Korean Crypto Exchange Coinone Protects Investors from Fraud Losses of $370K in H1

Jeff “Jihoz” Zirlin, one of the co-founders of Sky Mavis, the Singapore-headquartered development firm behind both Axie Infinity and the Ronin Network, has faced a significant setback as some of his personal crypto wallets have fallen victim to a hack.Photo by GuerrillaBuzz on UnsplashFunds drained through Tornado CashThe hack has resulted in the loss of approximately $9.7 million worth of ether (ETH). The breach, which occurred on Feb. 23, saw two crypto wallet addresses associated with Zirlin compromised. The perpetrator managed to abscond with 3,248 ETH, funneling the stolen funds through Tornado Cash, a privacy-focused Ethereum mixer. The alarm was raised by PeckShield, a blockchain investigation firm, which identified the compromise of a "whale wallet" through the Ronin Bridge. PeckShield attributed the breach to a "wallet compromise," which facilitated unauthorized outbound transfers of funds. PeckShield's investigation revealed that the pilfered 3,248 ETH was initially dispersed across three different wallets before being funneled into Tornado Cash. This service, notorious for its use by hackers seeking to obfuscate the origin and traceability of illicit funds, served as a conduit for the stolen assets. Confirming the attack and remarking on having had a “tough morning,” Zirkin outlined on social media that “the attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.” He emphasized the implementation of stringent security protocols across all chain-related activities, seeking to reassure stakeholders of the company’s commitment to safeguarding user assets. Although specific details regarding the breach remain undisclosed, Zirlin's statement suggests a leakage of the private keys associated with his personal wallets, granting unauthorized access to the hacker. Ronin Network securePeckShield’s revelation prompted Aleksander Larsen, co-founder of Ronin Network, to swiftly respond, affirming the robust security measures of the Ronin Bridge. The social media post that Larsen had responded to, which he claimed to have an “extremely misleading title,” was later deleted. Larsen suspected that the breach stemmed from a wallet hack rather than a flaw within the bridge itself. Notably, Ronin had been targeted in a high-profile attack in March 2022, orchestrated by the North Korea-backed Lazarus Group, resulting in a $625 million loss.In response to this previous breach Sky Mavis initiated a comprehensive overhaul of Ronin's core systems to bolster decentralization and mitigate future vulnerabilities. $112M Ripple co-founder hackIn a separate incident, Binance intercepted $4.2 million worth of stolen XRP, part of the $112 million hack targeting Ripple co-founder Chris Larsen's personal wallet on Jan. 31. Unlike the Axie Infinity breach, the perpetrator behind Larsen's hack refrained from leveraging crypto mixer services or decentralized exchanges, enabling Binance to track and immobilize a portion of the illicitly obtained funds. Axie Infinity, heralded as a pioneering "play-to-earn" Web3 game, has emerged as a lucrative platform, enabling players to earn cryptocurrency and trade in-game assets via blockchain technology. Since its inception in 2018, the game has amassed $1.3 billion in revenue, underscoring its prominence within the burgeoning blockchain gaming ecosystem. 

Kaspersky Says Crypto Phishing on the Rise in the PhilippinesThe Philippines witnessed a significant increase in detected cryptocurrency-related attacks last year while Vietnam recorded the highest level in Southeast Asia, according to cybersecurity firm Kaspersky.Photo by Markus Spiske on UnsplashEase of crypto accessVietnam topped the list with over 64,000 detections. Meanwhile, the Philippines recorded 24,737 cases of crypto-phishing attacks in 2022, up from 9,164 cases in 2021, making it the second-highest number in Southeast Asia.Adrian Hia, Managing Director for Asia Pacific at Kaspersky, attributed the rise to the ease of accessing cryptocurrency in the Philippines. He explained that as users increasingly turn to mobile devices, they are inadvertently exposing themselves to potential breaches, as malware can be installed through various touch points.Research published by Malaysian crypto data aggregator, CoinGecko, earlier this month, also points to the Philippines as having the second highest level of interest in crypto in Southeast Asia, after Singapore.Targeting popular platformsCybercriminals commonly target accounts of popular online gaming platforms and crypto wallets using advanced stealers or “stalkerware” that allow them to spy on individuals through their mobile devices, Kaspersky stated. The firm’s monitoring data revealed that malware is spreading through legitimate channels such as official marketplaces and advertisements in popular apps.Across Southeast Asia, the total number of crypto-phishing detections decreased to 147,649 in 2022 from 164,330 in 2021, according to Kaspersky. However, only Singapore (down 74%), Thailand (down 51%), and Vietnam (down 15%) observed declines in detections. Besides the Philippines, crypto-related attacks also increased in Indonesia (from 19,584 in 2021 to 24,642 in 2022) and Malaysia (from 16,071 to 16,767).Kaspersky discovered an average of 400,003 new malicious files per day in 2022, representing an increase of 20,000 files per day compared to the previous year. Hia emphasized that scammers are relentless in their efforts to steal cryptocurrency due to its increasing popularity and adoption, particularly in Southeast Asia. He urged cryptocurrency adopters in the region to stay informed about the latest tricks used by crypto phishers to protect their digital assets.Email-based attacksRoman Dedenok, a spam analysis expert at Kaspersky, revealed that crypto phishers often employ email-based attacks to target crypto users. He explained that scammers entice victims with the prospect of participating in a cryptocurrency giveaway, offering popular digital assets such as Bitcoin, Ethereum, Litecoin, Tron, or Ripple.The scammers provide a three-point guide to claim the free cryptocurrency along with a link to the “promotion” website. Clicking on the link leads users to a phishing site where they are prompted to specify the wallet to which they want the funds transferred.In response to the growing cybersecurity concerns, Kaspersky is engaging in discussions with government institutions worldwide. In the Philippines, while the central bank does not directly regulate cryptocurrency, it has established guidelines for virtual asset service providers. The Chairman of the Securities and Exchange Commission (SEC) in the Philippines, Emilio Aquino, recently delayed publication of a regulatory framework for crypto, on the basis of having “to make sure people don’t get burned.”Entities involved with virtual assets are required to obtain a license from the Bangko Sentral ng Pilipinas, the central bank of the Philippines, to comply with regulations.

McDonald’s Enters the Metaverse with McNuggets LandMcDonald’s, the global fast food giant, has ventured into the metaverse realm to commemorate the 40th anniversary of its beloved Chicken McNuggets, with McDonald’s Hong Kong spearheading the immersive experience.McNuggets Land, a virtual world situated within the metaverse platform The Sandbox, now welcomes enthusiastic players to embark on a quirky adventure filled with pixelated McNugget characters like “Coach McNugget” and his trusty sidekick, “Assistant Coach McNugget.” The project team behind The Sandbox laid out the details of the initiative via a blog post published on Medium on Thursday.In this novel virtual landscape, players are tasked with the mission of locating four McDonald’s signs, sparking excitement for the rewards that await. Among the enticing incentives are a shared prize pool of 100,000 SAND (approximately $44,000) and enigmatic “mystery boxes.” SAND is the native token of The Sandbox virtual world.Photo by Jas Rolyn on UnsplashCustomer engagement challengesThe CEO of The Sandbox, Sebastien Borget, expressed enthusiasm for collaborating with global brands like McDonald’s to drive mass adoption of the metaverse. The Sandbox has already witnessed the presence of several prominent brands like Adidas, Atari, and Gucci within its virtual world. Comparatively, it might be challenging for McNuggets Land to carve out a distinctive niche to capture enduring user engagement.Numerous brands have attempted whimsical activations within metaverses over the years, from Snapple’s virtual bodega to Taco Bell’s metaverse wedding. However, the fundamental question arises when virtual food or drink experiences are introduced — what’s the point when you can’t taste or smell in the metaverse?Bear market & regulatory setbacksMoreover, the timing of brands entering the Web3 space may be subject to scrutiny. With venture capital money flowing toward AI and Disney closing its metaverse ventures, the Web3 landscape faces a more challenging environment in 2023. The ongoing crypto winter and Securities and Exchange Commission (SEC) crackdowns have somewhat dampened the allure of these activations, making it imperative for brands like McDonald’s to offer a compelling “why” for their Web3 endeavors.Starbucks has been experimenting with its Web3 loyalty program called “Odyssey,” which ties in seamlessly with its customers’ real-world coffee purchases. This strategic approach aligns virtual rewards and digital collectibles with existing behaviors, giving added value to their regular activities. In doing so, Starbucks fosters a sense of community and gains valuable feedback for future improvements, ensuring a more sustainable and purposeful presence in the Web3 space.Formative developmentWhile McDonald’s McNuggets Land in the metaverse may excite some players with its whimsical charm, the bigger question remains: What value does it truly bring to the participants, and how does it ensure a lasting impact? In a rapidly evolving Web3 landscape, success lies in offering meaningful experiences that align with users’ existing behaviors and aspirations, fostering genuine engagement and community-building.We are still at a stage where consideration of the metaverse in terms of what it is, what it represents, and what experience users can or should glean from it is still formative. It remains to be seen as to the extent to which Mcdonald's will be successful in this instance, but it is encouraging that they’re brave enough to get involved with the innovation.