Tag: cybersecurity

Exclusive: What are Top 5 FinTech Career Advice for Graduates?

In Part 1 of the interview, Prof. Aris Stouraitis identified lack of interdisciplinarity is the culprit of FinTech talent shortage in Hong Kong. Interdisciplinarity in FinTech refers to talents that are knowledgeable in both finance and technology. He presents how the Master of Science in Finance (FinTech and Financial Analytics) (“the program”) offered by Hong Kong Baptist University (“HKBU”) strives to nurture interdisciplinary talents, and he provides the top 5 career advice for graduates who wish to work in FinTech and blockchain industry!

We’ve noticed that the FinTech program by HKBU has one elective course in blockchain and cryptocurrency. Which area of topics will be covered in this elective course, and what are the learning outcomes?

The elective course of blockchain and cryptocurrency includes but not limited to the following areas:

1) Foundation of blockchain in both technical and non-technical perspective;

2) Rationale and applications of smart contracts and decentralized autonomous applications;

3) The origin of Bitcoin and other cryptocurrencies;

4) Various use cases in blockchain applications;

5) Security in blockchain and the importance of cybersecurity.

For our students, there are four learning outcomes for this elective:

1) The ability to explain and the concept of blockchain and what promises blockchain technology provides;

2) The ability to explain how blockchain technology has transformed different industries;

3) How students can apply the knowledge to address the risks and challenges of businesses adopting blockchain technology;

4) How blockchain technology is applied in the finance industry in the future.

What is the practical assessment provided by this program? Because if the program is practical, it will help the graduates a lot in pursuing a career in the blockchain industry.

First of all, the program is interdisciplinary. Our teaching staffs come from the finance or computer science field. We have many adjunct professors who are well-known industry practitioners. They tend to have computer science backgrounds.

There’s a lot of interdisciplinarity in the program. Apart from academics, our industry practitioners have a better understanding of the daily blockchain applications and what are the applications and challenges that businesses face. Meanwhile, we are trying to provide internships for our students. They should be able to take an internship while they’re studying the program and thus get some practical experience. Therefore, our program is focused on interdisciplinarity and employability. It’s a more practical program rather than only abstract theories.

It’s very interesting to know that cybersecurity and privacy is one of the core curriculums of the program. What is the significance of cybersecurity and privacy in fostering FinTech development?

I think that cybersecurity and privacy are the core of FinTech and any IT applications.

Cybersecurity is going to be critical in FinTech. Take mobile banking as an example. If you are using mobile banking, you want to make sure that the transactions are secure. The demand for cybersecurity will increase when there is more online transactions in the future.

For privacy, it becomes increasingly important when corporates like Facebook access to a large amount of user’s data. How Facebook is going to use the data becomes the critical privacy issue for users. I think cybersecurity and privacy are gaining attention, and no one was paying too much attention to privacy before. Both governments and individuals start looking at privacy much more seriously.

There are more universities launching their FinTech program since 2018. How do you evaluate the program in HKBU against others like HKUST?

The universities in Hong Kong are setting up FinTech programs independently. I think in future, there may be more convergence of FinTech programs, or some universities may look for a particular niche within FinTech.

Our program focuses more on employability. We think that the majority of our graduates want to find a job after graduation instead of studying for a Ph.D. It’s both practical and theoretical as we have academics from the interdisciplinary background and industry practitioners in the program. Some of our courses provide internships for our students to gain practical experience. The core focuses are employability and practical applications.

We know FinTech is a fast-changing domain. How does the program keep up with the fast-changing pace in the industry?

Our programs will be updated continuously in the future.

This is very important because, with a traditional program like corporate finance, you set up the program, and then the structure remains unchanged for the next 15 years.

This is not the case for FinTech. There is a need for these programs to be updated continuously. We just launch the program now, and I expect that we will update the program on an annual basis. With the fast-changing pace in FinTech, we need to review the curriculum, course offerings, and structure regularly.

We also keep abreast of FinTech development from our industry practitioners. We attend a lot of industry meetings and the practitioners are well aware of FinTech development. They also provide valuable feedback for us to update the program continuously.

What is your career advice to graduates who wish to work in the blockchain industry or FinTech?

The opportunities in FinTech are going to be very exciting. For instance, we will have new virtual banks in Hong Kong, and they are looking for talents in this area. I have the top 5 career advice for graduates:

1) Pay attention to interdisciplinarity

We need to be able to understand both the technical and financial sides. If you understand only one of the two, you will not be as competent as the others.

2) Keep abreast of changes in regulation and compliance

Compliance is very important in the banking industry nowadays. All FinTech applications will have to comply with regulations. I think graduates need to be well aware of the regulations in their field of FinTech and how things are changing.

3) Learn more on cybersecurity and privacy

I predict there will be surging demand on cybersecurity talents going forward. You need to keep abreast of the knowledge in cybersecurity and privacy.

4) Beware of ethical considerations

I believe that new FinTech applications are presenting ethical considerations which are not well understood currently. However, ethical considerations will be more important in the future. Let’s say we develop algorithms on algorithmic trading. For me, I don’t purchase tobacco stocks because I think it’s unethical. Do you train your algorithms not to purchase tobacco stocks or not to trade in a particular industry?

5) Open to entrepreneurial opportunities

In the past, graduates worked in investment banks after their studies. With Fintech, people can develop their own applications and start their own companies! Be open to such opportunities and get prepared!

Exclusive: Deloitte Blockchain Lab on the Three Areas of Collaborations with HKMA

The Hong Kong Monetary Authority (HKMA) started exploring blockchain technology with the whitepaper on distributed ledger technology (DLT) in Nov 2016. Since then, the HKMA has been actively leveraging blockchain into trade finance including eTradeConnect, Global Trade Connectivity Network, and we.trade. What is the role of Deloitte Blockchain Lab in these initiatives?

We were delighted to interview Dr. Paul Sin, leader of the Deloitte Asia Pacific Blockchain Lab, who shared with us its development goals and the collaborations with HKMA across the Greater Bay Area and Europe. 

What is Deloitte Blockchain Lab and what values does it aim to bring to enterprises? 

The Deloitte Asia Pacific Blockchain Lab has been implementing blockchain solutions for enterprises across the region. Apart from the Asia Pacific Blockchain Lab, Deloitte has another two centers, one in New York and one in Dublin, covering America and Europe, the Middle East, and Africa (EMEA) respectively.

Our Lab uses mostly permissioned blockchain technology for cross-organizational and cross-border B2B data synchronization. Due to regulatory constraints in the region, we do not have a lot of public blockchain or crypto platform implementations. However, other functions in Deloitte including audit, tax advisory, financial advisory, and risk advisory have been supporting Initial Coin Offerings (ICOs), Security Token Offerings (STOs), and crypto audit in general from an assurance and cybersecurity perspective.

What goals or projects have been established at the Deloitte Asia Pacific Blockchain Lab since the collaboration with the HKMA and the twelve leading banks in Hong Kong? 

In Hong Kong and Asian countries in general, small to medium enterprises (SME) have only a 20% chance of obtaining financing. Banks reject their loan applications because of identity theft, forged documents, and huge potential losses due to duplicated financing. In the past, SMEs would make a purchase order and go to multiple banks for financing, and bolt with the money. There is also no reliable way to validate buyers who can issue purchasing orders. Banks will need to get KYC information on a buyer to prove the buyer who issued the purchase order is authentic and also make sure they have the capability to pay the invoice after the goods are delivered.  

Once all these aspects are validated, then the banks will feel more comfortable financing SMEs. To overcome the challenge of duplicate financing, the only way available before blockchain was to create a credit bureau with a centralized database under which all banks will be asked to submit sensitive information and trade documents to a central party. Blockchain becomes the perfect platform because it can synchronize data to all participants in the ecosystem without risking their privacy. This is the reason why the 12 banks in Hong Kong joined together with the HKMA to develop eTradeConnect, which is a blockchain-based trade finance platform. 

What are the top projects that Deloitte Blockchain Lab has been working on most recently? 

We have done work on a number of projects, including bancassurance in the Greater Bay Area, traceability in Hong Kong, cross-border digital identity and multi-merchant loyalty programs.  

Are most of your clients mainly from the Greater Bay Area or worldwide? 

For the Asia Pacific, a lot of projects are regional. For example, the HKMA signed a Memorandum of Understanding (MoU) with Singapore to jointly develop the Global Trade Connectivity Network. This project is a cross-border infrastructure based on blockchain technology to digitize trade and trade finance. These kinds of platforms all have a regional focus.

The HKMA has also signed an MoU with we.trade, which is based in Europe, to support cross-regional trade finance. Many of the participants in those ecosystems are multinational companies, and a lot of value comes from cross-organization or cross border collaborations. This is also why the Chinese government also believes blockchain is a strategic initiative because it will be an enabler for the Belt and Road Initiative and the Greater Bay Area. This sheds light on why most governments, regulators, and central banks are adopting blockchain at the moment. 

Do you also have some companies working on blockchain in the Belt and Road Initiative? 

Blockchain technology is mostly facilitating supply chain and trade finance, therefore it will be closely related to those initiatives.

Browser Extensions Used by Scammers to Steal Bitcoin

According to Casa CEO Jeremy Welch, browser extensions ranging from text editing apps to wallpapers have been reported to be used by criminals to rip off unsuspecting individuals of their Bitcoin.

While Welch was speaking to an audience at the Baltic Honeybadger conference in Riga this weekend, he made emphasis on the hazards involved in the daily use of the internet for various activities including online transactions which could lead to the risk of exposing data to unscrupulous people on the internet.

He also made reference to the increase in the level of physical attacks on Bitcoin owners who are also at risk as retrieving funds could be impossible if successful. 

Welch listed 13 ways criminals can hijack Bitcoin from people. 

He examined quite a number of scenarios that could possibly play out from rogue employees to SIM card hijacking to compromised KYC data, demonstrating the level of importance in paying attention to cybersecurity.

According to Welch:

“Browser extensions pose major risks and it’s especially for web apps. We think the risks around browser extensions are being under-discussed at this point and we want to raise that discussion a little bit. How major are these risks?”

In his presentation, he showed how easily it could be for data to be released unknowingly through browser extensions into the hands of unscrupulous people and lead to loss of funds. The release of data could be as little as a Bitcoin wallet address searched on the blockchain.info website among others.

Image via Shutterstock

Zcash Bug Could Leak Full Nodes with Shielded IP Addresses

A bug present in all Zcash (ZEC) source code forks could leak metadata—making it possible for IP address of the full nodes’ with shielded addresses (zaddr) to be found.Duke Leto, a core developer at Komodo (KMD), recently published a blog on his personal website revealing that, “A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol.” Leto explained, “That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”

A Common Vulnerabilities and Exposures (CVE) code has already been assigned to track the issue on Sept. 27.

According to Leto, everyone who has published or provided their zaddr to a third party is vulnerable—with the exception of users who have only used their zaddr over the Tor Onion Routing network or just to send funds. Leto warns that users should consider their “IP address and geo-location information associated with it as tied to their zaddr.”

Not just Zcash

Leto provided a non-exhaustive list, claiming that Zcash is not the only cryptocurrency affected by the bug. The cryptocurrencies included in the list are— Zcash, Hush, Pirate, Komodo smart chains with zaddr enabled by default, Safecoin, Horizen, Zero, VoteCoin, Snowgem, BitcoinZ, LitecoinZ, Zelcash, Ycash, Arrow, Verus, Bitcoin Private, ZClassic and Anon. Leto added a historical note, “ KMD was vulnerable to this <bug> in the past, but is no longer, since it no longer supports zaddrs. Safecoin (SAFE) took a similar route, and has disabled zaddrs, so they were vulnerable in the past but no longer.

Image via Shutterstock

How Kaspersky Protects Investors During Token Sales in 7 Ways

Exclusive interview with Yeo Siang Tiong, General Manager, South East Asia at Kaspersky: Part 1

Kaspersky has been a forerunner in managing cybersecurity threats in the cryptocurrencies and blockchain sector. In their “The Kaspersky’s Cryptocurrency Report 2019” issued earlier in June, 74% of respondents do not have a thorough understanding of how cryptocurrency works and 19% of them experienced exchange hacks. To gain an in-depth understanding of the state of cybersecurity in cryptocurrencies, we arranged an interview with Yeo Siang Tiong, General Manager, South East Asia at Kaspersky regarding the solutions provided by Kaspersky in mitigating cybersecurity risks in token offerings, crypto exchanges and mining. We explore how hackers exploit vulnerabilities of security during pre-sale and post-offerings of token sale and how Kaspersky can provide investor protection in 7 ways.

Can you share with us the main types of cybersecurity attacks in blockchain? Regarding token offering security, what are the cybersecurity threats during pre-sale and post-offering of token offerings?

In the crypto-economy, there are two kinds of attacks: attacks that focus on the blockchain core system and those that focus on the IT cybersecurity system where blockchain projects are hosted on.

We found that hackers generally stay away from exploiting vulnerabilities in cryptocurrencies because of how difficult they are to hack. They also rarely attack wallets directly. Usually, crypto-exchanges are a key area of focus for cybercriminals, given that they host huge volumes of crypto-funds and are mostly centralized applications. Typical threats for such applications include backdoors, embedded at the development stage, web vulnerabilities such as cross-site scripting (XSS), where malicious scripts are injected into otherwise trusted websites, and social engineering attacks such as phishing.

Another focus area for hackers also occurs during the process of crypto-fundraising, which is associated with a variety of threats at every stage – from product development and the ICO/IEO/STO announcement to the end of a token sale. While communicating with the public about a planned ICO/IEO/STO and the release of a draft whitepaper, hackers can be gathering information about the project and its team. They develop social engineering attacks, probing the team with malware, phishing, and social engineering. The hackers may try to penetrate the project and inject malicious code into its source code. When it comes to launching a website for an ICO/IEO/STO, there may be attempts to disrupt its work with DDoS attacks. Hackers may launch a phishing website or send fake or phishing announcements to your investors.

The largest attacks are often due to flaws in smart contracts. They can either disrupt transactions or be exploited by hackers. In addition to smart contract vulnerabilities, the product itself may be exposed to APTs, targeted attacks, or supply-chain attacks, and this could result in the theft of customers’ personal and financial data as well.  Hence, while blockchain technology is fundamentally secure, we need to remain vigilant and address cybersecurity issues pertaining to the blockchain core system as well as the traditional IT system that hosts websites and customer data.

What is the role of Kaspersky Penetration Testing and Kaspersky Anti Targeted Attack in detecting smart contract vulnerabilities during a token sale?

Token sales raise billions of US dollars every year. This market has been actively growing for several years and is likely to continue to do so. However, the popularity of Token Sales procedures, including ICOs, IEOs, and STOs, makes them a prime target for fraudsters and other criminals.

One such solution to protect token sales from various types of threats is Kaspersky Penetration Testing. It is a practical demonstration of possible attack scenarios where a malicious actor may attempt to bypass security controls in a corporate network to obtain high privileges in important systems. This will give a greater understanding of security flaws in infrastructures, revealing vulnerabilities, analyzing the possible consequences of different forms of attack, evaluating the effectiveness of your current security measures, and suggesting remedial actions and improvements.

Based on leading security intelligence and advanced machine learning technologies, Kaspersky Anti Targeted Attack Platform combines network data, sandbox, and intelligent analysis to correlate incidents, search for indicators of compromise and attacks, and help uncover the most complex targeted attacks. Connecting up the various pieces of an incident provides a comprehensive view of the entire attack chain, increasing confidence in assigned threat scores and reducing false positives to zero.

The Kaspersky Anti Targeted Attack Platform includes three areas:

Multi-layered sensor architecture – to give ‘all-round’ visibility. Through a combination of network, web, and email, and endpoint sensors, the Kaspersky Anti Targeted Attack Platform provides advanced detection at every level of your corporate IT infrastructure.
Advanced Sandbox – to assess new threats. The result of over a decade of continuous development, our Advanced Sandbox offers an isolated, virtualized environment where suspicious objects can be safely executed so their behavior can be observed.
Powerful analytical engines – for rapid verdicts and fewer false positives. The Targeted Attack Analyzer assesses data from network and endpoint sensors and rapidly generates threat detection verdicts for the security team.

Can you share with us Kaspersky’s solutions regarding investor protection?

In the crypto-economy, trust and assurance are essential to building up your customer base.

Kaspersky’s comprehensive solution is designed to protect token sales from various types of threats related to vulnerabilities in smart contracts and web platforms. We provide thorough code reviews, phishing detection, incident response, and education for staff.

Businesses can protect investors through this multi-pronged approach:

Perform an Application Security Assessment that analyses the state of security of applications (be it a decentralized or a traditional one);
Conduct Penetration Testing to identify weak spots in their systems and to ensure that hackers won’t penetrate them easily;
Initiate a Smart Contract Code Review that identifies flaws and undeclared features, as well as finds discrepancies between stated in the supporting documentation and smart-contract business logic;
Employ User Account Takeover Prevention to detect attempts from criminals to get access to user wallets;
Put in place Phishing Protection to provide alerts when phony copies of your website are generated;
Set up an Incident Response service and organize Cybersecurity awareness training to improve the overall level of cybersecurity hygiene;
Empower your system through real-time threat intelligence

Besides, assessing blockchain threats with the same – If not higher – the level of digital scrutiny, becomes imperative in safeguarding both the reputation of blockchain’s immutability and prevention of long-term consequences to compromised crypto-businesses.

Furthermore, acquiring a successful security assessment is an indicator that a business is offering a high quality/product solution/product. This helps to reassure customers that your solutions were robust enough to withstand any cyber-attacks.

Kaspersky’s Expert Take on KYC and AML: Stock vs Crypto Exchanges

Exclusive Interview with Yeo Siang Tiong, Kaspersky: Part Two (Link: Part One)

In Part Two of our interview, Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky shared how Kaspersky provides cybersecurity solutions for stock and crypto exchanges to address KYC and AML concerns. He also walked us through the Kaspersky Application Security Assessment and explained its significance in safeguarding assets in crypto exchanges.

What are the main differences in cybersecurity solutions for stock exchanges and crypto exchanges, in terms of KYC and AML?

The term “know your customer” originally came from financial services. Banks needed to identify their customers, make sure they didn’t cheat, and be able to check their credit history. In 2017, according to a Thomson Reuters survey, KYC procedures took an average of 32 days, up from 28 days in 2016.

The use of digital signatures, once viewed as a possible solution to these problems, cannot obviate the authenticity checks of documents required by KYC procedures. And digital signatures can be forged or stolen.

To safeguard businesses from AML schemes, Kaspersky’s Automated Fraud Analytics helps businesses minimize fraud-related costs and reduce the risk of fines for non-compliance from regulating organizations. It adds an extra level of knowledge of industry-specific fraud and money-laundering scenarios, through access to fraud intelligence, combining this knowledge with advanced technologies that automatically detect serious incidents at early stages.

With the help of machine learning algorithms, the solution then correlates these findings with the patterns of account takeover, new account fraud, and money laundering, via Kaspersky Fraud Prevention Cloud and global fraud intelligence based on big data. Due to the linking and mapping functionality, the solution can also automatically identify cross-organizational money laundering schemes by looking for correlations between typical profiles, devices used, behavioral patterns and many other details of the sessions that are known to be involved in similar operations.

Can you walk us through the Kaspersky Application Security Assessment for crypto exchanges? What are the differences between, black-box, grey-box and white-box testing?

Kaspersky’s Application Security Assessment Services uncover vulnerabilities in applications of any kind, from large cloud-based solutions, ERP systems, online banking and other specific business applications, to embedded and mobile applications on different platforms (iOS, Android and others).

Kaspersky Application Security Assessment Services help application owners and developers to:

i) Avoid financial, operational and reputational loss, by proactively detecting and fixing the vulnerabilities used in attacks against applications

ii) Save remediation costs by tracking down vulnerabilities in applications still in development and test, before they reach the user environment where fixing them may involve considerable disruption and expense.

iii)  Support a secure software development lifecycle (S-SDLC) committed to creating and maintaining secure applications.

iv) Comply with government, industry or internal corporate standards covering application security, such as PCI DSS or HIPAA

Applications assessed can include official web sites and business applications, standard or cloud-based, including embedded and mobile applications. The services are tailored to your needs and application specifics, and may involve:

i) Black-box testing – emulating an external attacker

ii) Grey-box testing – emulating legitimate users with a range of profiles

iii) White-box testing – analysis with full access to the application, including source codes; this approach is the most effective in terms of revealing numbers of vulnerabilities

Stay tuned for Part 3 of the interview on the latest mining malware for 2020!

3 Ways Blockchain is Transforming Cybersecurity

People have become more tech-savvy as they are considerably embracing various technological innovations, such as the internet and blockchain. As a result, the online world has become a beehive of activities as people transact, communicate, and gather a wide range of information, among others. 

Nevertheless, safety concerns have risen as hackers and fraudsters continue wreaking havoc in the online world. The situation is becoming worse because hackers have become more sophisticated with their activities. For instance, the worldwide cybercrime sector is speculated to garner $1.5 trillion annually, and this has become a worrying trend. 

This has, therefore, compromised cybersecurity measures as the present measures of protecting data, programs, networks, and computers are being breached. Blockchain technology ensures that data is stored in immutable distributed ledgers.

United States Department of Defense Tests Out Blockchain Technology to Enhance Cybersecurity

1. Averting DDoS attacks

Distributed denial of service (DDoS)attacks usually happen after different methods are deployed to send frequent junk requests to a particular website. Therefore, traffic to this website is enhanced to the point that it becomes overwhelming. This hampers the loading of any page, and ultimately, the website crashes. 

DDoS attacks often originate from the prevailing domain name system (DNS), a partially decentralized IP address holder that acts as an internet’s phone book. It, therefore, means hackers can easily penetrate the centralized segment of DNS that stores the primary data bulk. Some reputable companies, such as Twitter and Spotify, have been victims of DDoS attacks. 

By leveraging on blockchain technology, DNS would be entirely decentralized as data would be distributed to numerous nodes making it almost impossible to hack. This would grant domain owners with domain editing rights in case changes are required. 

Some companies are already utilizing blockchain to prevent DDoS attacks. For example, Blockstack,a decentralized computing network and app ecosystem, offers an entirely decentralized DNS option. Therefore, it decentralizes the whole worldwide web by eliminating all third parties needed in managing databases, ID systems, and web servers.

2. Authenticating downloads 

Computer viruses, worms, and trojan horses have manifested themselves in different forms. As a result, their detection is proving to be cumbersome, especially for those people without precise expertise.

Malware and ransomware have become crafty to the extent that they pretend to be legal apps, and this significantly compromises cybersecurity. Notably, it is predictedthat 230,000 new malware samples are generated daily. Blockchain can come in handy in offering software downloads exclusive hashes that enable users to distinguish between unwanted downloads and those from the real developers.

3. Offering consensus mechanisms

Blockchain could propel cyber defense needed in averting fraud by providing consensus mechanisms, such as immutability, auditability, data encryption, transparency, and operational resilience. 

Notably, these solutions could be used in detecting data theft because blockchain uses distributed ledger technology and cryptography in the encryption of information. Additionally, the verification process offered by blockchain is instrumental in red-flagging inconsistencies. These mechanisms would be ideal as 90% of hackers use encryption to cover up their tracks. 

Cyberattacks have proven to be detrimental in the present society as they make the loss of data and funds inevitable. For instance, in 2019, healthcare breaches were the highest at 65% compared to any other industry. Blockchain can, therefore, propel cybersecurity in various ways, such as offering fraud and DDoS attack protection.

For more insights in cybersecurity

Kaspersky’s Expert Take on KYC and AML: Stock vs Crypto Exchanges

How Kaspersky Protects Investors During Token Sales in 7 Ways

PowerGhost: The Mining Malware to Watch in 2020

Kaspersky: 80% of People Have Never Purchased Cryptocurrency

PwC Felix Kan: The Ethical Hacker for Modern Cyberattacks

Image by Ilya Pavlov via Unsplash

US Treasury Sanctions Two Men Accused of Laundering Crypto for North Korean Cyber Crime Syndicate

The US Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned two men believed to be involved in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

The Chinese nationals, Jiadong Li and Yinyin Tian have been added to the OFAC’s Specially Designated Nationals List according to an update by the US Treasury earlier today. The two men are believed to be a part of the Lazarus group, a cybercrime syndicate alleged to be working in collusion with the North Korean government and OFAC has blacklisted 20 Bitcoin addresses associated with the pair.

Sanctioned Chinese Nationals

According to a press release on March 2, Tian and Li received roughly $91 million that had been stolen in an April 2018 hack of an unnamed cryptocurrency exchange from DPRK-controlled accounts and an additional $9.5 million from a hack of another exchange.

It has been deduced by OFAC that Tian and Li transferred the currency among a series of addresses, siphoning off a small portion to an alternate address with each transfer. This process of laundering the US treasury describes as a “peel chain.”

As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of US persons, including the 20 BTC accounts, must be blocked and reported to OFAC.

North Korea’s Ties to Cyber Crime

The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.

On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).

As reported by Blockchain.News, the Lazarus group also made headlines in December 2019 when security researcher Dinesh Devadoss, encountered a newly designed piece of cryptocurrency-focused macOS malware software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. All evidence pointed to the work of the North Korean cyber group.

The Treasury strongly believes that North Korea’s malicious cyber activity is a key revenue generator for its totalitarian regime often targeting cryptocurrency exchanges.

The release does not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

US Court Indicts Alleged Lazarus Group Members in $250 Million Crypto Exchange Theft

While blockchain is promoted as being cryptographically secured as the underlying technology for cryptocurrency, exchanges that hold them are still prone to cyberattacks.

Two Chinese nationals, Tian YinYin and Li Jiadong were sanctioned yesterday by the US Government for their alleged involvement in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

Grand Jury Indictment

Court documents released via Twitter by Seamus Hughes at Program on Extremism reveal that the United States District Court for the District of Columbia issued an indictment against the two individuals in a massive cryptocurrency theft against an unnamed exchange. The grand jury for the case was sworn in on May 7, 2019.

Tian and Li who also go by their GOT inspired online aliases, Snowsjohn and Khaleesi respectively, have been charged with stealing nearly $250 million worth of virtual assets between July 2018 and April 2019.

According to the court documents, Tian and Li both held accounts at two different unnamed cryptocurrency exchanges. The pair violated legal requirements set out by the Financial Crimes Enforcement Network (FinCEN) by converting virtual currency into fiat currency in exchange for fees; the pair effectively operated as an unlicensed money transmitting business.

Tian and Li transferred over $100 million worth of Bitcoin between each other’s US accounts and China accounts engaging in a form of cryptocurrency laundering know as a “peel chain” before the hack occurred. Other forms of laundering mainly consisted of converting Bitcoin to USD, Chinese Yuan, and iTunes gift cards.

Tian and Li Linked to Lazarus Group

As announced by the US Treasury on March 2, Tian and Li have been identified for their connection to the North Korean state-sponsored cyber-crime syndicate known as the Lazarus group.

The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.

On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).

The court documents do not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

Exclusive: Blockchain Beats AI and Big Data for the Highest Average Annual Salary in the UK

In the discussion of disruptive technologies, you may have the following questions in mind: i) Where are the most disruptive businesses?; ii) Which disruptive tech is the highest paying ones?; iii) Which industry has the highest number of disruptive tech businesses? These answers can be found by an exclusive report shared with Blockchain.News.

State of Disruptive Technology

The report titled “The Disruption of Disruptive Tech” by Capital on Tap highlighted the state of disruptive tech adoption in early 2020. The US had the most businesses in various disruptive technologies, with 71% dominance in cloud consulting and 53% in cybersecurity. For blockchain businesses, the report cited that US ranked 1st with 407 businesses. We believe this does not account for the “Chinese influence”: there were 788 blockchain enterprises established in Hunan province alone in 2019. In the industry perspective, information technology (2,552) and financial services (2,178) had the most disruptive technology businesses, followed by healthcare and medical (2,138).

Source: Capital on Tap

Source: Capital on Tap

Blockchain Jobs: The Highest Paid Roles in Disruptive Technology?

The report revealed that blockchain has the highest average annual salary in the UK (GBP 75,000), followed by Big Data (GBP 70,000) and machine learning (GBP 65,000). According to LinkedIn, blockchain is one of the most in-demand hard skills for employees in 2020. There are 4 blockchain skillsets highly sought by employers: business acumen, tech literacy, data analysis, and hacker mentality. The possession of these skillsets is highly relevant to tackle the talent shortage issues in the blockchain industry or FinTech in general.

We have noticed that job scarcity does not correlate with the salary payment. While Augmented Reality (AR) had the lowest average annual salary (GBP 45,000) and least vacancies (76), business intelligence ranked second-lowest (GBP 52,500) with the most vacancies (7,027).

Source: Capital on Tap

Exit mobile version