agreement

Embattled cryptocurrency exchange Coincheck may soon be under new management.

The Tokyo-based exchange, now enshrined in infamy following a $530 million hack in January, will reportedly be acquired by Japanese brokerage firm Monex in a deal worth “several billion yen.”

The news was first reported by regional media outlet Nikkei, whose sources said that Monex would likely replace the current management team — who oversaw the exchange at the time of the record-setting theft — and overhaul the cryptocurrency exchange trading platform.

“We are considering the acquisition,” Monex announced in a statement, adding that plans have not been finalized.

Monex stock soared in response to the rumors, closing at 424 JPY after opening at 337 JPY — a single-day gain in excess of 25 percent.

monex
Source: MSN Money

As BlockExplorer reported, Coincheck’s security measures were found in the wake of the hack to be woefully inadequate, which explains why the hackers were able to make off with such a large amount of funds.

The country’s Financial Services Agency (FSA) ordered Coincheck and several other exchanges to enhance their systems to comply with FSA regulations, but some platform operators have found these improvement orders to be more than they can manage.

“The deal with Monex suggests Coincheck deemed it difficult to comply with the regulatory requirements and rebuild its operations without external support,” the Nikkei report said.

At least five Japanese cryptocurrency exchanges have already informed the FSA that they will cease operations, while the agency has reportedly told several others that they must voluntarily shut down or face enforcement action.

Despite the gravity of the hack, Coincheck does not appear to have been insolvent. The company has already begun compensating users who lost funds during the hack, at a rate of approximately 89 JPY per NEM token (XEM). Though somewhat less than market value at the time of the hack, this is more than triple the current NEM price.

Featured Image from Pixabay

The Binance bounty program offers significant upside for information resulting in an arrest, according to an announcement made by one of the world’s largest cryptocurrency exchanges.

Last week, Binance was the target of a hacking attempt that involved the hijacking of API-trading bots that were installed into user’s accounts by hackers who gained access via prior phishing schemes. The bots were used to coordinate a massive selloff of altcoins into Viacoin, pumping its price significantly. Binance themselves weren’t hacked, though, and the company’s risk management system suspended all withdrawals at the first detection of any trading abnormalities, thus halting the hackers in their tracks. Binancereversedd all of the unauthorized trades, and users left the situation unscathed, albeit likely shaken by the close call.

How well Binance was able to block hackers and prevent widespread issues for their users has been commended by the cryptocurrency community. Adding to the positive sentiment around the cryptocurrency exchange, Binance released a statement via Medium announcing a massive campaign offering substantial bounties for information leading to arrests related to any attacks, hacks, or intrusions against Binance.

The announcement begins with a bold statement, pledging to address hacks in the crypto community:

“To ensure a safe crypto community, we can’t simply play defense. We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact. Even though the hacking attempt against Binance on March 7th was not successful, it was clear it was a large-scale, organized effort. This needs to be addressed.”

As part of the announcement, the BNB – Binance exchange’s native token – equivalent of $250,000 will be given to the “first person to supply substantial information and evidence that leads to the legal arrest of the hackers, in any jurisdiction.” Interested security-experts can submit information via [email protected], and are also encouraged to go to their local authorities.

Furthermore, Binance announced that the $250,000 bounty is only a tiny portion of a $10,000,000 sum reserved for future bounty allocations to be awarded to those that supply information that leads to an arrest. Binance is taking lead in crypto exchange security efforts, and have even invited other cryptocurrency exchanges to join them in their pledge to stop hackers seeking to separate users from their funds.

Binance’s stand against hackers is yet another reason its customers love the fast-growing cryptocurrency exchange, which saw it’s Q4 revenue jump from $7.5 million in its first three months in operation, to $200 million. If they can continue to keep customer’s funds safe and provide transparency during trying situations, they will continue to grow and dominate the space.

 

British Blockchain Association

A large number of websites, including sites hosted by the United States and United Kingdom governments, have been compromised. The compromised web pages were made to serve cryptocurrency mining scripts. Which use the resources of the visitor’s computer to mine cryptocurrency. In this case maliciously and without consent from the computer’s owners.

Use of accessibility tool BrowseAloud in attack

The pages were compromised due to the use of an accessibility tool known as BrowseAloud. Which augments webpages with extra javascript to allow visually impaired users to browse the page using audio cues. The websites were all compromised due to loading scripts from BrowseAloud’s servers in order to provide text to speech. The attackers needed only to break into BrowseAloud’s servers to compromise all of its customers. The cryptocurrency miner used was the now infamous CoinHive Monero (XMR) web miner. CoinHive is designed to allow content producers a way to be paid for the content they provide. CoinHive has since been used in a large number of website compromises, due to its ease of use and its use of the privacy-focused cryptocurrency Monero. Monero allows attackers to remain extremely anonymous, to the point that others can only guess at the profits gained.

Mitigation of the compromise

This attack can be mitigated rather easily for both content providers and content consumers. Content providers need only verify the hash of the script they are serving. As a modified script will have a differing hash to the expected script. Content consumers can make use either of NoScript plugins in their browsers to block all javascript on web pages, or make use of other plugins such as Ublock Origin. Which if configured correctly will block all requests going to CoinHive’s servers.

Italian cryptocurrency exchange BitGrail has revealed that it is insolvent following a $170 million hack.

BitGrail Hacked for $170 Million Worth of XRB

On Friday, BitGrail, which is headquartered in Florence, announced on its website that it had discovered “unauthorized transactions” that resulted in the theft of 17 million Nano tokens (XRB), which were formerly known as RaiBlocks. At the time of the theft, these tokens were worth $170 million.

BitGrail owner and operator Francesco “The Bomber” Firano stated on Twitter that the company could not fully-reimburse customers, as the exchange is now in possession of just 4 million XRB. This indicates either that BitGrail was storing the majority of its funds in internet-connected “hot wallets” or that the theft was an inside job, as the perpetrator would have needed physical access to steal funds stored in cold storage.

The Nano developers quickly moved to warn other cryptocurrency exchanges about the theft so that they could prevent the hackers from laundering the stolen funds.

BitGrail, Nano Blame One Another for Theft

Meanwhile, BitGrail and Firano claimed that all other funds were secure, and said that it had notified the relevant authorities about the theft. He said that the only way to return customer funds was to fork the Nano blockchain, and he lambasted the Nano Core developers of resisting this solution.

However, in a withering blog post, the Nano developers accused Firano of concealing BitGrail’s insolvency.

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time,” the post said.

Nano Core also posted a transcript of chat logs with Firano, who appears to have threatened to tell customers that the theft was the result of a bug in the XRB protocol.

Notably, the BitGrail theft comes just weeks after Japanese exchange Coincheck was fleeced for $530 million worth of NEM tokens (XEM) in what is now the largest cryptocurrency theft in history. In both of these instances, the thieves targeted wallets holding cryptocurrencies with smaller market caps, instead of large-cap coins like bitcoin or ethereum.

Coincheck, the largest exchange in Japan, has been hacked, reportedly losing 530+ million dollars worth of NEM. According to Nikkei, they have reported the transfer to the Financial Services Authority and the Police. They have frozen all withdrawals at this time.

An earlier blog post announced the freeze on NEM deposits:

“Depositing NEM on Coincheck is currently being restricted. Deposits made to your account will not be reflected in your balance, and we advise all users to refrain from making deposits until the restriction has been lifted.’

Shortly thereafter, purchase and sales of NEM were halted, followed by several announcements of all withdrawals and movements of any kind being frozen.

At 2 pm UTC the NEM Foundation president Lon Wong has confirmed that the hack, calling the event ‘the biggest theft in the history of the world’.

Coincheck has expressed their intent to compensate their customers, but the practicality of this remains to be seen: (translated from Japanese via Google Translate)

History

Coincheck is a crypto wallet and exchange solution based in Tokyo and was founded by Koichiro Wada and Yusuke Otsuka in 2014. It specializes in bitcoin/ether exchange as well as fiat currencies in Japan.  As of August 2016, the exchange services over $160 million in transactions per month. More than 2200 merchants have used their bitcoin payment offering in Japan only.

In 2016 the entertainment company DMM.com opted to use Coincheck’s crypto processing solution, bringing a userbase of more than 19 million. Coincheck also has with Chinese, Hong Kong, and Taiwan investors through SEKAI in order to support the purchase of real estate using Bitcoin.