clarified that Moca ID will act as the conduit for users to seamlessly navigate various Web3 cultural experiences, spanning PointFi, GameFi and SocialFi, thereby simplifying the onboarding process into the Mocaverse ecosystem. The collaboration will mean that users of OKX Wallet, Crypto.com DeFi Wallet and Halo Wallet will soon have the opportunity to claim their unique Moca IDs within the app, thereby gaining entry into the Mocaverse ecosystem and unlocking access to a myriad of rewarding cultural and entertainment experiences.Photo by Shubham's Web3 on UnsplashRealm Points incentiveHolders of Moca ID stand to accrue Realm Points through active participation and engagement within partner ecosystems and experiences, with the ability to redeem these points for exclusive real-life benefits and rewards provided by Mocaverse and Animoca Brands. Commenting on the development, Kenneth Shek, project lead at Mocaverse, stated:“This partnership encompasses the values and mission we set out when we envisioned Moca ID, which is to make interoperability a new standard to onboard new users and redefine the Web3 network effect through the Mocaverse Partner Network.”Mocaverse seeks to unify Animoca's portfolio projects, subsidiaries, joint ventures and partners through a distinctive NFT collection. With 8,888 Mocas as NFT profile pictures (PFPs), Mocaverse serves as a membership pass for Animoca Brands team members, investors, partners and select token holders, aspiring to foster community cohesion and collaboration within the Web3 sphere. Jason Lau, chief innovation officer of OKX, expressed enthusiasm for the collaboration, noting OKX Wallet's role as a premier gateway to explore the burgeoning realm of Web3 gaming, culture and entertainment experiences. Likewise, Eric Anziani, president and chief operating officer of Crypto.com, underscored the commitment of Crypto.com DeFi Wallet to democratizing access to the realms of DeFi and Web3 for all users, stating the partnership with Mocaverse would extend these experiences to a broader audience. Additional announcementIn a separate announcement, Mocaverse unveiled a similar partnership with cryptocurrency exchange KuCoin alongside Halo Wallet. The initiative endeavors to address the challenge of accessing benefits across distinct Web3 sub-ecosystems by establishing cross-platform identity links, ultimately enhancing the user experience and fostering greater collaboration and integration across partner offerings.Halo Wallet CEO Jeff Hou shared his thoughts on the collaboration, stating:“The partnership among Halo, KuCoin, and Mocaverse is more than just a fusion of services; it represents a strategic alliance to create a cohesive digital asset environment for our users. The initiation of this exceptional cross-platform alliance is a move that promises to bring together the best of what each party has to offer.” 

Crypto vulnerability uncovered with $1B in digital asset exposureSecurity vulnerabilities in the validator infrastructure of InfStones, an established infrastructure provider, have been disclosed by Tel Aviv-headquartered cybersecurity firm dWallet Labs.Photo by Brett Jordan on UnsplashBlockchain network validator vulnerabilityIn a detailed Medium blog post published on Tuesday, dWallet Labs shed light on a series of vulnerabilities that, when exploited, could potentially allow attackers to gain full control, execute code and extract private keys from numerous validators on major blockchain networks. Cryptocurrencies such as ETH, BNB, SUI, APT and others were identified as at risk, with potential direct losses estimated to exceed one billion dollars.The vulnerabilities discovered by dWallet Labs opened the door for attackers to compromise the private keys of validators across multiple blockchain networks, putting over one billion dollars of staked assets at risk. In response to the findings, InfStones, a Web3 infrastructure platform, also released a statement on Tuesday acknowledging the potential threat. However, its representative, Darko Radunovic, disputed the figures provided by dWallet Labs in a statement sent to Cointelegraph. Radunovic stated that the vulnerabilities identified in the production environment account for below 0.1% of their active nodes launched to date, emphasizing that the impact would be limited to a small fraction of their operational nodes.According to InfStones, “237 instances were in scope, of which 212 instances were deployed for our development and testing purposes, and 25 freshly deployed instances in the production environment.”Mitigating steps takenThe company detailed the immediate actions taken to mitigate the vulnerabilities, including shutting down the affected ports, as well as rotating all credentials and keys within their platform. An internal review conducted by InfStones revealed no additional adverse effects. Notwithstanding that, the company took the additional step of hiring an external security firm to audit its systems and policies.Meanwhile, dWallet Labs Founder and CEO Omer Sadika shared his thoughts on the X platform as to how he believes such events should be handled. Sadika wrote:”The worst way to handle a cybersecurity vulnerability is not taking responsibility and lying. We were super open and transparent with the goal of eliminating the risk to web3. My take: it’s not about whether you are fully secure or not, because no one is, it’s about how you handle it and maintain the trust with your partners and customers.”The collaboration between dWallet Labs and InfStones sheds light on the ongoing challenges faced by the cryptocurrency industry in maintaining the security and integrity of blockchain networks. While vulnerabilities were identified and addressed, the incident underscores the importance of proactive security measures to safeguard the assets and data within the rapidly evolving landscape of digital assets.

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.