Korea’s Code Launches System to Detect Blacklisted Crypto Wallets

Dubai’s VARA grants WadzPay ‘initial approval’ of trading licenseIn the latest demonstration of the emirate’s crypto-friendly credentials, Dubai regulator, the Virtual Assets Regulatory Authority (VARA), has granted an “Initial Approval” license to WadzPay.WadzPay was founded in 2018 in Singapore as a business-to-business (B2B) technology firm that concentrates its efforts on enabling digital asset-based transaction processing and settlement. This licensing approval is a significant step forward for the startup, as it inches closer to obtaining a full-fledged Virtual Asset Service Provider (VASP) license.Photo by Paul MARSAN on UnsplashGearing up for service roll-outWith this approval in hand, WadzPay is gearing up to offer a range of virtual asset services, specifically under the forthcoming VASP License for Transfer and Settlement, as well as Broker-Dealer trading activities.That said, the current VARA license places certain restrictions on WadzPay’s offerings. While WadzPay is known for providing a wide array of services to businesses (B2B) and individual users through its B2B2C platform, the “Initial Approval” license limits its scope to only a subset of its virtual asset products and services.Flurry of approvalsDubai has taken center stage in the realm of crypto-friendly jurisdictions, granting a flurry of operational licenses to numerous crypto firms and exchanges in recent months. The regulatory framework in Dubai is underpinned by robust guidelines for VASPs. To operate fully within this framework, crypto firms must navigate a meticulous three-tier licensing process, starting with provisional approval, followed by a minimal viable product (MVP) license, culminating in a total market product license.One of the recent beneficiaries of VARA’s approvals is Backpack, a virtual currency wallet provider. Last month, Backpack received its VASP license, allowing the introduction of the Backpack Exchange to the market. However, similar to WadzPay’s situation, Backpack’s license comes with certain limitations.It permits the offering of crypto exchange services within Dubai but restricts the rollout of other virtual asset services. The Backpack Exchange sets itself apart with advanced features, including zero-knowledge (ZK) proof-of-reserves, multi-party computation (MPC) for secure custody and lightning-fast order execution capabilities.Nomura portfolio company approvalsKomainu, a collaborative venture involving financial heavyweights like Nomura, CoinShares and Ledger, is another notable success story. After a diligent licensing journey, Komainu secured its full operating license from VARA, approximately 10 months after obtaining its MVP license in November 2022.Laser Digital, a crypto division under the vast umbrella of financial giant Nomura, also earned its operational license from VARA in August. Through its dedicated subsidiary, Laser Digital Middle East FZE, based conveniently in Dubai, Nomura has showcased its VASP license. The permit enables the firm to offer a suite of services, including brokerage, virtual asset management and investment offerings within the emirate.Notably, Laser Digital’s licensure followed closely on the heels of Binance, the global crypto exchange. Binance secured its operational minimum viable product (MVP) license from VARA, paving the way for providing crypto exchange and virtual asset broker-dealer services within the region.This flurry of licensing activities and approvals in Dubai is suggestive of the emirate’s commitment to fostering a progressive and regulated crypto environment.

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.

Web3 metaverse and NFT platform CarrieVerse has secured funding from the JB Digital Asset Investment Fund 1 operated by JB Investment, the corporate venture capital arm of JB Financial Group, and Ecrux Venture Partners. The total value of the investment was not disclosed, according to Korean news outlet TechM. "The injection of new capital is a breath of fresh air after a slow crypto winter," said David Yoon, CEO of CarrieVerse. "With aggressive business and marketing tactics, we will bridge the gap between Web2 and Web3, helping to expand and popularize the Web3 market."Photo by Precondo CA on UnsplashThriving Web3 metaverseCarrieVerse is a Web3 metaverse available in various regions, including 15 Asian countries. The platform surpassed one million pre-registrations prior to its launch and also recorded 10,000 visitors in a single day. It was also revealed that it is one of the most popular platforms in Thailand, where it recently launched.  CarrieVerse is also the base hub for the card strategy role-playing game (RPG) SuperKola Tactics and the blockchain gaming platform Cling. Its native governance token, CVTX, has been listed on several exchanges like BingX and Bitget. Notably, CarrieVerse was also recently selected to join the UAE’s Dubai Multi Commodities Centre (DMCC) to establish a local subsidiary that will serve as a hub to expand the company’s global Web3 ecosystem. Reasons and expectationsJB Investment cited CarrieVerse's global business network and Web3 capabilities as the reason for providing the funding. Ecrux Venture Partners, on the other hand, aims to create synergies between IP companies and the metaverse through CarrieVerse’s projects. Ecrux is a new venture capital firm that focuses on discovering companies that can commercialize content-based IP such as animated characters.