US Treasury links crypto addresses to Iranian ransomware scam

The U.S. Department of the Treasury has identified two separate wallet addresses linked to the latest Iranian crypto ransomware plot.

The department’s Office of Foreign Assets Control (OFAC) announced that two Iranian citizens, Ali Khorashadizadeh and Mohammad Ghorbaniyan, are to be added to its sanctions list, along with two crypto addresses linked to these individuals.

Including the crypto addresses within the scope of sanctions on Iran marks the first time a regulator has had to resort to blacklisting crypto wallet addresses on this basis. The wallet addresses will be included alongside other identifying information, such as their personal addresses, email addresses and known aliases.

OFAC had previously confirmed it would be including crypto wallet addresses in the data, in order to prevent Iranian actors from relying on cryptocurrency to evade sanctions.

Treasury Undersecretary for Terrorism and Financial Intelligence Sigal Mandelker said the move would stop illicit actors from relying on cryptocurrency to avoid sanctions.

“We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives,” Mandelker said. “As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes.”

Khorashadizadeh and Ghorbaniyan are specifically linked to the SamSam ransomware, which has exploited over 200 organisations over a period of several years, including hospitals, government departments and universities.

The ransomware worked by holding data hostage, and demanding a ransom to be paid in BTC to the identified addresses.

The decision will be a blow to criminals and scammers worldwide, who continue to use crypto to avoid the detection of authorities in a number of criminal applications, including funding rogue states and financing terrorism.

It also means exchanges will now be held responsible for ensuring they don’t send funds to these addresses or individuals, with secondary sanctions warned against those who fail to comply.

The post US Treasury links crypto addresses to Iranian ransomware scam appeared first on Coingeek.

Read More

Malicious code injected into BitPay’s Copay wallet steals private keys

Copay, the multisignature wallet from BitPay, described itself as a “secure, shared Bitcoin wallet.” That, apparently, hasn’t been the case for the past several months.

On Monday, BitPay warned users that its open-source wallet has been compromised by a malware that “could be used to capture users’ private keys.” According to the blockchain payments company, users “should assume that private keys on affected wallets may have been compromised”—specifically versions 5.0.2 through 5.1.0 of the Copay and BitPay apps—and they should move their funds to the 5.2.0 version of the app immediately.

The malicious code in question has been injected into a Node.js module called Event-Stream by a new user who given access to the popular JavaScript library by its original author three months ago. Dominic Tarr, previous maintainer of the repository, said he entrusted its development to a new user called right9ctrl who “wanted to maintain the module.”

The new maintainer then proceeded to release Event-Stream 3.3.6 containing Flatmap-Stream library 0.1.1, where the malicious code resides. On GitHub, Ayrton Sparling explained: “He added flatmap-stream which is entirely (1 commit to the repo but has 3 versions, the latest one removes the injection, unmaintained, created 3 months ago) an injection targeting ps-tree. After he adds it at almost the exact same time the injection is added to flatmap-stream, he bumps the version and publishes. Literally the second commit (3 days later) after that he removes the injection and bumps a major version so he can clear the repo of having flatmap-stream but still have everyone (millions of weekly installs) using 3.x affected.”

The malicious code only executes successfully if its’s used inside the Copay source code, stealing a user’s wallet information such as private keys, which it sends to the copayapi.host URL on port 8080. According to user Nicolas Noble, “If your overall application has both this malicious package and “copay-dash”, then it’s going to try stealing the bitcoins stored in it.”

BitPay said its BitPay app was not vulnerable to the code, noting that it’s still investigating whether the code vulnerability affected any Copay users. BitPay warned, “Users should not attempt to move funds to new wallets by importing affected wallets’ twelve word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.”

At press time, the Event-Stream 3.3.6 version has already been taken down, although the Event-Stream library remains available after Right9ctrl released other versions of the module in an effort to hide his malicious code. And the damage, as they say, has been done.

The post Malicious code injected into BitPay’s Copay wallet steals private keys appeared first on Coingeek.

Read More

Four bogus wallets removed from Google Play Store

Four fake cryptocurrency wallet apps were recently found on the Google Play Store, and subsequently taken down.

Malware researcher Lukas Stefanko said in a blog post that he found that the apps “tried to trick users either into luring their credentials or impersonating cryptocurrency wallets.” These apps gave the impression of legitimacy by the use of known names, such as Neo, Tether, and Meta Mask.

The fake Meta Mask app, according to Stefanko, is classified in the phishing category, as it sought to obtain the private keys and wallet passwords of users. The three other wallets, of which there were two Neo wallets, and one Tether, were created by the same person, whose public address was given for users to transfer their money into, while the private key remained with the creator of the app. Stefanko showed how he had created two different accounts, where the same public address was displayed for receiving funds.

He noted that the apps had been created with a drag-and-drop app builder, where no coding knowledge was needed. “That means that —once Bitcoin price rises and starts to make it into front pages— [then] literally anyone can ‘develop’ simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet,” he said.

Stefanko himself reported the apps to Play Store, which soon after removed them.

In a tweet, he warned those looking for wallet apps to “always go through comments” among reviews of an app “before installing apps— it can save you some trouble.”

 

Last August, it was reported that one app in Play Store, listing ‘Google Commerce Ltd’ as developer, was asking $388 for one ETH, for which those who payed received a mere image of an ETH token.

ETH has been identified by cybersecurity company Kaspersky as a favorite target of phishing scammers, where users are lured to websites that are made to look like actual sites for wallets or trading. Aside from this, the scammers have also used social media to get users to put their funds in the scammers’ accounts.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Four bogus wallets removed from Google Play Store appeared first on Coingeek.

Read More

Yenom developers introduce Bitcoin BCH proposal platform for Dapps

The development team behind the Yenom cryptocurrency wallet apparently doesn’t ever stop working. After introducing their successful wallet, they then introduced the Deep Link Payment Protocol (DLPP), a one-click method for paying with Bitcoin BCH on any website. Now, they’re at it again, this time launching a new proposition model for decentralized applications (Dapps).

The model, the Bitcoin Dapps Improvement Proposal (BDIP) standard, is designed to allow for easy classification of new Dapps on the Bitcoin BCH network. It also provides a mechanism that describes the function of the Dapp and any associated processes.

According to the BDIP GitHub repository, “The BDIP should provide a concise technical specification of the feature and a rationale for the feature. The BDIP author is responsible for building consensus within the community and documenting dissenting opinions.”

BDIP serves a much-needed purpose. It allows the community to track applications built on the Bitcoin BCH blockchain, as well as to provide feedback, find out if the developers are still active and check the status of any implementation or issue.

The repository explains, “For Bitcoin dapp implementers, BDIPs are a convenient way to track the progress of their implementation. Ideally, each implementation maintainer would list the BDIPs that they have implemented. This will give end users a convenient way to know the current status of a given implementation or library.”

By design, there would be three types of BDIPs – a standard track, an informational BDIP and one for the processes involved in the Bitcoin BCH application. Any proposal is required to meet all of the criteria and must describe in detail the application’s intentions. The developers suggest that BDIP authors “bet their own project” to ensure that it has utility and is original. They explain in the repository, “[This] helps to make sure the idea is applicable to the entire community and not just the author.”

The first BDIP has already been created. Gabriel Cardona, who created Bitbox, announced on Twitter that he had created Dapp ID, which is a “unique identifier for a single dapp protocol with the specification of the dapp.”

Yenom developers haven’t shown any signs of slowing down. Apart from DLPP and BDIP, they also won the first BCH Devcon recently held in San Francisco and have also introduced a Bitcoin Cash Kit, which contains a Bitcoin BCH library for iOS software development.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Yenom developers introduce Bitcoin BCH proposal platform for Dapps appeared first on Coingeek.

Read More

Handcash developers release Bitcoin BCH developer’s kit

The developers of the popular Handcash wallet have released their latest creation. They have introduced a software developer’s kit (SDK) called Cashport, which uses Bitcoin BCH as a payment rail and connects to the Handcash wallet. It allows for easier onboarding with users of Handcash and, even better, is free to use. The only fees are those associated with Bitcoin BCH transactions, which are the lowest among the leading cryptocurrencies.

When the project was discussed on Reddit, one user asked if it was similar to a combination of Cash Id and the Money Button. Alex Agut, who was behind Handcash’s designed, said that the correlation was close, but that Cashport went further. He explained, “[Cashport] is also for mobile apps and games — the goal is to create an ecosystem where your money is always available through thousands of apps and games. Just one account — No more deposits or withdrawals, copy and paste or QR codes — Just flows.”

Cashport sits in the background without needed user interaction. This gives developers the ability to focus on the creation of their applications and user experiences. This can be especially beneficial in the development of apps that use a pay-per-minute model or deal with micropayments. Agut asserted, “We wanted a very easy way for developers and businesses to implement micropayments with zero bitcoin knowledge.”

Cashport is a non-custodial solution. This is an added feature and gives users a greater amount of security, as the platform never holds any user funds. The SKD has been made available for typescript and Android systems, with both being offered as open-source applications on GitHub. An iOS version is expected to be released sometime soon.

According to the developers, Cashport is going to be a vital component to monetize user interactions while allowing developers to focus on new app creation. With just a few API (application program interface) keys and the implementation of the SDK, “money has never been simpler.”

This latest application is another example of why the Bitcoin BCH blockchain is continuing to become more important to the digital currency ecosystem. It is the only cryptocurrency that is being developed to serve the real purpose of being used as a peer-to-peer currency and constantly gaining wider adoption because of its strength and value as an alternative to fiat.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Handcash developers release Bitcoin BCH developer’s kit appeared first on Coingeek.

Read More

My third step in BCH: moving crypto to a wallet

The story so far: I’ve set up a wallet with Bitcoin.com. And then I used the Coinbase exchange to convert some pounds into cryptocurrency, in the form of Bitcoin BCH.

For my next trick, I’m going to attempt to move the crypto from the exchange into my Bitcoin.com wallet, so that I’m ready to spend it.

I’m starting where I left off last time, in the Coinbase account on my laptop. Clicking on Accounts at the top of the page takes me to a screen with a list of currencies. The only one with any money in is BCH – the £20 I transferred to it last time.

My third step in BCH: moving crypto to a wallet

I’m trying to move the money into my Bitcoin.com wallet, from where I’ll be able to spend it. I click on Send and get to this:

My third step in BCH: moving crypto to a wallet

I need fill in the Recipient box with an address that will tell Coinbase where I want the money sent to, so I go to my phone and open my Bitcoin.com account – which will be the recipient:

My third step in BCH: moving crypto to a wallet

I click Receive and am shown a QR code. Tapping it copies the long code underneath the QR image to my clipboard. This is my Public Key – the crypto equivalent of an email address, a way of telling people where they can send me money.

I paste it into an email, send it to myself and open it on my laptop (just because it’s such a long code, this is a quick way to access it on my laptop (or I could have photographed the QR image with my laptop camera).

Now back on Coinbase (on the screen two up from here), I paste the long code into the Enter a BCH address box, choose to send $10 and press Continue at the bottom. Coinbase sends a verification code to my phone and I enter that on my laptop and Confirm.

It works! Bitcoin.com shows that I have money in my wallet:

My third step in BCH: moving crypto to a wallet

All that remains is to work out how to spend it. That’s for next time.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post My third step in BCH: moving crypto to a wallet appeared first on Coingeek.

Read More

Japan’s SBI lays out plans for proprietary crypto wallet

Japanese financial services giant SBI Group has teamed up with blockchain security startup Sepior to create a “secure online wallet” for its recently launched cryptocurrency exchange.

SBI Group announced the agreement to license Sepior’s Threshold-Sig Wallet Security technology. According to the Japanese company, SBI and Sepior will jointly develop a proprietary wallet to secure the online contents and transactions on SBI’s Virtual Currencies exchange platform, VCTRADE.

Sepior said its threshold technology uses signatures based on multiparty computation (MPC) to provide a high level of wallet security. MPC is a cryptographic method that allows secrets to be shared between different parties without revealing the secrets. Sepior’s key protection approach involves eliminating the need for any device or entity to possess the entire private key at any time, making it effectively impossible for an attack to result in key theft.

Currently, SBI Virtual Currencies is the first cryptocurrency exchange in Japan that is backed by a bank. Sepior’s threshold wallet enables rapid signing of transactions involving many parties.

Yoshitaka Kitao, CEO and president of SBI Holdings, said, “After extensive investigation, our security research team determined threshold signatures based on multiparty computation (MPC) offered our desired level of security, performance, and scalability needed to manage transactions for our growing SBI Virtual Currencies customer base.”

Ahmet Tuncay, CEO of Sepior, also commented on the new partnership, which he said will help set new industry benchmarks for security, performance and privacy for cryptocurrency exchanges.

SBI Holding and its subsidiaries have been actively involved in the cryptocurrency space. In March, the company purchased a 40 percent stake in Taiwan-based manufacturer of cold wallets CoolBitX. In May, SBI Group decided to back LastRoots, a cryptocurrency exchange that was being watched by authorities. SBI officials stated that their decision to invest in the company was mainly to help the exchange improve its internal systems so that it can eventually get approval from the authorities.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Japan’s SBI lays out plans for proprietary crypto wallet appeared first on Coingeek.

Read More

Sony releases contactless crypto wallet

Sony’s research department continues to innovate in a variety of industries. It has been working on advanced energy supply systems and virtual reality and is heavy into the Internet of Things. Its latest endeavor targets the cryptocurrency industry. Sony Computer Science Labs (SCSL) announced in a press release this past Tuesday that it is preparing to introduce a new hardware crypto wallet.

The wallet isn’t like most hardware wallets. It is a contactless wallet that relies on integrated circuit (IC) technology and is the same size as a credit card. While other similar wallets have already been made available, this is the first that is backed by a large tech giant such as Sony.

The wallet allows a user to access his or her wallet without having to physically plug a USB wallet into a device like a laptop or computer. This eliminates the security risk associated by bypassing networks and devices that might be compromised. As the release details, “In addition, it is possible to securely generate and store a private key with a highly reliable tamper-proof module within the IC card.”

Sony expects the wallet to do much more than just send or receive cryptocurrency. It said in the release, “This IC card-type cryptocurrency hardware wallet technology not only manages the private keys used for cryptocurrency transactions, but also manages private keys used for other purposes, such as those for permitting the use of personal information using blockchain technology.”

These wallets can ultimately be a powerful mechanism for transacting cryptocurrencies. Coupled with technology such as Near-Field Communication (NFC), it will be possible for them to be used exactly like credit or debit cards, but with better security and less fees.

The SCSL isn’t done tweaking the wallet’s final design and still hasn’t decided what to call it. It’s not ready to be introduced to the retail world yet, but, when it is, it will certainly give the competition a run for its money.

Sony has been working hard to advance the cryptocurrency ecosystem. It is involved in several blockchain-projects and already has a few blockchain patents to its credit. One covers a system that enhances blockchain hardware to improve performance and the other envisions a method to use virtual nodes to access a distributed ledger.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Sony releases contactless crypto wallet appeared first on Coingeek.

Read More

The Hivr crypto wallet offers a completely new experience

Despite the market already being saturated with a number of options, there doesn’t seem to be an end to the development of new cryptocurrency wallets. All offer some twist on the technology, but a new player takes things to a whole new level. The Hivr wallet isn’t just a wallet – it’s a social media platform and it was designed specifically for Bitcoin BCH.

Hivr made its debut this past Monday. It is still in beta testing for Android devices only (an iOS version is expected once the bugs are worked out on the Android platform), but has already gathered a lot of attention. It includes the wallet, a social news feed, native tipping and an instant messaging platform. Best of all, its social media posting capability is available for free.

After installing the application from the Google Play Store, the user is prompted to input their credentials or, if a new user, to register. In keeping with the mantra of cryptocurrency, no email address is required for registration.

Once inside the account, users can configure their favorite topics, after which a BCH wallet is created for the account. As an added measure of security in case recovery is needed, a 12-word mnemonic phrase can be configured to backup of the wallet.

The integration of the social media platform is probably one of the coolest features. It allows users to share posts to their feed and accepts photos, GIFs, media files, text posts and URLs. The instant messaging service is a close second, allowing for both individual and group chats. Under every post is a “gift box,” which allows the user to tip BCH to others. Just like all popular social media platforms, Hivr users have the ability to like, repost and leave comments on any posts that appear in their feed.

Projects like these are exactly what the blockchain needs to continue to evolve. They show the versatility and power of Bitcoin BCH and are what the community is all about. CoinGeek welcomes any developer with a new project to contact us so that we can highlight your creation on the site and help to further expand Bitcoin BCH around the world.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post The Hivr crypto wallet offers a completely new experience appeared first on Coingeek.

Read More

Now you can buy beer with crypto, thanks to CoinGeek and friends

For the launch of their new City of London bar, Brewdog, the Scottish brewery and pub chain, wanted to let their customers pay with Bitcoin Cash.

So together with CoinGeek and wallet-provider Centbee, Brewdog helped their first guests to download a wallet and then gave them free Bitcoin Cash (BCH) to put in it and spend at the bar.

Not surprisingly, news of free money and free beer produced a queue that literally went round the block.

Here’s how a crowd from the City – and, as it turned out, from as far afield as Belgium – enjoyed their first experiences of crypto.

Want to know what BrewDog did to accept Bitcoin BCH? Join us at the CoinGeek Week Conference, and learn from the experts how merchants can benefit from Bitcoin BCH. Be part of the cryptocurrency revolution, buy your tickets now via Eventbrite!

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Now you can buy beer with crypto, thanks to CoinGeek and friends appeared first on Coingeek.

Read More
Top