Coinone adds new security features

Suspected Malicious Activity Drains AnySwap Tokens via Multichain ExecutorAccording to an on-chain sleuth known as Spreek, a person is using the Multichain Executor to drain tokens associated with the AnySwap bridging protocol.Multichain is a cross-chain routing network, established and maintained by a Chinese developer team. It supports in excess of 25 blockchains and more than 1,100 tokens.Photo by Marek Piwnicki on Unsplash$100 million outflowThis revelation comes after abnormal outflows of over $100 million from Multichain bridges on July 7, which were flagged by the Multichain team. Spreek’s report via Twitter on July 10 states that the Multichain Executor address has been draining anyToken addresses across multiple chains and transferring them to a new externally owned account (EOA).Evidence provided in the report includes an Ethereum transaction, 0x53ede4462d90978b992b0a88727de19afe4e96f0374aa1a221b8ff65fda5a6fe, which called the “anySwapFeeTo” method on the Multichain Router: V4 contract. This transaction resulted in approximately $15,275.90 worth of anyDAI being minted on Ethereum, sent to the Multichain Executor, burned, and exchanged for the underlying DAI backing the asset.The funds from these transactions were sent to the following address:0x1eed63efba5f81d95bfe37d82c8e736b974f477b. Similarly, on the BNB Smart Chain (BSC), the Multichain Executor used the anySwapFeeTo function to convert $208,997 worth of anyUSDC into Binance-pegged USDC and sent them to the same address. Additionally, 50.80 anyBTC, equivalent to $39,251.43 at the time, was converted into Binance-pegged Bitcoin and sent to the address.In total, approximately $263,524.33 worth of tokens were sent to this address through the anySwapFeeTo method. Spreek suggests that this behavior could be part of the protocol’s normal functioning. However, a different account engaged in similar activity the day before and ultimately sold the drained tokens, indicating malicious intent.Potential exploitSpreek theorizes that the attacker may be exploiting the anySwapFeeTo function by setting fees to an arbitrarily large amount, allowing them to drain users’ funds. The function apparently permits setting any value, enabling the address to choose the total value of the token held in that anyToken.The Multichain incident has puzzled blockchain analysts, as it remains unclear whether it resulted from an exploit or if it was simply large token-holders moving their funds between networks. The mystery began on July 7 when over $100 million worth of tokens were withdrawn from the Ethereum side of Multichain’s bridges and transferred to wallet addresses with no prior transactions. This represented the majority of funds held on each bridge.Hack or rug pullThe Multichain team labeled these withdrawals as “abnormal” and advised users to stop using the protocol. However, they have not disclosed the source or nature of the anomaly. In response to the incident, stablecoin issuers Circle and Tether froze some of the addresses involved in the suspicious transactions. Chainanalysis, a blockchain analytics firm, has commented that the incident appears more like a hack or rug pull rather than a migration.Adding to the complexity, the Multichain team has reported that their CEO is missing, and they have shut down certain bridges due to losing access to some of the network’s multi-party computation network servers. There have been various concerns relative to Multichain since May. The situation continues to evolve, with ongoing investigations and efforts to mitigate any potential damage caused by the suspected malicious activity.

Several South Korean crypto-only exchanges have long been struggling to keep their business afloat due to their prolonged weak performances. The local news outlet Etoday reported that the persistent underperformance of these local crypto exchanges is mounting pressure on their corporate operation and management, resulting in them shutting down their businesses. The situation hinders them from meeting the requirements set by the Financial Intelligence Unit (FIU) of the Financial Services Commission (FSC).  Their inability to generate sufficient revenue, due to faltering token trading volumes, makes complying with the FIU guidelines a daunting task.Photo by Anne Nygård on UnsplashCascading closure of crypto exchanges According to crypto industry insiders, local crypto-only exchanges including Cashierest, Coinbit, Huobi Korea, Probit and Tennten have announced their service closure as early as the second half of last year. On Nov. 6, Cashierest announced it was shutting down its services, with Coinbit following suit in the same month. The cascading closure announcements from crypto exchanges raised concerns about their potential harm on investors.  In an effort to protect crypto investors, the FIU has released a statement that local crypto exchanges are obliged to meet the requirements of the FIU in compliance with the Virtual Asset User Protection Act, despite their closing of services. Furthermore, the regulator said finalizing business closure requires due assessment by the FIU.  "Virtual asset service providers (VASPs) must notify their users of the closure and explain how to reclaim their assets at least one month before the business closing date. They must also support users to withdraw their assets for at least three months before closing," the FIU stated.  Struggling to meet FIU requirements However, some point out that it would be challenging for near-bankrupt crypto exchanges to run a customer service center for more than three months. Some exchanges allow users to deposit and withdraw their assets until their closure, as they would under normal conditions, but charge additional fees afterward. "It is very demanding to operate customer services when we're seeing no actual gains," one exchange official said.  It has been found that some crypto exchanges failed to register a change in their business state with the FIU, which is mandatory in the event of business location or contact changes, under the Financial Transaction Reports Act.  When Etoday reporters visited the offices of some of these crypto exchanges, they were met with empty rooms. One person who is familiar with the matter said, "The exchange has moved its office to another location and is scheduled to resume service in March." 

Aevo Launches Novel Index Perpetual ContractAevo, the layer-2 derivatives platform launched by Singapore’s Ribbon Finance earlier this year, has introduced a new index perpetual contract.The contract allows traders to engage in long or short positions based on the market capitalization of accounts within the social application Friend.tech.Photo by Compare Fibre on UnsplashFRIEND-PERPThe FRIEND-PERP market is now live according to The Block, and it has gained significant traction, boasting a daily trading volume of $501,824 and a current trading price of $7.14. This market operates on a unique premise — a perpetual contract, which, unlike conventional futures contracts, does not adhere to an expiration date. This feature is particularly appealing to the crypto trading community, enabling them to seize opportunities without the constraints of time-bound contracts.Surge in interestFriend.tech, the social app at the center of this Aevo product offering, has integrated with Ethereum layer-2 network Base, a blockchain incubated by Coinbase earlier this year. This network, which officially welcomed the public on August 9, has been the center of attention within the crypto sector over the past couple of weeks.The social app enables market participants to buy shares of individuals who hold accounts on X (formerly Twitter). Since its launch earlier this month, the Friend.tech app has grown rapidly. It attracted over 100,000 daily users within 24 hours of its launch.Each user stands to benefit financially from the purchase and sale of their shares, a pioneering approach that has lured prominent figures, including venture capitalist Garry Tan, NBA star Grayson Allen, and celebrated YouTuber FaZe Banks, to the platform.Boost for BaseUS crypto platform Coinbase has embraced Friend.tech as it marks the first major breakthrough use case for its Base blockchain network. This collaborative effort has propelled the Base network to new heights, positioning it among the top cryptocurrency projects by user fee revenue. With $1.4 million in fees generated over the last 24 hours alone, Friend.tech ranks among industry giants, trailing only Ethereum and Lido Finance in this metric, according to data from DeFiLlama.While the app has risen at a phenomenal pace, there are concerns relative to the degree of privacy it affords its users. The public availability of the Friend.tech API used to convert X usernames into wallet addresses has raised the alarm for potential data exposure.A Yearn Finance developer, known by the pseudonym Banteg, used this API to compile a list of Ethereum addresses linked to X accounts. While the community has reassured users that access can be revoked, the implications of this exposure for privacy and security cannot be understated.The Aevo project was first announced by Ribbon Finance in September 2022 and subsequently launched in June. The goal of the project is to convert users from centralized exchanges, bringing them over to the decentralized exchange (DEX) platform.