EmergingTech Spotlight

1. 1st UN AI Talk. The U.N. Security Council will hold a first-ever meeting on the potential threats of artificial intelligence to international peace and security, organized by the United Kingdom which sees tremendous potential but also major risks about AI’s possible use, for example, in autonomous weapons or in control of nuclear weapons. [more]

2. Turbocharged Fraud and Scam. Federal Trade Commission Chair Lina Khan said that federal and state enforcers in the US “need to be vigilant early” as artificial intelligence develops to ensure businesses comply with existing laws and ensure the biggest companies don’t use their power to kill off promising innovations. Khan also noted that there were already instances in which AI is being used to “turbocharge” fraud and scams. For example, AI voice cloning technology used by scammers to defraud people by posing as family members in distress.[more]

3. Secure Cloud Usage. CISA rolled out the Secure Cloud Business Applications (SCuBA) project to provide guidance and capabilities to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments. [more]

4. Google Quantum Computer. Google has reportedly engineered a 70-qubit quantum computer that can execute calculations in mere 6.18 seconds that would take the currect most advanced supercomputer 47.2 years to execute. Google's latest iteration of its quantum machine, the Sycamore quantum processor, currently holds 70 qubits, is a substantial leap from the 53 qubits of its earlier version. This makes the new processor approximately 241 million times more robust than the previous model. [more][more-2]

5. OT Security. As manufacturing and production processes become smarter and the supply chain more complex, the risks are also increasing. Companies must keep sight of all devices being connected and disconnected from the network so that they can determine vulnerabilities or weak points in the network. [more]

Web3 Cryptospace Spotlight

1. Secure CBDCs. The Bank for International Settlements (BIS) unveiled Project Polaris to protect CBDCs from cyber threats. The project provided a security and resilience framework, and threat modelling gaps for CBDC, and will require banks to assess their operations, including data protection and business continuity plans. [more]

   1. Two papers on cybersecurity were published under Project Polaris. One paper is about threat assessments using learnings from the DeFi sphere. And the other is a CBDC cybersecurity framework. 

2. Poly Network Hack. 2 Jul - Attacker managed to mint billions worth of several tokens (57 tokens on 10 blockchains) through cross-chain protocol PolyNetwork’s bridge without collateral. Dedaub, a web3 security team, attributed the latest incident to a compromised 3 of 4 multisig wallet. The team indicated that the huge impact of the attack is due to Poly Network’s poor security practices, and also noted its delayed response to the attack (seven hours to pause the protocol). [more][more-2][more-dedaub][more-poly]

   1. This was the second time PolyNetwork had been attacked. The protocol was exploited for $600 million in August 2021 – a then record hack – after the alleged leak of a private key.

   2. List of tokens minted by attacker. [more-polyhackedtoken]

      

3. Multichain Hack. 7 Jul - Cross-chain protocol Multichain suspended its services after indicating that there were abnormal movements of tokens (approx. $126M worth) from the MPC address of its Fantom (FTM) and Moonriver (MOVR) bridge. Even though Multichain has not yet released the details of the exploit, initial reactions from the community suggest a possible compromise of the protocol’s private key. Its smart contract auditor, CertiK, also tied the attack to a private key compromise, and highlighted that this was outside the scope of its earlier audit. Multichain advised users to revoke all approvals related to the protocol. [more][more-peckshield]

4. Ethereum Improvement Proposal (EIP) 7265. The Ethereum community has proposed a new token standard, EIP-7265, to protect DeFi protocols from hacks and exploits. According to the proposal, the standard outlines a smart contract interface for a ‘Circuit Breaker’. When triggered, it would temporarily halt protocol-wide token outflows when a threshold is exceeded for a predefined metric. [more][more-EIP-7265]

5. Bitcoin Decline in Illicit Use. According to TRM Labs‘ Illicit Crypto Ecosystem report, there has been a significant decline in Bitcoin‘s share in criminal crypto transactions. Bitcoin, had fallen from 97% of illicit crypto volume in 2016, to 19% in 2022. In place of Bitcoin, Ethereum and Binance Smart Chain rose to prominence among hackers. Ethereum accounted for 68% of crypto hack volume, and Binance Smart Chain accounted for 19%. [more]

6. Scams Surged. According to the CertiK report, it was noted that crypto projects on the BNB Chain are increasingly becoming an attractive target for exploits where there were 119 security incidents (with approx. $70.7M loss) involving the network. Another trend highlighted in the report is the surge in exit scams and rug pulls. There were 98 exit scams identified involving the loss of approx. $70M from unsuspecting investors. This figure more than doubled the $31M lost in Q1. [more]

7. Crypto Wallets Attack. Uptycs Threat Research team discovered a comprehensive data stealing malware dubbed The Meduza Stealer. One of its capabilities involved the stealing of data from web browser crypto wallet extensions, including MetaMask, Binance Wallet, BitApp Wallet, Coinbase Wallet, Ronin Wallet and Coin98 Wallet. [more]