EmergingTech Spotlight

1. Japan - Japan’s government recently reaffirmed that it will not enforce copyrights on data used in AI training. The policy allows AI to use any data “regardless of whether it is for non-profit or commercial purposes, whether it is an act other than reproduction, or whether it is content obtained from illegal sites or otherwise”. Consequently, Japan’s laws will not protect copyrighted materials used in AI datasets. [more]

2. OpenAI, the creator of ChatGPT and Dall-e, launched a $1M Cybersecurity Grant Program to boost and quantify the effectiveness of AI-powered cybersecurity capabilities.[more][more-AI-cybersecurity-grant]

3. Cristiano Giardina, an entrepreneur who has been experimenting with ways to make generative AI tools do unexpected things, demostrated threat of indirect prompt-injection attacks to raise awareness. It showed people what it is like to speak to an unconstrained LLM through a 160-word prompt tucked away in the bottom left-hand corner of the page that overrided the chatbot’s prompt filter. [more][more-CrisGiardina][more-2]

4. Hundreds of AI scientists, academics, tech CEOs and public figures — from OpenAI CEO Sam Altman and DeepMind CEO Demis Hassabis to veteran AI computer scientist Geoffrey Hinton — have added their names to a statement urging global attention on existential AI risk. [more]

5. In a new quantum research report where Moody’s spoke to 200 data, analytics and innovation leaders for financial services and banking companies across Europe and North America, it found that despite warnings from governments and cybersecurity professionals that quantum computers will be able to crack encryption, 86% of those companies surveyed admitted they are not ready for post-quantum cybersecurity. That is despite 84% saying they foresee the need to be ready in the next 2-5 years. [more][more-Moody’s]

Web3 Cryptospace Spotlight

1. 28 May - DeFi protocol, Jimbos was exploited through flash loan attack resulting in the loss of around 4000 ETH (worth around $7.3 million). It was noted that the attacker took aim at the lack of slippage controls in the primary contract. This allowed the attacker to take out a flash loan, manipulate the price of the protocol’s native token and steal the treasury funds. [more]

2. 30 May - DeFi protocol El Dorado Exchange (EDE Finance) was drained over $580K worth of digital tokens after an attacker exploited a backdoor function. The attacker alleged that the project’s team has inserted the backdoor that would have allowed them to liquidate their users and steal their funds. The attacker wanted to bring the issue to light. Eventually, the developer team admitted the allegations but clarified that they did not plan to misappropriate users funds. The attacker was offered to keep 5% of the drained fund as bounty. [more]

3. 30 May - A vulnerability was discovered in the TRON blockchain that put $500 million of crypto at risk. The research team at dWallet labs said that a critical zero-day vulnerability in the TRON blockchain left multisig accounts open to theft. The vulnerability found in TRON would have allowed any signer associated with any given multisig account to single-handedly access the funds within that account. [more]

4. A recently disclosed bug in the privacy-centric cryptocurrency monero (XMR) has compromised user anonymity for the past three years. The bug, which affected the decoy selection process in monero transactions, has been patched in the latest version of the monero wallet. [more]

   1. The bug affected the selection process of these decoys. Specifically, it prevented the selection of decoys that were precisely ten blocks old. This meant that if a transaction included an input ten blocks old, an observer could guess with a high likelihood that this was the real input being spent, thereby compromising the sender’s anonymity.

5. In a report, Beosin, Web3 security company, noted that the amount of cryptocurrency lost to “rug pull” or “exit scams” — where founders suddenly up and leave with investors’ money — had outpaced the amount stolen from decentralized finance (DeFi) projects. In May, the losses from rug pulls and scams reached over $45 million across six incidents. These losses were much higher than the 10 attacks on DeFi protocols that netted $19.7 million. [more][more-report]

6. In the recent consultation by the European Banking Authority, self hosted wallets will be considered risky based on the due diligence guidelines for anti money laundering (AML) processes. [more][more-consultation]