BitMEX Returns to Derivatives Arena with Prediction Market

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.

Strengthened KYC Spurs More Suspicious Transaction Reports from Korean Crypto ExchangesIn South Korea this year, there has been a significant surge in the number of suspicious transaction reports (STRs) related to cryptocurrencies, according to local news agency Yonhap.This increase is primarily attributed to cryptocurrency exchanges fortifying their Know Your Customer (KYC) procedures. This proactive response follows the controversy surrounding lawmaker Kim Nam-kuk’s significant virtual asset holdings, which were unveiled in May. His scandal came to light when a substantial amount of WEMIX tokens, valued in billions of Korean won, were transferred from the Bithumb exchange to the Upbit exchange. Upbit, deeming it a suspicious transaction, promptly reported the matter to the Financial Intelligence Unit (FIU) of the Financial Services Commission (FSC).Photo by ron dyar on UnsplashGrowing number of suspicious transaction reportsAs the scandal continued to gain traction, the political realm reached a consensus to conduct investigations into the cryptocurrency holdings of all lawmakers. Additionally, the National Human Rights Commission of Korea initiated the tracking of all lawmakers’ cryptocurrency holdings last month, a process set to span 90 days.Data received by lawmaker Yoon Young-deok on October 30 from the FIU reveals that the number of STRs originating from virtual asset service providers (VASPs) has reached 11,646 in the first nine months of this year. This figure has already exceeded last year’s total of 10,797 STRs.Under the current Act on Reporting and Using Specified Financial Transaction Information, commonly referred to as the Financial Transaction Reporting Act, VASPs are mandated to report to the FIU if they have reasonable grounds to suspect that a customer’s financial transactions are connected to illicit property, money laundering, or terrorist financing. The Act has been in full effect since October 2021.In 2021, a total of 199 reports were submitted under this Act. The number of reports surged to over 10,000 the following year, and in the current year, it continues to grow at an even faster rate. The FIU reviews and analyzes these STRs in accordance with Article 10 of the Financial Transaction Reporting Act. It forwards the relevant information to law enforcement agencies only when it is deemed necessary for the investigation of a specific criminal case.Enhanced but varied approaches by exchangesCrypto exchanges have bolstered their customer verification requirements, especially for customers deemed to have a high risk of involvement in money laundering, in accordance with the Financial Transaction Reporting Act. This entails the need for additional scrutiny of the source of funds and the purpose behind transactions. Notably, if customer verification appears suspicious, exchanges are mandated to confirm the authenticity of the information using reliable documents.However, it’s important to note that the enforcement decree accompanying this Act grants exchanges the flexibility to verify documents based on their own business guidelines. This autonomy has been provided to assist exchanges in effectively mitigating money laundering risks by taking into account their individual business rights and characteristics.For instance, Upbit, South Korea’s largest cryptocurrency exchange, has implemented a fraud detection system (FDS) powered by artificial intelligence to continuously monitor and identify fraudulent transactions. This initiative has earned Upbit recognition from the FIU as an outstanding organization for reporting suspicious transactions during the first half of this year.On the contrary, Bithumb has devised and applies internal guidelines dedicated to anti-money laundering (AML) measures. The exchange has instituted a streamlined customer verification process for customers who are assessed as having a low likelihood of being engaged in money laundering activities. However, this simplified process is not extended to individuals from countries that have not adopted the recommendations of the Financial Action Task Force (FATF).Korbit monitors information related to customer verification through a dedicated department. It declines transactions for customers who have not undergone sufficient verification and validation procedures.Coinone’s AML department examines customer transactions comprehensively. It maintains ongoing reviews of customer information, business operations, risk assessments, and the source of funds. If any of these aspects are found to be suspicious or inadequate, the AML department proceeds with additional customer verification, including the disclosure of the source of funds.Some raise concerns about the inconsistency in customer verification standards for AML and STRs across different exchanges. When one exchange flags a transaction as suspicious, another might see it as routine. Such discrepancies highlight the need for uniform guidelines. Addressing this, the Digital Asset eXchange Association (DAXA), consisting of Korea’s five leading currency exchanges — Upbit, Bithumb, Coinone, Korbit, and Gopax — has set up an AML division to devise standardized rules for STRs.

In a recent survey conducted by personal finance management solutions provider Seedly, together with global crypto exchange Coinbase, it was discovered that over 56% of Singaporeans currently own cryptocurrency, with nearly half expressing bullish sentiments regarding its future prospects over the 12 months of this year.Photo by Zhu Hongzhi on UnsplashFuture of financeTitled "The Pulse of Crypto Singapore Report," the study surveyed 2,006 Singaporean adults across various age groups and household incomes from October to November 2023. Survey participants were deemed to be “finance forward Singapore-based adults who have a strong interest in personal finance and investments.” It determined that 56% of respondents believe cryptocurrency represents the future of finance. Participants cited short-term profitability, long-term capital appreciation and portfolio diversification as key factors driving their optimism. The report’s authors speculate that this optimism is also due to the city-state’s approach to digital assets and the regulatory framework that has been put in place by the Monetary Authority of Singapore (MAS). Yeap Ming Feng, head of marketing at Seedly, also attributed the optimism towards crypto to Singapore's vibrant Web3 ecosystem, which fosters collaboration among builders, investors and users. When selecting a crypto exchange for trading, crypto owners prioritize security, low fees, regulation and ease of use. Coinbase, one of the report’s facilitators, doubled down on its operations in Singapore in 2023, acquiring a Major Payment Institution (MPI) license from the Singaporean regulator, enabling it to expand its product offering. It extended its offering further last month when it launched USD transfers via SWIFT. Notably, the survey identified staking as the most prevalent use case for cryptocurrency in the city-state.  Non-crypto user concernsHowever, the study unveiled that non-crypto users harbor concerns about market volatility (57%), high risk (53%) and the absence of regulation (45%) in the crypto space. Singapore was disproportionately affected by the demise of a number of crypto platforms in 2022. An outsize number of citizens were caught up in the FTX collapse having utilized that crypto exchange instead of Binance, which had been prohibited from trading within the territory. Singapore was also home to failed crypto lenders such as Vauld and Hodlnaut, failed crypto hedge fund Three Arrows Capital (3AC) and UST stablecoin developer Terraform Labs. These high-profile crypto failures so close to home are unlikely to have put crypto skeptics at ease in Singapore where the consideration of risk relative to digital assets is concerned. That said, MAS is actively working towards implementing additional rules to safeguard Singaporean investors. Despite these reservations, the survey underscores a growing interest in and adoption of cryptocurrencies among the financially aware population in Singapore. This trend aligns with Singapore's commitment to remaining a leader in Asia for crypto readiness and supports the city-state's vision of becoming a global digital asset hub. The study also highlighted the progress that the crypto market in general made recently. Over the course of 2023, crypto market capitalization has gained momentum, from $829 billion at the outset of the year, culminating at $1.72 trillion towards the end of the year, according to a report by CoinGekco.