Bitstamp awarded MPI license in Singapore

Banking giants in Turkey embrace crypto ahead of legislative changeIt remains unclear what the underlying environment for the further development of the crypto sector in Turkey will be until such time as the country introduces a legislative framework to shape the industry’s development. However, that fact is not deterring a couple of Turkey’s leading banks, who have decided to embrace the digital asset realm.Photo by Michael Jerrard on UnsplashStablex acquisitionOn Monday CoinDesk Turkiye reported that the investment arm of Turkish bank Akbank had acquired local crypto company Stablex. Stablex was founded in May 2020 by Jihad Shannak with the objective of providing professional services, including trading relative to cryptocurrencies in Turkey. Majority shareholding passed to Ak Investment in May of this year, with initial negotiations on the sale having commenced in August 2022.A high-ranking official at Ak Investment expressed the group’s ambition to become a pivotal figure in the digital asset realm, signaling a proactive approach to the evolving financial landscape. Akbank also banks the majority of crypto start-ups based in Turkey.Speaking about the acquisition recently, Akbank executive Mert Erdoğmuş stated:“We have invested in Stablex to respond to the need for reliable and innovative service in the cryptocurrency market. Stablex reflects our values with its experience in the sector, pioneering achievements and professional service approach.”BBVA crypto walletAlongside Akbank’s move into the digital assets arena, Garanti BBVA, Turkey’s second largest private bank, recently unveiled its crypto wallet app. The feature-rich application includes a cold wallet, empowering users to seamlessly send and receive assets such as bitcoin (BTC), USD Coin (USDC) and ether (ETH).The pilot project for the app commenced in August, with the application currently available on iOS. In bringing the app to market, the bank created Garanti BBVA Digital Assets, a dedicated subsidiary firm. Commenting on that development back in August, the subsidiary’s Chairman of the Board, M. Çağrı Süzer, stated:”Our research shows that customers significantly value trust in their crypto transactions and especially on its storage. Hence, we are happy to launch our Crypto Custody Wallet addressing these real needs.”Despite uncertainties, Turkey has firmly established itself in the global crypto landscape, ranking among the top 20 countries in Chainalysis’ Global Crypto Adoption Index 2023. The instability of the Turkish lira in recent years has been a driver for crypto adoption in the country. In recent days, the bitcoin unit price has reached its highest exchange rate level against the local sovereign currency.Earlier this week, it emerged that crypto platform Blockchain.com is adding headcount and has its sights set on expansion into Turkey as one of its growth opportunities.FATF-compliant regulatory approachTurkey’s regulatory stance has been to take a cautious approach. In 2021, the central bank restricted the use of crypto for payments, although a complete ban on digital assets was ruled out by officials.Looking ahead, a government official revealed plans for crypto legislation to be presented to Parliament in November. While details remain scarce, this legislative move aligns with Turkey’s broader strategy to exit the Financial Action Task Force’s (FATF) “gray list.”

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.

Cryptocurrency Losses Surge to $686 Million in Q3The cryptocurrency industry has witnessed a turbulent third quarter, with losses surging to $686 million. This unsettling development marks the worst quarter of the year, contributing to $1.4 billion in total losses year-to-date.Photo by GuerrillaBuzz on UnsplashImmunefi reportThese alarming statistics have been unveiled in a report by Singapore-headquartered blockchain security firm Immunefi. According to the report, the number of crypto hacking incidents skyrocketed by 153% year-over-year in the third quarter, with 76 separate incidents recorded.This stands in stark contrast to the same period in 2022, which saw a mere 30 hacking incidents. Furthermore, the losses resulting from these incidents witnessed a 60% increase, surging from approximately $429 million in Q3 2022 to the current level of $685 million. This marks the highest loss recorded for the year.Devastating hacksOf these incidents, two major hacks targeting Mixin Network and Multichain were particularly devastating, accounting for nearly half of the total losses in the quarter at $326 million. The Mixin Network hack, attributed to North Korean-sponsored hackers known as the Lazarus Group, underscores the involvement of state-backed actors in crypto-related cybercrimes.The Lazarus Group’s fingerprints were also found in major hacks of cryptocurrency exchanges, including CoinEx, Alphapo, and Stake, as well as digital payments firm CoinsPaid. Web3 projects based in Japan have been particularly hard hit by the hacker group’s activities. The group was responsible for losses exceeding $200 million.An overwhelming majority of the total Q3 losses, approximately 97%, were attributed to hacking incidents, while frauds and scams constituted a mere 3%. Decentralized finance (DeFi) protocols bore the brunt of the damage, with nearly $500 million lost, compared to over $185 million stolen from centralized exchanges and services. This highlights the vulnerability of DeFi platforms and the intricacies of smart contract code that underlie many of these applications.Among the targeted blockchains, Ethereum, BNB Chain, and Coinbase-incubated Base blockchain were the most prominent, with Ethereum being hit by 35 out of 82 chain losses. These platforms were singled out due to the substantial funds they held and the high level of activity on their networks.Greater recovery effortsThough the situation may appear bleak, there is a glimmer of hope in the form of recovery efforts. Immunefi reports an 8.9% recovery rate, with $61.2 million of stolen funds successfully reclaimed in six cases. Notably, Mixin Network recently introduced a $20 million “bug bounty” in a bid to incentivize the return of stolen funds, underscoring the cryptocurrency industry’s unwavering determination to combat these challenges.Immunefi itself has played a pivotal role in mitigating crypto-related risks, disbursing over $80 million in bounties and safeguarding more than $25 billion in user funds across various protocols. The company’s recent launch of on-chain vaults represents a significant step toward decentralizing its bug bounty platform, further fortifying security within the crypto ecosystem.