Cryptospace Spotlight

• 27 Jan - The official Twitter profile of the Azuki NFT project was hacked with the attackers posting multiple tweets asking users to claim virtual land. According to estimates, the Azuki scam managed to phish a total of 122 NFTs, with an estimated value of 484.99 ETH, worth ~$780K.[more]

• 25 Jan - Robinhood confirmed that its social media accounts, such as Twitter, Instagram, were breached and promoting fraudulent crypto tokens. [more]

• 25 Jan - Kevin Rose, the co-founder of Moonbirds non-fungible tokens (NFTs) and the CEO of Proof Collective, has fallen victim to a phishing attack and lost about $1.1 million worth of tokens. [more]

  • Arran Schlosberg, the vice president of Proof Collective, shared that Rose "was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens”.

  • Twitter handle “harpieio” suggested ways to mitigate such attacks, include watchng out for keywords before signing to ‘login’.[more]

    

• 22 Jan - Cardano’s developers were investigating the cause of an apparent bug that disconnected 50% of the Cardano nodes and then restarted for unknown reasons. [more]

• Smart contract security firm Dedaub announced that it had received a bug bounty after flagging a vulnerability in the Universal Router smart contract that would have allowed reentrancy to drain user funds mid-transaction. [more]

• The Federal Bureau of Investigation (FBI) confirmed that Lazarus Group was responsible for last year’s attack on Harmony’s Horizon Protocol. [more]

• The attacker’s wallet that held $321 million loot from Wormhole bridge attack has moved $155 million worth of Ether to decentralized exchange (DEX). [more] [more-securitymonitor]

• The Bank for International Settlements (BIS) released a new working paper titled “The Technology of Decentralized Finance,” discussing DeFi as the new financial paradigm. [more]

  • According to the report, DeFi integrates technical, financial, and socio-economic complexity in an unprecedented way. With the increasing integration of crypto assets with the traditional financial sector, BIS says novel methods are required to identify, investigate, and ultimately understand the risks associated with these developments.

• New York’s Department of Financial Services (NYDFS) urged crypto custodians to separate corporate and customer assets, among other measures. [more] [more - guidance]

Techwatch Picks

• The National Institute of Standards and Technology (NIST) has released its Artificial Intelligence Risk Management Framework (AI RMF 1.0), a guidance document for voluntary use by organizations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies. [more]

• Microsoft, GitHub and OpenAI are sued in a class action motion that accuses them of violating copyright law by allowing Copilot, a code-generating AI system trained on billions of lines of public code, to regurgitate licensed code snippets without providing credit. [more]

• Fujitsu researchers discovered that a fault-tolerant quantum computer with a scale of approximately 10,000 qubits and 2.23 trillion quantum gates would be required to crack RSA —well beyond the capabilities of even the most advanced quantum computers in the world today. [more]

• Crowdstrike shared common types of container image misconfigurations that are often exploited by attackers especially when deployed on Cloud. [more]

• FBI took down Hive ransomware group in a 7 months undercover operation. [more]

  • The Hive ransomware group has targeted more than 1,500 victims in over 80 countries around the world, including hospitals, school districts, financial firms, and critical infrastructure. In 2022, 5.5% of all observed ransomware attacks were attributed Hive group, making it the top five most active ransomware for the year.