Cryptospace Spotlight

1. 3 Feb - Orion Protocol lost about $3 million worth crypto tokens due to a reentrancy attack. The attacker have transferred some of these tokens to Tornado Cash. Orion Protocol CEO Alexey Koloskov tweeted that no users suffered any losses in the incident and all users’ funds are safe, including staking, Orion Pool, bridges, and liquidity providers. Assets at risk are held in in-house brokerage accounts run by the Orion team. This problem is not caused by a flaw in the core protocol code, but may be caused by a bug in a mix of third-party libraries in its experimental and smart contracts used by private brokers. [more][more-2]

2. 1 Feb - DeFi AllianceBlock has been attacked and around 110 million ALBT tokens, which were worth about $12 million, were drained. The investigation noted that the lending protocol BonqDAO Protocol was exploited. The cause of the exploit was found to be a bug in the implementation of a price oracle used for the ALBT token in the BonqDAO Protocol. [more][more-AllianceBlock][more-BonqDAO]

   • AllianceBlock noted that the attacker breached individual “Troves” — smart contracts controlled by users and used to manage deposits — on the related platform Bonq. Its own smart contracts were not compromised.

3. 30 Jan - DeFi OracleSwap suspends operation after its private keys were disclosed in the course of making its code open source. [more]

4. Porsche halted its minting of a new NFT collection prematurely after experiencing poor particapation. Using the confusing situation, attackers filled the void by creating phishing sites that steal digital assets from potential buyers’ cryptocurrency wallets. [more]

5. FTX exchange noted that a group of fraudsters are targeting its customers pretending to return these customers’ lost funds.

6. Regulation:

   • The Hong Kong’s Monetary Authority considers whether to ban algorithmic stablecoins within the special administrative region. [more]

   • The United Kingdom Treasury proposes new, stricter guidelines for approval. Its new proposal highlights a need for increased communication between regulators and crypto firms in order for the country to establish itself as a “competitive location for sustainable finance”. [more][more-UK_crypto_proposal]

   • Australia will strengthen its crypto regulation in three stages to help the government and stakeholders to focus on regulatory gaps and ensure emerging risks are identified and controlled. It has published a token mapping paper for consultation. [more][more-Australia_token_paper]

     • i) the Australian Securities & Investments Commission, the country’s main financial regulator, will begin bolstering the size of its crypto team,

     • ii) reform the licensing and custody of crypto assets and establish a set of obligations and operational standards for crypto asset service providers, and

     • iii) establish a framework for reform based on the token mapping exercise in an attempt to discover which assets require additional regulatory attention.

Techwatch Select

1. MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems. The Navigator helps organizations customize their cyber-resiliency goals, objectives, and techniques as aligned by NIST SP 800-160, which outlines standards on developing cyber-resilient systems. MITRE integrated the MITRE ATT&CK techniques and mitigations into the Navigator tool to help engineers understand how the systems they are designing could be targeted.[more]

2. Nvidia CSO noted the challenges of Generative AI and ChatGPT faced by security professionals, and potential move to use defensive AI [more]. In a seperate event, Shishir Singh, CTO, cybersecurity at BlackBerry, said there is optimism that security professionals will be able to leverage ChatGPT to improve cyber defenses. With both cyber pros and hackers will continue to look into how they can utilize it best, time will tell how who’s more effective [more].

3. A legal review of AI regulation. [more]

4. The AI race: Google reassured investors and analysts that it’s still a leader in developing AI, as the popularity of OpenAI’s ChatGPT is noted to have the potential to threaten Google’s core business [more]. Seperately, Google has invested almost $400 million in artificial intelligence startup Anthropic, which is testing a rival to OpenAI’s ChatGPT, according to a person familiar with the deal [more].

5. 3rd party risk: According to data science firm Cyentia Institute, which has issued an analysis that includes external measurements of security from more than 230,000 organizations provided by cybersecurity risk-management firm SecurityScorecard. It found that the average firm had around 10 third-party relationships, and hundreds of indirect fourth-party relationships, with the typical firm having 60 to 90 times more fourth parties than third parties. Nearly all firms (98%) had at least one third-party partner who had suffered a breach.[more]

Tech Learning

Mckinsey explains what is generative AI. [more]