HKMA Issues Warning Against Crypto Firm Misrepresentation

The crypto space continues to suffer a disproportionate share of hacks and scams that were further exacerbated on Wednesday, with Malaysian crypto data aggregator the latest to succumb to a security breach. Serving as yet another stark reminder of the persistent threats plaguing the sector, a phishing scam targeted CoinGecko's X account, leading to a brief compromise that raised concerns about the safety of user information.Photo by GuerrillaBuzz on UnsplashPhishing scamDuring this incident, hackers posted a phishing link on CoinGecko's X account, falsely advertising a token airdrop for a cryptocurrency named GCKO. The deceptive post claimed that GCKO could be used for API services, including the cryptocurrency ANKR. Swift action by CoinGecko involved the removal of the fraudulent post and a public warning urging users to avoid interacting with any suspicious links or content. In an X post, CoinGecko wrote:”Our Twitter accounts @CoinGecko and @GeckoTerminal have been compromised. We're taking immediate steps to investigate the situation and secure our accounts. Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.” Employee errorThe firm followed up with an update on Thursday, attributing the breach to a team member inadvertently clicking on a fraudulent Calendly link, granting unauthorized access to the hacker. Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko emphasized that the inadvertent click allowed unauthorized access. The compromised accounts were then exploited to disseminate misleading information and potentially engage in malicious activities. CoinGecko expressed sincere apologies for any confusion or inconvenience caused by the incident. The company reiterated its commitment to platform security and continuous improvement of internal controls, assuring users that corrective measures were promptly implemented. SEC incompetenceCoinGecko's security incident occurred within 24 hours of a similar occurrence involving the U.S. Securities and Exchange Commission (SEC). The SEC's X account was compromised, with scammers posting a false message from Chair Gary Gensler about the approval of spot bitcoin exchange-traded funds (ETFs). While CoinGecko identified a vulnerability in its security regimen, the SEC later confirmed that the breach in its case was far more basic. It was not due to infrastructure attacks but rather the lack of 2-factor authentication (2FA) tied to the SEC's account, the most basic form of operations security. Gensler and the SEC have come in for major criticism from the crypto community in the U.S. due to a policy of regulation by enforcement that has been pursued. With that, the Commission came in for swift and harsh criticism in the immediate aftermath of its X account hack. Many pointed out the irony of Gensler advising consumers to secure their accounts back in October when the SEC itself had failed to do so. Others queried who would be responsible for what some interpreted as an episode of market manipulation, something that the SEC has perennially associated the crypto markets with. During the time that the account was compromised, millions of dollars of value were liquidated in short and long trading positions. CoinGecko's quick response serves as a valuable lesson in the importance of vigilance and proactive security measures amid the growing threats facing the cryptocurrency community.

Kloint and Korea University to develop on-chain data analysis solutionsKloint, a company specializing in the tracking of virtual asset transactions, revealed on Tuesday a partnership with the College of Informatics and the Center for Information System Security at Korea University. The collaboration is set to focus on the joint development of algorithms and platforms for on-chain data analysis.Photo by Shubham Dhage on UnsplashSharing insights on regulatory frameworksAs part of this initiative, Kloint and Korea University will cooperate to understand the domestic and international demand for on-chain data analysis. They will also exchange insights on the regulatory and policy frameworks that govern the technologies involved.Growing crypto-related criminal activitiesThe collaborative effort between Kloint and Korea University is set against a backdrop where, with the expansion of the cryptocurrency market, there has been a corresponding uptick in its use for criminal activities like money laundering, drug trafficking, and embezzlement.Traditional techniques used by government bodies, such as the public prosecutor’s office and financial regulators, have proven expensive and increasingly ineffective in tracking virtual assets as they struggle to keep pace with the sophisticated methods now used to circumvent detection.Kloint was co-founded last September by three blockchain technology firms: Fair Square Lab, S2W and Ozys. With a vision set on the horizon, Kloint is gearing up to supply government entities and virtual asset service providers (VASPs) with analytical platforms and reporting services. In the more immediate term, the company is focusing its efforts on developing solutions for data collection and analysis tailored to the Korean cryptocurrency market.

Hitachi collaborates with Concordium on biometric crypto walletJapan’s Hitachi Solutions, a subsidiary company of the Hitachi multinational conglomerate, has joined forces with the Concordium Foundation, unveiling a collaboration that centers on a state-of-the-art biometric crypto wallet.Photo by Nuno Antunes on UnsplashAlternative approach to securing cryptoAnnounced on Tuesday by the Concordium Foundation, a Swiss-based development team behind the Concordium layer one blockchain, this “proof of technology” initiative has the potential to fundamentally change how users access and secure their cryptocurrency accounts.Breaking away from traditional methods, the proposed biometric crypto wallet leverages users’ fingerprints or facial scans to generate a set of seed words, eliminating the need for users to store or remember them. This novel approach simplifies the restoration process, allowing users to recover their accounts with a mere biometric scan.Improving UXIf crypto and Web3 are to be adopted by ordinary people en-masse, user experience has long been identified within the sector as an area that still requires development. Making users responsible for the storage of a private key is fraught with difficulty, given the likelihood of private keys being lost or compromised.Various approaches are being taken to solve this issue. Tangem Wallet is one such alternative that utilizes near-field communication (NFC) in combination with an app and a card with an inbuilt chip, negating the need for the user to memorize a private key.This biometric-centered approach from Hitachi and Concordium represents another user-friendly approach to the problem of user authentication, harnessing the power of Hitachi’s Public Biometric Infrastructure (PBI) and Concordium’s self-sovereign identity framework. The result is an account creation process based entirely on biometric data, enhancing both security and user convenience.Complementary technologyConcordium’s network, with its stringent ID process for account creation to combat malicious activities, stands to gain substantial benefits from this technology. The biometric wallet will fortify users’ access to their IDs, a critical aspect of network security. Moreover, the technology’s applicability extends beyond Concordium, offering potential integration with any blockchain network.Users of the biometric wallet will have the flexibility to unlock their accounts either by regenerating seed words through a biometric scan or by decrypting a copy of the seed words. This dual-layered approach ensures that access is granted solely through the user’s unique biometric data, enhancing security and mitigating the risk of loss or theft.Developing this cutting-edge technology poses challenges, particularly in handling the inherent “fuzziness” of biometric data, where no two scans produce identical results, even from the same individual. Hitachi’s team addressed this by employing fuzzy key generation and specialized error correction technology, effectively distinguishing between scans.Unlike traditional crypto wallets that necessitate secure storage of seed words, the biometric wallet by Hitachi and Concordium, alongside solutions like multiparty-computation wallets and magic links, aims to overcome this hurdle. The goal is to resolve the issue of lost backup, a significant barrier to wider crypto adoption.This is not Hitachi’s first foray into the crypto/blockchain space. In mid-November the company announced a collaboration with the Japan Exchange Group (JPX), banking giant Nomura and Nomura portfolio company BOOSTRY to launch a $69 million digital green bond on the blockchain. In October Hitachi joined a consortium of Japanese companies with a view towards developing decentralized identity technology.