Malicious binary mining ring uncovered

Chris Dannen

By Chris Dannen

A study by two European academics reveals an ingenious two-headed scheme to steal processing power from unsuspecting users and systems, in order to mine Monero and Bitcoin.

A multimillion-dollar criminal crypto-mining ecosystem has been uncovered
"Pastrana and Suarez-Tangil estimate that this kind of crime has generated more than $50 million. And they go on to reveal how the cybercriminals carry out their crimes. 'To the best of our knowledge, this paper presents the largest systematic study of malicious binary-based crypto-mining,' they say."

Other News

'Dark day for internet freedom': EU lawmakers approve controversial copyright reform
"The European Parliament has voted to adopt the highly controversial Article 13 provision which would govern the production and distribution of content online under the auspices of increasing copyright protections. Tuesday’s move will update the EU's 20-year-old copyright rules and will govern audiovisual content, much to the dismay of many social media users who have already begun outpouring their grief online. However the parliament said in a statement that sharing memes and gifs has been protected 'even more than it was before' and they will continue to be available and shareable on online platforms."

Stellar Suffered (and Quietly Patched) a 2.2 Billion XLM Inflation Bug in 2017

  • "In 2017 an attacker was able to exploit a concurrency bug in the Stellar protocol's "MergeOPFrame::doApply" function, and create 2.25 billion $XLM worth approximately $10 million at the time.
  • This illicit inflation represented nearly 25% of circulating supply in April of 2017, but public disclosures at the Stellar Development Foundation (“SDF”) regarding the event were relatively muted, and no media seems to have previously reported on the bug or the SDF’s subsequent decision to burn an equivalent amount of XLM from its community reserve to offset the illicit inflation.
  • The affected addresses and related records of the bug are no longer accessible on Stellar Expert or other block explorers, but our research team was able to track the historical transactions through the Horizon client transaction history.
  • The $XLM that was created was moved to exchanges and likely sold amidst the market run-up during the first half of 2017."

The Lightning Network (Part 2) – Routing Fee Economics
"BitMEX Research examines the market dynamics of Lightning network routing fees and the financial incentives for Lightning node operators to provide liquidity. We identify the interrelationship and balance between Lightning routing fees and investment returns for channel liquidity providers, as a major challenge for the network, rather than the computer science aspects of the routing problem. We conclude that if the Lightning network scales, at least in theory, conditions in wider financial markets, such as changing interest rates and investor sentiment may impact the market for Lightning network fees. However, regardless of the prevailing economic conditions, we are of the view that in the long term, competition will be the key driver of prices. Low barriers to entry into the market could mean the balance favours users and low fees, rather than investment returns for liquidity providers."

Cryptonetworks Inflation

Is Software Eating The Useless Class?
"But Obama describes a deeper issue: 'High skilled people do well in these systems. They can leverage their talents with machines to extend their reach, their sales, their products, their services. Low wage, low skill individuals become more and more redundant and their jobs may not be replaced, but wages are suppressed.' ... Technology isn’t killing jobs (for now). But it is suppressing wages. And as the ordinary worker contributes less and less as elite tech workers produce more and more, ordinary workers wages will continue to fall. In time, wages will fall to zero. In time, technology will kill their jobs."

Binance Partners with IdentityMind to Enhance Compliance and Data Security Measures
"IdentityMind, a risk management and RegTech compliance platform with Know Your Customer (KYC) and Anti-Money Laundering (AML) services (‘Digital Identities You Can Trust’), announced today its partnership with Binance, the world’s leading cryptocurrency exchange by trading volume and users. As part of a joint mission to help raise the industry’s standard, Binance and IdentityMind have begun undertaking steps to improve existing data protection and compliance measures for Binance’s global operations. "

Avalon Bitcoin Miner Maker Canaan Is Plotting Another IPO Attempt
"Canaan Creative, manufacturer of the Avalon bitcoin miner, is considering another attempt to go public, people familiar with the situation said. According to one source, the company’s main shareholders are discussing a plan to list its shares on the newly created Science and Technology (Sci-Tech) Innovation Board within the Shanghai Stock Exchange."

Bitmain’s IPO application expires; company appoints new CEO
"While Bitmain says it will restart the listing application work, it does not state when it will take place. However, if Bitmain does not manage to go public, the company might be liable to return as much as $715 million to its investors, CoinDesk writes. The company has also confirmed the two co-founders Micree Zhan and Jihan Wu have stepped down from their co-CEO roles. They, however, still remain Bitmain’s directors and will provide guidance regarding the company’s strategic development. Wang Haichao has officially taken over the CEO position. According to Bitmain, 'Haichao not only has extensive experience in the chip industry but also succesfully headed-up multiple departments at Bitmain.'"

Most Crypto Exchanges Still Don’t Have Clear KYC Policies: Report
"As revealed exclusively to CoinDesk, a global study of 216 exchanges by the reg-tech startup Coinfirm found 69 percent of these businesses do not have 'complete and transparent' know-your-customer (KYC) procedures. The study also found that only 26 percent of exchanges had a 'high' level of anti-money laundering (AML) procedures, such as ongoing transaction monitoring and in-house compliance staff with experience in AML. While some people may see anonymous trading as a feature of the cryptocurrency market, it can also enable problematic business practices and criminal or terrorist activity. Coinfirm CEO Pawel Kuskowski told CoinDesk many such platforms require just a crypto wallet address to get started."

Apple’s Services Event
"That leaves Cook’s final line: At Apple, the customer is, and always will be, at the center of everything that we do. Frankly, with the possible exception of Apple Arcade, it is hard to see this sentiment in yesterday’s announcements; I’m not saying any of these services are customer hostile, but most of them are imitations of what other companies are already doing, the revenues of which Apple wants a cut of. And that’s okay: a growing Apple is better placed to build the next great product that changes customers’ lives. Still, I can’t help but think of a famous Steve Jobs quote: 'I want to put a ding in the universe. Your time is limited, so don’t waste it living someone else’s life. Don’t be trapped by dogma — which is living with the results of other people’s thinking.'
Yesterday didn’t have many dings, and fair bit of other people’s business models. Only time will tell if the diversion from what the company does best leaves Apple trapped."

Tech Companies Are Using Your Face to Build a Nightmarish Dystopia
"All of this raises giant red flags for a number of reasons. Only three U.S. states currently have any laws requiring prior consent for the gathering and processing of biometric data, meaning millions of individual faces may be in training datasets without those subjects’ agreement or even knowledge. Tech companies and other large businesses have been shown to be completely unreliable in their handling of their vast troves of data, meaning your facial data, gathered without your permission, could wind up nearly anywhere."