EmergingTech Spotlight

1. Regulating AI risk. Federal Trade Commission launched a wide-ranging probe into ChatGPT maker OpenAI over potential harm from chatbot’s fabricating information. [more]

2. Managing AI risk. The Microsoft co-founder outlined some of the biggest areas of concern with artificial intelligence, including the potential for spreading misinformation and displacing jobs. But he stressed that these risks are manageable. [more] [more-BillGates]

3. Threads’ dark design. It was noted that ‘Threads’ App could be filled with more that 10 deceptive dark design patterns, due to the deep coupling with Instagram and Meta. [more]

4. GRU’s cyber playbook. Mandiant shared its observation of Russian military intelligence (GRU) disruptive operations against Ukraine. Mandiant assessed that the standard concept of operations represented a deliberate effort to increase the speed, scale, and intensity at which the GRU can conduct offensive cyber operations, while minimizing the odds of detection. [more]

5. Quantum safe. The new IETF standard specifies how VPNs can exchange communications securely in the quantum age. The novel approach prioritises interoperability by making it possible for multiple post-quantum and classical encryption algorithms to be incorporated into VPNs. Combining both old and new encryption is essential to ensure no disruption to the functioning of existing IT systems, and to protect data from attack by both classical and quantum computers. [more]

Web3 Cryptospace Spotlight

1. Arcadia Finance. 10 Jul - DeFi protocol Arcadia Finance was drained approximately $455K worth of tokens by an attacker due to a code vulnerability. These tokens were drained from the protocol’s Ethereum (darcWETH) and Optimism (darcUSDC) vaults. Blockchain security company, PeckShield, alerted about the hack on Arcadia Finance and highlighting the cause as “the lack of untrusted input validation”. Separately, Peckshield also pointed out that the protocol has the “lack of reentrancy protection”. It was unclear if more tokens were drained from the protocol. [more][more-2]

2. Multichain drained again. 11 Jul - Web3 security company, Beosin, noted that another $103 million in digital tokens were moved from Multichain to various blockchain addresses. This is in addition to $125 million disappeared in “abnormal” transfers last week. Chainalysis noted that the exploit was due to the project administrator’s keys being compromised, if not used by the administrator directly.[more][more-Beosin].

   1. Circle and Tether have blacklisted five addresses containing $67.5 million worth of assets stolen from Multichain from the “abnormal” transfer. [more]

   2. Almost, there is speculation that it was related to Multichain’s CEO, Zhaojun, been held in custody. [more]

3. Crema Finance hacker arrested. U.S. Attorney’s Office of the Southern District of New York announced the indictment of Shakeeb Ahmed, 34, whose resume reflected multiple IT skills, including reverse engineering smart contracts and blockchain audits. It was noted from LinkedIn that he was a senior security engineer at Amazon. Based on the description and date of the hack, Ahmed is alleged to have hacked Crema Finance, a Solana-based exchange, which happened in early July 2022, for approximately $9 million worth of digital tokens. In the hack, Ahmed “had communications with the Crypto Exchange in which he decided to return all of the stolen funds except for $1.5 million if the Crypto Exchange agreed not to refer the attack to law enforcement”. [more][more-2][more-evasion-fallen-short]

   1. Despite his attempts to conceal the stolen money, his skills fell short in deceiving the Cyber Crimes Unit of the IRS Criminal Investigation.

   2. Ahmed searched Google for phrases that were directly linked to his unlawful act. He sought information on “defi hack”, “wire fraud”, and “how to demonstrate malicious intent.” Ahmed’s further research revolved around topics such as “how to prevent the federal government from asset seizure” as well as how he could buy citizenship, or transport the remaining $1.5 million across international borders, which he had acquired from his operation.

   3. Ahmed also employed a VPN during his raid to mask his IP address. Following his operation, he endeavored to validate whether his VPN usage could be traced back to him.

4. Potential scam brewing. Since the launch of Threads on July 5, multiple high profile Crypto Twitter figures were being impersonated on Threads. So far, the Thread accounts were not observed to shared any scam or phishing links, with most posting crypto-related content. [more]

5. United Kingdom (UK) CBDC: UK citizens fear surveillance and financial instability linked to a government-issued digital currency. Despite efforts to alleviate fears, a CBDC system tracking balances could reveal spending habits to third parties. [more]

6. Laundering in Crypto. Dirty money is pouring into the crypto industry at an alarming rate, according to a new study by SmartSearch. More than a quarter (28 percent) of crypto firms have reported a rise in the number of Suspicious Activity Reports over the past six months. [more]