September Cryptocurrency News
With fraud and attacks heading towards an all time high within the cryptocurrency markets [1], September marks the beginning of the Christmas surge for attacks on everyday consumers. This article provides a round up of general cryptocurrency news the past month.
We start with the US Treasury sanctioning the cryptocurrency exchange SUEX for aiding ransomware developers [2]. SUEX is a Russian, invitation only platform. Large transactions could be completed physically within their offices in Moscow, which is a departure from the usual online only service that exchanges usually offer. It’s believed that this is to rule out foreign nationals from being able to use the platform effectively. This is a result of the US Treasury working with the FBI and agencies to help combat the fight against Ransomware, by ensuring that criminals cannot exchange their cryptocurrencies back into regular fiat money, effectively making the results of the attack worthless. It is believed that the SUEX exchange is the first of many causalities in the war against Ransomware which Biden declared after large scale incidents such as the Colonial Pipeline attack.
The CEO of the Tehran Stock Exchange has been forced to step down after confirmation of a Bitcoin mining operation within the basement of the stock exchange itself [3]. Cryptocurrency mining in Iran has been illegal since the end of May [4], due to regular electricity blackouts (Cryptocurrency mining en masse puts huge strains on the electricity grid) and is due to be lifted at the end of September, but it appears that the illegal operation took place throughout the period in which mining is illegal throughout Iran.
Yet another large, respectable website in Bitcoin.org has been defaced and replaced with a Bitcoin scam [5]. The website contents showed a ‘double your money’ page with a wallet address and the promise that any funds sent to it would be immediately sent back with double the amount. As of 30th September, a total of $17,500 has been sent to the wallet in question: https://www.blockchain.com/btc/address/1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N
This attack further emphasises that the supply chain itself can be of huge impact to the community it serves. An example of this would be the ready compiled version of bitcoin core, available on the same website that was previously defaced: https://bitcoin.org/en/bitcoin-core/
It is not beyond the realms of possibility to modify the source code in such a way to send the private key of the wallet (Bitcoin Core can also serve as a secure wallet) back to attackers. The website defacement shows that consumers shouldn’t trust even an official website for a ready compiled version, but that the only chain of trust should be a manual compilation of the code within the GitHub repository. [6]
Even so, there is an emphasis that the community would always find vulnerabilities in the original open-source code, which is not always guaranteed as past open source library attacks have shown.
Finally, we round up with Coinbase signing an agreement with the Department of Homeland Security to develop tech for the immigration and customs enforcement (ICE) programme. [7] It is not currently clear what Coinbase will be developing for the ICE programme, but it is likely to be Blockchain and/or Cryptocurrency based.
[4] https://www.bbc.co.uk/news/world-middle-east-57260829
[6] https://github.com/bitcoin/bitcoin
[7] https://www.usaspending.gov/award/CONT_AWD_70CMSD21P00000141_7012_-NONE-_-NONE-