21

Samsung has released its own browser for Windows, featuring agent-based functions powered by Perplexity. The tool "expands the capabilities of the popular PC browser with seamless integration across devices and new AI-based features designed to make web surfing simpler and more intuitive." Samsung Browser on Windows allows users to continue their work when switching from a mobile device. It supports synchronization of bookmarks and browser history. Integration with Samsung Pass enables secure storage of personal data, website logins, and automatic form filling. AI Agent The company has implemented AI agent functions in partnership with Perplexity. The browser understands natural language, page context, tab activity, and simplifies information search and task execution. "The level of intelligence is not limited to answering questions — it allows for tab management, navigation through history, and staying productive without leaving the browser," the announcement states. Samsung Browser analyzes page context and offers more relevant solutions. For instance, when planning a trip, users can request a four-day itinerary based on an open tab. The web browser will analyze the content and create a structured plan. Understanding natural language allows the browser to provide the necessary information more quickly. It can analyze video content, find the desired moment in a clip, and play it. The search through history has also been "enhanced." Instead of using keywords or dates, users can simply state what they need to find. The browser can analyze and compare information from multiple tabs. Samsung Browser is available on devices running Windows 11 and Windows 10 (version 1809 and above). The agent functions have been launched in South Korea and the United States, with plans for geographic expansion. In February, Samsung introduced a new line of S26 smartphones, with artificial intelligence as a central feature of the gadgets.

The American mortgage agency Fannie Mae is set to accept digital assets as collateral. This new product is being launched in collaboration with the lending company Better Home & Finance and the exchange Coinbase. Property buyers will be able to use Bitcoin and the stablecoin USDC for their down payments without needing to sell their assets. This approach allows borrowers to avoid capital gains taxes and penalties for early withdrawal from investment accounts. The mortgage itself adheres to traditional Fannie Mae standards. The key distinction of this new crypto product is the complete absence of margin calls. Should the price of Bitcoin fall, borrowers will not be required to provide additional collateral, and the loan terms will remain unchanged. Market volatility will not trigger liquidation. The company will only seize the collateral if the client is more than 60 days late on their mortgage payment. Special conditions apply to contributions in USDC. The locked assets will generate passive income, which borrowers can use to repay the loan, effectively reducing the real interest rate. The new product primarily targets young investors, including millennials and zoomers. Statistics indicate that around 52 million Americans own digital assets. Many of them find it challenging to save for a traditional cash down payment due to high housing prices, yet they possess capital in cryptocurrency. In the future, the companies plan to expand the range of collateral assets. Clients will be able to secure loans with tokenized stocks, bonds, and shares in other real estate. Back in February, ETHZilla acquired a portfolio of 95 modular home loans for $4.7 million.

• #bitcoin

Between March 4 and 25, bitcoin miner MARA Holdings sold 15,133 BTC for approximately $1.1 billion. The proceeds will be used by the company to repurchase its own bonds. According to a press release, the firm entered into private agreements for redemption with certain holders of zero-coupon convertible senior notes due in 2030 and 2031. The buyback operations are planned to be completed by the end of March 2026. Through these transactions, MARA will save about $88.1 million. Additionally, they will reduce "outstanding debt and potential future capital dilution associated with the possibility of bond conversion." The miner's total debt on securities after the announced redemption round will amount to about $2.3 billion. “Our decision to sell part of our bitcoin assets reflects a strategic capital allocation move aimed at strengthening the balance sheet and ensuring the company's long-term growth. […] This transaction enhances financial flexibility and expands strategic opportunities as we move beyond mining into the realm of digital energy and AI infrastructure,” said MARA CEO Fred Thiel. Leadership Shuffle Following the sale, MARA moved to third place among the largest holders of the leading cryptocurrency among public companies. At the time of writing, the miner's reserves are estimated at 38,689 BTC. Source: BitcoinTreasuries. Treasury firm Twenty One Capital rose to second place with 43,514 BTC. Strategy remains in the top spot with 762,099 BTC. Amid the bond buyback announcement, MARA shares jumped 12% after the trading session opened. Source: Yahoo Finance. In March, MARA published its financial report for the fourth quarter of 2025. The net loss amounted to $1.7 billion compared to a profit of $528.3 million the previous year.

• #bitcoin

In 2026 the bitcoin-mining industry is undergoing a sweeping transformation. The effect of halving and shrinking margins has forced miners of the original cryptocurrency to overhaul their business models. Some are pursuing aggressive acquisitions; others are diversifying by leasing capacity for AI workloads. ForkLog examined the distinctive strategies of the leading mining firms. The material uses data on the operational hashrate (EH/s) of mining companies actually deployed in production, sourced from the aggregator BitcoinMiningStock as of March 25, 2026. The estimated cost to mine 1 BTC includes electricity and other company expenses. Figures are drawn from Q4 2025 financial reports published by TheEnergyMag. Top ten bitcoin miners by operational hashrate. Source: BitcoinMiningStock. 1. Bitdeer Technologies (BTDR) Founded: 2020 Operational hashrate: 68 EH/s Cost to mine 1 BTC: $93,986 Founded by Jihan Wu, Bitdeer is, for now, the chief beneficiary of 2026. Its operational hashrate rose 655% year on year. Unlike most rivals, the company uses ASIC chips of its own design. Bitdeer’s data centres span the globe, from Texas and Ohio to Norway and Bhutan. In-house ASIC devices and access to cheap green power keep direct mining costs low—$52,660. At the start of 2026 the miner accelerated its shift to AI infrastructure—launching GPU clusters from Nvidia in Malaysia and planning to repurpose sites in the US and Europe. In February, to cover expenses, Bitdeer sold all mined and held coins—about 943.1 BTC (~$66m at the time of writing). 2. MARA Holdings (MARA) Founded: 2010 (pivot to mining in 2017) Operational hashrate: 61.7 EH/s Cost to mine 1 BTC: $108,271  In 2017 the company radically shifted from intellectual-property enforcement in technology to cryptocurrency mining. MARA is the second-largest holder of bitcoin among public companies. Beyond mining, it periodically adds to its reserves. As of March 25, 2026 it had under management 52,850 BTC worth $3.77bn.  In addition to sites in Texas, North Dakota and Nebraska, the company’s footprint has expanded to facilities in the UAE, Finland and Paraguay at the Itaipu hydropower plant. The fleet is built around Bitmain Antminer S21 and S21 Pro. In February 2026 MARA unveiled a multi-year transformation strategy—“from a pure bitcoin miner to an energy and digital infrastructure company”.  The firm obtained the right to invest up to 50% in each project, while retaining the option to continue mining at sites with favourable power tariffs. 3. CleanSpark (CLSK) Founded: 1987 (pivot to mining in 2020) Operational hashrate: 43.2 EH/s Cost to mine 1 BTC: $73,499 CleanSpark began as a developer of software for local grid management—an engineering background that became its trump card in mining. The company’s direct cost to mine 1 BTC was $52,510. Source: TheEnergyMag. CleanSpark earned its giant status during the crypto winter of 2022. While competitors choked on debt, the company, with a strong balance sheet, began methodically buying discounted sites and the latest ASIC miners. A strategy of aggressive acquisitions of rivals and expertise in power distribution secured it a place in the top three. CleanSpark is firmly rooted in the United States—its core infrastructure is concentrated in Georgia, Mississippi and Wyoming. The company is one of the world’s largest buyers of Bitmain Antminer S21, achieving a fleet efficiency of 16.07 J/TH. CleanSpark uses substantial bitcoin reserves (13,099 BTC) as working capital, obtaining credit lines secured by cryptocurrency. In parallel, the firm is adapting its infrastructure for AI, expanding its team and seeking tenants for compute. 4. IREN (IREN) Founded: 2018 Operational hashrate: 43 EH/s Cost to mine 1 BTC: $64,222 The Australian project IREN, founded by the Roberts brothers, made an uncompromising bet on renewable energy from the outset. In 2022, however, as profitability fell, the company had to hand over part of its ASIC miners to a lender. It preserved the essentials—data centres and power infrastructure. Having weathered the crisis, IREN staged one of the industry’s most successful comebacks. It was among the first to buy Nvidia flagship GPUs at scale for cloud AI workloads. A hybrid model of mining and data centres, together with a complete abandonment of cryptocurrency reserves, made IREN attractive to investors, as reflected in a record $13.6bn market capitalisation. IREN’s facilities are located in Canada’s British Columbia and Childress, Texas. Reliance on hydro and wind power lowered direct costs to mine 1 BTC to $38,000, making the company a leader in energy efficiency. 5. Riot Platforms (RIOT) Founded: 2000 (pivot to mining in 2017) Operational hashrate: 34.9 EH/s Cost to mine 1 BTC: $101,316 Originally called Bioptix, the firm made diagnostic equipment for veterinary medicine. Today all Riot’s capacity is concentrated at its Rockdale, Texas site (700 MW, immersion cooling). Mega-sites are under construction in Corsicana (1,000 MW, immersion cooling) and Kentucky (60 MW, air cooling). Unlike most rivals dependent on Bitmain, Riot has a strategic partnership with manufacturer MicroBT. It has bought WhatsMiner M66S and M56S+ models designed specifically for liquid cooling. Thanks to contracts with Texas grid operator ERCOT, the company receives colossal “power credits” for voluntarily shutting down equipment during peak state-wide loads. In January 2026 the company purchased for $96m a plot of roughly 81 hectares next to its flagship Rockdale data centre. It financed the deal with its own funds by selling 1,080 BTC. Under an agreement with AMD, Riot will provide the partner with a phased rollout of AI compute in January–May 2026. 6. Cango (CANG) Founded: 2010 (pivot to mining in 2024) Operational hashrate: 34.55 EH/s Cost to mine 1 BTC: $82,026 Historically, Cango is a Chinese financial platform for the auto industry. But in late 2024, hundreds of millions of dollars of surplus capital were directed to acquiring ASIC miners and crypto infrastructure. The manoeuvre allowed the company, in barely a year, to burst into the top tier of global bitcoin mining, overtaking many market veterans. Cango’s fleet consists of Bitmain Antminer S19 XP ASIC miners installed at manufacturer-operated sites. This model let the firm scale hashrate quickly without spending the capital and time to build data centres, but it left the company exposed to hosting tariffs. In February 2026 Cango sold 4,451 BTC to reduce debt and strengthen its balance sheet. In March the firm unplugged 30% of its hashrate. Instead of hoarding and mining, it now treats bitcoin as a treasury asset to finance new AI initiatives. 7. HIVE Digital Technologies (HIVE) Founded: 2017 Operational hashrate: 22.2 EH/s Cost to mine 1 BTC: $74,338 For years the company stood out by mining Ethereum on GPUs in parallel with bitcoin, until the network moved to Proof-of-Stake. HIVE then retrofitted its GPU farms for high-performance AI computing. HIVE’s data centres are in regions rich in green energy: Canada, Sweden and Iceland. Cheap hydro and geothermal power in a cold climate lowers cooling costs. In March 2026 HIVE Digital Technologies launched its first AI GPU cluster in Paraguay. Earlier the miner announced it would wind down bitcoin mining in Sweden and expand GPU capacity in Canada. 8. American Bitcoin (ABTC) Founded: 2025 (2017—registration of parent Hut 8) Operational hashrate: 21.9 EH/s Cost to mine 1 BTC: $56,279 The company emerged from a merger with parent Hut 8. Before that, in exchange for virtually its entire fleet of devices, it obtained 80% of American Data Centers, a vehicle backed by investors led by Eric Trump and Donald Trump Jr. The enterprise was relaunched as American Bitcoin. In March 2026 the miner bought an additional 11,298 ASIC devices for its Drumheller (Canada) data centre, with a stated energy efficiency of 13.5 J/TH. The upgrade will add 3.05 EH/s of compute. The fleet will reach 89,242 units. The company ranks among the top three for direct costs to produce 1 BTC, at $46,916. 9. Core Scientific (CORZ) Founded: 2017 Operational hashrate: 15.7 EH/s Cost to mine 1 BTC: $129,945 At the end of 2022, while the world’s largest miner, the company succumbed to debt amid the market crash and troubles at major client Celsius Network and filed for bankruptcy. In early 2024 a court approved reorganisation with a relisting under the ticker CORZ. The return was marked by a deal: in 2024 Core Scientific signed a $3.5bn contract with the AI-hyperscaler CoreWeave to convert part of its data centres for high-performance computing, becoming a locomotive for the convergence of crypto mining and AI. In July 2025 CoreWeave signed an agreement to acquire Core Scientific, valuing it at $9bn. In March 2026 the miner announced the sale of all 2,537 BTC it owned and the receipt of a $500m loan to build AI data centres. The company plans to fund equipment purchases, preliminary construction work, land acquisitions and new power connections for data centres. 10. Bitfarms (BITF) Founded: 2017 Operational hashrate: 12.3 EH/s Cost to mine 1 BTC: $89,494 Canada’s Bitfarms built its business on geographic diversification. While many fought for sockets in Texas, it rolled out farms in Canada, Argentina and Paraguay, where ultra-cheap hydro power is abundant but far from big cities. In 2024 Bitfarms weathered an aggressive hostile-takeover attempt by Riot Platforms. To thwart it, the miner used a classic Wall Street defence—the “poison pill”. After the incident the company carried out a fleet upgrade. Bitfarms placed its main bet on South America, installing 10,000 Antminer T21 units designed to operate in extreme temperatures. At the end of 2025 Bitfarms announced a gradual wind-down of bitcoin mining and a pivot to AI infrastructure by 2027. The first step will be converting an 18 MW farm in Washington state.

• #bitcoin

Conditions for mining the premier cryptocurrency have become so stringent that much of the equipment worldwide is operating at a loss, according to a report by CoinShares. Analysts noted that the fourth quarter of 2025 was the most challenging for bitcoin miners since the last halving. The average cost of mining one coin for public companies reached $79,995. Source: CoinShares.  Meanwhile, the hashprice dropped to $36-38 per PH/s per day. Three consecutive negative difficulty adjustments, recorded for the first time since July 2022, signaled miner capitulation. In the first quarter, the figure fell even further to $29, indicating new challenges for the industry, analysts noted. At the time of writing, the figure had recovered to $33.6, yet it remains one of the lowest levels in five years.  Source: Hashrate Index.  The pressure on miners has already impacted the network. On March 20, bitcoin mining difficulty plummeted by 7.7% — one of the sharpest declines this year.  Unprofitable Operations CoinShares experts estimate that 15-20% of miners are operating at a loss. Those at risk include operators with outdated equipment and high electricity costs. Miners using mid-generation devices are operating below the break-even point at the current hashprice — particularly if they pay over $0.05 per kWh for electricity. To remain profitable, they need rates below this threshold. Modern farms maintain high margins even at standard industrial rates. Analysts warned that stagnation in bitcoin's price will worsen the situation for market participants. According to James Butterfill, head of research, a prolonged downturn will lead to the shutdown of unprofitable operations, slowing the growth of the hashrate and eventually balancing profitability. “If the price does not rise above $80,000 by the end of the year, the hashprice will continue to decline and then likely plateau. This will occur as weaker players exit the network,” he suggested.  Specialists believe the current situation is not a cyclical phenomenon but a structural narrowing of the circle of viable operators. Only those with structural advantages, such as efficient equipment and access to cheap electricity, will survive.  At the time of writing, the leading cryptocurrency is trading around $69,300. Over the past day, the asset's price has fallen by 3% (CoinGecko).  In March, Wintermute analysts declared the traditional bitcoin mining model obsolete. 

• #bitcoin

Google's research division introduced TurboQuant, a memory compression algorithm for artificial intelligence. Users have likened the development to the technology of the Pied Piper startup from the series 'Silicon Valley'. TurboQuant is the new Pied Piper 🤣 pic.twitter.com/iMAYJs02zt— Justin Trimble (@justintrimble) March 25, 2026 TurboQuant significantly reduces resource requirements for large language models and vector search systems. Artificial intelligence operates with complex multidimensional arrays that store information about words or images. These data occupy substantial cache space and slow down response generation. Traditional compression methods require storing additional variables, often negating the benefits of optimization. TurboQuant addresses memory overuse through two mechanisms. The first algorithm converts vectors into a polar coordinate system and compresses the main data volume. The second functions as a mathematical controller, using just one bit of memory to eliminate residual hidden errors. Cloudflare CEO Matthew Prince compared the algorithm to the achievements of the Chinese model DeepSeek, which previously demonstrated high efficiency with minimal hardware costs. This is Google’s DeepSeek. So much more room to optimize AI inference for speed, memory usage, power consumption, and multi-tenant utilization. Lots of teams at @Cloudflare focused on these areas. #staytuned https://t.co/hHoY4sLT2I— Matthew Prince 🌥 (@eastdakota) March 25, 2026 Developers tested the technology on open models Llama, Gemma, and Mistral. The algorithm compressed the cache to three bits without loss of response quality. Memory consumption decreased by at least six times, and computation speed on H100 graphics accelerators increased eightfold. The innovation does not require additional neural network training. According to the corporation, the technology will be integrated into search algorithms and its own AI products, including Gemini. A public presentation of the project will take place at the ICLR and AISTATS conferences in 2026. Earlier, on March 25, Google revealed its plans to transition to post-quantum cryptography.

Under the leadership of Elon Musk, social network X has appointed Benji Taylor as its chief designer.  I’m honoured to be joining 𝕏 to lead design. I believe this is the most important platform in the world, and I can’t think of a more exciting place to help shape the future.I’m looking forward to working closely with @elonmusk, @nikitabier, and the rest of the team. I’m… pic.twitter.com/FnVncYpsN5— Benji Taylor (@benjitaylor) March 25, 2026 “It is an honour to lead the design department at X. I believe this is the most important platform in the world, and I cannot imagine a more exciting place to help shape the future,” wrote Taylor.  Previously, he founded Los Feliz Engineering, the studio behind the non-custodial wallet Family. After the company was acquired by the Aave protocol in 2023, he became the CPO. Later, he moved to the L2 network Base by Coinbase as head of design. Nikita Bier, head of product at X, revealed that he invested in Taylor's app in 2020, describing it as “one of the most well-designed products.”  Ladies and gentlemen, I'd like to welcome @benjitaylor to 𝕏, our new design lead.I met Benji six years ago when I invested in his app: it was one of the most well-designed products I'd encountered. I knew right away he was on track to become one of the best designers in the… https://t.co/TFTZGCIm29— Nikita Bier (@nikitabier) March 25, 2026 “After six months of persuasion, we are finally joining forces to build the best design team in the industry,” added Bier. X Money  Taylor's appointment comes as the platform prepares to launch its payment system, X Money, scheduled for April. It is currently in internal beta testing.  𝕏 Money early public access will launch next month— Elon Musk (@elonmusk) March 10, 2026 Developers position the product as a central hub for financial transactions.  X Money's features include: P2P fiat transfers; high-yield savings accounts; cryptocurrency integration via “smart cashtags” for trading assets directly from the feed. In February, Bier noted that he “genuinely wants to see cryptocurrency” on the social network. However, he emphasized that the platform will not act as a broker or execute trades. Its goal is to create tools for financial data and links. I genuinely want crypto to proliferate on X, but applications that create incentives to spam, raid, and harass random users is not the way.It meaningfully degrades the experience for millions of people — only to enrich a few people.And yes, we are launching a number of…— Nikita Bier (@nikitabier) February 14, 2026 Back in June 2025, Musk announced the launch of the XChat messenger “with encryption, disappearing messages, and the ability to send any files.” Users criticized the new feature. 

A working group under the Federation Council is developing "sanitary rules" for the use of neural networks in universities and schools. This was reported to Vedomosti by Natalya Kaspersky, chair of Infowatch and board member of the ARPP. According to her, the initiative aims to curb the thoughtless application of artificial intelligence in the social sphere, public administration, and education. She did not specify the exact measures.  Kaspersky cited data from the "Antiplagiat" system: about 25% of students use AI when writing papers. According to surveys, 87% of students admitted to using neural networks in some way. "This indicates that universities do not understand whom they are educating, and employers do not know whom they are hiring; we risk producing a completely uneducated generation," she stated. Surveys by RANEPA also showed that by 2024, more than 80% of students sought help from artificial intelligence. About 50% used it for cheating.  Meanwhile, in 2025, the proportion of teachers using the technology increased from 20% to 60%, noted Pyotr Ototsky, project director of the academy's priority educational initiatives directorate. Opinions  In 2023, many foreign universities banned students from using AI, but lifted the restrictions a year or two later. It became evident that "not using AI is already impossible," Ototsky emphasized. Timofey Voronin, a senior lecturer at the Higher School of Social Sciences and Humanities at Moscow State University, believes that formal bans do not work, and tracking the use of neural networks is nearly impossible. In his view, students should be taught to use these tools correctly: the main problem is their inept use.  Incorrect prompts, lack of proofreading, and fact-checking lead to fabricated sources, nonexistent names, and incoherent results. Mikhail Semenov, a lawyer in the HR department at Cloud.ru, noted that when hiring young specialists, the ability to work with neural networks is often seen as an advantage or even a necessity. Employers expect graduates to understand the principles of AI operation.  Regulatory Context Currently, the use of AI in Russia is regulated only within experimental legal frameworks. The government is working on a draft law "On the Fundamentals of State Regulation of the Application of Artificial Intelligence Technologies." It will define the criteria for a "Russian" neural network, copyright, content labeling, as well as the obligations and responsibilities of participants. On March 18, the document was published for public discussion. On March 25, Prime Minister Mikhail Mishustin instructed the Ministry of Digital Development to prepare and submit to the State Duma a draft law on the development and implementation of artificial intelligence by the end of the spring session, writes Interfax.  In 2025, OpenAI introduced a special learning mode for students in ChatGPT. It helps to work through tasks step-by-step, rather than simply providing ready answers.

Asset manager Franklin Templeton, in partnership with Ondo Finance, will release tokenized versions of its ETFs, which will be directly accessible through cryptocurrency wallets. We’re excited to announce that Ondo has partnered with Franklin Templeton (@FTDA_US), one of the world’s largest asset managers with $1.7T AUM.Together, we’re bringing exposure to Franklin Templeton-managed investment products onchain through Ondo Global Markets. pic.twitter.com/vY2AqbiMm7— Ondo Finance (@OndoFinance) March 25, 2026 Under the agreement, Ondo will acquire the company's funds and issue tokens based on them through a separate firm. Product holders will gain rights to income, but not to the underlying shares — the structure allows digital assets to be used as collateral or integrated into DeFi applications. Ondo's market makers will also provide liquidity, even during hours when traditional exchanges are closed. The initiative targets a growing class of investors who operate exclusively through wallets and stablecoins, without direct interaction with the stock market. Initially, Franklin Templeton and Ondo will tokenize five funds: FFOG, FLQL, FGDL, FLHY, and INCE. These include high-yield corporate stocks, primarily from the US. “The selected ETFs represent a good mix of different types of investments. This gives us a great opportunity to test what truly interests a new audience,” said Sandy Kaul, head of innovation at the asset manager. As of February, Franklin Templeton's assets were valued at approximately $1.7 trillion. Ondo Finance manages tokenized products worth about $2.7 billion. According to RWA.xyz, since 2025, the market value of real-world digital assets has grown by approximately 360% to $26.5 billion. Source: RWA.xyz. However, according to Ondo Finance President Ian De Bode, regulatory uncertainty in the US has slowed adoption, as officials have yet to establish clear guidelines for tokenized ETFs. Several market participants point to the complexity of integrating blockchain with the traditional financial ecosystem, which relies on broker-dealers and authorized participants for issuing and redeeming shares. Structuring products to accommodate cryptocurrency wallets while complying with securities laws also remains a significant challenge. In March, the US Securities and Exchange Commission approved Nasdaq's proposal to trade tokenized shares.

On March 24, Circle's shares plummeted by 20% due to concerns related to the provisions of the Clarity Act in the United States. Analysts at Bitwise defended the company, forecasting a rise in the capitalization of USDC to $75 billion. A lot of people want to invest in the stablecoin boom, and $CRCL is one of the most obvious choices: pure-play stablecoin company, publicly traded.But how do you value it? @Matt_Hougan says you ask three questions.— How big will stablecoins get?— What will Circle's market…— Bitwise (@Bitwise) March 25, 2026 "The market reaction is exaggerated. There is nothing in the Clarity Act news that would change forecasts for the stablecoin sector. Interest income has never been the main driver for 'stablecoins.' The vast majority of these assets today are held in ways that do not yield interest to holders," said Bitwise's Chief Investment Officer Matt Hougan. The latest version of the document proposed a ban on accruing income to users solely for holding stablecoins, a point disputed by industry representatives. According to insiders, this wording was indeed included in the final version of the Clarity Act. USDC does not directly generate profits for holders, but users receive incentives and rewards through platforms like Coinbase. As competition in the 'stablecoin' segment grows, any restrictions could impact Circle's long-term growth prospects, according to the community. "One popular opinion is that Circle's market share will shrink as major players — Bank of America, Stripe, Wells Fargo — start issuing their own stablecoins. I'm not so sure. Historically, innovators have been quite successful in defending their early market capture," noted Hougan. https://forklog.com/news/v-jefferies-predupredili-ob-ugrozah-dlya-bankov-so-storony-stejblkoinov Coinbase Under Pressure Similar sentiments were expressed by 10x Research founder Marcus Thielen. He stated that the market is overlooking the long-term consequences. In its current form, the bill impacts Coinbase's distribution model more than Circle's infrastructural role. The exchange derives most of its financial benefit from USDC. For stored balances, Coinbase takes nearly all the interest income. For balances outside the platform, revenue is split roughly 50/50. According to Thielen's estimates, Circle pays Coinbase over $900 million annually — about half of its profits. This model has made the stablecoin business highly profitable for Coinbase. If regulators ban payments similar to yield on balances, part of this advantage will be lost. "The situation increasingly favors Circle on a relative basis. Federal regulation will shift value towards issuers who operate by the rules, have scale, and a reliable balance sheet," said the expert. Challenges for Tether Pressure on Circle's shares was also exerted by the news that its main competitor — Tether — engaged an auditor from the 'Big Four' (Deloitte, EY, PwC, or KPMG) to conduct the first full audit of USDT. Tether Signs Big Four Firm to Complete First Full Audit, Setting a New Quality Standard for the Digital Asset EconomyRead more: https://t.co/rtsB7l4nJL— Tether (@tether) March 24, 2026 Previously, the company only published attestations, which did not meet the requirements of the Genius Act and were repeatedly criticized. Meanwhile, analysts at William Blair believe that conducting an audit will not become a mandatory competitive advantage for Tether. The issuer may still face difficulties entering the US market. "A serious obstacle to meeting the Genius requirements will be the illegal use of USDT, which is likely to attract the attention of US regulators," they noted. The Tether stablecoin is not officially regulated in the United States, although American users can still hold it. At the end of January, the company launched USAT — a 'stablecoin' aimed at the local market. In March, the Financial Stability Board of the G20 noted an increase in risks associated with fiat-pegged assets.

Circle has frozen 16 wallets as part of a civil lawsuit in the United States. However, on-chain researcher ZachXBT discovered that these addresses belong to entities unrelated to the case. He examined the activity of the affected companies and found that they are not connected to each other. "An analyst with basic tools could determine in a few minutes that these are operational business wallets, judging by the thousands of transactions they process," the expert wrote. According to the researcher, the proceedings are "sealed." Circle had no objective grounds for freezing stablecoins. The NY civil case is sealed and they have provided absolutely ZERO basis to freeze all of these business addresses.Aaron Nathan from Willkie Farr is the unknown plaintiffs lawyer. The expert witness is liable.The judge is liable.Circle is liable.In my 5+ yrs of…— ZachXBT (@zachxbt) March 25, 2026 "In over five years of investigations, this is perhaps the most incompetent freeze I've seen. This is what happens when the decision to freeze is left to some random federal judge instead of establishing a proper procedure," noted ZachXBT. The crypto community supported the criticism of the USDC issuer. MetaMask wallet developer Taylor Monahan called the freeze "neither the first nor the last." It’s always been this way for Circle.If you can convince a US federal court to sign off on a freeze then the funds will be frozen. This most often comes up when Circle REFUSES to freeze uncommingled stolen funds that come direct from the victim.Their non-decision making…— Tay 💖 (@tayvano_) March 24, 2026 "No responsibility. No accountability. No ways to protect your rights," she emphasized. At the time of writing, Circle has not commented on the incident. According to ZachXBT's observations, the company unfroze one wallet without explanation. The researcher emphasized that market participants are awaiting official clarifications. Back in March 24, shares of the USDC issuer plummeted by 20%. The cause was concerns related to the latest version of the Clarity Act bill.

Nick Carter, a partner at Castle Island Ventures, has warned that elliptic curve cryptography will soon become obsolete. He predicts this will occur within the next 3-10 years, and the industry must accept this reality. best in class approach: — ethereum gets together and announces a specific, detailed PQ roadmap by 2029 (https://t.co/hfWzkYgBB7). sets it as top strategic priority. folds PQ into ongoing roadmap. detailed FAQ. no fear, just action. worst in class approach: — Bitcoin devs…— nic carter (@nic_carter) March 26, 2026 The investor is convinced that blockchain developers urgently need to enhance the security and adaptability of network algorithms: “The only thing that matters now is how quickly developers understand the need to implement cryptographic flexibility,” he emphasized. As a positive example, he cited Ethereum. The project's team introduced a roadmap to protect the network from quantum computers, making this task a strategic priority. Developers have incorporated new algorithms into current plans and addressed key community questions. According to Carter, the Ethereum ecosystem demonstrates “more action and less fear.” Meanwhile, he considers the Bitcoin developers' approach to the looming threat as the least successful. Google's Preparation for the Quantum Era In parallel, Google has revealed its plans to transition to post-quantum cryptography. The company aims to fully implement new algorithms by 2029. The corporation estimates that future quantum computers pose a threat to current encryption standards and digital signatures. To prevent potential breaches, Google has updated its corporate threat model, focusing on transitioning authentication services to new protocols. Post-quantum protection for digital signatures (ML-DSA) is planned to be added to the Android 17 operating system. Similar solutions have already been implemented in the Chrome browser and the company's cloud services. Earlier in March, BTQ Technologies launched a Bitcoin testnet with quantum protection.

• #bitcoin

Google has unveiled an advanced version of its music generation model, Lyria 3 Pro. This model can create tracks up to three minutes long, offering customization and creative control. Lyria 3 Pro has a better understanding of musical composition. Users can specify elements such as intros, verses, choruses, and transitions. "Whether you are an app developer, business representative, music professional, or simply a creative individual, these integrations will allow you to leverage Lyria's advanced music recognition capabilities to expand your creative horizons," the announcement states. Lyria 3 Pro is available in a preview version on Vertex AI. The neural network enables organizations to "scale the production of high-quality content—from quickly creating custom soundtracks for games to integration into creative tools, music, and video platforms." The model is integrated into Google AI Studio and the API Gemini. It "provides enhanced understanding of musical context and structural integrity." In the video editor Vids, both the basic and Pro versions of Lyria 3 allow for the addition of personalized musical accompaniment. This feature is available to Google Workspace users and subscribers of Google AI Pro and Ultra. In the Gemini chatbot, long tracks created with Lyria 3 Pro have been introduced. The model's advanced settings "offer more room for experimentation." Lyria 3 Pro has also been added to ProducerAI—a collaborative music creation service. Along with the new LLM, it offers an interactive interface for creating complete compositions. Back in March, OpenAI integrated the music recognition service Shazam into ChatGPT. In the same month, the music group Neon Oni, originally composed of AI characters, planned live concerts in Japan.

The leading cryptocurrency has stabilized at the $70,000 mark. The market has been supported by a renewed influx of funds into US spot bitcoin-ETF, according to a Glassnode report. Awaiting Liquidity$BTC has stabilised around $70k, with ETF flows improving and sell-side pressure easing. However, muted spot volume and overhead supply suggest stronger demand is still needed to turn this into a recovery.Read the full Week On-Chain👇https://t.co/MkPSDK7Vol pic.twitter.com/WHL0zMiYEy— glassnode (@glassnode) March 25, 2026 Analysts clarified that bitcoin still lacks the trading volumes necessary for confident growth. They also noted the formation of a new accumulation zone. Short-term investors holding coins for one to four weeks have created a base support at $70,200.  Major resistance is expected above $82,000, where a significant volume of supply is concentrated. Experts warned that the support at $70,200 remains vulnerable due to the modest scale of current purchases. Market sentiment remains anxious, reminiscent of the situation in the second quarter of 2022. Cryptocurrency Fear and Greed Index. Source: Alternative. Unrealized losses for investors are growing, but there are no clear signs of capitulation yet. Network profit-taking has plummeted by 96% compared to the peaks of July 2025 — from $3 billion to $100 million. This sharp drop in liquidity indicates a shortage of fresh capital. Spot trading remains sluggish. Price recovery relies mainly on local dip buying. Meanwhile, large investors are cautiously returning to the market: daily inflows into spot ETFs have turned positive again. In the derivatives market, short positions dominate, and funding rates remain negative. Traders are overpaying to hold shorts, and if the price continues to rise, this imbalance could trigger a cascade of liquidations, giving the price an additional boost. The increase in volatility has prompted market participants to actively buy put options to protect against price declines. Additional pressure is created by market makers hedging their risks.  Significant changes are expected after the expiration of $10 billion in options. This event will relieve the pressure of hedging trades and make the price more susceptible to external factors, potentially paving the way for further growth if spot demand recovers. Too Early to Call the Market Bottom Amid the technical rebound, some analysts claim a local minimum is forming and the altcoin season is beginning.  However, CryptoQuant expert known as Crypto Dan considers such conclusions premature. According to him, structural signals of a trend reversal have yet to appear. BTC — Still Too Early to Call a Bottom“To confidently identify a true market bottom, more consistent and decisive confirmation signals must appear across on-chain metrics, volatility structures, and capital inflow trends.” – By @DanCoinInvestor pic.twitter.com/eC4AzXML04— CryptoQuant.com (@cryptoquant_com) March 26, 2026 After the market entered a bearish phase at the end of 2025, bitcoin fell to $60,000. Although some indicators suggest a possible bottom formation, the analyst views this scenario as merely one of several possibilities. For a confident trend reversal, coordinated changes in on-chain metrics, volatility structure, and stable capital inflow are needed. Until these signals emerge, it is premature to declare the end of the downturn. On March 25, the price of the leading cryptocurrency reached $72,000. This was aided by the approaching major options expiration and reports of potential de-escalation in the Middle East.

• #bitcoin

The falling cost of training neural networks is making the technology more accessible, while swelling demand is prompting heavy investment in computing power. By 2030, global spending on AI infrastructure could approach $1.5trn, according to ARK Invest. AI adoption is outpacing the internet, and infrastructure is scaling to match.We believe this is the beginning of a massive buildout, as consumers and enterprises signal strong demand.@downingARK shares the latest on AI infrastructure in a new blog.https://t.co/tatNHMFiuM— ARK Invest (@ARKInvest) March 25, 2026 Prices fall, demand surges Analysts estimate that the cost of training neural networks is dropping by 75% a year. Inference for models scoring above 50% on benchmarks is getting cheaper still—by an average of 95%. Source: ARK Invest. Cheaper technology usually cuts spending. Not so with artificial intelligence: as training and deployment become more affordable, a wider array of tasks becomes economically viable. Mass adoption of AI is occurring twice as fast as the internet. In just three years penetration has reached 20%. The web took more than six. Enterprise demand is surging too. Token requests via OpenRouter have risen 28-fold since December 2024. Anthropic lifted annual revenue from $100m in 2023 to $14bn by February 2026. By November 2025 OpenAI had 1m business customers. Source: ARK Invest. An infrastructure boom Since ChatGPT’s debut, demand for accelerated computing has rocketed. Nvidia’s annual revenue rose from $27bn in 2022 to $216bn in 2025. Analysts expect it to reach $350bn in 2026. Global growth in investment in server systems has accelerated from 5% a year (in the decade to 2022) to 30% over the past three years. According to ARK, GPU- and ASIC-based solutions have become the dominant segment, accounting for 86% of server compute. Private investment in AI infrastructure topped $200bn in 2025, of which about $80bn went to foundation-model developers. Hyperscalers are seeking alternative financing: Meta’s $30bn deal with Blue Owl was the largest private-capital transaction on record. The chip wars Booming demand has intensified competition among hardware makers. AMD has caught up with Nvidia on total cost of ownership (TCO) for inference on smaller models. But in heavyweights, Nvidia retains the performance lead thanks to its Grace Blackwell architecture. Source: ARK Invest. Hyperscalers are rolling out their own semiconductor designs. Google has been designing TPU for ten years. SemiAnalysis estimates that using custom chips for internal workloads can cut compute costs by 62% compared with Nvidia-based architectures. Amazon is pushing Trainium, making it Anthropic’s preferred training platform. Microsoft is deploying second-generation Maia accelerators, optimised for inference. Broadcom dominates back-end design, partnering on Google’s TPU, Meta’s MTIA and OpenAI’s forthcoming chip. Citi forecasts the company’s AI revenue will grow from $20bn in 2025 to $100bn in 2027. Startups with novel architectures are stirring. Cerebras, known for its Wafer Scale Engine chip, plans to list this year. Groq, for its part, signed a $20bn licensing agreement with Nvidia. Outlook ARK reckons annual investment in AI infrastructure will reach $1.5trn by 2030—tripling in five years. Specialised ASICs’ share of computing capacity will rise to a third of the market. Source: ARK Invest. “The infrastructure being built today is not a bubble ready to burst, but the foundation of a platform shift that happens once a generation. Useful AI agents are only starting to be deployed; they are ‘token-hungry’ but far more capable than users are accustomed to. Scaling these agents to millions of businesses will require colossal computation, justifying the investment,” the experts concluded. Earlier, analysts at Citrini Research predicted an economic collapse caused by artificial intelligence.

Bo Shen, co-founder of venture firm Fenbushi Capital, has offered a reward for assistance in recovering $42 million stolen from his personal wallet in 2022. In November 2022, my personal wallet was hacked, resulting in a loss of approximately $42 million. For three years, the tracking efforts have never ceased. The team has gradually acquired more crucial leads and evidence, and the asset flow paths have become increasingly clear.… — Bo Shen (@boshen1011) March 26, 2026 The investor is willing to pay between 10% and 20% of the recovered amount immediately after the successful transfer of funds. Renowned specialists ZachXBT and Taylor Monahan have joined the investigation, managing to freeze $1.2 million of the stolen assets. Incident Details and New Search Technologies The breach occurred in November 2022. The lost funds belonged personally to Shen, and the incident did not affect Fenbushi's capital. Experts from SlowMist determined that the theft was due to the compromise of a seed phrase. The perpetrators withdrew $38.2 million in USDC, 1607 ETH, 720,000 USDT, and 4.13 BTC. They later funneled the coins through exchange platforms including ChangeNow and SideShift. Shen resumed the search following new leads. He emphasized that advancements in artificial intelligence and modern on-chain analytics tools provide experts with greater capabilities for tracking transaction chains. The investor views this case as a good test of the effectiveness of new investigative technologies, although the full recovery of funds remains uncertain. Back in June 2025, Mehdi Farooq, an investment partner at venture firm Hypersphere, fell victim to a phishing attack via a fake Zoom call.

Crypto exchanges are turning into multi-asset platforms where traders buy and sell bitcoin, stocks, and gold from a single account. Here's how TradFi products work on five major exchanges, what sets them apart, and what to consider before trading. Two Approaches to TradFi Before comparing platforms, it helps to understand the two core models for trading traditional assets on crypto exchanges. CFD (Contract for Difference) is an agreement on the price difference of an asset. A trader doesn't buy the stock or gold itself — instead, they enter a contract with a liquidity provider on the spread between the opening and closing price. If the asset gains 5% and the trader is long, they pocket the difference. If it drops, they lose. The underlying asset never changes hands. CFDs are the standard in the forex brokerage world: a broad lineup (currencies, commodities, indices, metals), high leverage (up to 500x), and spread-based pricing where the broker bakes its fee into the gap between bid and ask. MetaTrader 5 (MT5) is the terminal that powers Bitget's and Bybit's CFD models. It's a professional platform popular with forex traders: it supports algorithmic trading via Expert Advisors, advanced charting, hedging, and multiple order types. Perpetual contracts are the format crypto traders know best. The contract tracks the price of an underlying asset, settles in USDT, and a funding rate adjusts the price every 8 hours. Trading happens in a familiar crypto interface with no separate account. Leverage is lower (up to 100x), but pricing is more transparent — the price forms in an order book, not at a liquidity provider. Bitget Bitget is pursuing the most ambitious strategy — the Universal Exchange (UEX) concept. CEO Gracy Chen introduced it on September 16, 2025, and on January 21, 2026, the exchange published its UEX white paper. Daily TradFi volume on the platform hit $2 billion on January 9, 2026 — four days after the public launch. By the end of the month the figure doubled to $4 billion per day. Even during the beta-testing phase, gold alone topped $100 million in daily volume. Bitget offers three TradFi trading models — the broadest range among the five exchanges: CFDs via MetaTrader 5 — 79+ instruments at launch, including forex (EUR/USD, GBP/USD), precious metals, commodities (Brent, WTI), and indices (Nasdaq 100, S&P 500, Dow Jones, AUS200); perpetual futures on stocks (AAPL, GOOGL, META, TSLA) with up to 10x leverage; tokenized stocks through a partnership with Ondo Finance — over 100 U.S. equities and ETFs, including Tesla, Nvidia, Apple, Google, Microsoft, Amazon, Meta, AMD, plus index ETFs (SPY, QQQ, IVV, IWM) and commodity products (IAU, SLV). MetaTrader 5 is the primary trading terminal for Bitget's CFD segment. Users create a separate MT5 account; USDT is transferred from the spot wallet and converted to USD. Orders are executed through external liquidity providers rather than matched against other Bitget users. Standard MT5 features are available: Expert Advisors for algorithmic trading, hedging mode, stop-loss/take-profit, and trailing stops. The terminal runs on desktop, mobile, and web. TradFi CFDs operate through BTGT Mauritius Capital, licensed by the FSC Mauritius. Leverage reaches 500x on CFDs (forex, metals, commodities) but is capped at 10x for stock futures. Bitget serves over 125 million users in more than 150 countries. Its user Protection Fund stands at 5,500 BTC ($384 million at the time of writing). Phemex Phemex launched TradFi futures on February 5, 2026, positioning itself as an alternative to the CFD model. Trading volume surpassed $100 million in the first 24 hours. By March 12, 2026, Phemex reported $10 billion in cumulative volume for the first month, with daily peaks reaching $1 billion. Active users grew 340% quarter over quarter. At launch, seven instruments were available: futures on Tesla, Nvidia, Apple, Meta, and Intel stocks, plus gold (XAU) and silver (XAG). Phemex uses a Central Limit Order Book (CLOB), where market participants set the price. The exchange highlights key differences from CFD competitors: transparent pricing with no hidden spreads, a unified margin pool shared with crypto positions, and no need for a separate account. Leverage goes up to 100x. Funding rates update every 8 hours. On February 20, 2026, Phemex integrated Ondo Finance tokenized stocks — 14 instruments, including Nvidia (NVDAon), Tesla (TSLAon), Apple (AAPLon), Amazon (AMZNon), plus Nasdaq 100 (QQQon) and S&P 500 (SPYon) ETFs. Tokens trade on Phemex's on-chain platform (Solana, Base, BNB Chain) as spot tokenized securities — separate from TradFi futures. Phemex also just completed a three-month zero-fee period for TradFi futures to mark the launch, designed to bring traders in and help them get familiar with the product.   Phemex exchange review: fees, security, trading bots, and Earn products Bybit Bybit was the first major crypto exchange to enter the TradFi market. Its Gold & FX platform, built on MetaTrader 5, went live in August 2024. In June 2025, the service was rebranded as Bybit TradFi, adding CFDs on U.S. stocks, indices, and commodities. The trading model is contracts for difference. Traders don't own the underlying asset — they speculate on price movements. Settlements use USDx, an internal unit pegged to USDT at a 1:1 ratio. Five asset classes are available: currency pairs (major, minor, exotic), precious metals (gold, silver), energy (oil), global indices (S&P 500, Nasdaq, Nikkei 225, HK50), and U.S. stocks — over 100 CFDs, including AAPL, TSLA, NVDA, META, and COIN. Maximum leverage reaches 500x on currencies and metals. Two fee tiers are available: Zero-Fee — spread baked into the quote; Tight-Spread — from $0.02–6 per lot, requires a deposit of at least 3,000 USDT. TradFi services operate through Infra Capital Limited, a Mauritius-based company with an SEC-2.1B license from the local Financial Services Commission (FSC). Trading requires a separate TradFi sub-account and a USDT transfer with conversion to USDx. Level 2 KYC verification is mandatory. OKX OKX took a different path — it built perpetual futures on stocks with USDT margin and signed a partnership with Intercontinental Exchange (ICE), owner of the New York Stock Exchange. The Stock Perpetuals category launched in stages starting February 25, 2026. HOOD, TSLA, and MSTR came first, followed by INTC, PLTR, AMZN, COIN, and CRCL on February 26. By March 4, NVDA, GOOGL, MSFT, AAPL, META, plus QQQ and SPY ETFs had been added. As of March 20, 2026, 23 instruments are available: 19 stocks and 4 ETFs. Leverage goes up to 5x. Contracts trade 24/7 with no expiration date. On March 5, 2026, ICE announced a strategic investment in OKX at a $25 billion valuation. According to Bloomberg, the amount was roughly $200 million. Under the deal, OKX's 120 million users will gain access to ICE's regulated futures markets in the U.S. and tokenized stocks listed on the NYSE. Tokenized stock integration is expected in the second half of 2026. OKX became the first global exchange to obtain a full MiCA license and passport its services across the European Economic Area. Binance Binance entered the TradFi race later than its competitors, but a community of 300 million users drove explosive volume growth. Its first product in this direction — a perpetual contract on gold (XAUUSDT) — launched on January 5, 2026. Silver (XAGUSDT) followed on January 7, and on January 8 the exchange unveiled the TradFi Perpetual Contracts category. Platinum (XPTUSDT) and palladium (XPDUSDT) appeared on January 30, rounding out the precious metals lineup. Starting in late February, stock futures began rolling out: Tesla, Intel, and Robinhood came first, then Strategy, Amazon, Circle, Coinbase, and Palantir. As of March 2026, Binance offers 12 TradFi instruments: 4 precious metals and 8 stocks. The model is perpetual contracts settled in USDT, identical to crypto futures. The minimum entry is 5 USDT for gold. Multi-Asset mode lets traders use BTC or ETH as collateral. Cumulative TradFi trading volume exceeded $130 billion by early March 2026, spanning 90 million trades. Contracts trade around the clock, including outside standard exchange sessions. They are executed on the regulated Nest Exchange Limited, with clearing handled by Nest Clearing and Custody Limited. Both entities are licensed by the Abu Dhabi Global Market (ADGM) financial regulator. Comparison Table ParameterBitgetPhemexBybitOKXBinanceTrading modelCFD (MT5) + perpetual futures + tokenized stocksPerpetual futures + tokenized stocksCFD (MT5)Perpetual futuresPerpetual contractsNumber of TradFi instruments79+ (CFD) + 100+ (tokenized stocks)7 (futures) + 14 (tokenized stocks)100+ (CFD)23 (19 stocks + 4 ETFs)12 (4 metals + 8 stocks)Asset classesForex, metals, commodities, indices, stocks, ETFsStocks, gold, silverForex, metals, commodities, indices, stocksStocks, ETFsPrecious metals, stocksMax leverage500x (CFD), 10x (stocks)100x500x (currencies/metals)5xNot disclosedSeparate accountYes (for MT5)NoYes (TradFi sub-account)NoNoPricingSpread (CFD) / order book (futures)Order book (CLOB)Spread (CFD)Order bookOrder bookSettlement currencyUSD (CFD) / USDT (futures)USDTUSDx (pegged to USDT)USDTUSDTTokenized stocks (Ondo)Yes (100+)Yes (14)NoPlanned (H2 2026)No CFD Brokers vs. Crypto-Native Futures The competitive landscape splits into two camps. Bybit and Bitget built classic CFD brokerage platforms inside a crypto exchange shell — through Mauritius-licensed entities running MetaTrader 5. This approach offers the widest instrument selection and a familiar environment for forex traders. The trade-off: a separate account, spread-based pricing, and an offshore regulatory model. Bitget, however, expanded beyond CFDs: perpetual futures on stocks and tokenized securities via Ondo Finance make it the only platform with three TradFi trading models. Binance, OKX, and Phemex chose a crypto-native approach — perpetual contracts settled in USDT on the same infrastructure as crypto futures. One account, a transparent order book, no dependency on MT5, but a narrower instrument lineup. The ICE–OKX deal is the most notable institutional endorsement in this race. It could give 120 million crypto users access to tokenized NYSE stocks as early as the second half of 2026. Ondo Finance has emerged as the key tokenization infrastructure provider — integrated by both Phemex and Bitget. FAQ How do TradFi products on crypto exchanges differ from traditional brokers? Crypto exchanges let traders access traditional assets — stocks, gold, currencies — from a single account, without opening a brokerage account. Settlements run in USDT or USD, and contracts trade 24/7, including outside standard market hours. The trader doesn't become a shareholder — they trade a contract that tracks the asset's price. What are tokenized stocks, and how do they differ from futures? Tokenized stocks are digital representations of real securities issued on a blockchain. Unlike futures, they trade as spot assets without leverage or a funding rate. Ondo Finance is the primary provider of these instruments for Bitget and Phemex. What's the difference between the CFD model and perpetual contracts? A CFD (Contract for Difference) is an instrument from the forex brokerage world. The price is set by a liquidity provider, the fee is built into the spread, and trading is available through the MetaTrader 5 terminal or the exchange's built-in interface. Perpetual contracts follow the model crypto traders are used to: the price forms in an order book, the funding rate recalculates every 8 hours, and trades go through a standard crypto interface. Which exchange suits a forex trader? Bitget and Bybit — both offer MT5-based CFDs with a familiar toolkit: Expert Advisors, hedging, trailing stops. Bybit also integrated CFDs into its own app. Bitget additionally offers perpetual futures and tokenized stocks via Ondo Finance. What if I only trade crypto and want to try stocks? Binance, OKX, and Phemex don't require a separate account or additional software. Perpetual contracts on stocks work in the same interface as crypto futures: familiar order types, USDT settlement, unified balance.

Key takeaways: Advertisers boycott Facebook for allegedly facilitating hate speech following Mark Zuckerberg’s refusal to moderate Donald Trump's post. Facebook is under increasing pressure to revise its content moderation policies. Centralized social networks are vulnerable to external pressure when it comes to moderation. This can potentially lead to infringement of freedom of speech, with Facebook being a case in point. Since June, the world's largest social network Facebook has been under constant barrage of criticism from advertisers, with a slew of major advertisers announcing they will boycott the company. The reason behind such hostile attitudes toward Facebook lies in the media platform’s unsatisfactory content moderation policies. This conflict apparently testifies to the vulnerability of centralized social networks to political pressure. Forklog took a deeper dive into the situation to investigate how the fight for equality can potentially violate one of the main liberal values—freedom of speech. Trump derangement syndrome: boycott and loathing “Let’s send Facebook a powerful message: Your profits will never be worth promoting hate, bigotry, racism, antisemitism and violence.” With this announcement, an array of social justice organizations, including the Anti-Defamation League (ADL), Color of Change, the National Association for the Advancement of Colored People (NAACP), Free Press, Common Sense and Sleeping Giants, launched the Stop Hate for Profit campaign. They argue that Facebook has long been facilitating the spread of disinformation and hate speech. To combat Facebook’s reluctance to censor, activists behind the initiative called on large companies to suspend advertising on the social network as advertising revenue supposedly accounts for the greatest share of Facebook's revenue. “We have been continually disappointed and stunned by Mark Zuckerberg’s commitment to protecting white supremacy, voter suppression and outright lies on Facebook. As corporations take a stand against racism in our society, they should consider how their advertising dollars support Facebook making Black people less safe online,” said Rashad Robinson, president of Color Of Change.  Dozens of the world’s leading companies have supported the Stop Hate for Profit initiative, with Pepsi, Starbucks, Levi Strauss, Unilever being among them. Even Disney, Facebook's largest advertiser in the first half of 2020, joined the boycott. However, the social media giant doesn’t seem to change its content moderation policies following the protest. “We make policy changes based on principles, not revenue pressures,” a Facebook spokesperson stressed in a conversation with Business Insider. The boycott campaign was triggered by the protests against police violence, which erupted in the United States and some other countries after a white police officer killed George Floyd, an unarmed 46-year-old black man. The riots began at the end of May. In response to the civil unrest in Minneapolis, U.S. President Donald Trump mentioned a possibility of using the Military against the protesters. https://www.facebook.com/DonaldTrump/posts/10164767134275725 Many saw this as a call to violence. Social media platform Twitter flagged a similar post by Trump as “abusive behavior,” explaining that it violated its rules regarding the “glorification of violence." Yet the platform decided not to remove it, since it "may be in the public’s interest to remain accessible." https://twitter.com/realDonaldTrump/status/1266231100172615680 Facebook not only remained ignorant to the post, but also Mark Zuckerberg said that the President’s statement did not violate the rules of the social network. https://www.facebook.com/zuck/posts/10111961824369871 “We read it as a warning about state action,” said Zuckerberg. “We think people need to know if the government is planning to deploy force.”  Zuckerberg also stressed that reinforcing and facilitating freedom of speech is in the interests of Facebook: “I disagree strongly with how the President spoke about this, but I believe people should be able to see this for themselves, because ultimately accountability for those in positions of power can only happen when their speech is scrutinized out in the open.” Zuckerberg’s stance caused a wave of criticism of Facebook’s management followed by a rising chorus of indignation from the company’s employees, who eventually staged a "virtual walkout". At a meeting with disgruntled employees, Zuckerberg asserted that he considered many of Trump's posts offensive, but would not subject them to moderation. Later, Zuckerberg met with the team behind Stop Hate for Profit, who put forward a number of demands in regard to changes in Facebook’s policy, including the introduction of civil rights expertise in the company’s C-Suite. However, the activists were left disappointed as Facebook failed to make any firm commitments to the demands. Rashad Robinson, president of Color of Change, said: “The meeting that we just left was a disappointment. At this point, we were expecting a very clear answer to the demands we are making, and we did not get that.” In the wake of the events, a group of independent auditors conducted an audit of Facebook's civil rights policies and issued a dedicated report. Civil Rights Audit by ForkLog on Scribd https://www.scribd.com/document/468614319/Civil-Rights-Audit-Final-Report The auditors concluded that although Facebook had improved content moderation over time, those improvements were still insufficient to protect users from discriminatory and hateful posts. “The prioritization of free expression over all other values, such as equality and non-discrimination, is deeply troubling to the Auditors,” the report said. From social justice to censorship and intolerance Some fear that the ongoing struggle for racial, gender and social equality will lead not only to intolerance and censorship, but to the erosion of free speech as well. In July, more than 150 writers, academics, journalists and public figures signed an open letter defending the diversity of thought and calling for open debate. Among the signatories were linguist and philosopher Noam Chomsky, writers J.K. Rowling, Margaret Atwood and Salman Rushdie, chess player Garry Kasparov and many others. The authors of the letter claimed to be staunch opponents of discrimination, however, expressed concerns that "a new set of moral attitudes and political commitments that tend to weaken our norms of open debate and toleration of differences in favor of ideological conformity." They warned that “the free exchange of information and ideas, the lifeblood of a liberal society, is daily becoming more constricted. While we have come to expect this on the radical right, censoriousness is also spreading more widely in our culture.” In their opinion, “the way to defeat bad ideas is by exposure, argument, and persuasion, not by trying to silence or wish them away.” “We refuse any false choice between justice and freedom, which cannot exist without each other,” the letter reads. The corporate boycott of Facebook is an example of censorship and can be recognized as an attempt of a mob to destroy free speech, according to venture capitalist Joe Lonsdale. Although Lonsdale claimed his support for the protests in their fight for justice, he noted that the advertisers’ boycott happened because “they think the company isn’t censoring its users enough.” “Their statements imply that Americans are not to be trusted with intellectual freedom. This abandons the principle that a marketplace of ideas gradually tends toward truth and progress,” Joe Lonsdale said. The problem of centralized social networks Some experts suspect that Zuckerberg’s reluctance to moderate the president’s scandalous posts may be caused not by his commitment to freedom of speech, but by some direct agreements with Trump himself. One of Facebook's early investors, Roger McNamey, told The New York Times that the deal between Trump and Zuckerberg most likely considers protecting the company from regulators. In return, the Trump administration allegedly gets “lenient treatment” from the social media platform “to win the election.” “Mark’s deal with Trump is highly utilitarian,” McNamey said. “It’s basically about getting free rein and protection from regulation. Trump needs Facebook’s thumb on the scale to win this election.” In June, Facebook did remove some of the ads posted by the Trump administration. Those ads contained an image of red downward-pointing triangles, which, according to some commentators, resembled a symbol associated with the Nazis. Notably, Trump issued an executive order “on preventing online censorship.” The order argues that “if an online platform restricted access to some content posted by others, it would thereby become a “publisher” of all the content posted on its site for purposes of torts such as defamation.” Thus, such “publishers” can not enjoy the protections granted by the section 230(c) of the Communications Decency Act. “When large, powerful social media companies censor opinions with which they disagree, they exercise a dangerous power.  They cease functioning as passive bulletin boards, and ought to be viewed and treated as content creators,” the executive order claims. However, when it comes to freedom of speech, it may not even be that important who eventually influences the content—authorities or an intolerant society. The core idea lies in the ability of centralized social networks to decide which content is acceptable and which is not. For instance, after a recent Twitter hack, the platform temporarily prohibited publishing any information about cryptocurrency wallets, supposedly aiming to deter hackers. Censorship of cryptocurrency-related content on social media platforms often happens without a clear reason. In December 2019, online video sharing platform YouTube blocked hundreds of crypto-related videos due to a “moderation error.” In February 2020, several video bloggers were blocked by the platform after publishing videos about Bitcoin, with some of them receiving bans during live streams. Decentralized social networks could become a response to censorship, as well as to other known issues of centralized platforms such as user privacy violations. The blockchain industry has been developing alternative services to centralized social media platforms, with Twitter CEO Jack Dorsey announced his intention to create a decentralized standard for social media. In March 2020, the community launched the #ForkGoogle campaign against Google’s non-transparent policies and #fExit geared toward diversifying people’s experience in the sphere of social networks. The main goals of the #fExit initiative are to reclaim the control over users’ personal information, transfer community management into the hands of their members, reward users’ intellectual work through algorithms, and work towards a fair distribution of monetization through ad revenue. In July, blockchain company Block.one launched the Voice social network platform based on the EOSIO protocol. The Voice’s main features so far include mandatory verification and content monetization, with users able to gain tokens. The development of decentralized social media platforms is still in its early stages. Nevertheless, in light of increasing pressure on free speech, the need for open and censorship-free discussion platforms is becoming more evident. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Kais Mohammad, 36, a California resident also known under the moniker Superman29, has confessed to conducting unlicensed cryptocurrency exchange services and laundering up to $25 million. From 2014 to 2019, Mohammad operated an illegal virtual currency business called Herocoin. According to a press release published by the United States Department of Justice on July 22, Mohammad provided Bitcoin (BTC)-to-fiat exchange services, charging commissions up to 25%. The investigators believe he was aware that some of the funds he dealt with had been obtained illegally. A failure to maintain AML program Mohammad failed to maintain an effective anti-money laundering program as he had not registered his Bitcoin automated teller machine (ATM) business with the U.S. Treasury Department’s Financial Crimes Enforcement Network, although he was aware he was obliged to do so. Also, Mohammad never reported suspicious clients. Mohammad admitted that he exchanged between $15 million and $25 million from in-person exchanges and transactions via Bitcoin ATMs owned by him. “Mohammad is expected to plead guilty to the charges at a hearing in the coming weeks. Upon pleading guilty, Mohammad will face a statutory maximum sentence of 30 years in federal prison. As part of the plea agreement, Mohammad has agreed to forfeit cash, cryptocurrency, and 17 Bitcoin ATMs that he operated as part of his business,” the release reads. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Ethereum’s (ETH) top 100 holders have moved more than 700,000 ETH ($191.1 million, at press time) to exchanges, over the past three days. Analysts at crypto analytics platform Santiment believe that this might suggest that the leading altcoin is on the verge of another pump. https://twitter.com/santimentfeed/status/1286131575722094592 ETH has broken the resistance zone of $250 it had been keeping since summer 2019, as pointed out by Carmine Lemone Investments CEO known as Bitcoin Kang. https://twitter.com/bitcoinkang/status/1286073446183636994 Michaёl van de Poppe of the Amsterdam Stock Exchange also believes that Ethereum’s best days are still ahead. https://twitter.com/cryptomichnl/status/1286010967042686976 At press time, ETH price has passed the $270 price mark, having gained 3.5%, over the past 24 hours. The coin’s market cap has exceeded $30 billion, at press time. At the same time, the median transaction fee on the Ethereum network has reached its mid-2018 levels at around $0.4. CoinMetrics analysts believe the active development of decentralized finance (DeFi) to be the reason behind that. As forklog.media previously reported, bad actors stole $8.3 million from DeFi protocol Maker DAO by manipulating the Ethereum’s mempool. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Threat intelligence research team Cisco Talos has discovered a cryptocurrency mining botnet attack dubbed Prometei. The main purpose of the actor is to deploy users' computer systems to mine Monero (XMR). Another possible goal is to steal Bitcoin (BTC) wallets that might be protected by passwords stolen with open-source app Mimikatz. Once installed and launched, the malware not only disguises itself as other programs to set up hidden mining operations but also allows the attacker to control the infected system and copy files. The analysts also identified attempts to steal administrator passwords. The report explains: “The infection starts with the main botnet file which is copied from other infected systems by means of SMB, using passwords retrieved by a modified Mimikatz module and exploits such as Eternal Blue. The actor is also aware of the latest SMB vulnerabilities such as SMBGhost, but no evidence of using this exploit has been found.” Prometei has been active since early March. The researchers noted that the earning potential of the botnet is relatively small as over the past four months it has managed to make just under $5,000, or $1,250 per month on average. Cisco Talos believes that the botnet was created by a professional developer from Eastern Europe, although the attacker could not be identified. Illegal crypto miners are on the rise As forklog.media reported in May, the first quarter of last year saw the emergence of new families of cryptojacking—a scheme to illegally use users’ devices to mine cryptocurrencies—targeting Windows and Apple devices. Per the McAfee Labs Threats Report report released in August 2019, the volume of cryptojacking campaigns targeting victims’ computers to mine cryptocurrencies continued to grow and increased by 29%, by that time. As reported by Check Point Software Technologies, 2019 saw 38% of companies worldwide impacted by illegal cryptocurrency miners because their use remains a low-risk and high-reward activity for criminals. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Former chess champion and human rights advocate Garry Kasparov has called Bitcoin and blockchain technology “very natural choices” in the struggle against human rights violations, Forbes reported on July 23. Kasparov noted that cryptocurrencies offer greater control over an individual’s own funds, as opposed to fiat which is controlled by governments, corporations, and banks. The danger of corporations The danger of corporations, according to Kasparov, is that they are “pretending to be guarding the interests of their customers in America or in Canada,” but when it comes to dealing with authoritarian regimes, “they behave differently.” The role of bitcoin and blockchain tech, according to Kasparov, is to “help the public regain the control that has been gradually lost to outside institutions.” “The good thing about bitcoin is that you know exactly the number—the magic number of 21 million. And we understand the formula behind that. But when you look at the other side, the Fed, for instance, you never know how many trillions of dollars will appear on the market tomorrow that will damage your savings,” Kasparov noted. As the chairman of the Human Rights Foundation, Kasparov also endorsed the use of new technologies to oppose violations of freedoms. "I think the steady rise in popularity of bitcoin and other cryptocurrencies and blockchain technology as a concept is inevitable because it’s a response to the shift of power from individuals to states or other institutions that may act on our privacy without our consent,” he said. Notably, Kasparov was skeptical about cryptocurrencies three years ago. In late 2017, he told Portuguese publication Proteste Investe that cryptocurrency was akin to “fake money massively issued by governments,” and suggested that bitcoin was “pure speculation.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

During the market crash in March, bad actors stole $8.3 million from DeFi protocol Maker DAO. Latest research from analytical company Blocknative suggested that it was made possible by manipulating the Ethereum (ETH) mempool. https://twitter.com/blocknative/status/1286009935390744576 According to the report, the hackers deployed bots to overload the ETH mempool with unusually low-fee transactions. This slowed down transaction confirmation speed and in some cases even resulted in their failure. Ethereum unconfirmed transaction volume chart Attackers took advantage of DAI features The attackers took advantage of specific features of DAI, wherein to borrow DAI, a user has to deposit collateral in ETH in the system and to reclaim the collateral assets, the user has to pay back the same amount in DAI. To maintain the market value of DAI, a system was put in place for liquidation of collateral through an auction if the price of the asset falls below a specified level. On Black Thursday ETH’s price nearly halved, triggering the liquidation mechanism. The report further explains: “When the price of ETH collapsed on March 12, a large number of CDPs [collateralized debt positions] immediately became undercollateralized and eligible for forcible liquidation. MakerDAO and the Ethereum ecosystem are incentivized to operate various Keeper bots in order to ensure a competitive marketplace for liquidated CDP positions. Such liquidations occur in auctions.” Due to the clogged mempool,  owners of collateral could not get their auction bids through. “One negative consequence of this congestion were 'zero bid auctions' on liquidated MakerDAO CDPs. Of the 3,994 liquidation auctions associated with Black Thursday, 1,462 or 36.6% were won by zero bids. Over a roughly 12 hour period, $8.32 million in aggregated locked CDP value was lost to these zero bid auctions.” Analysts noted that the cybercriminals conducted a test attack on the network on March 8, four days before the Black Thursday. However, they were unable to find any evidence that the hackers were involved in the market crash. Following the hack, the platform users filed a class action lawsuit for $28 million against the Maker Foundation and several affiliated organizations. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The Office of the Comptroller of the Currency (OCC), which is an independent bureau within the United States Department of the Treasury, has officially allowed federally chartered banks to store cryptocurrency wallet keys. https://twitter.com/usocc/status/1286009624856940544 The open letter written by the OCC Deputy Head Jonathan Gould suggests that banks are capable of offering safer custody services than existing market players. Banks are now allowed to provide fiduciary and non-fiduciary custody services. Apart from banks, the decision also covers federal thrifts. Notably, the letter also suggests that custodial services may “extend beyond passively holding ‘keys’.” Brian Brooks, former Coinbase executive and current head of the OCC, added that "from safe-deposit boxes to virtual vaults, we must ensure banks can meet the financial services needs of their customers today.” He believes that dozens of millions of Americans see cryptocurrencies as valuable assets. The decision seems to garner high appreciation from the crypto-industry. https://twitter.com/zhusu/status/1286075246785605632 https://twitter.com/barrysilbert/status/1285989941898612739 https://twitter.com/prestonjbyrne/status/1285987556241420288 https://twitter.com/pierre_rochard/status/1286045524030885888 Currently, Coinbase Custody is the biggest institutional crypto custodian in the U.S. It manages $7 billion worth of digital assets. Other major custodians in the U.S. are Fidelity Digital Assets, BitGo, and Bakkt. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies. Once downloaded on the victim’s device, Mekotio detects the user’s attempts to visit an online bank, replaces the login window with a fake one, and sends the input data to a remote server. Now, Mekotio is able to replace crypto-wallet addresses. The trojan replaces the destination address with that of the hacker if the victim pastes the wallet number from the clipboard, instead of typing manually. Usually, victims download the trojan during phishing attacks. Oftentimes, the sender poses as a renowned company or a government institution, with the message including a link that downloads a .zip archive with an .msi installer. Should the victim unarchive and install it, the attack is successful. Infection scheme / Source: ESET ESET recommends users to avoid downloading attachments from unknown senders, double-check links, and update their software on a regular basis. Earlier today, forklog.media reported that Lazarus, a hacker group associated with North Korea, intensified its cyber-attacks to steal cryptocurrencies. The hackers have been releasing crypto-trading apps having an embedded trojan, namely, AppleJeus for macOS and Bluenoroff for Windows. Using the trojans, the hackers reportedly steal user access to crypto-wallets and exchanges. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Security firm Barracuda Networks and UC Berkeley have jointly researched cybercriminals’ behavior once they take over accounts, specifically focusing on the end-to-end lifecycle of a breached account. The parties investigated 159 compromised accounts across 111 organizations in a bid to find out how threat actors take over accounts, how long attackers remain in compromised accounts, and how they use and extract information from these accounts. Dwelling in the Account for Weeks or Even Months According to a report published on July 23, some bad actors remain in compromised accounts for weeks or even months, with 33% of attackers dwelling in the account for over a week. The report’s findings indicate the following: Nearly 80% of threat actors did not access any applications outside of email, 20% of breached accounts appear in at least one online password data breach, 31% of compromises reflect an increasingly specialized market for account compromise. To get access to email accounts and steal credentials, hackers opt for brand impersonation and phishing. The report further explains: “Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled, so they can launch subsequent phishing attacks, including harvesting financial information and additional login credentials for other accounts.” Sometimes hackers reportedly sell stolen login credentials to other threat actors, and thus a different attacker continued using the compromised account mining for information and extracting value from it. Focus on Corporate Networks The researchers discovered that in 98% of breached accounts, hackers accessed at least one email-related Office 365 app, including Microsoft Outlook. This reportedly enabled them to obtain access to contact lists and relate that data with any confidential and financial information of the employee and the organization. As previously reported by forklog.media, hackers seem to have shifted their focus from individual servers to corporate networks. In the second half of 2019, the number of postings on illicit marketplaces offering access to corporate networks reportedly began surging. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

This year, Lazarus, a hacker group associated with North Korea, has intensified its cyber attacks to steal cryptocurrencies, antivirus company Kaspersky Lab told the Russian publication Kommersant. The hackers have been releasing crypto-trading apps to bypass application store inspections. Still, the updates to the apps have an embedded trojan, namely, AppleJeus for macOS and Bluenoroff for Windows. Using the trojans, the hackers reportedly steal user access to crypto-wallets and exchanges. According to another cybersecurity provider Group-IB, the hackers create websites and social media accounts to promote the apps. In June alone, cybersecurity experts disclosed several apps of this kind, which are Coin Go Trade, Kupay Wallet, and Dorusio Wallet. Lazarus is a hacker group also known as Dark Seoul Gang. They are possibly endorsed by the Bureau 212 of the Reconnaissance General Bureau of North Korea, which is focused on cyberwarfare. The hacker group gained notoriety after DDoS and hacker attacks on government institutions in South Korea and the United States. Most recently, Lazarus was involved in cryptocurrency exchange hacks, which is often attributed to the attempts of the North Korean regime to bypass international sanctions. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Apple co-founder Steve Wozniak has joined the class action lawsuit against online video-sharing platform YouTube and its parent company Google. The lawsuit revolves around fraudulent videos promoting distribution of Bitcoins (BTC) on behalf of tech celebrities including Wozniak himself, industry-focused media outlet CoinDesk reported on July 22. 18 plaintiffs now demand YouTube delete the videos from the platform and compensate them for the damage caused. The lawsuit claims that the scammers’ actions have already resulted in millions of dollars worth of damages to the platform’s users. The plaintiffs noted that YouTube has not been taking any action against cybercriminals for several months. Moreover, the streaming service provider has allegedly promoted such materials. The lawsuit opposed YouTube’s inaction to Twitter’s response to the recent hack, where it reacted quickly and managed to save a large part of users' funds. Apart from using Wozniak’s name, the attackers also misappropriated the identities of Bill Gates, Elon Musk and Michael Dell. The lawsuit is substantiated by screenshots of fraudulent ads from live broadcasts. Previously, a similar lawsuit against YouTube was filed by blockchain company Ripple over the fraudulent distribution of the XRP cryptocurrency. The ads also used the image of Brad Garlinghouse, Ripple CEO, to promote the scam. In response, YouTube lawyers said that the platform was not responsible for the materials posted by third parties. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

The senior executives of Canada’s biggest cryptocurrency exchange Coinsquare have conceded to the request from the Ontario Securities Commission (OSC) to resign, after being charged with falsifying trade volumes. The platform admitted conducting 840,000  illicit transactions to the aggregate amount of 590,000 BTC, as well as the fact that the top management knowingly incentivized employees to feign trading. The exchange also admitted that it had taken a reprisal against an employee who wanted to report the illicit activity to authorities. Coinsquare CEO Cole Diamond, founder Virgile Rostand, and manager Felix Mazer are now obliged to step down from their positions, with Diamond to pay a $1 million fine and Rostand to pay $900,000. On top of that, they are officially banned from any operations involving cryptocurrencies for three years. Mazer has already paid a $50,000 fine. He won’t be able to be a market participant for one year. The regulator recommended that the exchange revises its management model and introduces a whistleblower support program. Initially, the OSC accused Coinsquare of inflating its trade volumes by 600,000 BTC. According to the regulator, 90% of the trade volume at the exchange was created artificially in an illegal practice known as wash trading, or a strategy where the same person acts as both the seller and the buyer, over the period from July 17, 2018, to December 4, 2019. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

This June, the turnover of decentralized exchanges reached its all-time high at around $1.6 billion. According to Dune Analytics, trading volumes on non-custodial marketplaces have been growing for four consecutive months. The figure rose by 115% within a single week. Over the past 24 hours, the DEX trading volume has been hovering at around $135.5 million. The rating prepared by Bitwise shows that Bitcoin (BTC) daily volume from spot markets on the top ten centralized exchanges amounted to $869 million as of July 22. Source: bitcointradevolume Among the decentralized exchanges, Uniswap leads by a wide margin. The daily trading volume on that platform amounted to $61.5 million. The turnover of the relatively new Balancer platform increased by 72%—from $93 million to $160 million, in June.

Analysts at blockchain and crypto analytics firm CipherTrace have tracked down Bitcoins (BTC) stolen in the course of the Twitter hack. The findings showed that the threat actors transferred the funds to various exchanges, mixers, and online casinos. https://twitter.com/ciphertrace/status/1285275575138037763 The attackers broke transactions into small portions of 0.1-0.15 BTC. Some of the funds were funneled to cryptocurrency exchanges in the USA, Turkey, and India. All money sent from the source wallet to the destination address went through an intricate chain of transactions to make them difficult to track. Source: CipherTrace To monitor the activity of cybercriminals, CipherTrace used new software that allows assessing the transaction’s risk factor in real-time and tracing its connection to fraudsters, malware, and mixers. CipherTrace notes that the tool is able to identify a suspicious transaction immediately after it enters the mempool. Previously, CipherTrace identified 11 transactions committed by the Twitter hackers. The final recipient addresses could not be determined, but analysts suspect that some of the funds were moved to major crypto exchange Binance. Last week, analysts at blockchain analytics firm Elliptic determined that the hackers transferred 22% of the stolen funds to an address associated with the anonymous Wasabi wallet. As forklog.media previously reported, anonymous attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. They used these accounts to post fraudulent messages promoting the distribution of 5,000 BTC on behalf of a rogue site Cryptoforhealth. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

United States President Donald Trump's re-election campaign will become the driver behind a positive Bitcoin’s price trend. This opinion was recently offered by Charles Edwards, an analyst at digital asset management firm Capriole Investments. According to Edwards, Trump will start printing money again in an attempt to help the stock market recover from the coronavirus pandemic. This will likely result in an increase of the inflation rate. https://twitter.com/caprioleio/status/1285461472622129155 During the crisis, Bitcoin has shown a close correlation with the stock market. On June 30, the correlation of Bitcoin’s price with the S&P 500 index reached an all-time high of 66.2% after several months of growth. Direct financial assistance to the population was one of the major reasons behind the US stock market recovery as was the growth of the US Federal Reserve to $7 trillion. According to some experts, should these factors persist, it will not matter who wins the US presidential elections as the injection of liquidity will lead to an inevitable rally of cryptocurrencies. Earlier, Charles Edwards suggested that Bitcoin was on the verge of a new rally thanks to the halving that happened in May. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Prague-based Paralelní Polis will host the 7th Annual Hackers Congress (#HCPP20) from October 2 to October 4, 2020. HCPP is a major event gathering hackers, hacktivists, scientists and data experts, cypherpunks, crypto-anarchists, and others involved in the digital world. Traditionally, each HCPP focuses on a specific issue that seeks to invoke discussions about profound problems of global political and economic systems. This year, the provocative idea behind the congress is “2020: a year of Digital Totality,” which deals with the impending totalitarianism in the digital reality that, according to the organizers, is becoming a “prison of bits and bytes, drones, cameras, databases, and hostile AI.” Experts from various fields will gather to discuss how society could get rid of mass surveillance and other problems inherent in the digital world nowadays. The issue has indeed become pressing in the days of the continuing corona-crisis and the subsequent shift to digitization across developed economies. "We chose the topic of this year's HCPP20 ‘Digital Totality’ before the global pandemic COVID-19. We did not expect this topic would gain so much relevance and importance nowadays. We have already crossed the threshold of digital totalitarianism, and it is high time to use all means to ensure that we do not entirely collapse into it,” says Pavol Luptak, a co-founder of Paralelní Polis and one of the organizers. The list of confirmed speakers at the conference includes, among others: Riccardo Spagni, a co-founder at Tari Labs and maintainer at the Monero project; Robert Hassan, professor of culture and communication at the University of Melbourne; Smuggler, a renowned crypto-anarchist and cypherpunk; Alena Vranova, the founder of Trezor; Deirdre Nansen McCloskey, distinguished professor emerita of economics and of history. Other speakers will be announced later this summer as the organizers are still accepting and considering applications from the community. The deadline for submission of an application to become a speaker is August 31. The ticket sale started on July 1. You can buy tickets on the official website with BTC, LTC, and XMR, in addition to fiat options. ForkLog is an official media partner of HCPP20. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

South Korea’s Ministry of Economy and Finance has established a 20% income tax on cryptocurrency transactions. The new regulations have been included in the revised tax code. The news was announced by Dovey Wan, a founding partner at crypto asset holding company Primitive Crypto, in a tweet on July 22. https://twitter.com/doveywan/status/1285805418749386752 For income tax purposes, cryptocurrencies are now classified as “other profits,” with crypto-assets are seen as commodities, not currencies. The new tax is set to be payable by Korean residents whose annual profits exceed 2.5 million Korean won (around $2,088, at press time). Notably, the tax liability will only cover the profits that exceed the said amount. Considering the local 2% tax, the resulting tax rate will be 22%. Non-residents will be exempt from the tax. The amendments to the tax code will become effective in October 2021, should the parliament approve them. The discussions on the issue are expected to start on September 3, or earlier. Remarkably, rumors concerning the upcoming 20% tax for crypto-traders had been circulating for a week before the Ministry made it official. According to the country’s Financial Services Commission, the average daily cryptocurrency trading volume in Korea is around 1.33 trillion won ($1.1 billion). Over the first five months of 2020, it reached 7.6 trillion won ($6.33 billion). Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The total amount of funds locked in DeFi services has reached $3.01 billion, according to the DeFi Pulse portal. The figure exceeded the $2 billion mark just two weeks ago. It took it five weeks to rise from $1 billion to $2 billion. The four leaders have the amount of funds locked in the range between $441 million and $628 million. Two weeks ago, Compound dominated, with a share of 32.7%. Recently, MakerDAO took the lead, with 20.84%. The Aave protocol moved up to the third place, with the volume of funds locked having grown by about $230 million, in the last two days alone.

American cryptocurrency exchanges have formed a working group that aims to develop a user data exchange solution compliant with the relevant Financial Action Task Force (FATF) rules. San Francisco-based crypto exchange Coinbase appeared to be the initiator of the development. The working group will also include major American regulated digital currency exchanges such as Gemini, Kraken, and Bittrex, industry-focused media outlet The Block reported on July 20. The solution is intended to increase the level of compliance with the so-called "Travel Rule." A peer-2-peer “bulletin board” The launch of the project was announced by Jeff Horowitz, chief compliance officer at Coinbase, during an online conference. The working group will release a white paper detailing a proposed method to comply with the FATF rules within a few weeks. Representatives of Gemini and Bittrex confirmed their participation in the initiative. Horowitz noted that information will be exchanged via a peer-2-peer (P2P) “bulletin board.” Participants will be able to request information about any wallet in order to establish the identity of the owner. In the future, the working group will consider adding new members outside the United States to the system. In May, crypto-industry stakeholders presented a new messaging standard for data exchange by virtual asset service providers alongside crypto transactions. Last week, it was revealed that the U.S. Internal Revenue Service will use Coinbase's analytics platform to track transactions. Recently, Coinbase also began providing its analytics software to the U.S. Secret Service that carries out the integrated missions of protection and investigations.

Ethereum (ETH) developers have announced the launch of two Ethereum 2.0 testnets designed specifically to discover vulnerabilities. Those white hat hackers who manage to bring the testnets down will get a reward, according to a tweet published earlier today. https://twitter.com/dannyryan/status/1285225497966731265   The testnets in question are two beta-0 attacknets, Lighthouse-attack-0 and Prysm-attack-0. Each of the networks is made up of just four nodes in order to make the process of hacking easier. “Within the attacknet directory, a README.md is provided with human-readable, high-level configuration as well as the rules and any rewards associated with the attacknet,” the GitHub description reads. Hackers are promised to get $5,000 for taking down each client. The testnets are said to keep operating for three months. Afterward, the developers intend to make the task more complex by launching upscaled versions of the beta clients. On top of that, the developers have announced the launch of a public testnet with thousands of nodes, inviting everyone capable to join the test using fake ETH. The network will also remain operational for three months. Earlier this month, Ethereum developer Justin Drake stated during an AMA session on Reddit that ETH 2.0 Phase 0 rollout may not happen this year. This opinion, however, was rebutted by Ethereum co-founder Vitalik Buterin. “I personally quite disagree with this and I would favor launching phase 0 significantly before that date regardless of level of readiness,” he said. Buterin also noted that “eth2 phase 0 is a little simpler on-net.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

On Friday Twitter’s team published a follow up on their investigation into the recent “Bitcoin scam” hack. The attack happened on Wednesday when a team of anonymous hackers gained access to many high profile accounts, including those of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. Reportedly this was made possible due to a Twitter employee being socially engineered into disclosing sensitive data. Right after the hack took place, many hacked accounts were used to promote a Bitcoin scam, which fraudulently promised to send back double the amount to everyone who sends any sum in Bitcoin to a specified wallet. It was suggested that the Bitcoin scam was only a ruse, masking the real purpose behind the attack. This information was later confirmed by both Twitter and anonymous hacker sources. The scope According to the latest report, as many as 130 accounts were breached in the course of the attack. 45 of them had their accounts reset and posted the Bitcoin scam messages. “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, log in to the account, and send Tweets,” Twitter’s statement concluded. At least eight accounts had all of the data scraped with the help of the Your Twitter Data tool. This tool allows downloading all private messages, address book data, physical location history, attached multimedia files, etc. The Verge reported that even previously deleted data could be retrieved in this manner. Twitter did not disclose which accounts’ data was drained in this way or what they had in common. A victory for hackers As reported by an anonymous source in the hacker community, the hacker team behind the attack was indeed after valuable private data. Bitcoin scam was only a distraction. Source: Hacker that wished to remain anonymous The source also said that the attack turned out to be bigger than initially anticipated. Twitter’s investigation meanwhile is still ongoing: “We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames,” Twitter said in a statement. The recent investigation by NYTimes suggested that the hack had no political or ideological motive. The publication reportedly talked to the anonymous hackers behind the heist and learned that they got access to the Twitter credentials when one of them found a way into Twitter’s internal Slack channel, where said credentials were stored in a pinned message. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry” Twitter was widely slammed for its failure to prevent the attack and to act decisively and efficiently as it was unfolding. In their latest statement, Twitter provided an unconditional apology and informed the public that steps are being taken to prevent such disastrous events in the future. They also noted they are “deliberately limiting the detail they share on their remediation steps at this time to protect their effectiveness and will provide more technical details, where possible, in the future.” Right now Twitter is working to restore access to the affected accounts for their rightful owners. Still, it seems that the real consequences of the hack are yet to be fully comprehended.

Great Britain has claimed that the Russian government-backed hackers made an attempt to illegally obtain secret research on a coronavirus vaccine developed by Britain. Apart from the United Kingdom, the Russian intelligence allegedly targeted pharmaceutical research organizations in the United States and Canada as part of the attack. The cyberattack that was revealed by the National Cyber Security Centre (NCSC) apparently targeted Oxford University and Imperial College of London that have been developing the vaccine, with the British government allocating over £40 million to the research teams. No “Proper Evidence” of Russia’s Involvement? The NCSC attributed the attack to the APT29 hacking group, also known as Cozy Bear and The Dukes. It is believed that the group is linked to Russian intelligence and primarily targets commercial entities and government organizations. In its report on the issue, the NCSC said: "APT29 is likely to continue to target organizations involved in Covid-19 vaccine research and development as they seek to answer additional intelligence questions relating to the pandemic." Dmitry Peskov, the spokesman for Russian President Vladimir Putin, said that the accusations were not backed by “proper evidence,” and added: "We don't have information about who may have hacked pharmaceutical companies and research centers in Britain. We may say one thing: Russia has nothing to do with those attempts." In response to the attempt to steal the secret research, Foreign Secretary Dominic Raab said: "It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behavior the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber-attacks and work with our allies to hold perpetrators to account." A Race for a Covid-19 Vaccine The COVID-19 continues to spread around the world, with the U.S. having more confirmed cases and deaths than any other country. As of July 16, the total number of cases and deaths from the virus in the U.S. reached 3,483,832, with 136,938 deaths reported. Earlier in July, researchers in the U.S. reported findings from the first 45 volunteers who participated in the first experimental coronavirus vaccine tests in March. The vaccine proved itself to be the way the scientists had hoped, and now it is awaiting its final testing, with 30,000 participants. The alleged attack by Russia came on the heels of the country’s announcement to produce 200 million doses of an experimental vaccine by the end of 2020. This could ostensibly explain the attack as Russia is apparently committed to competing with the Western countries in the vaccine development. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

This June, an ex-employee posted an announcement on the official website of cryptocurrency investment fund Bitsonar. According to it, the organization is a Ponzi scheme, and its founder is not the same person as the website had earlier stated. Meanwhile, users post numerous claims as to the impossibility of withdrawal of funds and suspect the project of pulling an exit scam. What Happened? June 2, the fund’s former employee Jan Novak posted an announcement that Bitsonar “has turned into a financial pyramid.” “All investors should know that Bitsonar OU has turned into a financial pyramid (Ponzi), so do not be fooled by the illusions that you will be able to withdraw at least a dollar after so-called audit will end, or after they will open on bitsonar.io,” the text reads. According to Novak, not only the clients of the fund but also employees, contractors, and consultants were all misguided by the real manager of the fund. He noted that the money was stolen by the actual owner of Bitsonar, who is not the company’s official CEO, Marius Ziubka, but a Ukrainian national Alexander Tovstenko. ForkLog talked with Jan Novak and other people earlier involved in Bitsonar to shed some light on the company that had been providing “breakeven” algorithmic trading services since 2016. The Founder Novak says that he met Alexander Tovstenko in February or March 2018. Alexander Tovstenko, photo provided by Jan Novak “Tovstenko is a former public sector employee, a corrupt official. He was the head of the department of tenders at Ukraine’s ministry of energy. Before that, he worked at Ukraine’s ministry of ecology, and for Kyiv’s land resources. Bitsonar, therefore, was founded with the money stolen from taxpayers,” he says. Initially, Novak consulted Tovstenko about trading bots that had been trending then. Still, the abrupt plummeting of the Bitcoin rate made them unprofitable. “The decision was made to remake it all as a European investment find. Another project manager and I worked on remaking, content, and stuff. The trading strategies developed by the system administrator really worked, even though he had no experience in trading,” Novak continues. According to him, at the time when he joined Bitsonar, the company couldn’t pay for servers because there was nobody willing to use their own bank card for that. “Now I understand why nobody wanted to buy some burner cards. I was the person who helped organize the stuff, and it was me who had bought the domain names. The account access was on a name chip that I kept,” Novak elaborates. The development of the investment fund was slow, and Novak even left the company for a while. He returned in April 2019, though, when Bitsonar was actively hiring employees and promoters. “There were a bunch of pyramid fans, and everyone was trying to pull an MLM. But finding people who would work as talking heads was very difficult,” Novak recalls. They even looked for them at elocution courses, and that’s where they ended up finding Marius Zhubka, a Lithuanian national living in Kyiv, Ukraine. On screenshots provided by Novak (available here in Russian) one can see a discussion about hiring Zhubka as a nominal CEO. The chat participants note that his English is terrible and wish that he was “not as smart as Alesha had been.” In the final screenshot, they seem to be arranging a photo session and asking Marius not to get too tanned and ask his wife for a powder just in case. “We came up with ‘Ziubka’ later because it would be hard to sell ‘zhubka’ to Russian speakers [the word ‘zhubka’ phonetically resembles the Russian word ‘zhopka’, which literally means ‘a small butt’—forklog.media]. Alexander wanted him to use a pseudonym from the start,” Novak explains. Tovstenko went into business with Ziubka, and Marius became the nominal CEO of Bitsonar OÜ registered in Estonia. Initially, Ziubka was listed as Marius Zacca on the official website (a screenshot made in 2019) Notably, Bitsonar had the local license for exchange of cryptocurrency which, however, did not entitle it to manage assets or provide banking services. https://www.scribd.com/document/468554234/%D0%9B%D0%B8%D1%86%D0%B5%D0%BD%D0%B7%D0%B8%D1%8F-Bitsonar   This never stopped the Bitsonar founder to accept user funds for trust management while promising a 120% yearly profit and weekly payouts at the level of 4% of the deposit. Bitsonar’s marketing campaign was quite aggressive. An example of Bitsonar’s Facebook ad. It reads: “Heard it somewhere but don’t know how to start? A reliable investment platform. Start making money right now! 13.12 - 31.12, time is limited. +30% in 3 days!” Commenting on the screenshot above, Novak said that it was a failed attempt to work with partner networks. “This was a tough situation. Everyone around kept crying that we needed affiliates. Allegedly there were some pros that make creative stuff with 500% ROI. And in a while, we start seeing this ‘creative stuff’ in social media. This mistake cost us around $5,000,” he says. The Golden Age and Fake Competitions In May 2019, the developers continued testing the trading bots, which were surpassing the market average in profitability. At that time, Novak introduced Tovstenko to Pavel Lerner who was offered to become Bitsonar’s advisor. “Pavel talked to developers and mathematicians who made the strategies, told them about arbitrage and pairs trading. Alexander was saying that everything goes well, things are being implemented, and the profitability grows. Yet, since everything came down to him, he was the only person who knew what strategies were actually being implemented.” Left to right: Alexander Tovstenko, Pavel Lerner, and Marius Ziubka. Photo provided by Jan Novak “It seems that was the plan: to launch a project as a technical fund, then sack all the technicians and eventually do what the directors say. I’ve been consulting lots of projects and exchange services, helped setting up bots, and knew where to order the implementation. Neither the others nor I could see that it’s a pyramid scheme,” Lerner added. Bitsonar’s underlying MLM model was fine by everyone because it wasn’t “scammy,” Novak said. Clients were getting so-called “statuses” that granted access to investment limits five times greater than the price of such status: a $100 allowed you to invest $500 and so on. The owners of partner status with deposits of $20 thousand and more didn’t have limits whatsoever and paid 10% from each investment. “Meanwhile, the leaders who brought new people had their rewards included in the status price, there was no pressure on the deposit itself. Nobody thought that it was an MLM, it was more an affiliate program. That’s why top bloggers weren’t afraid to promote Bitsonar. Sometimes ads went for $15 thousand.” Despite the marketing efforts, the MLM network wasn’t growing. Novak explained it by the fact that the network marketers demanded 10–15% of the deposit and weren't too keen on limiting themselves with statuses. Yet, people were buying statuses and investing even with such a model. In November 2019, on Black Friday, Bitsonar temporarily lifted the limits and statuses. Their clients got incredible discounts. “Over that period of time, Bitsonar doubled the number of clients and investments. They took in about $300–400 thousand. It’s sad to say, but people are that greedy. A client had an investment of $200–300 for about three months. On Black Friday, they deposit $12 thousand. There were many cases like that.” At that time, the investment fund has announced a competition for 20 BTC and Mercedes AMG GT S. “We were shooting the ‘Mercedes’ ad in a parking lot in Troieshchyna [a neighborhood of Kyiv] and then shooting the ‘winner’ near the Motherland Monument the same day. [...] A foreign student played the role of Paul the British national. He pretended to be surprised and, as a crypto-enthusiast, chose 20 BTC. Then we returned the Mercedes to its real owner and he drove it home.” The video of the fake lottery that was supposed to be live, turned out to be prerecorded. The part about picking the winner was edited in. In December—January, a giveaway of watches from the American jewelry house Eliantte & Co. was planned. As explained by Jan Novak, the actual store, having got acquainted with the project, refused to participate and did not provide the watches. But Bitsonar continued selling lottery tickets to customers. Later, the giveaway was curtailed, on the premise that Covid-19 and quarantine were to blame. Pavel Lerner was fired in November 2019. In his own words, the management felt that "break-even strategies do not give them the interest they need." Thereafter, he provided advice to Bitsonar privately and upon request. “I would help in setting up bots, but I only advised programmers. I gave no advice on finance or decision making,” notes Lerner. In November, these services were paid in full, but for December and January, Lerner said, he never received his money. “Lerner had it pretty rough,” added Jan Novak, “In October, he said that he was leaving for Utorg and asked to remove his mentions from materials related to Bitsonar. Alexander agreed but did not remove any mentions. Moreover, all bloggers were informed that Pavel was still a full-fledged member of the team. In December or January, Pavel visited the site, saw himself, and threw a major tantrum. He said that he would write under all new videos that he has not worked at Bitsonar since October. To which Alexander replied that he will simply pay $20,000 and all the media will say that Pavel ran away from the project and stole the money. His reputation would be forever soiled. Pavel didn't dare to escalate and the conflict fizzled out.” Early Issues and Transcendent Trading Deposit withdrawal issues started abruptly, in December of 2019. Given the high volume of deposits in November and a three-month lock-up period, Novak said, the problems should have started no earlier than February. “Even then it was clear that not all trading is done by bots. Alexander had no trading experience. It was only in May 2019 that I registered him on Binance, and in June he first learned about the blockchain.com wallet. Moreover, he determined which crypto to trade through meditation (I'm not kidding).” [Here Alexander says that he was “a fool to trust technical analysis, as he should have meditated on the deal right away”—note by Jan Novak]. Screenshot ForkLog has found individual messages from Bitsonar clients, complaining about the quality of service in September 2019. A tricked client complains about not being able to withdraw $600. The testimonial says that Bitsonar support provided nothing but a promise to “answer soon.” Source: Finotzyvy.com But Novak insisted that until December 2019 all clients were able to withdraw their money. “There is no objective reason why deposit payments ceased in December. Even if we assume that this is a Ponzi scheme, there was enough money to keep paying until February. Alexander probably embezzled the funds.”  Around the same time, internal conflicts started happening in Bitsonar. According to Novak, the reason behind the main conflicts was that on December 25th, Alexander said there’s no money left to pay the bonuses. He then left for Dubai to celebrate New Year’s Day. Later, he returned for a few days, came to the office wearing a new Louis Vuitton tracksuit worth several thousand dollars, said that there’s no money still, and was gone to India. The conversation where Alexander Tovstenko shares video from a celebration in Dubai after saying that the company can’t afford to pay employee bonuses. Screenshot https://youtu.be/kq6r1xByxRY In January 2020, the team faced problems taking out the profits so they made up a technical security audit. “We were indeed moving to another system, from one hot wallet to another. We’ve indeed been hacked. It had to do with a trading bot vulnerability. It was hacked with a script and about 4 BTC (about $40 thousand at the time) was stolen. It was used as the far-fetched explanation as to why people can’t withdraw their money.” In February, the Bitsonar team was joined by Otokar Kasynets who was recommended as a “professional in attracting funds.” In 2015 and 2016, Kasynets was the head of marketing at Kairos Technologies (Kairos Planet), a company showing signs of a pyramid scheme. In September 2016, the company stopped making payments. Although there was no announcement regarding Kairos Planet liquidation, most of its employees left during that period. There’s a detailed Russian-language investigation about the company and the associated allegations. ForkLog was unable to find information about the damages caused by Kairos Planet. “[Otokar’s] task was to organize the MLM department at Bitsonar,” Novak said, “But because Alexander hadn’t fulfilled several agreements, Otokar terminated all relationships unilaterally. Since he is a very rich person, he simply stopped getting in touch.”  Alexander Tovstenko still expects to hear from Otokar. Screenshot According to Novak, Tovstenko personally made decisions as to withdrawing customer funds at the time. Novak added that every time a customer managed to get their deposit or even a part thereof back through scandals or threats, Tovstenko was “literally going bonkers.” “He cried that nobody will ever get a bonus because people must not ever take money out of the system,” he recalls. Jan Novak: “A Slovenian customer requested withdrawal of 1 BTC. Alexander wanted to pull the wool over his ears about being an ambassador and getting bonuses. He was ready to offer anything just to stop him from withdrawing money.” / Screenshot.  According to Novak, he and Tovstenko had numerous disputes about U.S. nationals. “Back in July, he was already obsessed about entering the U.S. just because they have a high average check. I told him many times that one couldn’t go there with an unlicensed company. He brushed it off all the time,” Novak says. Alexander Tovstenko musing about ways to enter the U.S. market: “I’m thinking about the USA. Maybe we should make the legend more intricate. Like they voluntarily gave the green to charity etc. I so want them to participate.” Screenshot By the time “everything turned into money collection,” according to Novak, he broke up with the management and left Bitsonar in March 2020. Exit Scam and the Founder’s Great Escape Novak claims that in addition to client funds, Alexander Tovstenko attracted money from third-party investors, allegedly to promote Bitsonar. According to him, from March to August 2019, Tovstenko received $450,000. Money was sent in several batches. The chat participants enjoy what they see. Screenshot The chat participants enjoy the “nice stash.” The sender of the photo notes that the money is already in BTC and asks to make a chat with lawyers. Screenshot Tovstenko’s receipt for $100,000. He claims that the money will be spent on recording videos, holding promotional events, and preparing speakers. He also promises to pay back from Bitsonar profits to the amount of 10% a month as long as Bitsonar remains active. “One gave $250 thousand, another gave $200 thousand, some with a receipt, some without. But they were all serious people, not some average Joes. Alexander, not wanting to repay the debt, at first was hiding from them in Kyiv. Then one of these guys turned to the police and Alexander was tracked down. But there was no police statement because Tovstenko apparently had connections there. They’ve met together, talked, and Alexander promised to repay the debt.” In May 2020, Tovstenko agreed to meet with one of the investors in Odessa to discuss the situation. “These guys were driving to Odessa in two cars: the fellow who invested money, his wife and two of his friends, who were not even involved in this story. They hosted Tovstenko in a hotel at their own expense, he ate oysters for $50. One day, as they were walking in the park, a police bus drove up, officers in civilian clothes came out, showed their IDs, and asked ‘[Alexander], are you all right?’ They’ve then put him in a minibus. After 15 minutes, the KORD squad [Ukrainian analog of SWAT—forklog.media] arrived and put the police officers and the investor along with his friends face down on the floor. Alexander probably had it thought out in advance, organized and approved by someone. Most likely, he paid someone in law enforcement. No matter how much it cost, $30 to 50 thousand, it was still less than giving back $450,000.” While still in the minibus, Tovstenko filed a complaint on investors and they were promptly arrested on charges of kidnapping and extortion, Novak said. An extract from the Ukrainian register of prejudicial inquiry. It lists Alexander Tovstenko as the victim of the crime described in clause 146 pt.2 of Ukraine’s Criminal Code, which covers ordering an abduction. “People invested $450,000 in him, and he put them in jail. The one who gave the money is awaiting trial under house arrest, another one is currently in jail, and the third one is on the run.” According to Novak, Bitsonar exit scam actually took place in late April—early May 2020. The bulk of the damage was inflicted upon users from the USA, Canada, Russia, Ukraine, Great Britain, Spain, the Netherlands, Germany, Slovenia, and Thailand. The total damage from the activities of the Ponzi scheme, according to the data available to Novak, exceeded $2.2 million. $1.3 million came via the Internet, $450,000 came as a loan from investors, and $200,000 were attracted through an MLM scheme. “We’ve headhunted two networkers from OneCoin, and within two months they organized more than a hundred people who generated this money. But the Ponzi scheme was unable to grow further due to the fact that MLM was organized too late when issues with payments have already started.” According to Novak, Tovstenko and Ziubka probably won’t be affected financially at all, but they will suffer serious reputational losses. “With the aid of my lawyers, I composed a letter in which I outlined the scope of liability that awaits Alexander in various jurisdictions: in the US, for example, it’s up to 85 years in prison, in the EU—up to 20 years, Russia/Ukraine—up to 12 years.” For his part, Novak is willing to both contact the law enforcement concerning this and testify as a witness in court. “I called Marius and advised him to report Tovstenko to the authorities. If Marius sits on his hands, it will be him, as CEO and founder, who will be dragged to the court. He won’t react to my attempts to get in touch with him. Most likely, he does that on Alexander’s advice, but this is his life and his choice.”  He added that after the publication on the Bitsonar website, Tovstenko put a price on his head: “I had gangsters waiting for me just outside my house. I had to flee and live elsewhere, although I have a wife and two small children.” Conclusion On June 2, 2020, Bitsonar User Agreement was edited. In several sections, the company makes a point of denying any responsibility for financial losses clients may face and declares that it is unable to guarantee the exact amount of daily bonuses, advising to take this fact into consideration before making deposits. “Please, pay attention to the fact, that the daily bonuses amount not only cannot be exactly specified, but, subject to different circumstances (such as market volatility, technical or other issues with algorithms), may even have negative rate, and You shall consider this fact prior to making any contributions. On the other hand, we use different methods and measures to avoid negative rate, still, we do not warrant or guarantee it,” states the document. The older version places much less emphasis on risk. https://www.scribd.com/document/469138529/Old-Bitsonar-Terms-and-Conditions According to certain sources, the Estonian regulator has recently revoked the Bitsonar license. Just days after Jan Novak posted his message on the Bitsonar website, the foundation moved to the bitsonar.io domain. Bitsonar.io domain information. Source: Whois.net ForkLog will continue monitoring the situation. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Government public record databases apparently help law enforcement officials save lives, prevent further crimes from being committed by perpetrators, and also provide a detailed information platform that can stitch together obscure tidbits of data that can help them hunt down and capture fugitives and individuals fleeing from an arrest warrant. Access to these public record systems is set to help legal professionals solve cases faster by reducing the number of people it would ordinarily take to resolve the cases, as well as the time and expenses associated with lengthy investigations. It’s not uncommon to associate our ideas of such databases with images and scenes from television and films, from the lowly black and white text-based terminals to the highly graphical and sophisticated interfaces depicted in blockbuster spy films. As a former hacker, I became very familiar with law enforcement databases such as the Texas Law Enforcement Telecommunications System, International Justice and Public Safety Network, Bureau of Prisons Network, Legal Information Office Network System, as well as the National Crime Information Center. However, there exists a data mining giant called Accurint for Law Enforcement (Accurint LE) that leaves nothing to the imagination. In 2009, I was arrested and charged for two counts of Transmitting a Malicious Code, or installing malware, basically. During the Detention/Bond Hearing, the prosecuting attorney representing the government in this case falsely accused me of owning a fake ID kit in addition to the claim that I used multiple false identities. This information was patently inaccurate and became a convincing factor that influenced the magistrate judge to deny me a bond. After discussing this issue with my public defender, we moved to petition the prosecutor to produce evidence in support of this claim. The information the prosecuting attorney provided came from Accurint. What Does Accurint LE Know About You? Accurint for Law Enforcement is a widely popular and exceedingly exhaustive public records research tool provided by the data broker LexisNexis. It has powerful tracking and people-mapping capabilities that harvest its resources from a multitude of records databases using data mining technology to converge information into a single, massive, centralized information pool. It can reveal connections between people, businesses, assets, and locations that can’t be found in public records, even if the user has only fragments of information on the individual they are searching for. Link analysis between entities sample. Source: Accurint LE User Guide The Accurint database holds 84 billion public records on 283 million unique identities—an average of about 290 records per identity. Millions of Accurint reports are sold each year to government agencies, law enforcement, insurance companies, banks, collections, and any other entities. Examples of some of the records Accurint can extract include assets such as property, motor vehicles, FAA (Federal Aviation Administration) aircraft, and watercraft licenses as well as firearms registrations. It can generate a detailed information tree of the relationships between individuals and where they live, how to contact them, cellular and landline records, vehicle registration and accident reports, employment history, who their coworkers are, their affiliations, criminal records as well as intricate details into their financial behaviors. Birth records. Credit reports. You name it. Investigative intelligence apparently has never been easier. Accurint LE can also monitor social media, allowing agencies to discover risks and threats by leveraging social media to provide actionable intelligence. Government, law enforcement, and commercial customers are among the database’s many users, and the cost of running lightning-fast searches can amount to mere pocket change. It is used by over 4,000 federal, state, and local law enforcement agencies across the U.S. LexisNexis—the highly acclaimed legal, regulatory, business and analytics information giant and data broker who owns the rights to the tool—describes Accurint LE as “a cutting-edge investigative technology that can expedite the identification of people and their assets, addresses, relatives and business associates by providing instant access to a comprehensive database of public records that would ordinarily take days to collect.” According to the company, it “assists 70% of local agencies and almost 80% of federal agencies to safeguard citizens and reduce financial losses due to fraud and abuse.” Hank Asher, who is best known as "the father of data fusion" is the celebrated creator and computer mastermind behind this impressive data mining and records-linking titan. It shouldn't be surprising that he was described by one of his employees as a “mad scientist.”  Others consider the man something of a legend. Damaging Consequences Caused by Inaccuracies The damage my Accurint report caused was irreparable. My prosecutor mailed a detailed printout from Accurint to my attorney, who then forwarded it to me so I could review the source of the government's claim. The database inaccurately reported that I supposedly had multiple aliases connected to my social security number (SSN) by rearranging and combining variations of my birth name and legal name in conjunction with my mother’s married name. These were names I had never used before at any given time in my life. However, the damage was done, and this misinformation was already being repeated by news media reporters. Eleven years later and those same news stories are still all over the web. The disclaimer at the top of the records compiled by Accurint seemed to be ignored. In short, it stated that the information input into these databases is sometimes inaccurate and that further investigative inquiries are necessary. Imagine that. Another example of inaccurate information provided by Accurint was similarly described by Meghan Koushik, a research associate at the Brennan Center for Justice, who had the opportunity to run a search for her name in 2014. Under the impression that she had a small information footprint due to having a unique name, no driver’s license, and no criminal record, she was shocked by the results. “...The reports listed every phone number and address I had ever been associated with, from my college mailbox to the relative’s home where I’d forwarded mail while abroad. Accurint listed the apartment I rented while interning in DC, along with the names and phone numbers of its current occupants. It even provided the sale price and mortgage on each home I’d lived in. Surprisingly, much of the information was also inaccurate.  [...] Accurint listed someone named Florinda as ‘Associated with Subject’s SSN’ though it assured me this ‘doesn’t usually indicate fraud’.” Mapping results sample. Source: Source: Accurint LE User Guide She explained at the time, that amending the inaccurate data proved impossible because the data brokers did not allow individuals in the U.S. to access and amend their data. There’s too much red tape involved, and changes to the information oftentimes aren’t retained permanently. No Possibility to Amend Inaccurate Data? This may be because data being scraped and stored by the data brokers isn’t redundant. The information is being siphoned from such a variety of sources that any changes to a person’s report will likely be overwritten as the report is updated. It seems the only exception to this problem is exclusively reserved for residents of the State of California under the California Consumer Privacy Act (CCPA) who otherwise reserve the right to requests to delete certain personal information in addition to requesting to not have their personal information sold. Furthermore, individuals who are not residents of the State of California who desire to amend inaccurate information in their Accurint report may find the process a daunting and fruitless endeavor. “There is no general federal privacy law that specifically provides consumers with the right to choose whether or not their information can be collected and/or used,” Karen Gullo, speaking on behalf of the Electronic Frontier Foundation, nonprofit defending civil liberties in the digital world, told forklog.media. “Strong privacy legislation in the U.S. is long overdue. California's data privacy law is a state law that allows consumers to learn what companies collect about them, delete it, and opt-out of its sale. But it does not give consumers the right to choose whether their data is collected,” said Gullo. Michael Rapp, a consumer attorney from Kansas City, said his firm has litigated dozens of cases against LexisNexis, and companies like it for more than a decade. “People can have their reputations hurt by companies they've never heard of, and often don't know until the damage is done”, he said and continued: "This is the biggest thing you don't know anything about. It's almost impossible to avoid being tracked by data brokers—not just LexisNexis.” Accurint’s report stated it “may not contain all personally identifiable information in our databases” and they “do not verify data, nor is it possible to change incorrect data.” A statement like this should cause heads to roll when you factor in the magnitude of the amount of data being collected on private citizens. Abuse of Data For years, LexisNexis sold Accurint without complying with the federal Fair Credit Reporting Act (FCRA), on the theory that Accurint is not a “consumer report” that triggers the Act’s protections. Back in 2013, LexisNexis settled a $13.5 million class-action lawsuit brought by 30,000 plaintiffs who accused the company of harvesting background data and selling it to debt collectors who use Accurint reports as a skip tracing tool to track down consumers, were “consumer reports” as defined under the FCRA. In 2019, another instance of abuse involved former Alice police Officer Enrique Saenz who was the subject of an FBI investigation regarding the misuse of Accurint. The City of Alice was notified by the FBI that Saenz was using his law enforcement access of Accurint to illegally search individuals that had no connection to a law enforcement case—something that may remind us of the instances where at least a dozen National Security Agency employees were caught using NSA surveillance tools to spy on the emails or phone calls of their current or former spouses and lovers. They actually have a name for that: “LOVEINT” aka love interest, which is defined as the practice of intelligence service employees making use of their extensive monitoring capabilities to spy on their love interest or spouse. Is Security More Important Than Privacy? Are we as members of a global society susceptible to arbitrary abuse of the information being mined and utilized by government and law enforcement agencies? It’s hard to believe that something of this nature could ever affect everyday citizens like you and myself since we aren’t informed or knowingly affected in regards to how our personal information is being used, who is using it, who is selling it, and who is buying it. Is this alarming? Consider this, under normal circumstances, such as during legal proceedings, we have to sign a waiver and provide oral confirmation in order to sign away a constitutionally protected right. In other words, we have to actively participate in the matter directly in order for the waiver to be legally authenticated and therefore binding. It seems a bit self-serving after we examine the forces controlling what is no longer ours and consider the fact that we as citizens have no legal authority over our personal information, and no reliable legal protections to defend our civil liberty interest against corporations and government entities who are taking our information while we look the other way in favor of “national security.” Thus, the question remains: Is security more important than privacy? Sometimes I wonder why so many of us only seem to think in binary terms as though we can only have one without the other. The question we should ask ourselves is whether or not the existence of such powerful public record databases has had any effect on the significant drop in the American crime rate. If the answer is yes, then perhaps it would be prudent to press legislators to create laws that protect the interest of the public whose records are otherwise being used without their consent. Access to our information should be free, and amending inaccurate information should never become an impossibility for any reason. But what if tools such as Accurint LE have had no effect on the drop in the current crime rate? If that’s the case, should it exist at all, seeing that law enforcement would be able to produce the same results without it as they could with it? “The bottom line is we need to require private companies that collect, use, retain, or share information about us—including our faceprints or other biometric information—to get informed opt-in consent before doing so, and to minimize the data they process to what is necessary to give consumers what they asked for. And we need to give consumers the right to bring their own lawsuits against the companies that fail to do so,” Gullo stated. Some even go so far as to say that none of this even matters. They’ve got nothing to hide. But consider this. In the words of Edward Snowden, the NSA contractor and world-renown whistleblower: “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” This piece has been written by Jesse McGraw, aka Ghost Exodus, founder of the Electronik Tribulation Army. He is an activist, writer, former black hat hacker, and first person in recent U.S. history convicted for corrupting industrial control systems. Ana Alexandre contributed reporting for this story. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Yesterday, anonymous attackers hacked Twitter accounts of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. They used these accounts to post fraudulent messages promoting the distribution of 5,000 BTC on behalf of a rogue site Cryptoforhealth. Despite hacking a score of highest-profile celebrity and corporate accounts, hackers were able to swindle the public of a bit over a dozen Bitcoins. Yet as the dust settles the world is about to realize the way more dire implications of this Twitter hack. Preamble This type of scam is certainly not new but it has become increasingly more popular in recent months. Crypto-related Telegram channels are bombarded by screenshots of fake Twitter messages promoting similar giveaway scams. Scammers even managed to pull off buying YouTube ads with these messages. Until recently this scam remained comparatively small scale. Then the hackers hit Twitter. Twitter’s Unraveling On July 15, an anonymous group actually hacked a large number of celebrity Twitter accounts and made fake Bitcoin giveaway posts. The exact tally of all affected accounts is not yet available. Among the victims were the world’s most famous entrepreneurs Musk and Bezos, key Democratic party members Biden, Obama, Bloomberg, and global companies like Apple, Uber, Binance. Most messages followed the same pattern and even the same wording, asking followers to send any amount of Bitcoins to a provided address to receive double the amount back. Obviously, no Bitcoins were ever sent back. At the moment, the Twitter team, which responded to the hack with a noticeable delay, knows little. According to Chainalysis, attackers’ main address received about 12.86 BTC (over $120,000) in a course of 375 transactions. There were two more additional addresses that received very modest donations, while nothing was sent to the XRP account. https://twitter.com/chainalysis/status/1283576349630836737 The most unlucky victim of the scam parted with $40,000 worth of Bitcoins. According to Chainalysis, his wallet has interacted with Japanese exchanges in the past. The rest of the transactions came mainly from exchanges. Twitter was slow to react and fraudulent posts were allowed to remain unredacted for hours. The exchanges took upon themselves the role of first responders and began blocking transfers to accounts used by the criminals. https://twitter.com/hasufl/status/1283520877120937986 Whitestream analysts discovered that the attackers' addresses had previously interacted with Coinbase cryptocurrency exchange and BitPay and CoinPayments services. As of now stolen funds are still in motion. Ongoing Investigation Twitter tech support is still investigating the hack. So far they claimed that it was a coordinated attack that involved not only hacking but also social engineering. https://twitter.com/TwitterSupport/status/1283591846464233474 Twitter employees with access to internal systems are said to have been victims of a coordinated social engineering attack. This allowed attackers to take control of many accounts, including verified ones. The Block analyst Larry Chermak threw together a timeline of the attack, which allowed him to conclude that only one Twitter employee was likely the victim of the hack. https://twitter.com/lawmaster/status/1283743155750404099 Twitter CEO Jack Dorsey has promised to release the full details as soon as Twitter figures out how the hack was possible. https://twitter.com/jack/status/1283571658339397632 Conspiracy Theories Vice reports that an anonymous whistleblower has told Motherboard in a candid interview that Twitter is still unsure whether their employee was a victim of a social engineering attack or helped the hackers on his own accord. The implication that it could be an inside job feeds into Kim Dotcom’s old “backdoor mantra”. https://twitter.com/kimdotcom/status/960960064621223936 The Twitter hack in his opinion vindicated his conspiracy theory as it reveals that “there are government backdoors with god mode that can be abused”. Which makes evidence from email, smartphones, social media is no longer reliable in Court because it can be edited. The Real Danger Behind the Hack Some experts were quick to point out that the level of access available, albeit temporary, to the hackers basically allowed them to enter God mode with all possible implications. https://twitter.com/lopp/status/1283507177370640385 https://twitter.com/lawmaster/status/1283696821076975616 Twitter is still trying to figure out the real amount of damage the hackers may yet cause, having attained access to private information and the message history of its users. The distribution of Bitcoins scam could only be a distraction, and the attackers' true goal could very well be precious private data. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

ESET researchers have discovered a new major privacy threat within a “long-running cyber-espionage campaign” in the Middle East. The new malicious agent is an Android messenger app Welcome Chat. The rogue app is believed to be linked to the Gaza Hackers group a.k.a Molerats. Hackers Spy on Vulnerable Demographics Chat apps are banned or restricted in some Middle Eastern countries and so locals are often forced to download dubious messenger software from unofficial sources. This places malicious agents in a unique position where they can prey upon certain vulnerable demographics. The fact that Welcome Chat is specifically marketed to the Arabic audience is immediately obvious just from the app’s website design. Welcome Chat app’s Website. Source: Welivesecurity According to the research, Welcome Chat is indeed a functioning messenger mostly used in Palestine, which also happens to spy on its users. On installation the app requests the user to grant several key permissions, including sending and viewing SMS messages, accessing files, recording audio, and accessing contacts and device location. Messaging apps often do require most of those permissions, hence even a suspicious user can let this one slip. Researchers believe that gaining access to these tools hackers can establish tight surveillance over a specific target: “Based on the functionality, hackers might use it to spy on users’ activity. This Welcome Chat app might be used in targeted espionage to make targeted individuals install it and even communicate via it,” says Lukas Stefanko, Malware Researcher at ESET. The app is designed to send data and receive commands to/from the C&C server every five minutes. Other than its main purpose—monitoring private messaging of its users—the app is capable of several other malicious actions: “This malware allows the attacker to extract sent and received SMS messages, get call log history, obtain contact list, user photos, can record user’s phone calls, GPS location of the device, and exchanged chat messages from this Welcome Chat app,” noted Lukas Stefanko. Born That Way Hackers often do not bother with developing a working product just to slap malware on top of it. Usually, they adopt a clean app and “trojanize” it. But in this case, researchers believe that the app was built by hackers from scratch. “There is a major question mark with this option: to this day, we have not been able to discover any clean version of the Welcome Chat app,” the report reads.“This leads us to believe that the attackers developed the malicious chat app on their own. Creating a chat app for Android is not difficult; there are many detailed tutorials on the internet. With this approach, the attackers have better control over the compatibility of the app’s malicious functionality with its legitimate functions, so they can ensure that the chat app will work.” Data Leaks in Real-Time All private data gathered by the Welcome Chat app is available not only to the hackers but to every user on the network. This was made possible because the app uploads all stolen data to the attacker’s server via unsecured HTTP and does not use encryption to protect the transmission. “The database contains data such as name, email, phone number, device token, profile picture, messages, and friends list–in fact, all the users’ data except for the account passwords can be found uploaded to the unsecured server,” explained Lukas Stefanko. BadPatch Connection ESET researchers came to the conclusion that the group behind the Welcome Chat app is connected to the so-called BadPatch campaign in the Middle East. “The Welcome Chat espionage app belongs to the very same Android malware family that we identified at the beginning of 2018. That malware used the same C&C server, pal4u.net, as the espionage campaign targeting the Middle East that was identified in late 2017 by Palo Alto Networks and named BadPatch. In late 2019, Fortinet described yet another espionage operation focused on Palestinian targets with the domain pal4u.net among its indicators of compromise,” the research reads. Conclusion Even though Welcome Chat’s spying activities are supposedly aimed at targets in the Middle East, anyone using the app still places himself in a dangerous position where his privacy is breached and his device’s security is compromised. ESET researchers advice to only install apps from the official applications store and closely mind the permissions that each app requires. “In this case, it is really hard to conclude this app is fishy for the user since it requests permissions that would be naturally requested by any other messaging app. My advice would be that if the user can’t verify the legitimacy of the website or the app, I would suggest using a trustworthy security solution that is up-to-date before installing this app,” Stefanko concludes. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

On June 18th, Russia’s internet and media watchdog Roskomnadzor posted a short notice saying that Telegram messenger is no longer subject to blocking in the Russian Federation. The ban that lasted for two years and has been lifted because the messenger executives agreed to cooperate with the authorities in fighting terrorism and extremism. Five days later, Vladimir Putin announced that the tax for IT companies will be lowered from 20% to 3%. On June 1st, the head of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation (MinComSvyaz) stated that he won’t mind Telegram establishing an office in Russia. On June 9th, Telegram vice president Ilia Perekopsky participated in a government meeting in Innopolis. The suddenly warm relationship between former enemies gave rise to speculations about the nature of this peace agreement. ForkLog summarized the most popular theories that could explain the closeness between Telegram and Russian authorities. The Absurdity of Further Blocking From April 2018 and up until recently, Telegram was blocked in Russia because of the messenger’s refusal to “hand over the keys” that would allow Russia’s Federal Security Service (FSB) to decrypt users’ messages as required by the Yarovaya law. The authorities disregarded the arguments about the technical and legal impossibility of the requirements. Yet, Roskomnadzor was unable to carry out the blocking to its full extent. Telegram enabled built-in methods of circumvention and continued working. Meanwhile, millions of IP addresses owned by international companies, including Google, Amazon, Digital Ocean, and Microsoft, were affected by Roskomnadzor’s attempts. In late 2018, aiming to finally put the messenger down and get the ability to block protocols Roskomnadzor pushed for the state-wide introduction of Deep Package Inspection (DPI) equipment. The resulting “sovereign Runet” law came into effect on November 1st, 2019. The authorities announced a $130,000 (9.2 million rubles) tender for anonymous and decentralized network research. Telegram carried on unaffected, reportedly passing the 400 million users mark. Exante’s analyst Victor Argonov suggests that one of the reasons Telegram and Roskomnadzor got along is the lapse of time. “MinComSvyazi had probably finally compared the cost of the blocking to its effectiveness.” According to TON Labs CTO Dmitry Goroshevsky, blocking Telegram was harmful to Roskomnadzor’s reputation. Roskomsvoboda’s CTO Stanislav Shakirov noted that the authority just had to find a convenient moment to stop tilting at windmills. Carrots Before Election According to Shakirov, another reason cloud be the willingness to increase ratings among voters. In late June, Russia had a blockchain-based election deciding on the amendments to the Russian constitution. According to Vladislav Zdolnikov, the author at IT and COPM Telegram channel, political scientists recommended stopping blocking the messenger to “relieve social stress among young and active part of the society and increase the government’s rating.” “Since blocking Telegram isn’t currently a matter of principle for the government, they sacrificed [the blocking initiative] in favor of ratings,” Zdolnikov wrote. He added that the relief may last “until blocking Telegram as a free platform is a matter of principle once again.” The Kremlin changed its approach to the messenger shifting “from a technical prohibition to purchasing influential channels in bulk and public deanonymization of the authors of the most influential projects,” according to another anonymous Telegram channel. “All this has made the agenda within the previously protest messenger almost pro-Kremlin. Given the development of digital political technologies and non-functioning blocking, the restrictions are meaningless,” the authors noted.  Ally to Fight the West In his speech in Innopolis, Ilya Perekopsky repeated Pavel Durov’s words criticizing the monopoly held by Apple and Google. Telegram vice president offered Russia to discuss the 30% “tax” the American giants charge mobile developers with. According to Telegram channel MediaTech, Durov’s suggestion about a mandatory pre-installation of alternative app marketplaces can mean that the messenger plans to launch its own app store. Independent expert Alexander Isavnin found it interesting that Telegram chose Russia to be its ally in the fight against IT corporations. “It seems that Pavel prepares a revolution. It isn’t clear yet whether he will succeed, but he allies with regulators. The negative things he says about Apple and Google are very similar to the things European regulators say,” Isavnin said. The expert warned that Telegram assumes risks and in the case of failure the messenger may face blocking in the U.S. MixBytes’s head of research Sergey Prilutskiy believes that Durov bets on the Russian origin of his creation: “The West has shown the same level of pressure on business as Russia. Given that, Durov could have reasonably decided that the project is better off with Russian resources since Russia was the place where Telegram became a really significant project and an important part of the Russian-speaking internet segment,” Prilutskiy noted. In May 2020, because of the conflict with the SEC Durov’s team stopped developing Telegram Open Network and its cryptocurrency Gram, for which the company raised $1.7 billion in investments. As a part of the settlement, TON returned $1.2 billion to investors. The founders of the project will also pay $18.5 to the regulator. Exante’s Victor Argonov suggests that the debt with investors forced Durov to get close with the Russian authorities to repair the reputation: “Moreover, looking at the confrontation between [TON and the SEC] Russian authorities got an opportunity to support a domestic project and form a friendship based on the “enemy of my enemy is my friend” principle. It is possible that the project is currently in its most attractive form for Russian investors,” he added. Deal with the FSB Despite not being blocked, Telegram remains in the telecommunication services registry. The messenger is obliged to store users’ messages and allow the authorities to access them on-demand as stipulated in the country’s Yarovaya law. MaxBytes’s Sergey Prilutskiy suggested that law enforcement may have offered Durov a compromise to build “Russia’s global network platform that would be as good as those made by the world’s giants.” In August 2018, Telegram’s user agreement was amended to include a claim about handing over phone numbers and IP addresses of users suspected in terrorism if there’s a respective court ruling. Roskomsvoboda’s Stanislav Shakirov is confident that the messenger won’t break its own privacy policy. He explained that Telegram will cooperate with the FSB when it comes to terrorism suspects, but not in other cases and not with disclosing it. Stanislav noted that to do so would be a reputational suicide for Pavel Durov, which isn’t likely to be a part of his plans. Pavel Durov himself has also claimed that Telegram users’ personal information will remain secure. Telegram Sold Another version suggests that the relief may be related to the sale of the company to an oligarch or a TON investor close to the authorities. The list of investors includes entities tied to billionaires Roman Abramovich and Mikhail Abyzov; the Gutseriyev family; co-founder of Wimm-Bill-Dann, one of Russia’s largest companies, David Yakobashvili; and Qiwi CEO Sergey Solonin. Telegram channel NADNAMI suggested that one of the most likely buyers is Alisher Usmanov who acquired VKontakte social network in 2014 for about $20 million (1.47 billion rubles). After that, Durov and his team had to leave Russia. Former director of special projects at Telegram Anton Rosenberg noted that Durov doesn’t like investors and if he would sell the company, he would sell the controlling interest. Only Pavel Durov himself can prove any of these theories right or wrong. As of now, the only thing he did was to call the Digital Resistance proponents to keep on fighting against political censorship. This is the adaptation of the original Russian-language article published on ForkLog. Some of the sources are only available in Russian. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The government of the United Kingdom is reportedly selling spyware, wiretaps, and other surveillance equipment to countries with repressive regimes, so they could spy on dissidents. This reportedly goes contrary to the rules under which the UK should not supply security devices to governments that might deploy it for internal repression. According to The Independent, UK ministers have made deals accounting for over £75 million ($93.8 million) in such exports since 2015. They provided the equipment in question to 17 totalitarian states, including China, Saudi Arabia, and the United Arab Emirates, with the latter being the major recipient of licenses totaling £11.5 million ($14.3 million). Emily Thornberry, a British politician and a member of the Labour Party, told The Independent that the government has to show how it assesses risks associated with the above-mentioned cases and how the equipment is used and added: “The government has a legal and moral duty to ensure exports from Britain are not used by other countries for the purposes of internal repression, and that risk should clearly be at the forefront of their mind when those countries have a track record of harassing political opponents and undermining democratic freedoms, and when the equipment concerned is ripe to be abused in that way.” Governments are Spying on Dissidents and Activists Governments spying on dissidents, journalists and activists is indeed a critical problem. Just recently, Amnesty Tech, a global collective of researchers, hackers, and advocates campaigning for human rights, claimed that Israeli tech company NSO Group committed another government-backed surveillance operation over journalists. The government of Morocco used NSO’s technology to spy on Moroccan journalist Omar Radi, wherein Radi’s phone had been attacked with NSO’s Pegasus spyware designed to enable concerned parties to remotely spy on smartphones. Back in 2017, Mexican activists, human rights lawyers, and journalists filed a criminal complaint after learning that their smartphones had been also attacked with Pegasus spyware. According to a report cited by the parties, the attorney general’s office and the defense ministry were among government organizations that purchased the software. Earlier today, news broke that the “Spanish state” targeted Roger Torrent’s, speaker of the Catalan parliament and a regional MP for the Catalan Republican Left party, smartphone using Pegasus spyware. So far, Amnesty International has failed to win the legal battle against NSO as the Tel Aviv District Court dismissed Amnesty’s petition to stop the spyware firm from exporting surveillance equipment. The court said that Amnesty could not prove NSO’s technology had been deployed to spy on its members. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Researchers from cybersecurity company ESET have published a comprehensive paper on a little-known but apparently quite dangerous advanced persistent threat (APT) group Evilnum. The research outlines the major directions of the group’s attacks and evaluates its threat level. The company is the developer of a popular antivirus software NOD32, among other things. According to ESET, Evilnum has been active since 2018. Since then the group has been steadily increasing the scope of its attacks and the number of malicious tools in its arsenal. Today it specializes mainly in stealing sensitive data from corporate networks. The data it steals can later be used for financial machinations or sold to other criminals. “According to ESET’s telemetry, the targets are financial technology companies – for example, companies that offer platforms and tools for online trading. Typically, the targeted companies have offices in several locations, which probably explains the geographical diversity of the attacks,” the research notes. Line of Attack The majority of Evilnum’s targets are situated in the EU and the UK, but individual attacks have also been detected against Australian and Canadian companies. Some examples of the information this group steals include: Spreadsheets and documents with customer lists, investments, and trading operations Internal presentations Software licenses and credentials for trading software/platforms Cookies and session information from browsers Email credentials Customer credit card information and proof of address/identity documents” Evilnum can also collect information related to the IT infrastructure of the victim company, such as VPN configurations. Shady Allegiances The research revealed that Evilnum is using malware created by a malware-as-a-service group Golden Chickens, that also provides malware to such notorious groups as FIN6 and Cobalt. Yet ESET does not believe these groups share allegiance with any specific government or political movement. “We believe that FIN6, Cobalt Group, and Evilnum group are not the same, despite the overlaps in their toolsets. They just happen to share the same MaaS provider.” Modus Operandi The threat group uses spear-phishing emails to infect devices with Evilnum malware and other malicious scripts. A typical Evilnum attack involves the following steps: a user receives a phishing email with a link to Google Drive, containing a ZIP archive. This archive contains several LNK files that extract and launch a malicious JavaScript component when displaying an infected document. Archive with LNK files. Source: Welivesecurity  Malicious LNK Files Phishing emails are usually disguised as legitimate emails from tech support or customer service officers. Malicious LNK files in turn are disguised as images of credit cards and other identity-confirming documents, as many financial institutions require their clients to provide such data in line with KYC procedures. The main payload of Evilnum is aimed at collecting various confidential information, including passwords stored in Google Chrome, cookies from Google Chrome, basic information on PC’s configuration and installed programs, It is even capable of saving desktop screenshots when a user moves the mouse cursor. And of course, it can stealthily run commands via cmd.exe. Conclusion: an Underrated Threat Researchers conclude that despite the group likely not being closely associated with any big-time players, it is still a major and underrated threat to certain specific parts of the industry: “This group targets fintech companies that provide trading and investment platforms for their customers. The targets are very specific and not numerous. This, and the group’s use of legitimate tools in its attack chain, have kept its activities largely under the radar.” by Constantine Golubev Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The U.S. president has acknowledged that the U.S. Cyber Command launched a cyberattack on a Russian media company Internet Research Agency back in 2018. The agency is colloquially known as the “troll farm” that had gained international fame through the interference of the 2016 presidential election and 2018 midterms. The acknowledgment came in an interview with The Washington Post. The president said that he ordered a cyberattack as intelligence suggested potential Russian interference in the 2018 midterm elections. The attack pulled off by the U.S. Cyber Command took place on the night of the elections and involved disrupting the internet access in IRA’s office building in suburb Saint Petersburg. The goal was to stop the “troll farm” from spreading misinformation aimed at U.S. voters on social media. “Look, we stopped it,” Trump told The Washington Post’s Marc Thiessen, “nobody has been tougher on Russia than I have.” In 2019, the U.S. introduced sanctions against the IRA and entrepreneur Yevgeny Prigozhin who is considered to be the source of financing behind the “troll farm” and “Putin’s personal chef.” In 2018, Robert Mueller indicted Prigozhin and a dozen other people connected to the organization. “Defendants, posing as U.S. persons and creating false U.S. personas, operated social media pages and groups designed to attract U.S. audiences. These groups and pages, which addressed divisive U.S. political and social issues, falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by Defendants. Defendants also used the stolen identities of real U.S. persons to post on ORGANIZATION-controlled social media accounts,” the indictment said, “Over time, these social media accounts became Defendants’ means to reach significant numbers of Americans for purposes of interfering with the U.S. political system, including the presidential election of 2016.”    According to the 2017’s Intelligence Community Assessment, the influence campaign was ordered by the Russian government and President Putin, for whom Donald Trump was a preferred candidate: “Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.” Despite the reportedly tight security measures and overall secrecy, the Internet Research Agency has got a significant amount of press in Russian-language media. According to one of the employees, the “factory” is, in fact, a large enterprise with multiple divisions: some work with social media posts and comments, some operate entire fake outlets, and some specialize in working specifically with foreign audiences. In Russia, any dubious comments are commonly attributed to the “Olgino center,” which refers to a former geographical location of the infamous “troll farm” just a couple of miles north of the city of Saint Petersburg. Notably, the “troll farm” isn’t just a tool for political manipulation, its services are also available to businesses and individuals willing to pay for user reviews or likes in bulk—there are special subsidiaries just for that. Still, according to some of the people close to Prigozhin and the “troll farm,” there is no such organization and a task like influencing the outcome of the U.S. presidential election would be impossible for a group of about a hundred to a few hundred people. Earlier in 2020, the New York Times published a comprehensive report about the changes in IRA’s deception tactics before the elections this fall. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The German government has urged the European Union to sanction Russian citizens responsible for the largest cyber-attack ever against the Bundestag, which was carried out in 2015. If so, the move will mark the first real use case of the so-called "EU Cyber Diplomacy Toolbox" introduced in 2017 and designed to respond to malicious cyber activities. Back in 2015, Russian intelligence allegedly performed a massive cyber attack against the Bundestag, wherein it illegally obtained 16 gigabytes of data, documents, and emails from the Bundestag’s IT network. Among the compromised files, there allegedly were thousands of emails from Chancellor Angela Merkel’s Bundestag office. Alleged Involvement of Russian Intelligence Despite “hard evidence” of Russian involvement in the hack cited by Merkel, Andrej Hunko, spokesman for European policy for the Left Party's parliamentary group, argued that “it may be that Russian citizens are behind the 'Bundestag hack', but perhaps it's a false clue intended to throw off the scent. In any case, to this day there is no evidence of Russian government involvement in the hacking attack." In the meantime, German authorities issued an arrest warrant against Russian citizen Dmitry Badin, a "member of the group APT28" who is suspected of being responsible for the hack. Also, Germany claims the involvement of a hacker from the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). Germany has sent the proposal to the other EU member states for consideration. Toward Stable and Secure Cyberspace The European Council began the development of the cyber diplomacy toolbox in 2017, aiming to prevent conflicts, mitigate cybersecurity threats, and contribute to greater stability in international relations. “The EU diplomatic response to malicious cyber activities will make full use of measures within the Common Foreign and Security Policy, including, if necessary, restrictive measures,” the document read. In 2018, the Council adopted conclusions on malicious cyber activities underlining the importance of global and secure cyberspace. In 2019, the High Representative released a declaration on behalf of E.U. urged actors to stop undertaking malicious cyber activities and calling on partners to strengthen cross-border collaboration to promote security in cyberspace. On July 1, Germany assumed the rotating Council Presidency for six months, which means that the country could play a stronger role in determining priorities for Europe. At the launch of the German EU Council Presidency, Merkel pushed for the digitization of the economy and society. Germany believes that the development of artificial intelligence and quantum technology will "increase our prosperity, protect our security, and preserve our values in fair competition". European Infrastructure is Under Cyber Attacks As forklog.media previously reported, this spring, an array of European countries faced a massive cyberattack campaign, with nearly 80 critical infrastructure institutions in Eastern and Central Europe affected. The attacks reportedly were in favor of Russia’s and China’s interests in Europe. Also, a hacking group linked with the Russian government reportedly carried out a series of attacks on the energy, water, and power sectors of Germany. German authorities tend to believe that the efforts to compromise the country’s critical infrastructure were taken by the Berserk Bear hacking group. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The global deployment of spy and stalking applications has surged by as much as 51% since the world’s governments introduced the lockdown in March, 2020. Stalkerware is software or apps designed to monitor and track the target person’s location, intercept emails, messages, and eavesdrop on phone calls without the victim’s consent, among other things. The findings were released by cybersecurity firm Avast on July 8, detailing that since March, in the United States alone, the company has protected more than 3,500 users from spyware apps, which marked the monthly average rate increase by 62% when compared to the first two months of the current year. Another Way to Exert Control Over People At a global scale, Avast has protected more than 43,000 users from stalkerware, with 3,531 users have been targeted in the U.S., 3,332 in India, and 3,048 in Brazil, since March. Avast attributed the surge in the stalkerware usage to the increase in domestic violence during lockdown, which has jumped by over 10% in the U.S., since the beginning of the coronavirus crisis. The cybersecurity firm noted in the release that spy- and stalkerware apps are just another way for abusers to have control over their victims. Jaya Baloo, CISO at Avast, said: "Stalkerware is a growing category of domestic malware with disturbing and dangerous implications. While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim. Usually installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends, and even concerned parents, stalkerware tracks the physical location of the victim, monitors sites visited on the internet, text messages and phone calls, undermining a person's individual liberty and online freedom." To avoid being spied, Avast advised to secure your phone against unauthorised physical access, install a good antivirus software on your phone and look for hotlines and victims’ services providers. Concerns About Avast’s User Privacy Policy Interestingly, Avast found itself in the crosshairs for harvesting user data to subsequently sell it to marketers, earlier this year. Although the antivirus provider assured that "the data is fully de-identified and aggregated and cannot be used to personally identify or target you," it eventually could be linked back to users’ real identities. This reportedly enabled the company to expose every click and search made by users. Moreover, security researcher Wladimir Palant discovered that Avast browser extensions were logging every website visited by the user alongside a user ID and sending the data to the company, last October. In the meantime, tech Giant Google is going to update its Google Ads Enabling Dishonest Behavior policy, which will ban the promotion of products and services that allow a user to get access to other users’ devices, systems or property. This will include products such as hacking services, stealing cable, radar jammers, changing traffic signals, phone or wire-tapping. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Creating your own token has become much simpler over the past decade, but still, you have to know how to write a smart contract to launch an Ethereum (ETH) token or purchase some RAM to do it on EOS. The team behind Enecuum—a blockchain mobile network for decentralized application—believes that creating tokens doesn’t have to be that complicated. They have made it their goal to simplify the process down to a few clicks. In this piece, we explain what crypto tokens are and how to make your own on the Ethereum, TRON, EOS, and Enecuum blockchain, as well as demonstrate how to create a new token from scratch in five minutes. What’s a Token? A token is a cryptocurrency-based digital asset. ERC20 is a token standard on the Ethereum blockchain. The token issuer sets the name for a new token, emission, and transaction fees. In an interview with ForkLog, Pavel Kravchenko, the founder of the blockchain expertise center Distributed Labs, pointed out the key functions of a token, which are: an analog of shares a means of payment a tool for keeping immutable records on the blockchain. Tokens reside on the blockchain of the corresponding cryptocurrency and don’t require a separate wallet. The complexity of the token creation, as well as fees and transaction speed depend on the platform. How To Make Ethereum-, TRON-, EOS-, and Enecuum-based Tokens According to Enecuum, there are 19 token emission platforms. Let’s compare how tokens are made on the Ethereum, TRON, EOS, and Enecuum blockchain. Comparison between token creation specs on Ethereum, EOS, TRON, and Enecuum Ethereum: Code, Compile, Publish Install a text editor like Atom or SublimeText to make contract editing easier. Type in the code of the smart contract or download a template and change the token name and emission. Interpret the smart contract text into bytecode. Publish it via MyEtherWallet or Metamask. Pay 320,000 GAS for the deployment of the contract (around $6, at press time). Note that larger contracts cost more GAS to deploy. EOS: Command Line and EOS Cleos Client Install the EOS Cleos client via the command line. This could be tricky, however, if you have never used a console before. Purchase RAM, so the network could process token transactions. Type in the code of the smart contract or create it via EZEOS. Deploy the contract via EOS Cleos. TRON: Standard and Custom Smart Contracts for Token Issuance Go to Tronscan. Log in and choose the type of token: whether it will be TRC-10 on a standard smart contract or TRC-20 on a custom one. Fill in the information about the token and confirm the creation. The website will enter the information about the token in the smart contract template and deploy this contract on the blockchain. BitTorrent’s token was created this way. If you develop a TRC-20 token contract, input the smart contract code in the form, and confirm the deployment. The TRC-10 network will debit your account with 1,024 TRX (around $17, at press time). To avoid the fee, install the TronBox development environment, and write the contract yourself. Enecuum: Standard Smart Contract for Quick Token Issuance Go to the website and log into the app. Create a wallet and deposit of 1,000 ENQ (around $8, at press time). Fill in the form: name, emission, and transaction fees. The website will enter the information about the token into a standard smart contract and deploy it on the blockchain. The network will debit your account with 1,000 ENQ for creating the token. The whole process of the token creation takes no more than five minutes, but more on that is covered below. Why Enecuum Uses Standard Smart Contracts for Token Issuance An inexperienced developer may write a smart contract with errors, which could potentially lead to a loss of money. Thus, a hacker once stole $50 million worth of ETH from The DAO due to an error in the code. The attacker had sent tokens to a smart contract and restarted it several times before the exchange was completed. Each time, the contract mistakenly thought it received new tokens, and subsequently sent ETH back to the hacker’s wallet. A smart contract allows the coins to be withdrawn if the transaction is signed by the majority of the wallet owners. Yet, you only need one signature to change the number of signatures required to make a withdrawal. This allows a potential attacker to reduce the required number of signatures to one and then take coins without other owners’ consent. That is why Enecuum introduced a standard smart contract for token issuance dubbed SHARNELL. It has several advantages: Users can’t change the smart contract code and create vulnerabilities. SHARNELL uses linear logic and simple operations, so it’s easy to check for errors. Auditors assess the security of the smart contract before it is added to the main network. How Enecuum Solves the Fee Problem In Ethereum, you have to pay transaction fees in the main coin: to send Tether USD over the Ethereum network, you’ll have to pay fees in ETH. This is a problem for users. Imagine having $100 and not being able to buy bread because you have to pay operational fees for any transaction in Chilean Peso. You have to pay transaction fees with the main cryptocurrency because miners don’t accept tokens. In Enecuum, miners get paid by the token issuer. The issuer pays a 1,000 ENQ fee when creating the token and miners receive transaction fees from that sum. Users pay fees in tokens. The issuer sets up a fixed fee or a percentage of the sum, or even  assigns a zero commission, making transactions free for the users. Transaction fees in Enecuum The smart contract balance for paying commissions can only be replenished. If the creator doesn't replenish it, users can do it instead. What Consensus Protocol Does the Enecuum Network Run on? The Enecuum network uses the Trinity Consensus Protocol. It combines three consensus algorithms, which are: Proof of Activity. Enecuum smartphone app checks random transactions and bundles them into microblocks. To mine, you need a wallet with at least 25 ENQ on it. Proof of Stake. One of the 100 biggest wallets becomes the leader of the network. It confirms transactions in microblocks, combines them into a macroblock, and signs it with a key. Proof of Work. Enecuum nodes running on personal computers verify the macroblock and then add it to the blockchain. Enecuum users can also mine with their smartphones. What Tokens Can Be Issued on Enecuum? Token creators can set specific parameters like the fungibility and mineability of the token. Enecuum lets you issue the following types of tokens: Fungible tokens, which are generally used for making payments. Non-fungible tokens (NFTs) which are identifiers of items, cryptocurrency addresses, or gift cards. Fungible tokens can be mineable, with users being able to mine such tokens using their smartphones. Currently, Enecuum is testing the emission of fungible tokens, use cases for which are limited only by the creator’s imagination. Here are just a few ideas: Internal currency. Launch a decentralized application, where users can use the token as the means of payment inside the app. Stablecoins. Create a token backed by a stable asset. Tokens for initial coin offerings (ICO). Issue tokens to be subsequently sold over an ICO. Such tokens can grant their holders access keys to your products or provide discounts for services. Record-keeping tool. By issuing a token and making a small transaction, you can include certain data to the transaction. These data will get to the blockchain and remain there unchanged. Voting token. Distribute tokens among users and create two addresses corresponding to “for” and “against.” After that, users can send their token to one of the addresses to express their opinion. Exercise: Creating a Token on Enecuum in 5 Minutes Step 1. Go to https://explorer.mybit.network/. Register a wallet, save the address and private key. Copy the public address of the wallet. Be sure to save the address and key as you won’t be able to recover this information after leaving the page. Step 2. Request BIT coins to your wallet by clicking “Get BIT coins,” enter the public address of your wallet and click “Confirm.” Step 3. Go to the wallet and select the “Issue token” tab. On this page, you can specify the name, ticker, emission, and fees associated with the token, as well as its type. After choosing the settings, click “Issue token” and confirm the action. Step 4. Check whether the token is on the list. Bonus: Sending Tokens to Another Wallet Now, when you have issued the tokens, let’s check if they can be sent and see how the fees work. Step 1. Go to your wallet and pick a token to send. Specify the amount and the recipient address. Step 2. Confirm the transaction. Fees are shown in tokens, not in the main currency, which is ENQ. Step 3. Receive the tokens. Conclusion Enecuum is planning to introduce token issuance on the main network in Q2 2020. The developers have simplified this process and shielded users from making errors when writing a smart contract code. The team is currently working on the integration of the main network with popular crypto-exchanges to make the listing process of new assets just as fast as of standard ERC-20 tokens. Enecuum fees mechanics make tokens easier to understand and use in a variety of applications. When the team gets mineable and non-fungible tokens up and running, users will get a simple tool to bring yet more ideas to life. There’s a chance that in the future stores will hand out bonus tokens instead of loyalty points. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Now a world-class developer living in Silicon Valley, NEAR co-founder Alexander Skidanov went a long way from a young programming-inclined student from Izhevsk, Russia. In an exclusive interview with ForkLog, Alexander explained why he moved to the U.S. and how he got to Silicon Valley, shared the story of getting funded by Andreesen Horowitz, and told about the ideas and people behind NEAR, one of the hot PoS blockchains out there. Genesis: Move to the U.S. and the Inception of NEAR ForkLog: Let’s start with the basics. Tell us about yourself and your way into the industry? I believe you currently live in the U.S. but were born in Russia. Why did you move to the States? Alexander Skidanov: I was born in Izhevsk. After graduating from school I went to Izhevsk State Technical University. It’s no Moscow State Uni where you’d find the best students from all around the country, but I got there at a unique moment. During my first year, there were two very clever guys there who participated in programming competitions and got to the ICPC World Finals right at that time. To me, what they’ve accomplished looked like some kind of magic. Those guys stayed at the university to prepare the next team for the championship and I was one of the members. In 2008, we took third place. This allowed me to land a job at Microsoft and I left the country. At Microsoft, I was working on Bing and got involved with machine learning. I didn’t stay there for too long, it was between 2009 and 2011. Things were too slow there and I left for Silicon Valley where I joined my friend’s startup company MemSQL.I was the first engineer there. We were living and working in a 2-room apartment together with a dog. If you’ve watched the Silicon Valley TV-series, you’d find it somewhat similar. At MemSQL we were making fast sharded databases that could be deployed on a large cluster. Between 2011 and 2016, I was working on sharding in particular. Now, MemSQL is used by many Fortune 500 companies. In 2016, I met Illia [Illia Polosukhin, NEAR co-founder]. He had previous experience with contests and I knew him indirectly thanks to our mutual acquaintance in Kharkiv. Back then, Illia worked on TensorFlow at Google We got involved in machine learning together and wanted to create code that would write programs using formal specifications without human intervention. In 2015, machine learning was growing very quickly. It seemed that the very next year we’d reach something along the lines of technological singularity. Yet by mid-2016, the trend fizzled out and our forecasts turned out to be wrong. Sure, there were some breakthroughs, but they were still slow. These days, the code is written before formal specifications. We decided to do it in reverse, but after investigating the matter, we found out that it was impossible at the time. We began to move away from this idea, but along the way, we’ve talked to many developers, some of which were involved in the blockchain industry. That’s when we’ve learned that half of the decentralized apps can’t be deployed because everything is slow, expensive, and complicated. Solidity isn’t a trivial language. Sure, you can print “Hello world” by the end of day one, but creating stable code that won’t crash, can’t be fooled, and accounts for everything is hard. Therefore, the entry threshold is very high. FL: People criticize Solidity as a language for smart contracts. The argument is that it is too complicated and something less pretentious would do the job. Do you agree with this opinion? Alexander: It’s hard to say. There are multiple reasons to criticize Solidity but for me, the biggest problem is the high entry threshold for engineers. Before 2017, I didn’t know a thing about blockchain, aside from the fact that it exists. On the surface, there were just scammy projects and useless whitepapers. But looking a bit harder you could find potentially interesting ideas. The main question was why nobody tried to implement these ideas. Initially, we thought that the problem is the speed just like everybody else did, but it was a weak argument. Think about it. How many users do you need for 14 transactions per second to be insufficient? There’s a startup mantra: hack together a product, release it to the market, and see what happens. On Ethereum, it would be quite an easy thing to do if speed was the only problem. Developers would make slow solutions and then work on the speed. We haven’t seen any slow solutions. I started talking to stakeholders and figured that there are two main problems. The first one is the high entry threshold for engineers. To learn Solidity you have to be sure that the return will be high. Objective-C is even worse, but you have to learn it if you want to develop for iOS and earn big. If you want people to come and kickstart a technology, the threshold has to be low. The second problem is the unfriendly interface. A regular user simply can’t use blockchain apps. If I want to buy a cryptokitty, I have to install MetaMask, create a key, write down the seed, go to Coinbase, give them my passport, and then wait for five days until I can buy ETH. All that just to play a game. Nobody would go for that. Just so you can understand the atmosphere of late 2017, the hottest scaling solutions were Spacemesh, Algorand, Thunder, Stellar, and to some extent Avalanche. Back then, Polkadot remained out of our sight. We looked at those solutions: some could work in the wild, but none could scale up indefinitely. They were able to solve the problem in the short term. Some projects, such as Hedera Hashgraph, used different tricks to overstate the number of transactions they can process. They counted 10,000 Tps without state root support. But if you have no state root, you have to trust the nodes. At the recent Devcon, Emin Gün [Sirer] said that Avalanche processes 3,000 Tps, but without state root. When they added the state root update, they got only 200 Tps. FL: Is NEAR the first and only project of yours in the blockchain industry? Alexander: Yes. FL: You started in late 2017, correct? Alexander: Yes, that’s correct. Back then, scammers started getting fewer as people started to understand that most whitepapers were made to take their money. After us, Libra and Flow were the only layer-one projects announced. FL: By the way, researchers have found that whitepaper page count correlated with the amount of funding received over an ICO: projects with longer whitepapers were getting more money. Did you avoid a public token sale because the concept is discredited?  Alexander: Not exactly. Rather because in the U.S. it is very difficult to do legally. We are an American company and an ICO can be qualified as a securities offering. FL: Is your company for-profit? Alexander: There’s a U.S. company NEAR Inc. Its goal is to create the protocol. We are nominally registered as a for-profit, but in fact, the company is unlikely to have revenue. There’s also NEAR Foundation [Zurich, Switzerland], a non-profit whose task is to promote the protocol. The first money was raised by NEAR Inc. We offered investors SAFT contracts so they can receive tokens after the protocol launches. In the last round, funds were raised by NEAR Foundation, which has no obligation to work with NEAR Inc. Telegram Open Network Lessons FL: The litigation between the SEC and Pavel Durov shows that an entire investment scheme from SAFT sale to the secondary market launch can constitute an investment contract, not just SAFT. Are you worried about following the same path? Alexander: I don’t get too deep into the legal matters but I know that our lawyers analyzed the TON case and studied the caveats. To me, it isn’t at all obvious why TON couldn’t launch. What can the SEC do against a decentralized protocol? I don’t understand why couldn’t they deploy a network with investors written in the genesis block. It goes over my head, but I think Durov knew what he was doing. Let’s assume that the SEC comes to us and closes NEAR Inc. It isn’t that bad. The code is stored on GitHub and validators can deploy it. The SEC could force validators to cease, but then there’s definitely something we’ve done wrong. FL: Do you agree with Durov that it isn’t entirely fair for the SEC to have extraterritorial jurisdiction? Investors outside the U.S., especially in Russia, were disgruntled with the fact. Why should an American regulator decide whether they are allowed to get tokens? Alexander: I can agree with him, but I can’t do anything about it. I don’t agree with the decision not to launch, but he obviously had good reasons for that, probably personal responsibility. For NEAR Inc., it is probably beneficial to have one competitor less. But we stick to the anarcho-maximalist views. It isn’t the victory of NEAR that’s important, it’s the victory of a good decentralized protocol in general. My goal is to create an internet where all the apps are decentralized and governed by the community, where nobody is being surveilled. Blockchain is an important component of it, but not the most important. The most important thing is to have decentralization and appropriate values. I am largely upset that TON didn’t launch. I think Durov should have launched, although I don’t know the entire picture. He could’ve had no choice. What Is Open Web, the Internet of the Future FL: You’ve mentioned the internet of the future. That’s Web 3.0. What’s this concept about? When will we be able to say “yes, we’re there, this is Web 3.0 now,” in your opinion? Alexander: We also call it Open Web, because Web 3.0 is largely associated with Polkadot, which is promoting its own protocol rather than the general idea. I think that most Open Web services will still be operated in a centralized manner since it’s cheaper. In the Open Web, everything has to be transparent. I shouldn’t get 20 megabytes of front-end sporting 200 trackers I can’t even detect without special tools. Imagine creating a Google Document a day before Google decides to change the UI or kill the service entirely. In the Open Web, there has to be a clear separation between my data and the tools I use to create them. I shouldn’t lose this Google Document in any scenario. Back in the time of ICQ, there was a single protocol and different clients: I used Miranda, others used QIP or ICQ. Now, there’s no such thing. If I have a friend who uses Telegram and I use [Facebook] Messenger, I have to use both. If Messenger decides to have 200 functions and a particular input field, that’s the way I’m using it and there’s no other choice. If Messenger dies tomorrow, my messaging history is gone forever. Such things should not have a place in the Open Web. The way it should be is that I have data, chats, conversations, documents, etc., they are all mine and I can’t lose access to them. The tools shouldn’t disappear as well. You can achieve it by making the back-end open and storing the state somewhere on a decentralized cloud. Not necessarily blockchain or NEAR. Such a solution wouldn’t require that high of a complexity level. In the Open Web, if the service operator is gone, me or anyone else can take their place. We can launch separately. There can be 200 operators so I can choose whichever I like. All in all, everything comes down to the following: users have to have access to their data, they have to know which data have been shared with third parties, and the third parties shouldn’t store these data in a centralized manner. If the protocol is changed tomorrow, in the Open Web, we don’t have to take it. We have to have the choice, and we had it in the past. We aren’t inventing something new, but just rolling the internet back into the past. FL: Just let the interface stay! Alexander: Yes, let emoji stay. FL: Going back to the beginning of the question, do you think that Polkadot monopolized the name “Web 3.0?” Alexander: We are friends with Polkadot so I don’t want to criticize anybody. I think that the name of the project can’t be the name of the movement and they have the Web3 Foundation. We don’t try to tie the Open Web to NEAR. We want the Open Web to be the movement for the free internet. It isn’t crucial whether NEAR is in there. We make NEAR for the people, but if people decide that Polkadot, TON, or Ethereum 2.0 is a better fit, it’s their choice. All-Star Team FL: You said NEAR Inc won’t have revenue. You are working on the protocol every day, it’s your creation, but the final result is a decentralized network that lives on its own. You are the creator, but there’s no profit. Do you consider yourself an entrepreneur, or is it something different? Alexander: Although NEAR can have no revenue, each employee, myself included, has a small number of tokens. Thus, we are all motivated to build a successful protocol. Both employees and investors receive tokens with years-long delays so everybody has an incentive to aim at long-term success. FL: Did you decide how many tokens you should have? Alexander: Yes, we were deciding how many tokens each employee gets. To build a protocol as complex you need a strong team. Projects like Algorand, NEAR, and Cosmos need very strong developers who know what they are doing. Such people are expensive. You can’t do it like anarchists. Looking at Ethereum clients, you’d notice that many teams behind them are smaller and weaker than Algorand, Dfinity, or NEAR. They are noticeably slower. FL: Dfinity is indeed in some kind of stealth mode. There’s not much at all to hear about them. Alexander: It puzzles me as well. They have a very strong team, even legendary. They are very isolationist. Only once was I able to talk to their CTO and it was just for an hour. He said that they were writing everything in Haskell but then decided to switch. I don’t know what they are using right now. I guess it’s Rust or Go. [On June 30th, Dfinity allowed third-party developers to access their decentralized Internet Computer.] FL: Let’s get back to the entrepreneurship question. Assuming that the launch took place, tokens are traded somewhere, and you have a profit. Does it mean that you consider yourself an entrepreneur? Alexander: Yes. Many protocols sold up to 80% of their tokens. We’ve picked a different approach. We wanted to sell as few as possible. Together with Illia, we started from scratch. First employees were taking serious risks. Now, we have an incredibly strong team. Two guys on our team have each won the ICPC World Finals twice. You can’t compete in that event more than twice in a lifetime. To win it twice you have to not lose a single time. There are just 9 people who achieved that. One of them is Nikolai Durov. We got two: Mikhail Kever and Evgeny Kapun. FL: And all of them are from the CIS?  Alexander: Moreover, almost all are from Saint Petersburg. Two came out of Saint Petersburg State University, four out of Saint Petersburg ITMO University, and the last three are from Moscow State University. FL: You said that specialists like that cost a lot. How much a year? Alexander: I won’t disclose the actual salaries at NEAR but I can describe typical cases for Silicon Valley. Here, a good engineer from Google or Facebook can’t have less than $300,000 with bonuses and shares. At least I can’t imagine it. So it is north of $300,000 and there’s no upper limit. For a startup, the typical pay would be between $120,000 and $250,000. Of course, outside the Valley the prices are different. We have 40 people on our team so money burns fast. Another big part of the costs is compliance and everything that has to do with the legal side of things. Marketing is less expensive. Life and Investment In Silicon Valley FL: Do you think that the price of living in the Valley is justified? Many people leave the place because of the pandemic. Do you think about leaving? Alexander: I’m potentially going to leave, it’s been almost 10 years since I moved here. We only live once, so there should be some diversity. I think the Valley didn’t make much sense before the pandemic. Now, even less so. The exodus is very noticeable. Our employees have all moved somewhere else and are working remotely. Some are in Seattle, some in the central U.S., some left the country entirely. I stayed because everybody [in the IT community] is here. Life is unreasonably expensive here, even given that in our family both me and my spouse work. When we started NEAR, we’ve assembled a team of nine and everybody was here in the Valley. You can’t find specialists at this level in one place anywhere else. The same goes for investment. In our first round, some of our investors were within walking distance, while others were about 30 minutes of driving away. FL: Is it objectively easier to raise money in the Valley if you are physically located there? Alexander: Of course it is, and by far. Those who want to attract venture capital come here for two weeks and have each day full of meetings. Then they leave if they aren’t based here. FL: Mark Andreessen isn’t just waiting for startups to come to him, he also looks for “diamonds in the rough,” to offer his money. And when he does, he helps projects with everything he can. Is it true that they assist portfolio projects in all aspects? How does it feel to get funding from the living legend? Alexander: Finding a fund in the Valley is easy. Their task is to spot the next unicorn. They will never decline a meeting if there’s the slightest chance that you succeed. With Andreesen Horowitz, the entry threshold is higher but we never had a problem reaching out to any investor. I believe it’s the same for everybody else. If there’s something showing that your company is reliable, they will go for the meeting. In our case, my and Illia’s expertise played a crucial role. For them, it’s merely an hour that can potentially bring a lot of money. It is true that Andreesen Horowitz is different in that they really try to win you over. When they have decided to invest in you, and even if they haven’t yet but are already thinking about the next step, they organize a meeting for 20 people who help the projects with everything. In our case, the meeting lasted for over two hours and each of them was telling us how they will help with examples and presentations. That was very nice. FL: So it’s not just money but also the help? Alexander: Yes. I’d say that 80% of the investors who promised you help won’t actually help [laughs], but the other 20% will. And then there’s also 5% who will do everything they can for you. Andreesen Horowitz is just like that, as well as Electric Capital and Amplify, which we worked with before blockchain. Yet it wasn’t easy to win Andreesen Horowitz. They are demanding. They have a strong team that analyzes you. I was very glad when we finally won them. Before that, we passed through Y Combinator, which was also an achievement. FL: How did you win them over? Was it by describing how you would defeat the competing protocols like Polkadot and Cosmos? Alexander: No, that wasn’t our approach. And they are smart enough to cut off nonsense like that immediately. I don’t think that NEAR will necessarily win. Polkadot is a very strong product and I think they will keep the dominant role in the long run. We were proving that the blockchain space is much bigger than is seen today if made accessible to people. Big enough for everyone. NEAR can coexist in this space with several other protocols. FL: The goal of any VC is clear: exit at a price higher than the entry. Let’s assume that a project X sold Andreesen Horowitz a SAFT contract for a certain number of tokens. VC’s task is to have the protocol launched, wait until the tokens hit the exchanges, and sell them, at least that’s what would seem logical. This is where our project X faces problems with the SEC since such motivation for investors confirms that SAFT and the subsequent operations constitute securities in the U.S. What do you think about it? Alexander: This is exactly the reason we spend a lot of money on compliance, just like Andreesen Horowitz does. The goal is not to find a loophole but to do everything legally to the letter. I can’t say how our contracts are different from TON’s. I can just say that our contracts grant rights not only to the tokens but also to a share in NEAR Inc, as far as the first round. I can’t say anything about the second round [the one with Andreesen Horowitz]. FL: If NEAR Inc. isn’t profitable, what’s the value in the shares? Alexander: At the initial stages, investors aren’t sure if you manage to launch the protocol, given the failures of others. But NEAR Inc. has a strong team that, in case of a failure, can switch to some other project and then go for an IPO. For investors, this is insurance. Sexism and Racism In the Corporate Sector FL: The Bitcoin industry is often criticized for having high entry barriers for women. In your opinion, is this critique appropriate?  Alexander: It is true that the IT industry isn’t very diverse, it has fewer women, fewer Afro-Americans. On NEAR’s engineering team there are just 2 women out of 20 employees. In fact, I think the situation with blockchain development is actually better than with other development communities. FL: But is it natural or there is some kind of an artificial barrier and they aren’t allowed to get in? Alexander: I definitely don’t think that women are being deliberately excluded. I believe that most companies won’t write a candidate off just because of gender. There is an interview and you either pass it or you don’t. On the other hand, I can easily see how some people can have subconscious barriers that make them inadvertently downplay people’s skills based on their gender. First and foremost, the problem lies in the cultural background that’s instilled from a young age. It is especially apparent in Russia but can be observed across the entire world. It creates biases that pertain not only to interviewers but to women themselves who doubt if they can handle a technical profession because their culture forces other goals upon them. It is also very hard to eradicate. FL: In 2020 racial/gender balance plays a crucial role in forming a board of directors or hiring employees. This approach may hinder picking the best person for the job every time. In your opinion, is it normal to follow such trends or picking people by professional merit is better? Alexander: This is solving the symptom, not the cause of the problem. Culture dictated this skewed distribution and they offered to solve it artificially. Nobody is better off this way, especially your own company. I oppose such an approach. Firstly, it wouldn’t be pleasant for a person to learn that they’ve been hired just because of some quotas. Secondly, it’s unfair to all the people who didn’t land a job despite being a better fit for the role. Ultimately, it’s unfair to the company that didn’t get the best employees. If 5% of people in the labor market are women and 95% are men, you will unsurprisingly see the same distribution in your workforce. Everyone in NEAR got their job because they were the best in their trade. FL: Did the BLM protests affect operations of your U.S. team? Do you think such a reaction from society is adequate? Alexander: It didn’t have much impact on our work directly. Although, for many people on our team it is important. They were taking short vacations to attend the protests. They are involved and I do watch the events closely as well. I don’t think this is a reaction to a single incident. The incident was a catalyst. That many people wouldn’t go to the streets if there was no problem. Protocol 0 FL: Bitcoin maximalists believe that Ethereum and other protocols are useless, to put it mildly. They are confident that Bitcoin should be the TCP/IP of the blockchain industry, the single base protocol. In your opinion, is it a form of chauvinism?  Alexander: It is a multi-faceted question. Surely, Bitcoin is very different from NEAR. If NEAR loses two-thirds of the stake, the protocol will stall. Bitcoin will work for as long as there is at least one guy with a Raspberry Pi. I think that for Bitcoin, 7 Tps is an advantage and not the other way around. It allows anyone without much capacity to go and check the entire ledger. To check the entire ledger in NEAR you would need enormous resources. If you have 100 shards processing 200 Tps each, you would have to check 20,000 transactions for each second from the launch to this day to check the validity of the current state. The properties and use cases are very different. If you need to send $1 billion, you should do it with Bitcoin and wait for two weeks until it is confirmed. NEAR solves an entirely different problem. The level of security should be adequately proportional to the use case. Bitcoin’s level of security isn’t necessary for most blockchain use cases. If I want to buy a cryptokitty for ten cents, I don’t need Bitcoin’s level of security. If I want to exchange 100,000 DAI for 500 ETH, I wouldn’t need such security either, because validators aren’t interested in reverting the chain because of $100,000. I think Bitcoin will remain in the first place for quite a while and Ethereum will remain in the second. NEAR doesn’t have a goal of dethroning them. I think Polkadot and other projects aren’t aiming there as well. Different protocols have different goals. On the other hand, Bitcoin maximalists overstate the security of the first crypto, as well as its decentralization. In the end, there are just three mining pools. They can just go and roll the network back. Of course, users could take back their capacities but it takes time and the pools would be able to roll back 10 blocks. In Bitcoin and Ethereum, decentralization and security are questionable. What’s a single day of secure operations for Ethereum? It’s 2 ETH per 15 seconds, which is very cheap. In certain conditions, rolling back one day’s worth of Bitcoin transactions is much cheaper than doing the same in a BFT chain like Cosmos or NEAR. Not in absolute values, though, as Bitcoin is quite expensive. FL: So there’s no need for a base protocol like TCP/IP? Alexander: I think it would be great to have a global first layer that would provide core security for all networks. Yet I don’t think that Bitcoin, Ethereum, or any other protocol available fits this description. This protocol should be incredibly simple so anyone can go and check how it works. Today, only Bitcoin boasts such a property. FL: What about the Inter-Blockchain Communication (IBC) protocol by Cosmos? Alexander: IBC has another problem that, in my opinion, won’t let it become the base protocol. Protocols that communicate via the [Cosmos] Hub have to follow a certain criterion like implementing Tendermint. The base protocol shouldn’t be associated with a centralized enterprise and shouldn’t be supported by venture capitalists. It should be along the lines of something made by two [cypher]punks. This protocol should make building bridges easy. Ethereum won’t do because it is too complicated. We are making a bridge to Ethereum, through which it will be communicating with NEAR. There are no adequate specifications, you have to go to Geth sources, the protocol is catastrophically complicated. You’d need a week to figure out how to make a confirmation. It shouldn’t be like that. Moreover, the security of Ethereum is proven only by the fact that it’s five years old. You assume that in five years someone would find something. This is the only guarantee you have. FL: Is that bridge located on a separate shard? Alexander: No, it’s a simple smart contract. We are also making a Bitcoin bridge. It’s like tBTC but much simpler. I don’t like complexity, I think that the Bitcoin bridge should be simple. Complexity breeds bugs. NEAR and Real-World Use Cases FL: Tell us about NEAR token distribution. Do you agree that staking leads to centralization where a few large players vote to decide what’s next? Alexander: The team has less than 5%, including us and future employees. Investors, I believe, have a bit more than 15%. FL: The rest will come as airdrops? Alexander: We are discussing a lot of ideas. Some tokens will be held by Near Foundation, but it won’t be able to stake them. They will need funds for further protocol development. We are considering airdrops and public sales as well. It is less decentralized than I would like but much more decentralized compared to other PoS protocols. Speaking of centralization in PoS, In NEAR, you can probably theoretically acquire a stake of 10%. There are 40 people on the team, but we are all friends to the outside world, so we all count as a single stake. That’s not exactly how we achieve security. There are three pools in Bitcoin. NEAR has a potential number of people who can do something bad. Yet if it’s less than a third, they won’t be able to do anything. In the worst-case scenario, if a third minus one person act maliciously and two other participants are offline, you can’t make a block. If a third acts maliciously, there’s a theoretical opportunity to make a fork but it’s still very hard to do in practice. FL: Regular users buy tokens and stake them without voting. It is hard to get them involved in the development of the network. How are you going to approach it? Alexander: We aren’t making on-chain governance yet. Users will be delegating their tokens. Meanwhile, if the person you’ve delegated tokens to acted maliciously, your tokens aren’t going to burn. FL: Do you use DPoS? Alexander: Yes, but at the smart contract level. At the protocol level, there’s no DPoS. This gives us more flexibility but there’s no difference to the end-user. If I’m a staker like Bison Trails, I can deploy a smart contract with my account and people will be able to delegate tokens via this contract, which will automatically stake the money. The contract can state that I am responsible for any malicious activity and only my 20%+ of the stake will burn, while the rest of the tokens will be returned to their owners. If the consensus won’t work, NEAR’s value will rapidly decline and validators will lose lots of money. They are economically motivated not to create a fork. FL: Is the number of validators limited? Alexander: Any number can go for it, but in reality, there are 100 validators in each epoch, that’s with the largest delegation. FL: As far as I understand, NEAR, Polkadot, and other new-generation protocols are aimed at DApp deployment. What real-world use cases can be implemented in DApps? Cryptokitties doesn’t count. The majority points at DeFi. Are there use cases apart from DeFi? Alexander: I think in the nearest future, a year or two, it’s just games and DeFi. Maybe digital assets as well, but they often boil down to games, such as putting me in control of my Counter-Strike items and not Valve. Or books in iBooks. We’ve analyzed about a hundred use cases that involved cutting out the middleman, such as a decentralized Spotify that would allow musicians to get rewards directly from the audience. There are similar solutions for visual art. Digital identification should also move to blockchain because now it’s Facebook and Google, which is a terrible status quo. Aside from that, blockchain should become the final arbiter of everything that goes on in the Open Web. For blockchain-based apps to be usable the entry threshold should be lowered. Applications on NEAR will be used via a browser, users will be able to restore keys in usual ways, we’ve accounted for convenient centralized gateways. A centralized gateway is used only to enter the ecosystem and is implemented in such a way that at any given moment you can generate a new key pair locally and terminate gateway’s access. As long as you have a kitten for 20 cents, you don’t care if it’s controlled by a centralized service. It is important that you can go and take your kitten at any time leaving the service with no control. Yes/No FL: Let’s move on to the last series of questions. Your answers should be yes or no. The first question: is privacy a basic human right? Alexander: Yes. FL: On-chain analysis tools like Chainalysis were made for deanonymization, Does it mean they violate the basic human right? Alexander: No. [Over the course of the discussion, we’ve concluded that Chainalysis has the right to create such a product and a user has the right to ensure their privacy. Moreover, the creators of the protocol and the community should do whatever they can to inform end-users about this opportunity.] FL: Adam Back compared Ethereum to the controversial startup Theranos and Buterin to its founder. Back claims that Ethereum didn’t deliver on the promise made at the early stages of the project. Do you agree with this comparison? Alexander: No. FL: Recently, Buterin told ForkLog that decentralization is an experiment and Ethereum succeeds in it. It was the answer to the question about the emergency hardforks and manual control by the developers. He said that the developers can’t force their will upon the community. Do you agree that they succeed with this experiment? Alexander: No. Conclusion FL: In your opinion, is Ethereum 2.0 at its final stage? Alexander: I think the developers know very well what they want to do. But going back to the question about their decision-making process, I can say that it’s quite bad. They spent a year on the ProgPow solution, which the end-user doesn’t care about. The move to ETH 2.0 requires the current chain to respect tokens minted on Beacon Chain. This decision will take a lot of time to make. But I don’t think they have some principal issues left unsolved in terms of development. It’s just very slow. It’s being made by different teams, some of which have something like five people. New specifications emerge and sometimes they have to roll back. Beacon Chain took them a year to make. That’s the easy part. In NEAR, we’ve done something similar probably in a month. They still have shard chains and runtime environment to go, that’s where the hard part lies. Therefore, I think we won’t see ETH 2.0 in a year unless the teams become stronger or something changes drastically. I think they will launch Beacon Chain without shard chains to test staking. FL: You said that the industry has enough room for several PoS protocols. What if you are mistaken? Alexander: I think it is advantageous to solve emerging problems together and share expertise. If it turns out that there’s not enough space, we will fight and may the strongest win. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Since mid-June, analysts have been noticing an active movement of funds associated with the Chinese PlusToken Ponzi scheme. Abnormal jumps in the price of individual tokens with subsequent emptying of hot wallets were observed at exchanges affiliated with scammers. ForkLog looked into the matter to find out whether this could indicate an MLM exit scam and what impact these events will have on the price of Bitcoin. Goldfoundinshit, a Russian-speaking Telegram channel, helped us gather information. What Happened On the night of June 14th, in a matter of hours, the price of the Bitcoin Vault token (BTCV) on the Singapore World Blockchain Forum (WBF) exchange surged by 2500%—from $300 to $8,000. BTCV/USDT chart. Source: Blockbeats WBF attributed the rapid growth to a lack of liquidity and the subsequent injection of funds. Yet some users noticed that at the same time, the balances of the exchange’s hot wallets sharply decreased. https://twitter.com/mattysino/status/1272738389276557312 50 ETH were transferred from a single address. Another 25 ETH were moved the next day. Ethereum transactions from WBF's hot wallets Who’s Behind This? WBF is a little-known exchange, but its parent WBF Group is the company behind the promotion of the PlusToken and CloudToken Ponzi schemes. https://twitter.com/BarnabyBitcoin/status/1272742772043284480 The creators of PlusToken are accused of misappropriating $3 billion of user funds—this is the largest cryptocurrency exit scam in China. The damage caused by CloudToken is estimated at $500 million. Alleged organizers of both schemes were arrested in 2019. According to the WBF website, the World Blockchain Forum, managed by Sheng Zhao, was registered in New York in 2017. Another source says it was found in 2018. https://twitter.com/Ponzi_Justice/status/1234063533463068672 Judging by publicly available information, the company shares registration address with five more companies with similar names: Digital Asset Fund Inc., Digital Capital Inc., World Blockchain Media Alliance Limited, World Blockchain Award Corp., and DigitalUSD LLC. https://twitter.com/mattysino/status/1272752957017042944 In addition to the Ponzi schemes already mentioned, Sheng Zhao is related to other MLM schemes: Exxa Wallet, S Block Wallet, Torque Trading System, and WoToken. Connections between companies and people related to WBF, PlusToken, and CloudToken. Source: Sue Zhu Each of these schemes offered a 5% to 20% ROI, supposedly using a trading bot based on artificial intelligence. Withdrawals were allowed only in the tokens of each project and on internal exchanges. As it turned out, the source code for the CloudToken site was a partial copy-paste of the MooToken project. The comment pointing out that parts of CloudToken code came from elsewhere. Source: Behind MLM In early June 2019, the World Blockchain Forum severed ties with CloudToken. Representatives of the WBF said they did not invest in CloudToken and urged the scheme participants to stop using Shen Zhao’s identity to promote the project. Screenshots of WBF communications pertaining to Cloud Token. Source: Behind MLM CloudToken Technical Director Ronald Aai confirmed that he had to abandon WBF's Singapore office. Though he explained this with local building codes that limit the number of people in the building. Aai has been on the run since last year. In August 2019, he tried to promote his project at the expense of Binance exchange. On May 5th, 2020, Ronald Aai uploaded a 13-minute video on YouTube in which he talked about surveillance and an attempt to kidnap his family. He also promised to revive the CloudToken project and return the missing funds. https://www.youtube.com/watch?v=MAZ1KrLC2pI On June 23rd, Aai-led CloudRedeem project distributed a press release announcing an expansion to Australia and the UK, the introduction of a cashless payment system in several Asian countries, and the development of the Cloud 2.0 platform. What Does It All Mean? In May, the police of the Chinese Guangdong province arrested 12 people who, under the guise of employees of the OTC unit of the Huobi exchange, offered to invest in their platform. The suspects have been operating since November 2019 through thematic groups on WeChat. The money received was funneled abroad. The total damage from the activities of the group was not reported, however, it is known that one of the victims transferred 3.1 million yuan to the scammers (almost $440,000). In the same month, organizers of the WoToken pyramid were arrested in China. According to Dovi Wang, managing partner at Primitive Ventures, one of the detainees is a former PlusToken key defendant. In June, in Guangdong, police froze 4,000 bank accounts owned by illegal OTC traders. They are suspected of money laundering using cryptocurrencies. According to one version, it was a series of raids by the Chinese cyber police that could provoke the withdrawal of funds from PlusToken accounts on various exchanges. On June 19th, 284 million XRP ($49.9 million) were transferred from wallets belonging to the Ponzi scheme. From June 22nd to June 24th, $458 million worth of cryptocurrency went in motion: 22,000 BTC, 789,000 ETH, 26 million EOS, and 20 million XRP. https://twitter.com/spencernoon/status/1276161522373406723 According to Twitter pundits, the huge withdrawals may indicate the closure of the World Blockchain Forum. https://twitter.com/BarnabyBitcoin/status/1272749914045513728 Impact on Bitcoin and Ethereum The movement of PlusToken funds negatively affected the prices of BTC and ETH. On June 24th, amid the withdrawal of $458 million, Bitcoin plummetted to the lower margin of its long-term trading range. BTC outflows from Poolin. Source: CryptoQuant In mid-June, analyst Frank Topbottom suggested that Ethereum transactions with unusually high fees were linked to the Ponzi scheme’s attempt to launder funds: an anonymous user transferred 0.55 ETH, paying 10 668 ETH (about $2.6 million) as a fee. Later, it turned out that there is another Ponzi scheme behind the transactions—Good Cycle, which itself then became a victim of hackers. Back in December 2019, Chainalysis analysts said that the PlusToken scheme will continue to put pressure on the market, as its organizers still are in possession of 20,000 BTC. Read more about how the PlusToken Ponzi scheme launders Bitcoins in our previous investigation. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Block.one, the company behind EOS project, has finally launched the Voice social network on July 4, the platform’s CEO Salah Zalatimo announced. As mentioned previously, until August 15 it will be a read-only experience as Voice only allows the already registered early-access users to publish content. Starting on August 15 Voice will allow the already registered users to send invites to their friends. What Is Voice? Voice was first announced more than a year ago, in early June 2019 and entered the beta stage in February. Block.one has invested heavily in this project, allocating $150 million to development alone and buying the voice.com domain name for record-breaking $30 million. The Voice’s main features so far include mandatory verification and content monetization. There will be no bots, anons, or burner accounts. All users will have to verify their identity. And creating content will be rewarded not unlike how it is rewarded on Steemit. Each like will bring content creators some digital cash. Users will also gain tokens just for showing up. Hurdles Curiously enough, Voice was initially meant to run on EOS blockchain but in December 2019 it was decided that it will be hosted on a custom-made EOSIO platform instead. The difference between the two may be subtle for a layman, but basically, EOS is a specific blockchain platform while EOSIO is a software that powers it. This move garnered some criticism toward EOS as the community realized that EOS, as admitted by its creators, was not ready to host an ambitious project like Voice due to some objective inadequacies. https://twitter.com/AlexSaundersAU/status/1218459732563771394 Commenting on this issue, Salah Zalatimo, CEO of Voice, said that:"iterating and optimizing a product like Voice is not feasible on a public blockchain due to the inability to rapidly innovate." Initially, the launch of Voice was planned for this fall but Voice CEO Salah Zalatimo noted that he had to move the deadline because of the dire need for a new social network that would wrestle back control over people’s social lives from the yoke of big tech corporations. https://twitter.com/Salafel/status/1269045936170377216 Is Dan Larimer Finally Satisfied? Dan Larimer, the tech maven behind EOS, has previously co-founded Steemit, a social network somewhat similar to Voice. Rumors pertaining to Larimer’s dissatisfaction with his firstborn and the desire to “replace” it have circulated among Steemians for years. Reportedly, the new iteration of blockchain social networks is supposed to fix the issues of its predecessor, like unfair distribution among other things. Today Dan Larmier took to Voice and published his first post on the platform. As usual, his post touched upon the intricacies of democratic process and governance. He criticized the current representative government system in the U.S. and offered his own voting system which sounded more like a social experiment: “1. Randomly assign people to small groups (~10 people) 2. Each group must select a representative from their members with 8/10 approval. 3. Randomly assign selected representatives to small groups (~10 representatives) 4. Repeat” Finally, Larimer suggested extrapolating this system to blockchain projects, potentially spoiling a new governance system. This article is a part of our Occupy the Internet series, where we review the current trends in the nascent decentralized web and cover the burning issues of privacy and censorship. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Californian Reyes Daniel Ruiz, who worked as a reliability engineer among other roles at Yahoo! from 2009 to 2018, abused his position by accessing Yahoo's backend to steal “hashed” passwords, crack them and log into email accounts of women, including some coworkers. Over the aforementioned period, Ruiz was able to get access to more than 6,000 Yahoo Mail accounts searching for sexually explicit photos and videos. Eventually, he managed to illegally obtain 2 terabytes of data containing from 1,000 to 4,000 private images and video files, and stored them on a personal hard drive. Additionally, Ruiz used the stolen credentials to break into victims’ accounts at other services such as Gmail, Dropbox, Apple iCloud, Hotmail, and Photobucket. Ruiz Pleads Guilty and Assists the Authorities Ruiz’ illegal activities were discovered by Yahoo’s staff in mid-2018. After learning about it, Ruiz destroyed the hard drive. Given that, the Federal Bureau of Investigations was able to identify only 3,137 of the alleged 6,000 accounts. As a court file reads: “The final tally of compromised accounts cannot be determined because Mr. Ruiz destroyed all the evidence of his illegal conduct, including the hard drive on which he stored the data, and the list of target accounts he maintained, before the FBI executed a search at his residence.” Ruiz pleaded guilty to computer intrusion to obtain private information in September 2019 and was sentenced to five years of probation. He is now only allowed to leave home for work, court-related obligations, medical appointments, and religious activities. Corporate Networks are Under Attack In the meantime, hackers seem to have shifted their focus from individual servers to corporate networks. In the second half of 2019, the number of postings on illicit marketplaces offering access to corporate networks reportedly began surging. Cyberattacks are reportedly growing in number due to the low barrier to entry. To resist attacks companies should “ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time.” According to a recent report from the FBI, California, Florida, New York, Ohio, Texas, and Washington were the states with the highest victim monetary losses or number of victims in 2019. Threat actors reportedly mostly fell back to Business Email Compromise/Email Account Compromise to break into personal or corporate email accounts aiming to obtain sensitive information and divert and request electronic wire transfers to fraudulent money accounts. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

A group of researchers at cybersecurity firm Cybereason has detected an upgraded version of FakeSpy, a malware targeting the Android mobile operating system that originally appeared in late 2017. The malware is designed to steal users’ personal information such as financial and application data, contact lists, as well as steal and manipulate SMS messages. Back in 2017, the malware mainly targeted East Asian countries like South Korea and Japan, but now users around the world may fall victim to FakeSpy. Among most affected countries, Cybereason named the United States, the United Kingdom, Germany, France, China, and Taiwan, among others. FakeSpy Masquerades as a Trusted Post Office App FakeSpy is disguised as a trusted official post office and transportation services app, mimicking the carrier’s logo, UI appearance, and redirecting users to the carrier webpage. After installing the app, it requests permissions from the user to allow the app to read text messages, receive, write and send SMS messages, open network sockets, access information about networks, among other things. The researchers suggested that FakeSpy can potentially infect contacts of the user: “The malware uses the function sendAll to send messages that spread the malware to other devices. It sends a smishing message to the entire contact list of the infected device along with the malicious link to the FakeSpy installation page.” Moreover, the analysis showed that FakeSpy uses various techniques to skirt its detection. “It shows that the malware can detect whether it’s running in an emulated environment or a real mobile device, and can change its code pattern accordingly,” the report read. The Group Behind the Malware Cybereason suspects that FakeSpy is developed and operated by a Chinese threat actor group called “Roaming Mantis.” The group allegedly stands behind attacks such as hijacking DNS settings on Japanese routers that redirect users to malicious IP addresses, launching malicious Android apps, stealing Apple ID credentials via creating Apple phishing pages, and performing web cryptocurrency mining on browsers. Generally, the researchers connected the attacks to the Chinese group based on the Chinese server infrastructure, Chinese language traces in the code, and Chinese APK names. Google-Related Fraudulent Activity Is on the Rise As forklog.media recently reported, a modified version of ComRAT malware now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users. Also, threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers’ credit card details. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

A group of alleged scammers who exploit Cardano’s brand to deceive people has been spotted at a blockchain conference in China. Charles Hoskinson, CEO of IOHK, the company behind Cardano, said the scammers have no affiliation with the ecosystem. The issue was brought up on Twitter by Hashkey’s Head of Marketing Mo Li. She shared a photo from the blockchain conference showing a group of people holding a banner that read “AD Roadshow.” Mo Li noted that those people were part of a scheme that uses Cardano’s brand name and ADA token, as well as Charles Hoskinson’s picture, to “shill Ada to the old and rich farmers.” https://twitter.com/molllliy/status/1279686962459246593 According to Mo Li, the project promoted by the alleged scammers is Asian Dragon, which corresponds to the ”AD” acronym seen on the banner. The project has a partially operational, crudely translated website describing a “wealth coin” and an underlying payment system in the making. The market cap of AD coin is $42,811 and its daily trading volume is about $490, at the time of writing. Hoskinson said that neither he nor IOHK, the company behind Cardano, has to do with the event or people in the photo. 8BTC, a Chinese media company that organized the conference in question, denied any affiliation with the Asian Dragon project and its promotion. https://twitter.com/btcinchina/status/1279949968174792704 Notably, Hoskinson denied the assumed connection between ADA’s market cap growth and the alleged Chinese scammers, which was implied by the phrase “ADA is ranked no.6 now, after it got shilling to the old farmers by MLM.” https://twitter.com/IOHK_Charles/status/1279780754277482496 Some Twitter users suggested that Mo Li could be deliberately trying to harm Cardano’s reputation and she should have contacted IOHK instead of tweeting. Mo Li said that she didn’t imply anything, but noted that ADA did get to the 6th place in ratings around the same time as the scammers “are shilling it to the old farmers.” Hoskinson said he will be asking for an official statement from Hashkey regarding Mo Li’s statements. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #Cardano

Why neo-nazis love Bitcoin? Two years ago, this question was raised and promptly answered by The Guardian. In the atmosphere where right-wing or religious extremist groups were largely de-platformed, defunded, and shunned by both businesses and the public, it all boiled down to a single realization. “For extremists, deregulated cryptocurrencies are a potent political statement as much as a means to fund their activities,” suggested The Guardian. Times have changed and today certain forms of extremism are being perceived as a just cause by many online influencers. Riots are being quietly supported by many, from Hollywood actors to actual high ranking politicians. Yet the government is still adamant to crackdown on dissent. As the new rebellion is openly supported by so may, we may be soon witnessing a sudden cultural shift that will forever change how Bitcoin is perceived by mainstream opinion-makers in the US and the rest of the western world. Why? Read on. Bitcoin Is Not a Right-Wing Pet Project Due to the circumstances of Bitcoin’s early development and its philosophical background, the common sentiment has always been that the crypto-industry is a space dominated by anarcho-capitalists and laissez-faire libertarians. Many influential far-left organizations and activists even went as far as designating Bitcoin as the “alt-right currency.” Yet this myth was soundly debunked on many occasions. According to Coindesk’s two years old research, it turned out that close to 40% of cryptocurrency supporters were left-leaning liberals or even actual socialists. And these numbers have likely increased today. “The right-leaning pioneers of pre-2017 crypto are faced with leftist migrants to their tech territory. As adoption grows, this trend will most likely continue and decrease the representation of right-wingers in crypto, especially of those at the far end,” concluded Coindesk’s researchers. Today we can see the left’s smear campaigns against Bitcoin subsiding as radical leftists end up being targetted by the state themselves. Viva la Revolution Following weeks of rioting, looting, and violence across the country, Antifa—the self-proclaimed far-left anti-fascist movement—is facing risk to be designated a domestic terrorist organization. The full-scale crackdown on leftist radicals started with the threat of denying them all kinds of centralized financial services and freezing their accounts. The tweet by Matt Gaetz (R-FL) where he urged the authorities to “freeze their money” went viral overnight. https://twitter.com/mattgaetz/status/1267575553177026561 Antifa is now joining the company of assorted enemies of the state and will likely be tackled according to the very same tactics. Just like violent right-wing groups and Wikileaks were smothered by financial services providers, Antifa will have to brace itself for the same fate. In the wake of Donald Trump’s vow to outlaw Antifa, progressive media outlets like Forbes have been giving the far-left some ideas on how to stay afloat. Curiously enough, these ideas are exactly the same as those far-right organizations, Wikileaks and other outliers had to adopt years ago. And one of the cornerstones of financial survival for these organizations was Bitcoin. BLM Will Adopt Bitcoin Too Mirroring the broader leftist uprising, the black activist community is courting Bitcoin as well. Many believe that Bitcoin could help the black community in many ways beyond what taking to the streets may ever achieve. The author of “Bitcoin & Black America,” Isaiah Jackson believes that black people should not deposit money in banks under any circumstances as the banking system does not work in black people’s best interests anyway, and turn to crypto for financial empowerment and emancipation instead. “Our ancestors had no way to predict that one day we could have sovereign money that doesn’t require permission. Like, I can almost guarantee they would use bitcoin if given the chance to 80 years ago,” Jackson argues, “We should let bitcoin and cryptocurrency be our economic language and force other businesses to get down or lay down.” Can They Shut Bitcoin Down? Bitcoin separates the money from the state, which is a huge boon for upholding political freedom. But given the current socio-political situation in the US that may draw more unneeded attention to Bitcoin. And given the President of the US was not a fan of Bitcoin to begin with, this development may trigger a personal vendetta against the crypto community. As Satoshi Nakamoto himself noted years ago: "WikiLeaks has kicked the hornet's nest, and the swarm is headed towards us." Antifa is about to kick that nest once more. This raised the question of whether it was actually possible for the US government to expropriate Bitcoin, similar to how President Roosevelt forced gold out of the pockets of citizens back in 1933. According to Forbes, “it would be nearly impossible to censor Bitcoin transactions without creating a sweeping internet censorship program akin to CCP’s Great Firewall.” This is not an entirely unfeasible scenario (especially as long as the majority of crypto assets are amassed on centralized exchanges) but definitely not a possibility in the nearest few years. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

AT&T has been involved in a lawsuit alleging that its employees facilitated the hijacking of a client’s SIM card, which then allowed attackers to steal crypto the client’s cryptocurrency. The telecom giant is yet to defend in court over another similar lawsuit going back to 2018. According to the complaint filed by a California-based business and technology advisor Seth Shapiro, at least $1.8 million worth of crypto stored in his wallet was stolen in an attack that involved active help from AT&T employees. What Happened “On at least four occasions between May 16, 2018, and May 18, 2019, AT&T employees obtained unauthorized access to Mr. Shapiro’s AT&T wireless account, viewed his confidential and proprietary personal information, and transferred control over Mr. Shapiro’s AT&T wireless number from Mr. Shapiro’s phone to a phone controlled by third-party hackers in exchange for money,” the complaint claims. “The hackers then utilized their control over Mr. Shapiro’s AT&T wireless number—including control secured through cooperation with AT&T employees—to access his personal and digital finance accounts and steal more than $1.8 million from Mr. Shapiro.”  On May 16, 2018, Seth Shapiro was at the conference in New York. He noticed that his phone had no connection to the AT&T network. Suspecting a security breach, Shapiro contacted the company to address the problem and told the customer service agent that he holds “large amounts of digital currency” that may be at risk. After waiting on hold, Mr. Shapiro was told to turn off his phone and visit an AT&T shop to get help. At the shop, he was advised to get a new phone with a new SIM, which he immediately did. The service has been restored and AT&T reportedly told Shapiro that they have noted malicious activity and assured that such a thing won’t happen again. Yet, it happened again before Seth Shapiro had left the AT&T shop. This time, he had to wait for about 45 minutes to get help as the employees were busy with other clients. “In that time, third-party individuals were able to use their control over Mr. Shapiro’s AT&T cell phone number to access Mr. Shapiro’s personal and financial accounts and rob him of approximately $1.8 million, all while Mr. Shapiro stood helplessly in the AT&T store asking for the company’s help,” the complaint reads. Aside from the stolen coins, hackers gained access to Shapiro’s accounts on crypto-exchanges “By utilizing their control over Mr. Shapiro’s AT&T cell phone number—and the control of additional accounts (such as his email) secured through that number by utilizing two-factor authentication—these third-party hackers were able to access Mr. Shapiro’s accounts on various cryptocurrency exchange platforms, including the accounts he controlled on behalf of his business venture. The hackers then transferred Mr. Shapiro’s currency from Mr. Shapiro’s accounts into accounts that they controlled. In all, they stole more than $1.8 million from Mr. Shapiro in the two consecutive SIM swap attacks on May 16, 2018.” SIM Swap Attack The attack in question is referred to as a SIM swap. Normally, cellphone companies can reassign a client’s phone number and whatever comes with it to a different SIM card, which is useful if a person lost their phone and needs to restore their number with a new device and SIM. An attacker who has some personal information about a victim may be able to trick the company into cutting the actual SIM card off the network and connecting the attacker’s phone instead. By doing so, they hijack all communications for this particular number, including text messages received as part of a two-factor authentication procedure. To pull off a SIM swap attack, a bad actor would need to either collect sufficient personal data of the victim to effectively mimic them when contacting the mobile carrier’s support. Another way is to have associates within the company who would agree to make the illegitimate swap. The complaint claims that AT&T employees have been involved: “Criminal investigations into the May 2018 breaches to Mr. Shapiro’s AT&T account and the resulting theft revealed that at least two AT&T employees, acting in the scope of their employment, accessed and permitted others to access Mr. Shapiro’s AT&T account and the confidential information contained therein.” AT&T confirmed the involvement of its employees in two SIM swaps in Shapiro’s case. Yet, the complaint further alleges that the two employees have facilitated 41 unauthorized swaps in total just in May 2018. Aftermath On November 1, 2018, Seth Shapiro’s AT&T SIM has been swapped again and his Google accounts with sensitive information compromised. Several more SIM swap attacks followed through 2018 and 2019, reportedly causing substantial financial and psychological harm to the Shapiro family. On February 10, 2019, Mr. Shapiro received an anonymous threat text via the same AT&T wireless account. The sender demanded $800 in exchange for non-disclosure of Shapiro’s personal information and noted that they still have an AT&T representative “ready to hand over” the account. As a result of this series of attacks, apart from “life savings” of $1.8 million in cryptocurrency, Shapiro lost access to a number of his accounts with crypto-exchanges and services like PayPal and Google. The complaint also notes that he had to end his venture and lay off his employees because some of the stolen funds were raised for the business. Notably, AT&T faced a similar SIM swap lawsuit regarding the attacks on a Bitcoin investor Michael Terpin. The investor sued the company for $240 million over the $24 he allegedly lost because of AT&T’s failure to follow “its own agreed security protocol.” The company denied all allegations and tried to dismiss the case, albeit unsuccessfully. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

In May, North Korean hacker group Lazarus transferred 2,549 Bitcoins (BTC), or approximately $23.2 million, to two mixing services, ChipMixer and Wasabi, in a bid to cover their tracks. The team behind OXT Research, a company that conducts in-depth research and analysis of the Bitcoin network, de-anonymized the group through both mixers and set forth its findings in a dedicated report. Back in March, United States authorities included two Bitcoin addresses of two Chinese citizens suspected of involvement in the Lazarus group operations in a sanctions list. According to the government, the Chinese in question received more than $100 million from accounts controlled by North Korea. The money had allegedly been stolen from two cryptocurrency exchanges. At the end of April, the research unit of OXT examined those addresses and concluded that the funds had been transferred there for subsequent laundering. The company was able to connect those wallets with accounts on various exchanges, and then determined the hackers’ tactics. Timeline of Lazarus’s Crimes Lazarus is considered to be one of the most notorious hacktivists in the world. The hackers conducted their first attack on the South Korean government in 2007, which was followed by another attack on financial companies and media of the same country in 2011. In 2014, they attacked Sony Pictures and several South Korean cryptocurrency exchanges including Yapizon, Coinis, YouBit, Bithumb, and Coincheck. The U.S. authorities believe that Lazarus is behind the notorious malware WannaCry that went epidemic in 2017. Some analysts believe that the money stolen by Lazarus was used by North Korea to bypass international sanctions. In 2018, the hot wallet of the South Korean exchange Bithumb was hacked, with hackers stealing about $30 million partially in the Ripple (XRP) cryptocurrency. Some experts suggested that Lazarus and its subsidiary BlueNoroff were engaged in the hack. Earlier this year, research company Chainalysis reported that Lazarus was behind the attack on the DragonEx cryptocurrency exchange in March 2019. As a result, the hackers managed to steal $7 million in BTC, XRP, Litecoin (LTC), and other digital currencies. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

The team behind the ZenGo crypto-currency wallet found a design flaw in several competing Bitcoin wallets allowing attackers to trick the software by sending and undoing transactions via the Replace-By-Fee feature. The vulnerability named “BigSpender” has been discovered about three months ago as part of ZenGo’s security research. The team notified the affected providers and waited for 90 days before disclosing the information publicly on June 1st. Ledger Live, BRD, and Edge were among the affected wallets. BigSpender flaw allows an attacker to send a Bitcoin transaction with a minimal fee and then, before this transaction is confirmed, replace it with another higher-fee transaction sending the same coins to a different address. The problem is that some wallets would immediately assume that the transaction is good and add its sum to the user’s apparent balance, while in reality, the funds went elsewhere. As a result, an attacker can trick somebody like an online vendor into sending them some goods without actually paying. Another harmful outcome of such an attack is that the resulting fake balance confuses the wallet software, potentially preventing users from transferring some or all of their real assets. “The core issue at the heart of the BigSpender vulnerability is that vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually,” ZenGo’s post reads. BigSpender attacks exploit a standard Bitcoin feature called Replace-By-Fee (RBF). Roughly speaking, this feature is meant to allow users to add fees to a transaction, so it is more interesting to miners and thus gets processed sooner. Without RBF, a transaction offering too small of a fee may remain unconfirmed. Normally, an initial low-fee transaction would be discarded and new higher-fee transaction spending the same funds would take its place. Since the initial transaction isn’t confirmed, the second transaction is perfectly valid and no double-spending takes place. Thanks to the BigSpender flaw, a wallet accounts for this first unconfirmed transaction and doesn’t roll back when this transaction is “undone” via RBF. According to ZenGo, Ledger Live and BRD wallets have fixed the problem in versions 2.7.0 and 4.3 respectively, as well as awarded ZenGo investigators with a bug bounty. Edge wallet reportedly hasn’t had a patch yet but plans to get it fixed further on. “[Y]our crypto, recovery phrase, private keys, PIN code, etc. are not at risk. No one can access your crypto without your consent. This method purely relies on trying to trick you, much like traditional crypto scams do. Another good news is that we never had reports of anyone being tricked by this method,” Ledger stated in a blog post regarding the BigSpender issue. In conversation with Decrypt, Ledger’s chief technology officer Charles Guillemet noted that the company’s hardware wallets weren’t affected by the flaw. Importantly, BigSpender is not an actual vulnerability of Bitcoin, but rather a quirk of the way certain applications interpret and present information to users. Although it doesn’t let bad actors steal users’ coins or access information, the flaw would be instrumental in scamming users or harassing certain wallets by repeatedly sending fake transactions. As pointed out in ZenGo’s report, all three of the affected wallets mentioned can be reset so they show true balance and operate normally. Ledger users can fix things by clearing the cache, Edge users can do it by pressing the “Resync” in wallet options. For BRD users, recovery is complicated and would require the user to take the wallet seed to some other application that supports BRD’s non-standard derivation path of key pairs from a seed. As a general guideline, users are advised to always check incoming transactions by means other than their wallet’s history alone. To help fellow wallet developers tweak their products, ZenGo shared their research tool made specifically for BigSpender. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Recently, the news broke that TikTok, a popular Chinese online platform and mobile app for sharing short-form mobile videos, collects user personal data in an amount unusual for a social media app. The issue was raised by redditor bangorlol who claimed to have reverse-engineered the TikTok app and analyzed how it operates. According to bangorlol’s findings, TikTok is essentially a data collection service masqueraded as a social network. “If there is an API [Application Programming Interface] to get information on you, your contacts, or your device... well, they're using it,” they said. “TikTok Is a Mass Surveillance App” Among the data harvested by TikTok, there is information about a user’s phone hardware, including its central processing unit type, screen dimensions, memory usage, disk space, other applications installed, everything related to the network such as IP, router MAC, Wi-Fi access point name, among other things. TikTok allegedly also collects information about whether a user’s device was rooted or jailbroken. Bangorlol claimed that some variants of TikTok had GPS pinging enabled at the time—roughly once every 30 seconds—which is enabled by default if a user ever location-tag a post IIRC. Moreover, the app allegedly sets up a local proxy server on a user’s device for "transcoding media," which, according to bangorlol, can be easily abused as it has zero authentication. The redditor continued saying that the most concerning issue about TikTok is that the commands for collecting data can be configured remotely: “The scariest part of all of this is that much of the logging they're doing is remotely configurable and unless you reverse every single one of their native libraries and manually inspect every single obfuscated function. They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing.” For a long period of time, TikTok also did not use the secure HTTPS protocol, so user data—such as their email address and secondary email addresses used for password resets, real names, and birth dates—could be leaked and viewed by third parties. Is It All That Bad? To compare the volume of collected user data, bangorlol also reverse-engineered social media platforms such as Instagram, Facebook, Reddit, and Twitter. They eventually concluded that those apps do not harvest anywhere near the same amount of information that TikTok does. “It's like comparing a cup of water to the ocean—they just don't compare,” Bangorlol stated. To further elaborate on the matter, forklog. media contacted a security researcher working for one of the world’s leading cybersecurity companies, who wanted to remain anonymous. Here what they said: “Code obfuscation is quite common for popular apps, and the reason is usually not hiding malicious functionality but preventing competitors from code theft. There is no evidence that TikTok violates its privacy policy or abuses given permissions for malicious purposes. According to its privacy policy and required permissions (which are quite typical for audio-video social network apps), TikTok doesn't collect data that can be called sensitive (which includes SMS, call logs, passwords, bank account data, etc.). There are no reasons to call it malicious and remove it from markets.” They continued noting that big data is quite valuable nowadays. “App developers and advertising agencies want to know the age, gender, geolocation, OS version, phone model of the users. Usually, this data is collected for statistics only and helps to create the portrait of the user so that ads will be more targeted,” the researcher added. Responding to the question of whether TikTok continues to collect data from a user’s device even if the user deleted the app, the researcher assured that if the app is removed from the phone, the data is not collected anymore. Also, opening TikTok links in a browser is ostensibly safe. “Just check that it's the official TikTok website, and not phishing—a standard check when opening any links in a browser,” the researcher said. Response From the Public The idea that TikTok is actually malware developed by Chinese authorities for mass surveillance was subsequently supported by the famous hacker group Anonymous, which urged users to immediately remove the application from their devices. https://twitter.com/YourAnonCentral/status/1278204068175818752 Anonymous pointed out that transferring user data to Chinese authorities could have potential consequences for everyone, including for those who are not afraid of surveillance by China. https://twitter.com/YourAnonCentral/status/1278202771544477697   Anonymous referred to bangorlol’s analysis, which makes it unclear whether the hacker group had carried out their own investigation into the TikTok app before making its statements. Interestingly, the Indian government banned a slew of Chinese applications, including TikTok claiming that “they are engaged in activities which is prejudicial to sovereignty and integrity of lndia, defence of India, security of state and public order.” In an official press release from the country's Ministry of Information Technology, it is said that the 59 apps in question have raised serious concerns regarding data security and safeguarding the privacy of Indians. The release read: “The Ministry of Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and IoS platforms for stealing and surreptitiously transmitting users' data in an unauthorized manner to servers which have locations outside India.” In the meantime, TikTok continues to enjoy great popularity, with 800 million monthly active users out of 3.81 billion social media users globally, who represent 49% of the world’s total population. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The king of cryptocurrencies, Bitcoin has the largest market capitalization, the highest price, and the most famous name of the 2000+ coins that have followed in its wake. And yet, the cryptocurrency is not invincible. Despite being the first fully-functional cryptocurrency with a head start in the race towards adoption, other challengers are catching up. Ethereum's thriving DeFi ecosystem threatens to garner more usage, and others like Litecoin could also give the reigning cryptocurrency a run for its money. If Bitcoin is indeed one day replaced with a new coin, it will likely be due to certain weaknesses that are already beginning to show Energy Consumption Bitcoin is a very thirsty cryptocurrency. The process of creating new coins—or mining—requires lots of energy. In fact, some studies show that Bitcoin uses more electricity than small countries such as Ireland. This is because Bitcoin relies on the Proof-of-Work algorithm, a way of achieving consensus on the network through “mining”—the solving of complicated cryptographic puzzles using high-powered computer hardware. This makes high energy consumption unavoidable. If mining was cheap and didn’t require a significant investment of energy, then anyone could get involved in the network without a high stake, putting the network at risk from bad actors. Although devoting large amounts of electricity to solve cryptographic puzzles in the name of security is not necessarily unsustainable if the energy comes from a renewable source like hydropower, this may not always be the case—which might mean the cryptocurrency community decides to move away from the Proof-of-Work consensus algorithm. Ethereum—the second-largest cryptocurrency by market cap—has proposed a solution to high energy consumption. Instead of using Proof-of-Work, Ethereum is planning to change the consensus mechanism to another method called Proof-of-Stake with the Serenity upgrade, otherwise known as Ethereum 2.0. Proof-of-Stake replaces the mathematical puzzles of mining with staking—a different way to validate transactions and achieve distributed consensus that uses significantly less energy. Volatility As a relatively new asset class, Bitcoin is still finding a foothold in the market, and nobody can agree for too long on exactly how much a single Bitcoin is worth. This creates volatility, making the cryptocurrency very popular with speculators, and also helping it gain popularity as stories of Bitcoin millionaires hit the headlines. But while volatility has helped Bitcoin mania, it has hindered levels of adoption. This instability can deter businesses or individuals who might otherwise be interested in accepting the cryptocurrency. As Bitcoin grows and more liquidity pours into the crypto-space, the volatile cryptocurrency should start to stabilize. But until then, another class of coins promises to unleash crypto’s real-world potential and even topple Bitcoin. Stablecoins, which are “pegged” to a national currency like the dollar, bring a steady price that makes them convenient as an everyday means of exchange. The rapid growth of Tether, which recently surpassed XRP in market capitalization, is one of the biggest threats to the dominance of Bitcoin. Scalability If a cryptocurrency is to be widely adopted, it needs to be able to process a significant number of transactions. VISA, for example, handles an average of 150 million transactions every day and can process more than 24,000 transactions per second. All the benefits of Bitcoin—decentralization, security, and low transaction fees—make transactions on the blockchain slower, and Bitcoin is currently able to process about seven transactions a second. When the network is overloaded, each of these transactions enters a queue, and at peak times delays in Bitcoin transactions can reach several hours. That’s why Bitcoin developers are scrambling to build effective scaling solutions. The Lightning Network, for example, is one scaling solution that allows more transactions to take place at the same time on the network by adding a “second layer” on top of the existing blockchain. But unless Bitcoin can scale fast enough, other cryptocurrencies threaten to offer a better alternative. Dash, for example, offers very fast transactions using its Instantsend feature, and  XRP was judged as the world’s fastest cryptocurrency by Weiss Ratings. Transaction Fees One of Bitcoin’s key selling points, as explained in Satoshi Nakamoto’s whitepaper, is low transaction fees. Although Bitcoin’s transaction fees remain low—often less than 0.25 USD per transaction—some cryptocurrencies are able to offer an even cheaper solution. Paradoxically, as more people use Bitcoin, and the popularity grows, the network gets more clogged and transaction fees can rise. Until Bitcoin has a scaling solution, congestion on the network is likely to cause spikes in transaction fees, which gives other cryptocurrencies the advantage in terms of cost. Although transaction fees are highly variable, Litecoin, XRP, and Ethereum all typically offer lower costs than Bitcoin. The Future of Bitcoin Much of Bitcoin's ability to overcome these challenges depends on the progress of scaling solutions. Numerous proposals—from CoinPool to MAST, Dandelions, and drivechains—promise to bring scalability and other benefits like privacy, to the Bitcoin mainnet. The integration of these protocols, and the maintenance of key tenets like the supply cap and block size, is likely to determine the ability of Bitcoin to retain its crown. Written by Kieran Smith, cryptocurrency analyst contributing to eToro, OneZero, and Brave New Coin among other publications. He provides content strategy and copywriting services for cryptocurrency companies at Bitcopy. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Last week, Republican U.S. Senators introduced the Lawful Access to Encrypted Data Act “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” Experts and privacy advocates think it can effectively outlaw strong encryption. As the name may suggest, the Lawful Access to Encrypted Data Act (LAED Act, also referred to as LAEDA) is about requiring device manufacturers and service providers to allow law enforcement to access encrypted data, whether it is stored on a device or transmitted through the internet. “The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary,” the official announcement reads, “but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.” The Senators behind the proposal argued that terrorists, drug traffickers, and other unsavory individuals exploit consumer-level encrypted communications to run their operations, while law enforcement officials can’t access information potentially important to the investigation. “In recent history, we have experienced numerous terrorism cases and serious criminal activity where vital information could not be accessed, even after a court order was issued. Unfortunately, tech companies have refused to honor these court orders and assist law enforcement in their investigations,” said Senate Judiciary Committee Chairman Lindsey Graham. The bill would require companies like Apple and Facebook to “assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.” If a company is unable to comply, it will have to implement the required capabilities or appeal in federal court. The U.S. government will compensate the affected companies “for reasonable costs incurred in complying with the directive.” This basically means that U.S. companies will have to have an encryption backdoor available for all data stored or transmitted. Those who don’t have one will have to redesign their systems so there is a backdoor. Experts perceive the bill as an outright ban on end-to-end encryption in the U.S. The bill would also direct the Attorney General to organize a competition with awards for those who “create a lawful access solution in an encrypted environment while maximizing privacy and security.” On top of that, LAEDA proposes to fund a grant program to “increase digital evidence training for law enforcement” and create a call center that would provide advice and assistance to investigators. In her initial analysis of the bill, Riana Pfefferkorn, Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, warned about the potential impact of the proposal on encryption and users’ privacy. “The bill is an actual, overt, make-no-mistake, crystal-clear ban on providers from offering end-to-end encryption in online services, from offering encrypted devices that cannot be unlocked for law enforcement, and indeed from offering any encryption that does not build in a means of decrypting data for law enforcement,” she wrote, “This bill is the encryption backdoor mandate we’ve been dreading was coming, but that nobody, during the past six years of the renewed Crypto Wars, had previously dared to introduce.” Riana Pfefferkorn also warned about the sweeping scope of the proposal: “It isn’t just aimed at Apple, Google, Facebook, Signal, and the like, though it certainly applies to them; it goes well beyond, to include everyone from Box and Dropbox to the full range of Microsoft’s products, to OEM handset manufacturers.” Given the broad wording of the bill, Riana suggested that it might apply even to individual contributors in open-source projects. If the LAED Act passes, U.S. tech companies will be unable to provide users with end-to-end encryption. “Say goodbye to WhatsApp and Signal: they’ll be wiped from the Google and Apple app stores. iMessage will no longer be E2EE, either. And as for Zoom’s big plans to end-to-end encrypt video calls? If this passes, Zoom can put their pencils down on that one,” Riana Pfefferkorn wrote. Importantly, the LAED Act doesn’t even have to pass in order to harm encryption. As pointed out by Slate’s Jillian Foley, companies that had plans to introduce strong encryption may now reconsider the decision” “Even if this bill doesn’t end up succeeding, any uncertainty in the meantime might make companies like Zoom unwilling to push ahead with ambitious plans for encryption, which could hold back privacy timelines months or possibly years.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

On June 1, University of California San Francisco (UCSF) detected and subsequently stopped a cyber-attack, wherein threat actors obtained access to a part of the School of Medicine’s IT infrastructure. As part of the attack, the hackers encrypted a number of servers, making them temporarily inaccessible. According to a June 26 announcement, the attack was most likely opportunistic, with no particular areas being targeted. The university stated that none of the patient medical records and COVID-19 work were exposed. However, the cybercriminals obtained some data “as proof of their action” to further use it in their demand for a ransom payment. The announcement continued: “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.” Following the incident, the university initiated an investigation into the event in cooperation with the Federal Bureau of Investigation and cyber-security experts. UCSF expects to reinforce its IT systems’ defense and fully restore the affected servers soon. Ransom Negotiations on the Darknet As BBC reported on June 29, UCSF was attacked by the NetWalker ransomware gang, which has been actively targeting the healthcare industry during the coronavirus outbreak. The anonymous source BBC referred to witnessed the negotiations between NetWalker operators and UCSF in a live chat on the darknet. Given that UCSF is a multi-billion dollar enterprise, the hackers first demanded not less than a $3 million ransom from it, however, a university representative begged them to accept $780,000. The NetWalker operator reportedly responded: “How can I accept $780,000? Is like, I worked for nothing. You can collect money in a couple of hours. You need to take is seriously. If we’ll release our blog, student records/ data, I am 100% sure you will lose more than our price what we asked. We can agree to an price, but not like this, because I’ll take this like an insult.” Eventually, the amount of ransom agreed upon by the parties was $1,140,895. The university transferred 116.4 Bitcoins to NetWalker’s digital wallets, while the hackers sent the decryption software to the UCSF. As forklog.media reported on June 29, the FBI indicated California, Florida, New York, Ohio, Texas, and Washington as the states most vulnerable to Internet crimes, with the highest victim monetary losses or number of victims in 2019. California led the rating in terms of the volume of victim losses. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

The upcoming launch of Stacks 2.0, the major protocol release that will allow blockchain developers and miners to participate in the deployment of an innovative new consensus mechanism, dubbed Proof of Transfer (PoX), is arguably the biggest milestone so far for the New York-based Blockstack. The company has been working on a decentralized internet implementation for the past seven years, with the original vision seemingly undergoing substantial transformation along the way: today the Blockstack team is fully convinced that the future of Web 3.0 is closely aligned with Bitcoin. Blockstack is also known as the first company in the crypto-space to have conducted a U.S. SEC-qualified token sale under Reg A+ compliance rules, raising hefty $23 mln. This was quite the opposite of what happened to the Telegram Open Network (TON), who lost the legal battle with the Commission over the unregistered sale of securities and now has to repay $1.2 billion to the investors. In an exclusive interview with ForkLog, Blockstack co-founder and CEO Dr. Muneeb Ali discusses Telegram’s failure and the importance of regulation for the crypto-industry, shares his vision of the future digital society, and shed some light on what the Blockstack decentralized browser is actually about FL: What’s your take on the recent developments with the SEC effectively killing the Telegram Open Network project after deeming its tokensale an unregistered securities offering? What would be your course of action had the same happened to Blockstack?  Dr. Muneeb Ali: I sympathize with the Telegram team for the hurdles they've faced, but they took a completely different path from us and we were never in a position where we believed the SEC would move to take legal action against us. We pursued an SEC-qualified offering from the very beginning and proactively built a relationship with the SEC. We deliberately chose a conservative approach to avoid a similar action possibly being taken against us, and we were successful when the SEC qualified our token offering late last year. In a broader sense, it has become clear to the crypto-industry that regulations and compliance are important. Just like the industry innovates on the technology side, the challenges around regulations can also be resolved and new paths forged. It is hard to say if it is a setback for the crypto-space, as many in the space anticipated this type of action. Some newer projects are already learning from earlier projects when structuring their offerings. For example, it’s fairly common now to exclude U.S. persons from token offerings. It is important to continue to work with the SEC on decentralization frameworks and safe harbors that can help move the industry forward. FL: Where do you stand in your relationship with the SEC at the moment? Dr. Muneeb Ali: To be clear, Blockstack PBC is not and has never been engaged in any legal battle with the SEC. Quite the opposite, in July 2019, we successfully became the first-ever SEC-qualified token offering in U.S. history which came after months of diligent compliance work and steady communication with the SEC. We continue to prioritize establishing a model for compliance and recently filed our first annual report with the SEC. The Stacks (STX) token is believed to be the first and only crypto-asset for which regular disclosures are filed with the SEC, reflecting an unparalleled level of transparency in the crypto-industry. As various other projects in our industry do face regulatory battles, we will continue toward our goal of setting a precedent for projects increasing their transparency and working with regulatory bodies. FL: According to Blockstack’s recent SEC filing, the company has been to a great extent relying on the use of Stacks tokens when paying its employees, contractors, and partners. In light of the ongoing coronavirus crisis, are you still in a comfortable position to continue your activities, and how much recent developments affected your business model?  Dr. Muneeb Ali: We were fortunate to have raised $23 million in funding less than a year ago to continue executing on our roadmap, and while Blockstack is a very ambitious project, short term situations and financial markets are not significantly impacting us or our work at this time. Paying employees and others in STX is also by design. This creates a shared set of goals and allows everyone to participate in the value created by the network as we work toward our mission of a user-owned internet. Holding STX quite literally makes you an owner in the ecosystem, so we work to get them (compliantly, of course) to as many people that want to join the community and contribute. We hope to do even more of this in the future as the network continues to decentralize and our regulatory standing evolves. On the community front, we’re also fortunate. We’ve always worked together remotely via Discord, our forum, and through virtual town halls and smaller working group meetings. I’ve been proud of the way our community has risen to the occasion. A few folks have started privacy-first efforts to aid in various aspects of coronavirus response and recovery. I think in times like these when everyone is remote and physically disconnected from one another, it is even more important to maintain a sense of togetherness and we have been able to maintain that in these times. FL: A while ago you mentioned filing for an IPO as a possible way to issue new tokens for general miners. Do you still consider this route?  Dr. Muneeb Ali: It is one possibility we have considered to open U.S. markets with a legal framework. However, we are currently focused on moving the ecosystem toward decentralization, especially ahead of our Stacks 2.0 launch. FL: How did the idea behind Blockstack come about? Dr. Muneeb Ali: My background is in computer science—I did a Ph.D. in distributed systems at Princeton University, and that’s where the Blockstack project started. We ended up taking a unique route where we raised venture capital effectively to do R&D into how to effectively build a better internet. We didn't start off in the crypto-industry, but we happened to discover blockchain when we were trying to solve infrastructure problems. This was back in 2013. FL: Blockstack as it is today, what is it about? To be honest, Blockstack Browser sounds somewhat misleading when you find out that a recommended option for most users is not exactly a browser like Google Chrome or Brave, but rather, at least what it looks like at first glance, a directory of various projects. Dr. Muneeb Ali: It’s fair to think of “Blockstack Browser” as a bit of a misnomer, but it’s much more than a directory of projects. The “browser” is really more of a self-contained and owned identity that allows a person to seamlessly access any app on the Blockstack network with a single username. It offers basic wallet functionality and holds keys for various apps and encrypted storage one may use on the network. In our early days, we found the name “browser” useful for grasping the concept of browsing a “new internet” and interacting with decentralized applications. However, that verbiage has changed as we’ve continued to iterate and learn what UI/UX patterns work best. In fact, we recently introduced a library for developers called “Blockstack Connect” that makes the login process even smoother and drops the name “browser” entirely. We increasingly want people to understand that you can use Blockstack apps just like traditional web applications, right from the internet browser of your choice such as Chrome, Safari, Internet Explorer, and so forth. Unlike many traditional web applications, these DApps allow users to control their data, store their data, and control which applications and third parties can access their data. FL: How many of those projects featured on your main page are real working ones? Have they been developed by Blockstack or the third parties? Dr. Muneeb Ali: As far as ownership, all the apps you see on that page are developed independently. Blockstack PBC doesn’t own or operate any production app in the ecosystem. We maintain a few demo apps for educational and testing purposes, but any Blockstack app you’re likely to see will have been built by one of these independent developers. Barring any surprises or unexpected downtime, all the apps on our main page are working. Like any ecosystem, apps come and go or projects are abandoned, but we’re excited about projects such as Dmail who just received funding, Mumble and several others add new features just about weekly, and the team and others in the community regularly use Sigle, Runkod, Note Riot, Blocksurvey, and others. FL: Can we expect a standalone browser, if yes, when? Dr. Muneeb Ali: We do not have any current plans to create a standalone browser. We will remain focused on building a user-owned internet by moving the Blockstack ecosystem towards complete decentralization and ensuring the core protocols and developer tools are robust. If you’re interested in a browser purpose-built for Blockstack and digital rights, be sure to keep an eye on New Internet Labs, founded by Larry Salibra, a Blockstack alum. FL: What makes Blockstack valuable so that it actually needs a proprietary token? Dr. Muneeb Ali: The Stacks tokens play a key role in the Blockstack ecosystem. The tokens are used for registration of internet assets and are consumed as fuel for smart contracts written in Clarity (currently available on the Stacks 2.0 Testnet). The Stacks token will also be a key aspect of the upcoming Stacks 2.0 launch. With the launch of Stacks 2.0, STX miners will be able to forward bitcoin (BTC) to participate in mining. STX holders will be able to earn Bitcoin by participating in consensus. You can learn more about how we believe this mechanism will anchor Web 3.0 to Bitcoin here or dive into the whitepaper here. FL: Will you shed more light on the STX token listing on Binance? There was plenty of controversy about that with some reports claiming Binance charged Blockstack $250,000 to list Stacks. At the time you insisted it was a “long term payment” rather than a “listing fee.” Do you still stick to that statement? What does a long term payment actually mean in this context?  Dr. Muneeb Ali: It is still correct that the fee was not a listing fee. It was part of a marketing agreement we made with the Binance team. The long-term payment will support marketing campaigns that we plan to launch later on. FL: Still, why Web 3.0 is so important, and how do you think people could actually get to believe in it, given that most people are reluctant to change habits?   Dr. Muneeb Ali: In human civilization, whenever you have introduced property rights, the living standards for those people and societies have gone up, because, as soon as you introduce property rights, people start to self-organize. Now, the web has property rights. People own their own stuff. Web 3.0 is imperative in giving back users control over their data and digital property. I believe that Web 3.0 will emerge on top of blockchains. It is apparent how the same underlying technology of cryptocurrencies is the same underlying technology that enables Web 3.0 apps. The concept of private keys in cryptocurrencies that people use to own digital currencies can apply to users owning internet assets. I believe that the best foundational layer for Web 3.0 will be Bitcoin, the most secure blockchain. By creating a digital society on a secure blockchain such as Bitcoin, people will be able to trust Web 3.0. Dr. Muneeb Ali was interviewed by Andrew Asmakov Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

The United States Federal Bureau of Investigation (FBI) has estimated that cybercriminals stole approximately $2 billion from victims by virtue of compromising corporate email accounts, in 2019. Criminals continued to invent new and more sophisticated types of attacks last year, although quite widespread extortion, government impersonation, and spoofing were the three crime categories newly added to the report by the agency, in 2019. The FBI indicated California, Florida, New York, Ohio, Texas, and Washington as the states with the highest victim monetary losses or number of victims in 2019. California led the rating in terms of the volume of victim losses which amounted to $573.6 million, last year, while the number of victims only increased by 2%. The volume of victim monetary losses per state in 2019. Source: Florida Atlantic University California is followed by Ohio that had the largest loss rate of $22.6 million per one million in population, in 2019, and Florida that had the third-highest loss rate of $13.7 million per one million in population, in 2019. Per the report, Washington was hit with the highest number of victims adjusted for population in 2019, with 1,720 victims per one million in population. Florida and Texas showed a similar number of victims in 2019. The number of victims per state in 2019. Source: Florida Atlantic University “Over the last five years, victim losses in the six top states have increased more than 150% with Ohio having the highest growth of 1,600%. Washington had the highest growth rate in number of victims of 100%, while Florida had the lowest of 34%,” the report said. Most Popular Online Crimes in 2019 According to the FBI, threat actors mostly fell back to Business Email Compromise/Email Account Compromise (BEC/EAC) to break into personal or corporate email accounts aiming to obtain sensitive information and divert and request electronic wire transfers to fraudulent money accounts. Through BEC/EAC, cybercriminals managed to steal $1.8 billion from victims in 2019. “This scheme has grown at varying rates in five of the six top states while declining 10% in New York. From 2018 through 2019, Ohio victim losses increased by 245%, but only 6% in Texas,” the report detailed. Although extortion is not a new Internet crime and had not reportedly been a relatively large online crime before 2018, the FBI detected a notable increase of victim losses from this type of crime in the six top states, in 2019. The report further pointed out the government impersonation as one of the most popular fraudulent schemes in 2019. This type of Internet crime ran rampant in 2019, marking a high growth especially in California and New York. Among other most widespread online crimes last year, the report mentioned credit card fraud, identity theft, investment fraud, and spoofing. Hacker Attacks Continue to Proliferate As forklog.media previously reported, hackers seem to have shifted their focus from individual servers to corporate networks. In the second half of 2019, the number of postings on illicit marketplaces offering access to corporate networks reportedly began surging. Cybercriminals have been actively placing so-called “access for sale” proposals on darknet seeking to sell the remote control over enterprise computers to third parties, over the past months. Once a third party obtains access to corporate computers, they can perform attacks on the company’s infrastructure and eventually steal data and disrupt business operations. Per a report from IBM, in the fourth quarter of 2019, the volume of ransomware attacks increased by 67% year-on-year, with bad actors continuously developing new ransomware code for destructive attacks. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

There are two kinds of people who hold cryptocurrency: investors and traders. Investors don’t make deals very often, sometimes only once in a few years, if at all. Traders do it often, many even on a daily basis. Disclaimer: forklog.media does not provide financial advice and cannot be held responsible for the readers’ investments. Perpetual Contracts, Leverage, and Margin A perpetual contract is a contract for purchase or sale of an asset without an expiry date, meaning traders can hold onto them for as long as they want. This is in contrast to futures, which requires settlement at a specified date in the future. The perpetual contracts available on Bybit are BTC/USD, ETH/USD, EOS/USD and XRP/USD inverse perpetual contracts, and BTC/USDT linear perpetual contracts. The difference between the two is that for inverse perpetual contacts, the underlying cryptocurrency (BTC, ETH, etc) is used as margin, and for linear perpetual contracts USDT is used for margin. BTCUSDT ticker example Bybit perpetual contracts offer up to 100x leverage, which can be adjusted at any time. This is essentially money loaned to the trader from the exchange. To get the loan in the first place, a trader deposits the initial margin. It works as the platform’s insurance against potential losses that traders may face. If losses reach the amount of the initial margin, the exchange takes the deposit and closes the position. This process is called liquidation. Platforms typically show traders the liquidation price. The liquidation price is calculated based on the trader’s selected leverage, maintenance margin (minimum margin needed to keep a position open), and entry price. In the event of liquidation, all the available balance of the currency is lost. Typically, the maintenance margin amounts to 0.5–0.7% of the total value of the deal. Bybit’s maintenance margin is 0.5%. Therefore, if you buy $1,000 worth of contracts with 10x leverage. It would require an initial margin of $100. If losses hit $95, the exchange will liquidate the position. Initial margin covers the losses, the maintenance margin services the platform  Inverse BTCUSD contracts These contracts can be traded without an underlying asset. To trade an inverse BTCUSD contract you would need Bitcoin, not dollars. The main advantage of an inverse perpetual contract is flexibility. It lets users trade contracts quoted in USD with Bitcoin as collateral. The disadvantage is the volatility of the profits and deposits. Thus, if you bought a BTCUSD perpetual contract at $9,000 and closed the deal at $10,000 earning 0.1 BTC or $1,000. Overnight, the BTC price dropped to $5,000. You closed the deal, but if you hadn’t and decided to wait until the next day, the profit would have decreased to $500. Linear BTCUSDT contract The stablecoin (USDT) is pegged to USD, so the charts for BTCUSD and BTCUSDT are nearly identical. Meanwhile, the value of a USDT deposit won’t decrease because of a sudden drop in the Bitcoin price. Thanks to Tether, BTCUSDT has lower associated fees and risks Reducing Risks with Cross Margin Leverage is a useful tool but it comes with risks. Platforms typically offer several multipliers starting from 1.1 to 100x. Conservative traders often don’t use leverage because although it can amplify profits, it can also hasten losses. Risks can be controlled using cross margin, with leverage available up to 100x. In this case, the platform will regard the entire deposit as margin, to try and prevent liquidation. Example: You bought contracts with 10x leverage and opted for cross margin. This means that you have 10% more contracts than you would without leverage. Comparing Liquidation Prices of BTCUSD and BTCUSDT The liquidation price of linear BTCUSDT contracts for long positions is lower than that of BTCUSD contracts. We purchased 0.05 BTC positions with 10x leverage in inverse BTCUSD and BTCUSDT. For the inverse contract, liquidation will occur at $7,024; for the USDT contract, at $6,953. If Bitcoin drops to $7,000, the platform will liquidate the BTCUSD position, but not the BTCUSDT. This happens because of different currencies in the margin. In an inverse BTCUSD contract, the margin value drops along with the Bitcoin price. It doesn’t change in BTCUSD. Liquidation prices of BTCUSD and BTCUSDT are 1% different with 10x leverage USDT contracts offer lower volatility and lower liquidation risks during sharp price turns. We’ve compared the ATR values for inverse BTCUSD and perpetual BTCUSDT. The chart shows the average price change for the last 14 bars. For a 4-hour period, BTCUSD volatility amounted to $169, while for BTCUSDT it was $162. ATR(14) on 4-hour chart, BTCUSDT volatility is 0.4% lower The difference in volatility between contracts is there because of the imperfect pegging of the Tether price to USDT, as well as the liquidity of USDT and USD markets on Bybit. Trading BTCUSDT on Bybit: Pros and Cons The main advantage of USDT contracts is the interface. The chart screen has dedicated buttons for placing orders and users can trade in fullscreen mode. Bybit has also introduced additional mechanics for USDT contracts: Simultaneous short and long positions that work for hedging and breakout trading Unrealized profit can be used to open new positions. Long and short positions, the trading interface can be seen at the top On the downside, the order book has a maximum increment of $1, you can't see major distant orders and determine support and resistance levels based on limit orders. The order book depth can be set at 0.5 or 1 Traders can test out Bybit for free by registering and claiming their welcome bonus. Conclusion Cryptocurrency derivatives gradually gain steam thanks to their flexibility, such as the perpetual contacts on offer as explored in this article. They can be traded with leverage with a small deposit. There are two kinds of perpetual contracts available on Bybit: inverse and linear contracts. USDT contracts are potentially more profitable in the long-run as they have lower volatility and liquidation risks. With a cross-margin, they can be purchased for long periods of time with low liquidation risks. However, be warned: people have lost their deposits even without leverage. Use stop-orders, be wary with your leverage, and never invest money you can’t afford to lose. If you trade, trade smart. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

A United States district court has released an indictment alleging Julian Assange, the founder of the online archive containing thousands of classified documents from government and corporate entities, WikiLeaks, of an attempt to recruit hackers from the LulzSec and Anonymous hacker groups to obtain sensitive information from government systems. Once stolen, the documents would appear on the WikiLeaks website for further dissemination. According to the document, Assange continued his efforts to urge interested parties to help WikiLeaks when he and his associates spoke at various hacking-related conferences around the world such as “Hacking at Random” and “Hack in the Box Security Conference,” which took place in 2009. Failing to Meet Estimates Given to Assange? Going further, the file provides a flow of communication between WikiLeaks representatives and certain members of LulzSec, revealing how the relationship between WikiLeaks and the hacker group was established and developed. In one conversation, Assange allegedly told Hector "Sabu" Monsegur, the head of LulzSec, that “the most impactful release of hacked materials would be from the CIA, NSA, or the New York Times.” The file continued stating that in January 2012, Sabu asked Assange to name any targets, with the WikiLeaks founder stating that he could not “give target suggestions for the obvious legal reasons,” further adding “but, for people that do bad things, and probably have that documented, there’s [‘Research and Investigative Firm’]” and “lots of the companies” mentioned on a website whose address Assange provided. “In February 2012, Hammond [a LulzSec hacker] told Sabu that the incompetence of his fellow hackers was causing him to fail to meet estimates he had given to Assange for the volume of hacked information that Hammond expected to provide WikiLeaks, writing, ‘can’t sit on all these targets dicking around when the booty is sitting there … especially when we are asked to make it happen with WL. We repeated a 2TB number to JA. Now turns out it’s like maybe 100GB. Would have been 40-50GB if I didn’t go and reget all the mail from [foreign cybersecurity company]’,” the document said. Fight Against Extradition to the U.S. The indictment accused Assange of 18 counts, which include conspiracy to commit computer intrusions, attempted unauthorized obtaining and receiving of National Defense information, and unauthorized disclosure of National Defense information. In the meantime, Assange is fighting against his extradition from a United Kingdom prison to the U.S. According to Nick Vamos, the former head of extradition at the Crown Prosecution Service, Assange’s lawyers would likely claim that the extradition request is politically motivated and that most probably he would not receive a fair trial in the U.S. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The ubiquitous digitization brings both the better ways of handling information and more opportunities for bad actors to exploit whatever we put online. In this piece, Stepan Gershuni, CEO of digital identity firm Credentia, explains how the blockchain-based self-sovereign identity technology can help users regain control over their personal data. Digital Feudalism We live in an era of digital feudalism. Large tech companies and nation-states have more power over our online data then we do. Ubiquitous data collection for market research, personalized ads, or pseudo-security leads to frequent mass hacks and leaks. Over the last year alone, there were at least 3,800 reported hacks affecting over 4.1 billion accounts and records. The interest in the issue of control over one’s own data from media and the general public is growing. According to Pew Research, 81% of Americans think they don’t have enough control over the information online. The public demand necessitates a two-fold response: Market. Last year, U.S. companies spent $19 billion on protection and audit of personal data storage systems. Regulatory. Democratic governments introduce data protection laws en mass: GDPR and CCPA. Their authoritarian counterparts try to get away with fakery and consolidate as much data as they can in shady systems like Russia’s new personal data registry system. From Feudalism to Rennaissance The shift from feudalism to the Rennaissance is self-sovereign identity technology. It lets you store and confirm any facts about yourself. These facts are stored in a cryptographic wallet and only the user can control the information. The technology also allows you to work with documents and facts just like you would with paper. Only you hold and control it deciding who can see particular parts of the documents. All that happens digitally in a more secure and efficient way. Modern authorization systems store too much information. After you register an account with an online shop or a service, it will store your email, address, password, and lots of other information indefinitely. Moreover, if the service gets hacked and your data is stolen, your other accounts will be threatened as well. In a self-sovereign identity system, you have a single cryptographically protected wallet you’ve created once. It holds facts about you: email, height, date of birth, and driver’s license. You control access to this information and can change or deactivate the access keys at any time. If you lost the key, there’s the “social recovery” feature or a “secret phrase” that can be anything from a picture to GPS coordinates. When visiting an online store, you chose whether to share information about your height to form a personalized feed of clothing items. You know that your data isn’t stored on the server and is available only with your consent, so you can restrict access whenever you feel like it. Thanks to the attention given to this problem, the technology has already gone mainstream: Ontario and British Columbia launched the VON project for state-issued documents. California introduced a law regulating the use of the protocol for medical records. Bank and credit unions use portable KYC. The U.S. issues trusted digital passports for doctors and nurses. Over 20 IT companies, including Oracle, SAP, IBM, Microsoft, and Workday, allow people to create provable and verifiable career credentials. Universities around the world grant digital diplomas and certificates. This is an adaptation of the original Russian-language article written by Stepan Gerhsuni for ForkLog Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Amnesty Tech, a global collective of researchers, hackers, and advocates campaigning for human rights, has claimed that Israeli tech company NSO Group committed a government-backed surveillance operation over journalists. According to Amnesty’s latest investigation into the event, the government of Morocco used NSO’s technology to spy on Moroccan journalist Omar Radi, wherein Radi’s phone had been attacked with NSO’s Pegasus spyware. The software in question is designed to enable concerned parties to remotely spy on smartphones. Tech That Abuses Human Rights Radi faced the Moroccan authorities’ scrutiny for his journalistic work and activism, and for his fierce criticism of the government’s human rights record in particular. Radi brought about the issue of corruption and links between corporate and political interests in Morocco. Eventually, Radi was sentenced for four months in prison for a message he tweeted last year criticizing “the unfair trial of a group of activists.” According to an analysis by Amnesty Tech, Radi’s phone was subject to a series of “network injection” attacks, which allowed the concerned parties to monitor, intercept, and manipulate his Internet traffic. Using Pegasus, the attacker can get access to the target’s phone’s camera, microphone, calls, messages, contacts, among other things. Although NSO claims it provides "authorized governments with technology that helps them combat terror and crime," the company’s technology has been repeatedly accused of human rights abuses. Danna Ingleton, deputy director of Amnesty Tech said that NSO can not be trusted and should be banned from selling its products to governments, who subsequently deploy it for human rights abuses. NSO’s contribution to those abuses came in the form of keeping the government on as an active customer until at least January 2020. “Even after being presented with chilling evidence of its spyware being used to track activists in Morocco, it appears that NSO chose to keep the Moroccan government on as a customer. If NSO won’t stop its technology from being used in abuses, then it should be banned from selling it to governments who are likely to use it for human rights abuses,” said Ingleton. Legal Battles Against NSO Group Back in 2017, Mexican activists, human rights lawyers, and journalists filed a criminal complaint after learning that their smartphones had been attacked with Pegasus spyware. According to a report cited by the parties, the attorney general’s office and the defense ministry were among government organizations that purchased the software. As forklog.media previously reported, Facebook and its subsidiary WhatsApp are fighting in court with NSO Group, claiming that the firm used WhatsApp to facilitate spyware distribution. According to WhatsApp’s research, the messenger’s video call service was exploited to implant malicious code into the user’s mobile devices. Around 1,400 users were targeted by the attack. It turned out that among these users were journalists, human rights activists, and dissidents. Facebook and WhatsApp claim that NSO Group violated the messenger’s Terms of Service, the Computer Fraud and Abuse Act, and сertain other laws. In return, NSO Group said that they had nothing to do with the attack and the ways their clients use the software. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Israeli cybersecurity firm ClearSky has detected that the so-called hacker group CryptoCore has managed to steal over $200 million from cryptocurrency exchanges and companies in two years. For the most part, the threat actors—also named by ClearSky as Dangerous Password and Leery Turtle—have been targeting entities located in the United States and Japan. ClearSky has been tracking CryptoCore’s activity since May 2018, concluding that the group is “not extremely technically advanced.” In the first half of 2020, the hackers’ activity notably declined probably due to the COVID-19 outbreak. Also, the company has not been able to determine the origin of the hacker group, only saying with a medium level of certainty that the group has links to Eastern Europe, particularly Ukraine, Russia, or Romania. Impersonating High-Ranking Employees CryptoCore reportedly obtains access to crypto exchanges' corporate wallets or those owned by the exchange’s employees through spear-phishing primarily targeting the executives’ personal email accounts. The threat actors then impersonate high-ranking employees either from the target company or from a related organization with connections to the targeted officer. The report further detailed: “After gaining an initial foothold, the group’s primary objective is obtaining access to the victim’s password manager account. This is where the keys of crypto-wallets and other valuable assets—which will come handy in lateral movement stages—are stored. The group will remain undetected and maintain persistence until the multi-factor authentication of the exchange wallets will be removed, and then act immediately and responsively.” Crypto-Related Losses Continue Rising According to blockchain analytics and crypto intelligence firm CipherTrace, in the first five months of 2020, the total losses of cryptocurrencies to criminals and scammers amounted to $1.36 billion. Researches suggest 2020 may bring the second-highest total crypto lost to crime ever observed, the current record being 2019’s $4.5 billion. 98% of the losses were attributed to investment fraud and misappropriation. A recent study by the business software site Capterra revealed that remote workers have also become greatly exposed to phishing emails during the lockdown, with hackers aiming to steal users’ passwords. Capterra pointed out that “despite the majority of workers stating they are pleased with working from home, the adoption of security measures still has room for improvement.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

A 900-megabyte database of Telegram users’ phone numbers, nicknames, and unique identifiers has been found posted on one of the forums on the dark web. The exact number of affected accounts isn’t known but estimated to be in the millions. According to a Russian-language outlet Kod Durova, about 70% of the accounts in the database belong to Iranian users and the remaining 30% to Russians. Telegram confirmed the leak and explained that the information was obtained through the contact import feature. “Databases like this typically match phone numbers with user identifiers. They are created by exploiting the contact import feature during registration. Unfortunately, services that allow users to communicate with people from their phone contacts, can’t entirely avoid this method,” Telegram told the journalists. Telegram representatives also said that the leaked information is mostly obsolete thanks to additional safeguards put in place by the developers in late summer 2019 as a response to surveillance of the Hong Kong protesters. “Over 84% of the data have been collected before mid-2019. Most of the accounts in the database—no less than 60%—contain obsolete information. This shows that the last year we’ve been able to reduce the number of such exploitation cases,” the messenger representatives told Kod Durova. The database in question turned out to be the combination of several previously leaked batches of data amounting to about 40 million lines in total. Part of the data came from a leak that took place in early May 2020 and another 12 million entries associated with Russian phone numbers have been reportedly obtained in April 2020. Touted as a privacy-focused messenger, Telegram gets a lot of heat from the community for the apparent lack of basic features such as not having end-to-end encryption for groups and limiting it to personal secret chats. Since the messenger is popular in places where free speech is suppressed, political dissidents, journalists, and other potentially wanted people end up using it as the means of pseudonymous and somewhat secure communication. The problem with the contact import feature is that it allows attackers to match users’ pseudonymous accounts with the associated phone numbers even if a user opted to hide the number. Having a person’s phone number may allow government agencies or hackers to obtain further information on the person: their name, calls history, rough locations, etc. Notably, during the Hong Kong protests of 2019, users found out that this feature could let attackers join a protesters’ chat and unmask the phone numbers of all its members. A bad actor just needed to feed a sequence of numbers to the messenger as “contacts” from their phone book and wait until it finds a match with someone’s account. "There is no bug: just like WhatsApp or Facebook Messenger, Telegram is based on phone contacts. This means that you must be able to see your contacts who are also using the app," Telegram spokesperson told ZDNet at the time, "The phone number settings control phone number visibility for users who don't have your number (as opposed to WhatsApp showing your phone number to everyone else in any group)." Still, even knowing the limitations of Telegram, the protesters couldn’t simply switch to a better option. "Changing to a different app like Signal is not a viable option for us. Because the way the protestors communicate heavily depends on the support of very large groups [...] in which Telegram has really good support," Chu Ka-Cheong, Director at Internet Society Hong Kong Chapter, told ZDNet, "On the other hand, Signal and Wire groups are limited to a few hundred people, and Signal makes your phone number visible to everyone anyway.” Protesters figured that for the lack of better options, using a “burner sim,” a sim card you can afford to expose, is the best way to keep using the messenger without exposing the main number and all the information associated with it. Earlier, Russia’s internet censor Roskomnadzor lifted its ban on using Telegram inside the country after the messenger agreed to filter content that has to do with terrorism and extremism. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

A large aerospace contractor Honeywell released a quantum computer that’s heralded as the highest-performing device of the kind to date. The company plans on using Microsoft Azure to make its devices commercially available to a wide audience. Yet, the technology is decades from being a threat to cryptography and the very claim of Honeywell’s device superiority is questioned. In this piece, we look at the key facts surrounding the Honeywell’s breakthrough announcement and explain what it means for cryptocurrencies, modern encryption, and the quantum computing field in general. Honeywell’s Conditional Leadership Given that there is no standard way of making quantum computers and each particular machine is better at certain tasks, there is no easy way to compare a bunch of different systems and say which one is better overall. Looking at things like the number of qubits (quantum counterpart of classical bits) in the device isn’t really helpful. In 2019, Google reached quantum supremacy with 53 qubits under the hood, but there are systems that have thousands of them, such as D-Wave’s 2000Q with 2048 qubits. The way qubits are structured, the computational tasks in question, the extent of cross-talk between circuits, and errors have their effect on performance. The key parameter used to compare the capabilities of Honeywell’s quantum computer to alternative solutions is quantum volume. Introduced by IBM in 2017, it is a complex metric derived from the number of qubits in the computer, their interconnectedness, error rate, and other nuances. Quantum volume is meant to be a hardware-agnostic measurement of the performance of a real quantum computer. In 2020, IBM themselves demonstrated a system with a quantum volume of 32. If the metric works as intended, Honeywell’s quantum computer is twice as powerful with a quantum volume of 64. The thing is that these are the only two companies to use this metric. According to Venture Beat, other quantum computing companies like D-Wave, IonQ, and Rigetti weren’t too enthusiastic about the quantum volume metric as it fails to “fully capture the nuances of different approaches to quantum computing and applications” and “doesn’t take use cases into account.” Effectively, the announcement means that Honeywell’s device is twice as good as the one made by IBM, while it isn’t exactly clear how it compares to other systems. Quantum Threat to Cryptography Remains Remote And Avoidable Since quantum computers started to become a thing, experts in the crypto-community and beyond expressed concerns about their potential to crack modern cryptography. Back in 2017, researchers estimated that quantum computers will be able to brute force Bitcoin’s cryptography by 2027, given that their clock speed increases substantially. In 2019, IBM executives warned that the quantum threat to cryptocurrencies is real and isn’t necessarily far away in the future. “It’s reverse-engineering the private keys which represent the control of your wallet. Your public key is essentially your wallet which holds balances. And I think that’s a real, credible threat. Bitcoin is a public ledger. So you can go out and see which public keys are holding the largest balances and you could go out and target those [...] I think that’s even a near term threat,” Jesse Lund, vice president of blockchain and digital currencies at IBM, told Coindoo. Chief technology officer for IBM data security services Nev Zunic was similarly wary of the risks quantum computers may pose for businesses relying on encryption: ”Companies need to be aware of quantum and the potential risk that it will bring so they can take actions today so that they are not hackable at some point in the life cycle of their products.” Still, it looks like the field is currently nowhere near that point while mining ASICs and cryptography methods evolve together with quantum computers. In 2018, in his article about quantum computing threat to Bitcoin, an American writer Jeffrey Tucker wrote that a potentially dangerous device would take about ten years to develop, but by that time it would already be obsolete. Back when Google researchers broke their “quantum supremacy” news, Bitcoin developer and cryptographer Peter Todd dismissed the threat noting that the problem solved by Google’s computer had nothing to do with breaking cryptography and scaling quantum computers to useful size may get increasingly complicated. https://twitter.com/peterktodd/status/1176313278114476032 Notably, in April 2020, researchers demonstrated a proof-of-concept quantum processor with “hot” qubits that worked under temperatures 15 times higher than most other quantum computers, albeit the temperature change in question is from 0.1 to 1.5 degrees above absolute zero. Developments like this could potentially solve the scaling problem for quantum computers, but the actual applicable technology is still far away. As for the ways to protect systems from the quantum threat, for over a decade scientists have been working on post-quantum cryptography algorithms that will be resistant to the immense computational power of future quantum computers. It is fascinating to watch how quantum computing is getting less like cold fusion and more like the 90’s World Wide Web. Instead of a very much revolutionary technology that remained “a few decades away” since the last century, quantum computers are somewhat available to play with and companies race to get their tech better while attracting hefty investments. But it’s still experimenting, speculating about future applications, and keeping the hype going rather than solving real-world problems. The only thing that is relatively clear is that quantum computers will come in force and it’s nice to have a few years to prepare. ForkLog has previously analyzed the concerns about quantum computing threat after Google’s “quantum supremacy” announcement. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Threat actors are now targeting Google Analytics service to harvest data entered by users. As the victims are generally Europe and Americas-based online stores selling cosmetics, food products, digital equipment, and spare parts, the stolen information includes their shoppers’ credit card details. To perform an attack, evildoers inject malicious code into web sites of their interest, which then harvests all the data entered by visitors and sends it through Google Analytics to hackers’ Analytics accounts. According to a dedicated report by cybersecurity firm Kaspersky, there are around two dozen infected sites globally. Collecting Everything Anyone Enters “To make the data flow to a third-party resource less visible, fraudsters often register domains resembling the names of popular web services, and in particular, Google Analytics (google-anatytics[.]com, google-analytcsapi[.]com, google-analytc[.]com, google-anaiytlcs[.]com, google-analytics[.]top, google-analytics[.]cm, google-analytics[.]to, google-analytics-js[.]com, googlc-analytics[.]com, etc.). But attacks of this kind were also found to sometimes use the authentic service,” the report further explains. To disguise their malicious activity, cybercriminals are using an anti-debugging technique. They also leave themselves a loophole to monitor the script in Debug mode. “If the anti-debugging is passed, the script collects everything anyone inputs on the site (as well as information about the user who entered the data: IP address, UserAgent, time zone). The collected data is encrypted and sent using the Google Analytics Measurement Protocol,” the Kaspersky report reads. The names of the affected online stores have not been disclosed yet, though. Google Services Hit by Cyber Attacks Google-related fraudulent activities have increased in number over the past months. As of May, Google’s Chrome Web Store was reportedly hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions. Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard. Also last month, cybersecurity researchers detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

This piece has been written by Jesse McGraw, an activist, writer, former hacker and first person in recent U.S. history convicted for corrupting industrial control systems Nothing online is really secure by default. Every website you visit and every link you click can be logged and reviewed by your Internet Service Provider (ISP). Even though individual internet users are rarely watched in real-time without justification, it is still unnerving. I can vouch for this because I used to work as a network security analyst for a small private ISP in Dallas, Texas. There was nothing our clients did on their computers and network devices that I could not observe, log, and analyze. Many ISPs compile users' internet history logs and sell them to marketing companies. Additionally, this same information can be obtained by law enforcement agencies. Your ISP is obligated by law to cooperate with law enforcement. When you compound all these factors, it feels like the internet is preying on users. Avoiding Scammers and Con Artists Ever since the outbreak of the COVID-19, epidemic scams have risen exponentially. According to the Federal Trade Commission “[...] from January 1 until today, the FTC has gotten 18,235 reports related to COVID-19, and people reported losing $13.44 million dollars to fraud.” When it comes to avoiding scams, it’s usually enough to exercise healthy suspicion whenever you receive unsolicited links in your email, messenger, and other online accounts. Don’t click on just anything. Most scamming sites will redirect you to a malicious website, preventing you from exiting the page, while it installs malware on your device. If you’ve won a prize, it’s usually too good to be true. Similarly, avoid downloading software from untrusted third-party sites, and don’t forward chain messages, especially if the message claims to come from somebody you know and says that their Facebook account was hacked. Just leave it alone. Trust me. I used to be the attacker. Steal. Sell. Prosecute. Scammers aren’t the only adversaries who oppose our interest in controlling our own data. Digital ad metadata corporations and invasive government agencies are also an opposing force that threatens our ability to maintain secure web browsing, protection from data theft, and the opportunity to choose whether or not we want to be tracked, logged, or flagged. The adage of “if you've got nothing to hide, you've got nothing to fear” is a common statement I hear from people who welcome government-sponsored surveillance programs. That’s because most internet users only have a passive understanding of the scope of these surveillance programs. Here in the West, people may complain about being spied on, but do not really put into practice any counter-measures to frustrate or combat government spying. Even though most of us may not be engaged in criminal activity, the opinions we have may be subject to censorship criminalization. We are already living in this world. For instance, in some areas of China's Xinjiang region, immigration agency officers have been forcing travelers to install Android-based spyware, allowing the authorities to collect text messages, photos, calendar events, call logs, user accounts, and more. Border agents also have a machine that allows them to interface with iPhones to perform similar invasive functions. In the United States, I learned about an extensive profiling identity records database used by law enforcement from the assistant U.S. attorney prosecuting my criminal hacking case. I was handed several printouts from this database which included Uniform Commercial Code-1 (UCC-1) filings, possible properties owned, possible relatives, corporate affiliations, possible coworkers associated, possible names or aliases fraudulently used under your social security number, criminal record, driving record, driver’s license, accident reports, registered motor vehicles, concealed weapons permits, professional licenses, Federal Aviation Administration (FAA) certifications, aircrafts owned, watercrafts owned, hunting/fishing permits, bankruptcies, liens and judgments, and more. It’s kind of a people mapping/profiling system that attempts to connect the dots. Not all the data in the database is accurate, but it’s efficient. The good news is that we do not have to accept these conditions of censorship, surveillance, or scams, as if they are simply unavoidable machinations of our reality. As a former hacker, it is my firm belief that every system designed by man is prone to be broken, whether it is tangible or virtual, and the vices of big corporations and governments are far from perfect. They aren’t omniscient nor omnipotent. They are only people. Tactics Against Censorship and Surveillance The weapons of anonymity are really quite simple and effective when you use them correctly. Here is a comprehensive list of tools I encourage you to use. As with anything you install on your phone, tablet, or personal computer, it is important that you do a little research on the app before committing to it. Signal. It’s a cross-platform instant messenger that uses end-to-end encryption, which obstructs potential eavesdroppers such as telecom providers, law enforcement, most hackers, and the service itself from even having the ability to access your correspondence. They would need the cryptographic keys to decrypt messages, and they just don’t. Unlike conventional messenger services, messages aren’t stored on internet servers. Therefore, there is no user data to share with law enforcement, even if they were forced to try. This is a safe alternative to WhatsApp, the end-to-end encrypted messenger which is owned by Facebook. WhatsApp is vulnerable to hacking exploits and creates backups of user messages in an unencrypted format as well as other features that defeat the purpose of the end-to-end encryption. Signal also has a screen lock feature, as well as an option to enable users to set a timeframe from five seconds to one week that ques Signal to automatically delete messages after they are read. Tor/Tor Browser. Tor stands for The Onion Router and is cross-platform, so you can install it anywhere. You’ll need Tor if you want to descend below the surface of the common internet and access the dark web. According to the website, Tor traffic is relayed and encrypted three times as it passes over the Tor network. Web services will be able to determine if you are using Tor, and some will even block inbound connections from Tor. Nevertheless, your information will be encrypted and secure. Whenever I am testing network penetration tools from my mobile, I pipe all my internet traffic that is generated from the apps I use through Tor. This is perfect for free speech, defeating censorship, and helping to protect your online data from metadata thieves and criminal hackers. However, it is not absolutely secure. According to leaked classified National Security Agency (NSA) documents, the NSA has the capability to attack a users’ Tor connection, and to exploit certain versions of Firefox to de-anonymize encrypted Tor traffic, though this doesn’t grant them continuous access to spy on Tor users. Additionally, merely using online privacy and IP anonymizing tools without a way to accurately test them to ensure they are working properly isn’t sufficient to know you are protected. Tor has a critical bug known as TorMoil that can cause your operating system to connect to the remote host, bypassing Tor entirely. IP leaks can also occur when using a Virtual Private Network (VPN). To ensure that your phone, tablet, or PC isn’t leaking your IP address while utilizing an IP anonymizer, be sure to run an IP Leak Test. Many websites offer this testing service free of charge. NordVPN. This is a subscription-based private Virtual Private Network (VPN) service that was referred to me by a fellow hacker who works in the information security industry. Using a VPN does not create anonymity. It merely moves trust from wherever you access the internet to the servers of the VPN service you are using. This is practical if you access the internet from a particular location or ISP (home, work, school, etc.) but want to move your web traffic away. Remember, it will merely end up on the servers of your VPN service provider. Firefox. It is a cross-platform web browser capable of protecting users from ads and tracking scripts, blocking cookies that enable ads, manage passwords, private browsing, and notify users of new security threats. It’s customizable and user-friendly. Adblock will stop ads and trackers from infiltrating your web browser. I do not recommend installing many plug-ins, as this makes your browsers’ security less secure. If you create a Firefox account, you can then access your bookmarks, search history, etc from any browser. You can also create a portable version of Firefox and install it on a USB flash drive or SD card. Protonmail. This is a free email service that uses end-to-end encryption. It was founded in 2013 in Geneva, Switzerland by scientists who met at the European Organization for Nuclear Research (CERN) research facility. Proton Technologies cannot decrypt user messages. However, under Swiss law, they are required to cooperate with law enforcement on criminal investigations. Still, it is safer than using Gmail, or any other mainstream email service provider. Sandboxie. I’ve been using this for years. This is an open-source sandboxing program designed for use with Microsoft Windows. It creates a virtual quarantine environment that can be run from the executable or installed without creating any changes to the local operating system. This allows users to browse insecure, risky, or untrusted websites without the risk of getting infected by malware, and to test or open suspicious programs without infecting your computer. Tails. Now we’re getting into the darker side of things. Tails stands for The Amnesic Incognito Live System. This is a security-based Debian Linux distribution designed to  protect your online privacy and anonymity. All web traffic is forced to run through Tor at startup. You can run it from a DVD or USB thumb drive from just about any computer system while leaving no digital fingerprints behind. It is the government censorships’ worst nightmare. It comes equipped with all the necessary components needed to maintain online anonymity. Every activist should have a copy of TAILS. Duckduckgo. Duckduckgo is a private search engine alternative to Google. Since Google is designed to gather intelligence on its users, we want to steer away from these kinds of invasive relationships. Duckduckgo doesn't track or profile its users, which means it is not going to generate custom search results based on a users’ search history. Duckduckgo does support ads, but this feature can be disabled by the user. Startpage. This is a private proxy server-based search engine alternative from the Netherlands. Startpage anonymously requests search results from Google and then shares them with you privately. As long as you use Startpage, your web surfing will be protected. A supplementary secure browsing insulation called Anonymous View n is also available. It’s free to use. Basically, it is a reliable proxy feature that gives users an extra layer of protection to bypass tracking. There are many tools to protect yourself from scammers, corporations, and government snoops alike. Therefore, it is up to you to put them to use and to defend your personal data. If you don’t fight to defend what is yours, it will be taken away, sold, logged, and flagged. Maintaining online anonymity must be thought of as a nurturing relationship between a user and his or her data. Anonymity must be nurtured with care in order for it to work because it is becoming harder and harder to maintain. Use the tools. Make sure they are functioning correctly. In the same way that a person receives training to operate an automobile, you also have to train yourself to practice anonymity. This is the world we live in. Data is sold to the highest bidder, and it is done so without your consent. But you can take back what’s rightfully yours. Written by Jesse McGraw Edited by Ana Alexandre and Jenny Aysgarth Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Institutional investors and their money have been painted as both the doom and the salvation of Bitcoin. Analytics say they are important for the first crypto to reach new heights. Bitcoin maximalists say they threaten the very nature of it, at least as it was envisioned by Satoshi, and its role as the alternative to traditional finance. Figuring out what’s the deal with the institutional investors and what to expect from their advent into Bitcoin, it is useful to have an opinion of someone knowledgeable in the nuance of both the crypto-industry and traditional finance. Konstantin Richter is one such person. He is the founder and CEO of Blockdaemon, a New York-based company that provides institutional investors and developers with full node management solutions for over two dozen blockchain protocols. In May, the company raised $5.5 million of venture capital from Hashkey, CoinShares, Blockchain.com, and Fenbushi Capital among others. https://twitter.com/_blockdaemon/status/1260204515220807680 In an exclusive interview with ForkLog, Konstantin Richter explained why Bitcoin needs institutional money, as well as shared his views on staking and other peculiarities of alternative blockchain projects. ForkLog: People often say that Bitcoin has been built not just to improve financial technology but as a means of liberation, a reaction against corrupt governments, multinational corporations, and the Wall Street financial institutions. However, the narrative has somewhat changed in recent years with many people believing that the way to unlock the true potential of the cryptocurrency and to achieve mass adoption is through institutional investors. Is there still a place for revolution in Bitcoin?  Konstantin Richter: I am a firm believer in the disruptive power of blockchain-based cryptocurrencies, but I also think that the interest of large institutions in the space accelerates the revolutionary impact because it takes crypto to a different scale. It also means that we need to think about building bridges into normalcy. That in itself is a good thing because it will allow more people to participate, and this is something that we ultimately want. The question is about how you ensure that institutions that participate in these networks don’t have any way to control them. The second concern is how you protect the tools associated with these networks. I can only respond to those concerns technically, and that’s why we are building our platform trying to reach a good balance of active public nodes on the network so that institutions can’t just jump on and take it over. But over time, there has to be an institutional-grade performance of these decentralized networks, because you can’t have mass adoption without a really rigorous set of standards and security. It would just probably not work in a practical manner. A good example of that is the Quadriga exchange and what has happened to it. I understand the arguments of Bitcoin people very well, but traditional crypto guys can often be more dangerous than institutions coming into the market. So an open, fair, and transparent market is not what crypto is right now. I also think that a lot needs to happen for the revolution to become a reality, and institutions are one aspect of that. FL: Some people would probably disagree with you on that. For instance, Dr. Adam Back, the man behind some important technological advancements in crypto space, recently said that an additional institutional adoption may not be necessary for the Bitcoin price to reach $300,000 because the current environment is causing more individuals to think about hedging.  Konstantin: I don’t want to speculate on market prices because you can do wash trading and make Bitcoin price go up. I think it’s a misconception of what institutional involvement is. What institutions mean is that entities are functioning within the framework of a government-managed society and there are a lot of solutions for which they will be really important. The valuation of cryptocurrency can be driven by so many different factors, and a lot of them are prone to market manipulation. What I think institutions will offer in time is that individuals are less likely exposed to such experiments. Today we have three or four Bitcoin-centric OG-managed entities that are capable of sending the price up and down 30% at no notice. Ultimately, that is not a good thing. That means that a lot of people are at the mercy of entities that are not managed by anyone and have no proper security. For me, that is not the best possible outcome. FL: Tell us more about yourself, your background, and why you have started to do what you are doing today with Blockdaemon? Konstantin: I have always been interested in technological networks and initially started with wireless networks in Germany, my home country. I worked at Nokia and Deutsche Telekom in the area of mobile payments. I became an entrepreneur about a decade ago, but not because of the money, rather because I wanted to build tech companies and to be my own boss. Perhaps, I was a bit lucky since I took several software companies from inception to some form of success, and I really enjoyed that. In 2012, I became aware of Bitcoin and bought some. Not too much because I was not that rich, but, more importantly, I saw its potential value and the potential to deal with the inequality that is inherent to our democratic capitalist system. And the more I saw financial institutions take over democracy, specifically in the U.S. where I’m living now, the more I realized that the general interest of a normal citizen is not best served by the elected government any longer. And there seems to be no way to change that. It doesn’t matter who you elect, the mechanisms remain the same. In Bitcoin, I saw the value currency coming from the outside of that system that can’t be influenced by politicians. Also, as an immigrant in the U.S., I have always hated the credit-based system where I couldn’t get a loan because I’m not a citizen and don’t have a credit history, where I couldn’t open a bank account or the bank accounts were shut down. I saw that the government can randomly take things off me, I saw that there is no rhyme or reason, or rules that would really work well. By 2017, I knew quite a lot about blockchain, about Bitcoin and other altcoins, I was on advisory boards of several entities that raised substantial amounts of money, and it was clear to me that I want to be an instrumental part of building the blockchain technology infrastructure. I really looked for the right opportunity and was running an Ethereum node to participate and organize token sales. I was surprised to learn how difficult it was to manage an Ethereum node and keep it synced. It seemed to me that there was a need for a technology that would automate this management making things a lot easier for people who are not crypto-experts. That was the genesis block of Blockdaemon, and that’s why I came into this: to democratize the process and enable people to easily run their nodes on different networks and to participate in the consensus. Of course, as a venture-backed company, Blockdaemon has to make money. It needs a growth story and commercial models that work, and that’s a challenge that up to this point we have done successfully. We have hundreds of paying institutional customers, including some big exchanges, custodians, and crypto investors, which probably makes us the largest full node operator in the space. And the important thing is that we see more and more of non-native crypto companies coming into the game. FL: How many Bitcoin full nodes do you run at the moment?  Konstantin: I’d say around a hundred of them, automatically dispersed around the world thanks to cloud hosting solutions like Amazon, Google, Digital Ocean, etc. FL: At the moment, Ethereum is the second cryptocurrency after Bitcoin in terms of market capitalization. However, with the upcoming launch of ETH 2.0, change of the consensus algorithm, and possible issues with the protocol, do you see any particular blockchain replacing Ethereum and possibly even becoming a global Proof-of-Stake protocol?  Konstantin Richter: I agree that Bitcoin is number one and I don’t see that changing. Ethereum is definitely number two so far, but even though we have seen many other projects coming online, most of them don’t even remotely have the same application activity or transaction volume. If ETH 2.0 ever launches, it will still be the biggest PoS network, and I haven’t seen any network that doesn’t have issues. Technically outstanding networks that address interesting use cases could be about mobile payments. Maybe that is because this is the world that I am very familiar with, but projects like Celo and MobileCoin look very intriguing and I really want them to succeed. In fact, I also like the idea of Libra and messenger-centric platforms to bypass traditional financial systems. I think that these types of chains will suck out a lot of value in the space. But that also might be the value that currently sits in the Swift network. FL: The idea that the future is multichain and different blockchains will have to learn to talk to each other is gaining traction these days. Do you agree with that? Konstantin: I do like the idea of interoperability projects with a strong network of validators where you can attach other blockchains. Polkadot looks very interesting technically, there are also other projects doing the same things and I am super curious to see if they can ignite enough interest. We at Blockdaemon back a few of them that we think have a strong shot at success and might attract investors’ money. FL: Staking is often advertised as a way of earning extra income with interest rates being substantially higher than those offered by banks. But is it a viable idea at all? Imagine that an average German pensioner decides to bet on staking, what size of investment do you think it could take to get a return that will guarantee them a minimum income level for survival?  Konstantin: It’s a tricky question. Bitcoin has been around for 10 years and staking is still at very early stages so I think the best way to go is to treat it as a venture investment. If you are a pensioner, I wouldn’t recommend that. Younger people are more prone to taking risks and they probably have more time to wait for when it pays off. If you need reliable money, I think that Bitcoin is the only thing I would recommend my grandfather to invest in. FL: Recently, Germany has effectively given green light to local banks to offer cryptocurrency-related services, including custody and online banking, provided they have a license from the Federal Financial Supervisory Authority (BaFin). What do you think about this move? Konstantin: I certainly wouldn’t put my Bitcoins in custody at any bank because you never know what’s on the government’s mind and whether they might freeze it or not. But at the same time, the question is whether Bitcoin will ever get mature enough to lead to a revolution without a connection to the existing banking infrastructure. Bitcoin needs that traditional legitimacy in order to become large enough and to disrupt and destroy those institutions. Konstantin Richter was interviewed by Andrew Asmakov  The piece was originally published on ForkLog in Russian. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

Binance exchange took off in 2017. In a few months’ time, it became one of the leading platforms by trading volume. By now, it’s got a multitude of new services and clients all over the world. Although, to this day, Binance hasn’t disclosed its legal structure, locations of its offices, and the name of the company responsible for keeping users’ money safe. In May 2020, Unchained’s Laura Shin asked Binance CEO Changpeng “CZ” Zhao about the company’s HQ. CZ replied that not having an HQ is “the beauty of the blockchain” and Bitcoin doesn’t have an office. He added that the company has employees in 50 countries and the office is wherever he sits and meets people. https://twitter.com/laurashin/status/1262737272618790912 When asked about the company’s taxes, Zhao said that they don’t hide anything, although Binance is not a traditional company but rather “just a team working together really well.” In the end, Laura Shin didn’t get the answer and was surprised that CZ avoids this particular topic while talking readily about other things. https://twitter.com/laurashin/status/1258438779502759937 ForkLog looked into what’s known about the thoroughly masked legal structure of the large crypto-exchange. Was There a Move From China? Binance was launched in China in the summer of 2017. By September, the government toughened the crypto-industry regulation and Binance left the country, at least officially. It isn’t known for sure where did the exchange move its headquarters. In October 2017, in an interview with news.bicoin.com, CZ claimed that the platform moved the IP addresses from Hong Kong to the British Virgin Islands and “other locations.” On December 1st, 2017, TechInAsia published an article with CZ’s comments that said that Binance works from Tokyo, both the team and the servers left mainland China a week before the ban, and Zhao has been working on closing the Hong Kong office. Reddit still has logs of conversations on the matter with Binance representatives. There, one of the users asked about the HQ and got a reply saying that the company’s offices are located in Tokyo and Shanghai, but the full addresses are not disclosed for security reasons. Similarly, another user who needed to know Binance’s Hong Kong office address couldn’t get the information because of security reasons. In January 2018, Bloomberg wrote that Binance is located in Hong Kong. In March 2018, the South China Morning Post also mentioned that the company is based in Hong Kong. The litigation between a California venture company Sequoia Capital and Zhao, who won the case, also took place in HK. Hong Kong registry does include a company called Binance (Hong Kong) Limited existing between September 28th, 2017, and September 7th, 2018. Hong Kong is a special administrative region of the People's Republic of China with substantial autonomy. Still, it’s China’s territory. Moreover, the company’s support confirmed the existence of the Shanghai office. In late 2019, The Block reported about a police raid in Binance’s Shanghai office allegedly housing 50 to 100 employees. Initially, Binance denied the fact that the office exists. The company’s support tweeted that it’s all rumors and the platform doesn’t have a “fixed” office in China. Later, CZ hinted that the news about the police raid is made up by competitors and claimed that Binance “hasn’t had an office in Shanghai for more than two years.” Zhao deleted the tweet in question, but the internet remembers. https://twitter.com/cz_binance/status/1197674379477278720 Binance accused The Block of disseminating fake news and CZ threatened the journalists with a lawsuit. As a response, the media published an exhaustive article telling about not one but two Binance offices in Shanghai with photos on the side. Twitter users also found a report from Chinese TV about the closure of the company’s office showing law enforcement getting involved. https://twitter.com/blockjournal/status/1198951837866450946 A month before the alleged raid, CoinDesk also mentioned Binance’s Shanghai office. The platform hasn't disproved it back then. Zhao himself called the idea of having HQ’s and offices obsolete. Nevertheless, in March 2020, CZ announced that the company’s educational division will be getting a new office in Shanghai. Even earlier, in summer 2019, CZ had hoped to open a London office “very soon.” https://twitter.com/cz_binance/status/1197031061399597056 https://twitter.com/cz_binance/status/1243463283140517889 Just recently, Reuters reported that Binance will launch a regulated exchange in the UK at binance.uk. The British companies register has an entry for BINANCE DIGITAL LIMITED stating a Binance employee Wei Zuowen as one of the directors. Changpeng Zhao holds 75% of the shares. The entity was registered on November 29th, 2019. The registry also lists two other companies controlled by Zhao BINANCE EUROPE LTD (established in March 2020) and BINANCE MARKETS LIMITED (established in March 2015). Up until June 10th, 2020, the latter has been called EDDIEUK LTD. Zhao took control of the company on June 8th. In April 2020, Binance registered the address binance.cn with China’s Ministry of Industry and Information Technology. The application was sent by a company called Shanghai Bi Nai Shi Information Technology LLC. Leaving Japan For “Spiritual Headquarters” In Malta The default story floating around in the media says that after leaving China, Binance moved to Japan. According to Bloomberg, in winter 2018, Binance together with other large exchanges from China sought to get licensed in Japan. Zhao’s success story published on Forbes in February 2018 reads that the company leased a small office in Japan. At the same time, Binance was hiring developers and support specialists in Taiwan. A month later, instead of the license, Binance received a warning from Japan’s financial watchdog stating that the company isn’t allowed to operate in the country. CZ denied the fact of the warning and went on to accuse Nikkei, the agency that broke the news first, of irresponsible journalism. https://twitter.com/cz_binance/status/976783934074732544 Later, the platform acknowledged that it has problems with the regulator and announced that it’s going to move the HQ to Malta. After the failure in Japan, the platform turned to the “blockchain island” with favorable laws. Binance was welcomed by the island nation’s prime minister Joseph Muscat himself. https://twitter.com/JosephMuscat_JM/status/977115588614086656 Being a member of the EU, Malta was going to become the base for Binance’s expansion to Europe. In June 108, Binance created a bank account on the island to be able to support the euro and introduce trading pairs with it. The same month, the exchange promised to support the MSX Fintech Accelerator, a development program for fintech startups and entrepreneurs run by Malta Stock Exchange. Shortly after, Binance and MSE signed the memorandum of understanding and agreed to launch a regulated platform for security token trading. In July 2018, Binance purchased a share in a Maltese bank Founders Bank. In October 2019, the exchange ramped up its investment. The goal was to gain access to the infrastructure and offer the full scope of banking services. Since 2018, Founders Bank is waiting to get the European and Maltese banking licenses. The joint project of Binance and MSE hasn’t been launched yet. Joseph Muscat, the main evangelist of the “blockchain island,” got embroiled in a corruption scandal involving the murder of a journalist Daphne Caruana Galizia. In January 2020, he resigned. After that, the authorities’ view on crypto-businesses has changed. A month after Muscat left the seat, Maltese financial watchdog MFSA reiterated that Binance “is not authorized by the MFSA to operate in the cryptocurrency sphere.” This news confused the community. According to the MFSA’s statement, Binance lost interest in the license back in autumn 2019. As it turned out later, dozens of crypto-companies failed to get Maltese license. In response to the news, CZ said that Binance doesn’t have a headquarters and doesn’t operate in Malta. He claimed that the platform is being governed in a “decentralized” manner with the goal to create a DAO in mind. He didn’t explain how it works with a centralized exchange, administration, and the hierarchy of government with CZ at the top. https://twitter.com/cz_binance/status/1230860651200942080 Binance’s chief growth officer Ted Lin shed a bit more light on the matter. He told DeCrypt that the platform has compliance and support specialists in Malta, but there’s no headquarters whatsoever. “It’s the spiritual headquarters,” he said. Malta Business Registry has mentions of companies Binance Marketing Services Ltd (C 85602) and Binance Europe Services Ltd (C 85624). The entities have been registered on the 9th and 10th of April, 2018, respectively, and use the same legal address. Crypto-Fiat Platforms Part of the Binance empire is crypto-fiat exchanges. Since the rules for crypto-business are different in each country, Binance decided to open compliant trading platforms in favorable jurisdictions and make them available to local users only. This allowed the company to open a fiat gateway and launch trading pairs with local national currencies. One of these is Binance Jersey registered on Jersey Island, a British Crown dependency near the coast of Normandy. Available to users from the UK and the EU, the platform supports trading pairs with BTC and ETH against the euro and British pound. Each of these local exchanges has its own legal entity: Binance Uganda—Binance Uganda Limited. Binance Jersey—Binance Jersey Exchange Limited.  Binance Singapore—Binance Asia Services Pte. Limited.  Binance US—BAM Trading Services Inc. Binance LCX—Binance LCX AG (in liquidation status). In early June, Zhao and the founder of LCX Monty Metzger had an argument on Twitter. The conflict suggests that the partnership didn’t go well. CZ called Metzger a scammer who used the Binance brand to deceive others and said they have no partnership ties. Metzger stated that Binance LCX AG is in liquidation status, but the founders still had their obligations before creditors. https://twitter.com/montymetzger/status/1269332623777763328 https://twitter.com/montymetzger/status/1269332626063720455 Binance also has an entity in South Korea called Binance Co. Ltd. In partnership with a fintech startup BxB, it is meant to manage Binance’s support center. For a while, launching crypto-fiat exchanges was all the rage. Binance was going to open up to 10 local platforms. Yet, the platforms that were already up and running failed to attract enough attention. Back then, Binance decided to focus on the main platform. In 2020, CZ promised to add support for 180 new currencies on binance.com. Who Owns Binance.com Website? The least transparent of all are Binance’s ties to offshore jurisdictions. In April 2018, Binance signed a memorandum of understanding with the government of Bermuda. Zhao signed the memorandum on behalf of Binance Holdings Limited. This name has been mentioned in a Bloomberg article from summer 2018. Further on, the media referred to this particular company when writing about the exchange. Moreover, in official press releases, Binance mentions Binance Holdings Limited as the company owning binance.com. According to DeCrypt, Binance Holdings Limited was registered back in 2017 in the Cayman Islands. The company is mentioned in the local registry and has nine trademarks to its name, including logos of the Binance exchange and the Binance Chain project. DeCrypto also pointed out that in 2019, a company called Binance Investments Company was registered in Seychelles, another offshore location. In autumn 2019, Binance announced the acquisition of a crypto-derivative trading platform JEX (JEX Technology Limited) based in Seychelles. The platform was later renamed to Binance JEX. The same month, Binance launched its main crypto-futures trading platform Binance Futures. Where To Sue Binance? Every online service has to put its Terms of Use agreement somewhere on the website. Binance.com has one as well. In the document, there’s a section dedicated to dispute resolution and lawsuits. After the Maltese regulator published its statement in February 2020, Binance removed mentions of Malta from the agreement, namely the part where users should address their claims to в Binance Europe Services Ltd based in Malta. https://twitter.com/lawmaster/status/1231240109741236224 Now, the agreement only says that disputes can be resolved in any court that has jurisdiction over one of the parties. Potential plaintiffs are encouraged to send details to legal@binance.com. Internet Archive has the old version of the document dated February 15th, 2020. It says that disputes go through the Singapore International Arbitration Centre or the Small Claims Tribunals of Singapore. Binance Asia Services Pte. Ltd., the company operating the platform at Binance.sg, is under Singapore jurisdiction. In February, Binance Holdings Limited applied for Singapore’s cryptocurrency operations license but it is not clear whether the exchange has it. Binance refused to comment on the company’s legal structure. List of Companies To summarize, here’s the list of companies affiliated with Binance. It isn’t exhaustive and doesn’t include companies acquired by Binance or those in which Binance has a share. Binance Holdings Limited (the Cayman Islands, has a subsidiary) Binance Investments Company (Seychelles) Binance Co. Limited (South Korea) Binance Europe Services Limited (Malta) Binance Marketing Services Limited (Malta) Shanghai Bi Nai Shi Information Technology LLC (China) Binance (Switzerland) AG (Zug, Switzerland) Binance Digital Limited (UK); Binance Europe Limited (UK); Binance Markets Limited (UK); Moon Tech PTY Limited (Australia, mentioned at card.binance.com); Binance Jersey Exchange Limited (Jersey Island); Binance (Jersey) Limited (Jersey Island); Binance Uganda Limited (Uganda); Binance Asia Services Pte. Limited (Singapore); BAM Trading Services Inc. (U.S., partner company); Binance LCX AG (Liechtenstein, undergoing liquidation). Zhao himself has been called a resident of Taiwan in a recent lawsuit, while the documents of Binance (Switzerland) AG and British companies mention that he has Canadian citizenship. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

For the past few weeks, Bitcoin (BTC) has been in a consolidation range between $9,200 and 9,600 and it is believed that the latter has to be broken before any significant price gains can be achieved. The benchmark cryptocurrency appears to be slowly disentangling its price action from that of stocks, however, some short-term correlation to the traditional equities market remains. This connection was observed on the 15th of June when BTC dropped below the $9,000 mark at the same time when the futures stock market was wrecked with heavy losses. Some market participants worry that Bitcoin’s correlation to the equities market does not bode well for its appeal as being a good store of value or digital gold. However, many others have pointed out that it may be a positive indication considering it depicts that the digital asset is gaining ground by an increase in its representation across several traditional markets. The CEO of Blockware solutions, Matt D’Souza, recently expressed this point in a Twitter thread where he cited multiple Bitcoin correlations to Gold, FX, and equities markets. https://twitter.com/mjdsouza2/status/1272678050023591937 D’Souza opines that Bitcoin’s short-term correlation to major markets illustrates the cryptocurrency’s investment utility in hedging against market volatility. Another D’Souza’s message also explains the different use cases of Bitcoin that make it a “feature for every portfolio.” https://twitter.com/mjdsouza2/status/1272678053236412416 Irrespective of whether the short-term correlation is viewed as an advantage or disadvantage, worries over volatility in the stock markets remain as the Covid-19 pandemic continues to cause upheaval across global economies. Considering that Bitcoin is susceptible to long squeezes which could sometimes induce extreme liquidity like the one seen in Black Thursday (March 12), investors worry that an accentuated decline in the stock markets could ignite another drastic sell-off in the cryptocurrency market. On Aggregate, BTC Investors are Profitable As the global economy continues to recover, the prospects for a stabilized equities market is becoming increasingly possible. Also, worth mentioning is that the majority of cryptocurrency investors are still profiting from their Bitcoin positions. Based on a survey by Glassnode, 79% of BTC holders are profitable. This result was derived from a price metric that monitors the average buy price of BTC in a wallet at the time they were acquired to determine if the holder is in profit or not. Some concerns have been raised as to whether these investors are likely to dump their holdings to recover losses in traditional markets. D’Souza explained that this was possible but that they are more inclined to stay with assets that make them money, stating that this was basic ‘human psychology.’ Bitcoin’s Maturation Another metric that attempts to reveal a general break-even price for Bitcoin is the aggregate cost basis. This metric indicates that the aggregate break-even price of Bitcoin is at the $5,776 mark and that BTC holders, on average, are profiting by 61% from buying Bitcoin. Ryan Watkins, a research analyst at Messari, recently tweeted that this metric can provide significant insight into potential investor behavior. Although these metrics are imperfect, they paint a very good picture of how Bitcoin holders feel about their investment and investor sentiment, both in the cryptocurrency market and traditional markets, which is a very powerful force. Each metric provides deep insight into Bitcoin and illustrates that as more and more investors from other sectors troop into Bitcoin, the cryptocurrency will keep maturing as an asset class. Written by Azeez Mustapha, Forex strategist and funds manager DISCLAIMER. This piece reflects the author’s opinion and does not necessarily coincide with that of forklog.media’s editorial board. The text presented herein is not and shall not be construed as investment advice or an endorsement to make an investment. The author or the editorial board of forklog.media cannot be held responsible or liable for any decisions and/or their consequences arising from this text. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

As of May 2020, Google's Chrome Web Store has reportedly been hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions. The attacks were discovered by cybersecurity firm Awake Security that claimed a single Internet Domain Registrar: CommuniGal Communication Ltd, or GalComm, facilitated the criminal activities. The firm explained in a dedicated report: "GalComm has enabled malicious activity that has been found across more than a hundred networks we’ve examined. Furthermore – the malicious activity has been able to stay hidden by bypassing multiple layers of security controls, even in sophisticated organizations with significant investments in cybersecurity." 32,962,951 Downloads of Malicious Extensions There are 26,079 reachable domains registered through GalComm, with over 15,000 domains being malicious or suspicious, according to the report. Over the past three months, the researchers found 111 malicious or fake Chrome extensions using GalComm domains for threat actor command and control infrastructure. Once downloaded, those extensions can collect credential tokens stored in cookies or parameters, passwords, take screenshots, and read the clipboard. As of May 2020, Awake Security detected 32,962,951 downloads of malicious extensions in question. Moreover, the firm said that the extensions’ developers supplied false contact information when they submitted the add-ons to Google. Also, the extensions were designed so they could skirt detection by antivirus companies or security software. Google ostensibly removed 70 of the malicious extensions from the Chrome Web Store. In correspondence with Reuters, GalComm owner, Moshe Fogel, argued that “GalСomm is not involved, and not in complicity with any malicious activity whatsoever. You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.” Cyber Attacks Grow in Number The number of cyber-attacks has indeed skyrocketed during the time of social unrest. In late May, researchers from cybersecurity firm ESET detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users. Threat actors also began exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan. The global admiration for Zoom has brought about bad actors taking advantage of it and developing new ways to infect users’ computer systems. Once downloaded and installed, one of the malicious files that mimic the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The social crisis that is now afflicting the whole world has exacerbated the issue of racial inequality and voiced concerns about the difference in how ethnic minorities are perceived. While thousands of people have taken to the streets protesting against racial discrimination and calling for racial justice, the technology world has responded to the problem in its own way. The tech industry stakeholders have taken an effort to raise public awareness about the problem of discrimination and racism and encouraged more willingness on the part of companies and communities to address this issue on their end. Thus, tech giant IBM will no longer develop and sell facial recognition software for mass surveillance. The firm questioned its facial recognition tech’s accuracy of face-scanning software in terms of race and gender. Amazon’s face recognition tech Rekognition will not be available to use by law enforcement, as well, for similar reasons. Given the racial bias issues associated with law enforcement, the flaws of face recognition tech apparently have great potential to cause harm and ultimately widen the gap between police forces and the communities they ought to protect. When it comes to the technology world, some experts claim that the diversity of the technical community is already a problem, with the digital tech community having a problem with monoculture. Even the language used by tech professionals ostensibly reinforces negative stereotypes and boosts intolerance. This is reflected in technical documentation—which is supposed to reach a wide audience of readers—in the form of arguably oppressive terminology like “master/slave,” “whitelist/blacklist,” and others. Notably, the usage of the aforementioned terminology by tech communities is gradually being eliminated as they have begun setting new standards and implementing alternative terms to avoid negative connotations. Actions Taken by Tech Projects Just recently, an array of companies and organizations have abolished the use of potentially offensive terms in their internal processes. Matt Ahrens, the co-creator of the ZFS file system has requested to “remove unnecessary references to slavery” from the OpenZFS database. OpenZFS is an open-source storage platform that claims to protect against data corruption, efficient data compression, and high storage capacity, among other things. In his post on GitHub, Ahrens pointed out that “the horrible effects of human slavery continue to impact society. The casual use of the term ‘slave’ in computer software is an unnecessary reference to a painful human experience.” Thus, references to “slave” are now replaced with “dependents.” GitHub CEO Nat Friedman has not stood by idly and also said the project would replace the terms “whitelist” and “blacklist” and “master” and “slave” with “main,” “default,” “primary,” and “secondary.”  “An easy fix would be to replace our use of whitelist with allowlist and blacklist with denylist,” the announcement further read. Previously, projects such as Python, CouchDB, Salt, MediaWiki, and Redis abandoned the terms “master” and “slave.” Addressing the issue to the community, a Python developer Victor Stinner stated: “For diversity reasons, it would be nice to try to avoid ‘master’ and ‘slave’ terminology which can be associated with slavery.” Drupal introduced the terms “primary” and “replica” instead of “master” and “slave.” Django replaced the aforementioned terms with “leader” and “follower.” Developers behind Google Chrome and Chromium began avoiding the terms “blacklist” and “whitelist” in a move against all forms of racism. Now, the project will use the terms “blocklist” and “allowlist.” Last October, Google Chrome even released guidance on “racially neutral” code, where it said: “Terms such as ‘blacklist’ and ‘whitelist’ reinforce the notion that black [equals] bad and white [equals] good. That Word Black, by Langston Hughes, illustrates this problem in a lighthearted, if somewhat pointed way. These terms can usually be replaced by ‘blocklist’ and ‘allowlist’ without changing their meanings, but particular instances may need other replacements.” Moreover, the United Kingdom National Cyber Security Centre said it would use the terms “allow list” and “deny list.” Commenting on the matter, Emma W., Head of Advice and Guidance at the agency, stated: "It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cybersecurity. However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this.” Reaction from the Community The move taken by the tech industry players has sparked mixed reactions from the community, with some of its members arguing that “the meaning of a word is defined by its use, by the context.” Being surprised by the changes, one commentator drew an analogy to the red color and communism, saying: “For example, your avatar is red. Red, like communism. You should use black and white colors. Oh no, that's linked to racism too. Well. Let's remove colors, too, then?” “As a black guy, none of these terms coming from IT are offensive. I just think this is the Go team being to be progressive. I’m not for or against it nor offended. They control the direction of the project. I would have liked to see a poll or vote. Glad to see no one said ‘I’m going to stop using Go’ because of this,” a redditor said, in a discussion of Go removing all uses of blacklist/whitelist and master/slave. In the comments to the same discussion, another redditor stated: “I can see why it’s an unfortunate name, and perhaps we should distance ourselves from it, but are people actually offended by blacklist/whitelist? As far as I know, these terms had nothing to do with race originally.” Some welcomed the changes and noted that they could facilitate better inclusiveness. Commenting on the changes implemented by Django, one user said: “Thanks, Django for making this important change to be more welcoming and inclusive to more members of the tech community. <3” To the announcement about Drupal replacing "master/slave" terminology with "primary/replica," one developer supported the idea of removing a barrier to inclusiveness, stipulating: “This is not even about being ‘politically correct,’ this is about being terminologically more accurate. And if you can make a change that also removes loaded meaning which makes a large number of people uneasy, thereby removing a barrier to inclusiveness, you really should get behind it.” “And the blacklist, graylist, whitelist. I don't mind the change, it doesn't bother me as long as this doesn't become a racial issue and that I have to go and refactor every code that I have ever written, and introduce new bugs in the process. I hope the next generation is smart enough not to call us the old racist generation and see this for what this is,” a redditor said in a Go-related discussion. What Experts Say Debates of whether the “black” and “white” part of a term implies any racial connotation have indeed increased challenging linguistics, sociology, and other experts to provide the public with more consistent explanations. Some of them share a radical position on the issue, with Ossie Davis, the author of The English Language is My Enemy, once noting: “The word WHITENESS has 134 synonyms; 44 of which are favorable and pleasing to contemplate. Only ten synonyms for WHITENESS appear to me have negative implications—and these only in the mildest sense. “The word BLACKNESS has 120 synonyms, 60 of which are distinctly unfavorable, and none of them even mildly positive.” In their paper dubbed ‘Blacklists’ and ‘whitelists’: a salutary warning concerning the prevalence of racist language in discussions of predatory publishing, academics Frank Houghton and Sharon Houghton from Limerick, Ireland, stipulated: “It is also interesting to observe that although the term ‘blacklist’ is pervasive throughout the predatory publishing literature, equally racist terms such as ‘black sheep’ and ‘black market’ are also frequently used in relation to predatory publishers. The term ‘black’ in this context implies disreputable, shamed, illicit, or outcast. Such terminology not only reflects racist culture, but also serves to reinforce, legitimize, and perpetuate it.” Authors of Terminology, Power and Oppressive Language also pushed for the adoption of more accurate alternative terms like “primary-secondary,” “leader-follower” and “active-standby,” among others. “While master-slave might seem like a more egregious example of racism, white-black is arguably worse because it is more pervasive and therefore more sinister,” the document explained. Commenting on the matter, Simon Lancaster, a British professional speechwriter, told forklog.media: “Much of our language was conceived and developed during eras of widespread racism and misogyny so it’s not surprising to find such views can still be found in many apparently innocuous, everyday phrases and ideas.  Language always naturally evolves anyway. Things that were acceptable when I was growing up in the 70s are not acceptable today and the world’s a better place for that. As attitudes change, so too does language—these companies are just giving it a little nudge along and good for them. Where language locks in prejudice and causes offense it is right that this is removed.  Tech is an inherently radical and progressive sector so it’s not surprising they’re taking such a pioneering and bold approach to language. Steps like this could eventually lead to much wider changes in attitudes across society.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

North Korea has thousands of government-backed hackers trained to steal money and valuable information, disrupt infrastructure, and harass the ruling party’s targets, vice president for international security and diplomacy at the Asia Society Policy Institute Daniel Russel told Business Insider. In this piece, we highlight the key points from the interview and recollect some of the big attacks on cryptocurrency exchanges that were traced back to North Korean hackers. “This Is Not Hacking; This Is Cyber Warfare” According to Daniel Russel, the North Korean cyberwarfare effort goes back to at least 2010. The country has been raising an “elite cyber force” under control of the Korean People's Army and the Reconnaissance General Bureau, the country’s military and secret service. With an estimated force of around 7,000 people, the hacker army is likely to be a serious threat. “Cyberweapons kind of level the playing field for North Korea in a way that nukes can't,” Russel told Business Insider, “Cyberwarfare has a very different risk-return calculation. It's a low-cost, asymmetric, relatively speaking, low-risk weapon system. And the US is the most vulnerable country on planet Earth to disruptive cyberattacks.” He noted that a hefty part of the infrastructure in the U.S. was built in the “pre-digital era” and eventually retrofitted with internet linkage lacking appropriate cybersecurity safeguards. Unfortunately, it’s not easy to get the country’s dams and railroads up to date. “Something like 80% of America's critical infrastructure is privately owned. Who's going to pay to upgrade the power plant? Who's going to pay to upgrade the air traffic control systems? Who's going to pay to upgrade the rail systems, the cellphone network? Good luck getting these private companies to sell their shareholders on investing billions of dollars in upgrades,” Russel said. As the world embraces IoT technologies and 5G networks, the opportunities for high-level hackers are only getting wider. To make matters worse, North Korean specialists work from outside their isolated homeland using nearby countries like Russia, China, and India as platforms for launching cyberattacks. “That makes it very hard to get a definitive attribution that the attack originated in North Korea and raises the risk that China or Russia will get the blame. It also makes it harder for services in countries like the US to retaliate because you're running the risk of retaliating against China or Russia for something that's actually masterminded and executed by the North Koreans,” the expert explained. Since North Korea is effectively cut off from the rest of the internet, the government can control the flow of information both into and from the heavily censored domestic intranet system. This is another factor that makes tracing the attacks back to their source harder. On the bright side, there are organizations that have the expertise and technology necessary to follow whatever few leads those government hackers may have left. “People who are real experts, Mandiant, FireEye, or CrowdStrike, or for that matter the CIA or the NIS, South Korea's intelligence service, have a very sophisticated ability to conduct forensic detective work in the cyber realm. In many cases, they can identify patterns, code, servers, and the like to trace things back to North Korea.” According to Daniel Russel, there are three types of “projects” North Korean hackers undertake. The straightforward one is spying and stealing state secrets, like when they stole thousands of defense papers from South Koreans back in 2016. “North Korea is also believed to have stolen a PowerPoint summary of the US military's top-secret operation plan, called Op Plan 5027, which is the war plan for the United States,” Russel said. Another is harassment and retaliation cyberattacks. The well-known example here, he noted, is the 2014 Sony Pictures hack when allegedly North Korean specialists leaked the company’s and its employees’ confidential data demanding to withdraw The Interview. And then there’s cyber theft: “Cyber theft effectively neutralizes UN and U.S. sanctions against North Korea. If North Korea is denied a billion dollars in the sale of coal and iron and mushrooms, but it can go out and steal a billion dollars, then sanctions are not going to have the intended effect.” This is another aspect where innovation plays in favor of the isolated South-East Asian country. Cryptocurrencies turned out to be of particular use for them. Stolen Bitcoins Funding Outcast Regime The notorious WannaCry 2.0 ransomware that locked computers in over 150 countries and demanded $300 in Bitcoin as ransom back in 2017 is one of the projects attributed to the North Korean hackers. In fact, cryptocurrency-centered cybercrime on their part is one of the key points of the Guidance on the North Korean Cyber Threat advisory paper issued in April 2020 by the U.S. government agencies. “Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities—including cybercrime—to generate revenue for its weapons of mass destruction and ballistic missile programs,” the document warns. The paper also mentions cases of cryptojacking, a method that involves hijacking a remote device to use it’s processing power to mine cryptocurrencies. According to the UN Security Council 1718 Committee Panel of Experts’ 2019 mid-term report, there were several incidents in which infected computers mined private coins and sent them to servers located in North Korea. Apparently, Monero was the hackers’ main coin of choice. Interestingly, in January 2020, an Ethereum developer was charged with one count of conspiracy to violate the International Emergency Economic Powers Act after he allegedly visited a crypto-conference backed by the North Korean government and shared his expertise in blockchain and cryptocurrencies. Just recently, in March 2020, two Chinese nationals were charged with laundering $100 million in cryptocurrency. The money reportedly originates from a 2018 crypto-exchange hack and is part of the total $250 million stolen. “This indictment makes clear that the money these people laundered was part of a $250 million theft by North Korea in a cyberattack on a global cryptocurrency exchange. So this isn't just imaginary stuff,” Daniel Russel stressed. The official Department of Justice release also notes that the case is tied to the theft of around $48.5 million from a South Korean crypto-exchange. In both cases, the actors backed by North Korea have allegedly laundered the funds through multiple automated transactions and used fake identification documents to pass the platforms’ KYC measures. “The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system,” U.S. Attorney Timothy J. Shea of the District of Columbia said via the official release. Given that the stolen coins eventually fund North Korea’s cyberwarfare infrastructure, not to mention the actual warfare infrastructure and weapons of mass destruction, the threat to the global financial system is but a part of the deal. Ultimately, this is the other side of the coveted financial freedom associated with cryptocurrencies. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.  

As the civil protests in the U.S. continue, the Project on Government Oversight (POGO) reported that a military-class drone was surveilling the protesters in Minneapolis in late May. The drone was operated by Customs and Border Protection (CBP) and flew at the altitude of 6 km (20,000 ft) in a hexagonal shape. Notably, the Minneapolis downtown that was under drone surveillance is outside of the area where CBP is authorized to operate. For now, it is still unclear which agency has authorized the operation. Inside the Drone The POGO also reported that the drone designated Predator B was equipped with electro-optical infrared cameras, landscape-change hi-res scanners, and a radio system. Still, the watchdog noted that while the equipment above is a standard package, the drone can also be equipped with devices that geolocate cell-phones. Martin Shelton of Freedom of Press Foundation also noted that “it’s likely that some of these planes are outfitted with a Dirtbox or a similar technology,” which is designed to intercept calls and messages, as well as identify phone numbers. While there is no evidence that such devices have actually been used, there are reasonable concerns that their security is not sufficient. Data Protection and Privacy Are Not on the Table “The agency has failed to safeguard surveillance video and photographic data collected through this drone program, leaving the data exposed for potential abuse,” the situation analysis from the POGO reads.  This view is echoed by an earlier report titled Protecting Privacy, Civil Rights, and Civil Liberties in Unmanned Aircraft Systems Programs by the Department of Homeland Security. In 2015, the department advised against collecting or retaining data gathered by drones “ solely for the purpose of monitoring activities protected by the U.S. Constitution.” Three years later, though, the general inspector of the Homeland Security stated that CBP “has not ensured effective safeguards for surveillance information, such as images and video, collected on and transmitted from its unmanned aerial systems.” Meanwhile, CBP acknowledged that they have been flying the drone saying that it was used to provide assistance to ground law enforcement “giving them situational awareness, maximizing public safety, while minimizing the threat to personnel and assets.” CBP was not the sole agency to use the aid of unmanned aerial vehicles, though. The Associated Press reports suggest that the FBI and some other federal law enforcement agencies fly surveillance planes over American cities that are technically owned by front companies with confusing ownership. The House Reacts The news prompted certain U.S. lawmakers to voice their protest and request greater accountability from the government. https://twitter.com/aoc/status/1266422625032642563?s=21 On top of that, CBP received letters from the House Committee on Homeland Security and the House Committee on Oversight and Reform that requested the agency to provide details as to the employment of the drone. Echoing those concerns is the statement from Andrea Flores, deputy director of immigration policy at the American Civil Liberties Union, where she said: “CBP shouldn’t be flying drones over American cities, period, especially given the agency’s lack of existing privacy protections and the impact that the use of military technology will have on First Amendment rights.” Meanwhile in China Using drones to surveil people is not novel, though. China has been known for using the drones and other remotely-controlled flying devices on a mass scale for years. Some of those drones, to an astonishing proof of an urban legend, were actually disguised as birds. China uses drones to track down minorities like Uyghur Muslims or fugitives, as well as control traffic and monitor students during entrance exams to prevent cheating. Just as in the U.S., China also employs drones to maintain control over the border and trace illegal crossings. During the coronavirus outbreak, the number of drones over Chinese cities and rural areas has increased dramatically. Some of them are used not just for surveillance but also for public announcements. Certain reports, like that of the South China Morning Post, suggest that drones are also used for the facilitation of medical inspections. That being said, the role of unmanned aerial vehicles has become much greater in civil life over the past few years. This raises the question of government accountability on top of the more obvious one on maintaining the privacy of personal lives. The answers to those questions are unfortunately yet to be found. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Emin Gün Sirer, associate professor of computer science at Cornell University and an early proponent of Bitcoin, is known as the creator of several important scaling solutions, including Bitcoin-NG. Having spent almost two decades in the field of crypto research, today he is the CEO of AVA Labs, the venture-backed company behind an open-source platform for launching decentralized finance solutions. In recent years, Emin Gün Sirer has also been openly sympathetic to Bitcoin Cash, the altcoin project launched in August 2017 as a Bitcoin hard fork. Something that made him an obvious target for the hardcore Bitcoin maximalists. In an interview with ForkLog’s Andrew Asmakov, Emin Gün Sirer shares his vision on the future of the crypto industry and explains how the infamous Bitcoin block size wars eventually took him to AVA, the project he calls the future of blockchain. As of June 16, 2020, the AVA blockchain incentivized testnet has come to an end: https://twitter.com/avalabsofficial/status/1272935274713137152 ForkLog: Before AVA, you have been experimenting with different Bitcoin scaling solutions, including Bitcoin-NG and TeeChain. Where are these projects now? Have they actually spurred you to start working on what you are doing today? Emin Gün Sirer: Let me give you a bigger picture. I am a professor at Cornell, and I have been working on cryptocurrencies for about 19 years now, so my interest in the space predates Satoshi. In 2002, before Bitcoin came along, I had already worked on Proof-of-Work and that work on minting cryptocurrencies with PoW is very well cited among the academics. I didn’t pursue it because I was told by other professors that I would not be able to find funding for it, and they were right as the timing, right after 9/11, was not very good. Satoshi came after me and his timing was perfect. His vision was bigger than mine and he had the breakthrough, something that my system called Karma didn’t have. https://twitter.com/el33th4xor/status/992013079855730688 After that I have discovered a way to mine more profitably than Bitcoin itself, it’s called selfish mining. I also worked on coin security, I invented Bitcoin Vaults, and they have just been implemented on the Bitcoin chain, finding its way into production. And I did Bitcoin-NG, which is now used in at least five different chains, including Waves and Aeternity. After that, I worked on Teechan and Teechain, these are layer-two protocols for moving value very fast and more secure than Lightning Network. And while I think that layer-two solutions are interesting, they tend to be more limited in capacity. The Avalanche protocol represents the best of what I know, combining features from different projects and the lessons learned, pulling it all together in a new and very fresh approach to creating a value proposition. FL: What made the concept of selfish mining so necessary? Emin: Over time, I realized that having miners was a terrible idea. Miners represent a class of participants whose interests are not aligned with anyone else’s. In the Bitcoin block size wars, their role was very confusing and created a lot of stress and controversy. Mining is an inherently centralized game and is out of scope for many regular participants. If I act on my own, I can’t possibly start a competitive mining operation because it requires a capital investment beyond what most people can afford, it involves access to mining rigs and cheap electricity. So I decided that mining was not the right direction. FL: Apart from getting rid of PoW mining, what are other fundamentals of a successful blockchain project? Emin: Decentralization, this is a very important thing to me. I watched many other people trying to make trade-offs and giving up on decentralization, but there’s nothing interesting in achieving coin performance by centralizing it. Security is another thing that is paramount to this. It is essential that any new coin comes with a security proof. It’s not about someone just putting certain things together and saying “Oh, this is great!” The protocol security has to be proven in the correct way, and we at AVA have spent a lot of energy on ensuring that we have a secure and trusted foundation for other people to issue assets on. FL: For quite a long time you have been a vocal critic of certain Bitcoin scaling solutions, including SegWit, and it was specifically interesting to find one of your earlier statements where you call yourself ‘the grandfather’ of UASF (User-activated soft fork). Do you think it would be possible to avoid all that drama that the crypto space was engulfed in 2017 with things like UASF, SegWit, and SegWit2x on the table and making the waves at round tables and on social media?  Emin: I really once called myself the grandfather of UASF meaning that regular users should be able to reject changes to the protocol proposed by miners, and that’s one of the nice properties of Bitcoin. I very much feel bad about everything that transpired during the block size debate. I did criticize things, but I always tried to side with science. For that reason, I felt that one of the sides was bending the truth and saying things that were not scientifically correct in order to affect a particular change to the protocol. They wanted to introduce that SegWit modification and certain economic subsidies and they weren’t honest with their users on that. Neither were they honest about the limitations of the Lightning Network, and it’s only now that people are starting to realize that Lightning Network is limited in capacity. These are the things that I have called out many years ago. This doesn’t mean that the LN’s approach is bad, it’s just about being honest. And, certainly, it’s not the case that Bitcoin is bad, Bitcoin is still Bitcoin and it’s impossible to read the white paper and not to fall in love with it. As for the whole block size debate, it took a lot of energy from the system and the entire cause of cryptocurrencies was stopped. If you ask me where we are today, I think that both Bitcoin and Bitcoin Cash are trying to do something that is really difficult. I mean the competition with sovereign fiat currencies. They are trying to outdo the dollar, the Euro, and the Ruble, but that’s not easy. I hope they succeed and get to where they want to get to, but there’s a bigger game in town. There’s much more value in other assets that are non-monetary assets, that are not sovereign fiat money. You can ink a much more useful system that has many use cases and doesn’t compete with the fiat use case. That’s one of the directions where AVA is heading. The other thing is that all these systems are limited by the consensus protocol they use, so they can never outdo fiat due to the lack of scale. AVA has the scale necessary to tackle the fiat use case but it’s not even trying to do that! Its actual goal is to tackle other assets issued on blockchain to facilitate the transfer of financial instruments across the globe in a censorship-free manner. FL: Back in 2018, I spoke to Erik Voorhees and he was quite sincere in trying to convince me that SegWit2x was not about the interests of large enterprises but rather the broader Bitcoin community. He hasn’t really convinced me to be honest, and I am still thinking a lot about different groups chasing their own interests and how all that split the space.  Emin: This is a very hard question and to find the answer we probably need more time to sit down with beers and discuss that. SegWit2x was a compromise solution that tried to incorporate block size ideas from both sides and change the protocol to add the SegWit complexity. To me, it represented a terrible technical approach. It was a very good thing to try to find the middle ground and to unify the community, but technically speaking, it was too complex and it was not the block size increase that would be big enough. I was confident that it wouldn’t succeed and I wasn’t surprised when it didn’t succeed. I wasn’t a SegWit2x proponent at any time. I like intellectually pure solutions and that’s why I like Bitcoin Cash. It has clearly defined what it wants to do. I like what Bitcoin is trying to do as well, but I was a little worried that the idea of SegWit was presented in a dishonest manner. The main problem was about the governance since developers were pushing for a change out of hand. I was not a big fan of their arguments because they were not based on proper science. FL: You have not only been heavily trolled by hardcore Bitcoin maximalists because of your views on SegWit, but you also claimed there was a Bitcoin Core troll factory. Is this all over now? Emin: Yes, I was trolled, but that’s alright. In the end, science is the way of validating the truth. So what we see today is that Lightning is limited in capacity and we also have some privacy issues associated with that, so it is playing out exactly the way I said it would. It’s an interesting space, and I expect everybody to have good motives. I want to believe that everyone in the industry is trying to do what they think is the proper way to advance crypto. What I judge people by is how they achieve their goals, what’s the process, whether they think that it’s ok to use methods that deceit people. I don’t like people who do that. I saw more of that from one side than from the other, but it’s all under the bridge now. Bitcoin has its own path, it is trying to compete with the dollar as the store of value, and it’s proponents don’t want it to be used for anything else. In fact, a while ago I had a meeting with Adam Back and Peter Wullie in Malta, and they told me: “Look, we could have made blocks a little bigger, but it wouldn’t take us anywhere. We will never be competing with Visa anyway.” And that was the moment when I realized they were absolutely right about that. Bitcoin can’t compete with Visa just by making the blocks bigger. And that also was one of the big things that gave rise to my efforts to bring AVA to the world, because we need a drastically better protocol to compete with Visa. FL: Speaking about AVA, what makes it different from other blockchains and how exactly do you plan to win the competition over other existing projects? Emin: There are three differentiators for AVA that all together sum up to one big value proposition. Number one is the consensus protocol. Deep at the heart of AVA, lies a brand new style of consensus protocol which is as much of a breakthrough as Satoshi Nakamoto’s whitepaper was. It allows AVA to be much faster and to achieve finality in one second. It supports more transactions per second than Visa without compromising decentralization. The amazing thing is that the network itself is more decentralized than Bitcoin. It doesn’t involve Lightning and is still more efficient, anyone can participate and collect rewards. This is what makes AVA unique, and while a lot of people make similar noises, if you look behind the covers you see that they all use old technologies. AVA innovated substantially in this space. The big step forward and the thing that allows it to be so fast is this new consensus protocol which is a substantial scientific improvement. The second differentiator is the network model. All other coins have copied their network model from Satoshi. They have one coin network with one virtual machine (VM), while we are building a platform for other people to issue digital assets on. There’s going to be the AVA coin underneath and there will be many other coins on top of it. Each of these coins can introduce its own VM, and people can also define who gets to be inside the network. This a hybrid model that allows one to send the network from fully permissionless to fully permissioned. This is great for large corporations and enterprises as it allows them to do legally compliant coin offers. You can create a coin and control its behavior inside the network as well as the behavior of all the participants. The third and final differentiator is the governance model where the participants determine key parameters of the network. They can’t change certain characteristics, for example, the number of coins issued, since each coin has a hard cap, but they can change the way of approaching the hard cap. They can reduce the minting rate if the issuance rate is too high, or to increase the minting rate if they want to incentivize people. All of this is in the hands of the stakeholders. In essence, what you build is a central bank with the participants running the network around it. FL: Is this correct to say that AVA also falls into the category of DeFi projects? Emin: Yes, AVA is very much designed to facilitate DeFi in multiple ways. Number one is the support of smart contracts programming language. AVA supports the Ethereum Virtual Machine, but we also plan to support WebAssembly which would make us the only platform to support both. This will allow people to create smart contracts in any language they like. The second thing is that we allow people to issue top-class assets on top of AVA and the system is aware of them. The big problem with Ethereum is that assets might have a value that exceeds that of the network and the participants can’t extract that value. In contrast, in AVA all the participants know the assets they support and have a way of extracting transaction fees from these assets. In simple terms, I can create a new asset, for example, a real estate token, I can define who gets to validate it, and those validators can demand fees that will be reasonable for the real estate sector, even hundreds of dollars. This is what only AVA offers. In Ethereum, miners can’t extract fees that are in line with the assets. FL: If there was no Bitcoin Cash hard fork in August 2017, everyone is in total agreement, and Bitcoin gets a block size increase, where would we be today?  Emin: I don’t think it would be very different even if the community had remained united. Bitcoin would still be limited in its capacity, it wouldn’t be able to compete with fiat for payments, it’s just not possible with its protocol. Ethereum with its ICO’s would have still taken off and its problem would have remained the same, so we would be exactly where we are today. The technology we had was not sufficient to meet the people’s demand. And what happens when the technology is limited and can’t scale is that you get different groups. People want to get a better design and go in different directions, and if they can’t agree on the direction they splinter. That’s a natural thing. But when you come into the space with something that is three orders of magnitude faster, then it changes the whole game. FL: What will the crypto industry look like in 5–10 years? Emin: If we speak about this timeframe, I expect the vast majority of financial assets to be traded on digital decentralized platforms. This influences fiat currencies and all other assets that we are familiar with: stocks, bonds, and more complex financial instruments. I expect this to be happening on secure trustworthy exchanges. The exchanges that we have today are neither secure nor trustworthy. We will see the blockchain technology, the byzantine tolerant protocols substantially disrupting and transforming the finance space. Everything that we know today, things like titles, credentials, or diplomas, they all will be in blockchain form, and what we are doing is laying the foundation for such a system. A foundation that can support all these kinds of digital assets in a unified fashion. That’s our vision and our goal. Emin Gün Sirer was interviewed by Andrew Asmakov Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

In early March of 2020, the US Senate introduced the draft of the notorious EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act. EARN IT is a bipartisan effort. On the surface, the bill’s goal is to create tools to effectively combat the sexual exploitation of children on the internet, including child pornography and child trafficking ads. But many believe the bill violates the freedom of speech and could be weaponized by Trump in his recent spat with certain social media platforms that actively work to undermine him. Even the Human Rights Watch urged the Senate to reject the bill. While these rules only apply in the United States, it is the United States where the most popular online platforms are incorporated, and the U.S. market is key to most social media platforms and instant messengers. Changes in U.S. law can have a real and lasting impact on the situation in the industry and on users around the world. In this article, we explore the connection between the anti-CP law and allegations of censorship and an attack on data encryption. EARN IT Act in a Nutshell The current version of the 1997 Communications Decency Act states that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” This means that online social media platforms, like Twitter, Facebook, or YouTube, are not responsible for content published by users, provided that the platform itself was not directly involved in the creation or publication of such content. Yet there are exceptions when the above exemption does not apply—when it comes to gross violations of user privacy, intellectual property laws, human trafficking, and some other criminal acts. This means that would a platform, for example, be used by a third party to promote/facilitate prostitution, the platform’s owner may still be liable. The EARN IT Act emphasizes another exception when online platforms can be held liable for user-posted content—sexual exploitation and abuse of children. The Act also introduces the so-called “safe harbor”, which allows the platform to get an exemption from liability if it has complied with “best practices.” Best practices are a yet-hypothetical set of rules designed to combat the distribution of CP content that has not been developed so far. In an obvious play on words, this means that platforms will have to “earn” immunity from liability. To do this, the platform will have to fulfill all the requirements described in the best practices, which will likely entail being audited by the Attorney General’s office. Does It Really Mean More Censorship? Not really. No additional bans on any type of content are being introduced, as child pornography is already very much illegal. That being said, it is a clear power move by the state which has long tried to establish more control over corporate social media giants even before Trump’s media wars. Censorship is already flourishing on those platforms. And current “best practices” already exist and are devised by the corporate elite and often are much more stringent than what the actual U.S. laws require. The Communication Decency Act protections were the obvious line of attack here as these protections are a privilege rather than a right and it is easier to justify their revocation if the recipient is no longer deemed eligible to enjoy them. Yet public concerns are definitely justified as this law is seen by many as a slippery slope that might lead to the adoption of more stringent restrictions in the future. It’s Encryption That Is Actually Under Attack The text of the act contains section 9, which states that “nothing in this Act or the amendments made by this Act shall be construed to require a provider of an interactive computer service to search, screen, or scan for instances of online child sexual exploitation.” But even so, some experts believe that best practices can actually force platforms to find ways to provide such screening to avoid liability. “Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether,” Lily Hay Newman wrote for Wired. Although the bill itself does not actually mention backdoors and encryption, the best practices that will be approved after its adoption may require online platforms to provide backdoors and other mechanisms to allow on-demand access to user correspondence as well as tools to decrypt encrypted data. This poses a real risk that the best practices may enable government agencies to force platforms to relent access to all kinds of users’ private and encrypted data on the premise of protecting children against exploitation. “Provisions of the EARN IT Act threaten access to encryption, which is a secure technology that keeps people safe and protects rights in the digital age. Once one government enjoys special access, so too will rights-abusing governments and criminal hackers,” noted Human Rights Watch in their open letter to the Senate.  On top of that, the associate director of surveillance and cybersecurity at Stanford’s Center for Internet and Society Riana Pfefferkorn claimed that the bill is “potentially unconstitutional under the First, Fourth, and Fifth Amendments.” Meanwhile, tech giants have intensified their lobbying activities and are taking decisive action against the adoption of the act. For example, the popular Signal messenger, whose reputation and market position is largely based on the protection of user data and privacy has threatened to flee the U.S. if the law passes. How Do Similar Laws in Other Countries Work? In Putin’s Russia, regulation of the internet is usually connected with fighting extremism, rather than human rights abuse. Such was the so-called “Yarovaya’s law” introduced in 2018 as an anti-terrorist measure. Among the many provisions of the law, the entities who were involved in “dissemination of information online”—messengers, social networks, email clients, even websites—were legally forced to provide the FSB (former KGB) with means to decrypt any message that the security agency requires. Failure to comply incurs monetary penalties but may later escalate to jailtime. Many may remember Russia’s stand-off with Telegram which eventually fizzled out. As Russian-born Telegram CEO refused to comply with the new law and provide the state with the means to intercept and decrypt instant messages, Telegram was branded a messenger that facilitates terrorism and banned in Russia, to no avail, though. Last year, the Chinese government also introduced a new cybersecurity law. The law basically gives the government unlimited access to all data within the country, regardless of whether it is stored on Chinese servers or transmitted through Chinese networks. This means that there will be no anonymous online accounts and VPNs, no private or encrypted messages. Cryptographic systems not verified and authenticated by the government effectively were made illegal. The penalties may be quite serious and include fines, the shutdown of company networks/websites, or revocation of business licenses. In other words, using cryptography to hide information from the government in these countries can and will get you in trouble with the law. A Surprising Conclusion: EARN IT Might Be Even Worse Than Trump’s Initiative A surprising realization here is that the EARN IT Act is potentially much more dangerous than Trump’s recent executive order. Trump would remove social network’s protections under CDA 230 if they choose to engage in editorial activities, i.e. hiding messages behind warnings or editorializing users’ posts. Some deem that unconstitutional. EARN IT Act goes a little bit further, putting the onus on the platforms to comply with the rules to retain their immunities. But most importantly it will provide the government with the means to access private information and even force service providers to create backdoors for their encryption mechanisms. And when there is a backdoor, it means that not only the government but also the criminals may be able to employ it, which is another perfect recipe for a disaster. While EARN IT will likely bring no additional firepower to the fight with child exploitation, it may potentially jeopardize encryption as a perfectly legal tool that citizens may use to protect their privacy and defend their business and personal space from cyber-criminals. If anything, in the increasingly digitized world where online fraud and hacker attacks are becoming more and more widespread and dangerous we need more encryption, not less. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The hacktivist group Anonymous has claimed responsibility for taking down the Atlanta Police Department’s (PD) website, on June 14. The move came in response to the death of Rayshard Brooks, who was killed by the police on Friday, June 12. The shooting of Brooks happened after he had fallen asleep in his car in a restaurant’s drive-through blocking the lane and the restaurant’ employee called the police. When the police came and tried to arrest Brooks, the exchange between Brooks and a police officer escalated. Brooks was shot in an attempt to run away. The hacktivists announced their action in a tweet, specifically saying: https://twitter.com/YourAnonCentral/status/1272178797966618625 “Expect Us” Cyber attacks on police departments across the United States began after Anonymous threatened the Minneapolis PD to “expose your many crimes to the world,” in a video published on May 25. Anonymous’ actions against the police would come in response to the death of George Floyd in police custody. The group said that it was responding to the blatant unaccountability of the police officers who keep using excessive force on the streets. The message specifically mentioned that two officers directly involved in the tragedy had a track record of suspected power abuse. “Sadly, in the vast majority of police killings, the only one left alive to tell the story is the officer who took the person’s life, and thus the cycle is able to continue because none of these murderers ever face any justice for their actions,” it was said in the video. Just a few days after the threat, the website for the Minneapolis police department and the city’s official page suffered a cyberattack with subsequent service disruptions continuing through the night. Doubts Around Anonymous’ Involvement in Minneapolis PD Breach Nevertheless, some cast doubts on Anonymous’ involvement in the attack on the Minneapolis PD. Troy Hunt at the Have I Been Pwned (HIBP) project claimed that the fact “Anonymous leaked the email addresses and passwords of the Minneapolis Police” is almost certainly fake. Hunt dug into 798 email addresses in the data set, wherein only 689 were unique and 87 of the addresses appear multiple times. “[...] it's extremely unusual to see the same email address with multiple different passwords in a legitimate data breach as most systems simply won't let an address register more than once,” he further said. “Of the 689 unique email addresses, 654 of them are already in Have I Been Pwned. That's a hit rate of 95% which is massively higher than any all-new legitimate breach. If you have a browse through the HIBP Twitter account, you'll see the percentage of previously breached accounts next to each tweet and it's typically in the 60% to 80% range for services based in the US,” the analysis showed. Hunt concluded urging others not to spread disinformation and pointing out that the alleged Minneapolis Police Department “breach” was fake. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

If you are into discussing private matters or sensitive topics like the Tiananmen Square tragedy over video calls, don’t use Zoom for that. The service announced a new feature that would make it easier to ban people from the desired country at their government's request. On June 11th, Zoom published a post explaining its actions against users who took part in four large commemoration online meetings dedicated to the Tiananmen Square tragedy. According to the post, Chinese authorities have contacted the company asking to terminate the meetings and accounts that hosted them, since this kind of event is outlawed in the country. Zoom obliged by shutting three out of four meetings. The last one didn’t have any participants from mainland China so there was nothing illegal going on and the meeting was left undisturbed. The post also mentions three host accounts that have been blocked at China’s request. It turned out that two of those were from the U.S. and one from Hong Kong SAR, so all three have been reinstated as of the announcement. No personal information was handed over to the authorities, Zoom claimed: “We did not provide any user information or meeting content to the Chinese government. We do not have a backdoor that allows someone to enter a meeting without being visible.” Importantly, the company claims that meetings had to be terminated because there was no way to ban users from specific geographics. This is something Zoom is going to change. “Zoom is developing technology over the next several days that will enable us to remove or block at the participant level based on geography. This will enable us to comply with requests from local authorities when they determine activity on our platform is illegal within their borders; however, we will also be able to protect these conversations for participants outside of those borders where the activity is allowed,” the announcement reads. According to the post, two mistakes Zoom admitted were banning accounts from outside China and shutting down entire meetings instead of blocking only the Chinese participants. Foreign accounts have been restored and the geo-based ban feature is reportedly underway, therefore there should be no more problems left to solve. Still, it looks like the company can’t exactly decide between human rights and not getting in the way of local regimes. “We hope that one day, governments who build barriers to disconnect their people from the world and each other will recognize that they are acting against their own interests, as well as the rights of their citizens and all humanity,” the first paragraph of the announcement reads, “The reality is Zoom operates in more than 80 countries and continues to expand, which requires compliance with local laws even as Zoom seeks to promote the open exchange of ideas.” Considering the blockings and the new features promised, compliance with local laws seems to be the priority. In fairness, Zoom is just one of many U.S. companies that have to make concessions to be allowed into China’s huge market. Notably, while the company is headquartered in California, a large part of its team is based in China. One of the users who got their accounts blocked was Zhou Fengsuo, a student leader at the Tiananmen protests in 1989 and the founder of the U.S. non-profit organization Humanitarian China. Zhou told Vice that he chose Zoom because it is available to users in China, which means the participants of the commemorative meeting didn’t have to circumvent the Great Firewall. “It was the first time that such a comprehensive representation of Tiananmen legacy could participate in the same conference because there was no geographic separation,” Zhou said referring to the Zoom meeting he held on June 4th. On June 12th, a bipartisan group of U.S. lawmakers sent a letter to Zoom CEO Eric Yuan asking to explain which particular laws the company was following when suspending U.S.-based activists. Earlier, Zoom faced criticism about its approach to encrypting users’ communications. After being called out for not having end-to-end encryption, the company promised to ramp up its security by actually introducing the feature. The recently found catch is that only paid users’ communication will be encrypted end-to-end. The company’s CEO told Bloomberg that free users will be left out because the company wants to “work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

It has been argued many times that for purposes of money laundering and conducting black market activities Bitcoin in fact does not even come close to its predecessor—hard cash. In fact, some go as far as to claim it is foolish to rely on Bitcoin for traditional illicit activities while cash still exists. This argument was universally used to show how laughable it was to brand Bitcoin a “haven for criminals” all while the good old cash was a much better and more reliable tool for shady dealings. But the truth is regulators also understand this and they have been researching and developing solutions to possibly replace the physical cash or at least put it under tighter control. That being said, the general consensus has long been that while cash is fighting an uphill battle, it will not truly go away any time soon for a number of objective reasons. However, some recent developments in the world may catalyze this process and make the demise of cash inevitable. Why Is Cash So Enduring? Cash is in fact a fantastic means of payment. It does possess certain qualities that can not be easily replicated even by the most advanced technology. Cash is actually untraceable, secure, and accepted everywhere one goes. It does not rely on Internet connection, electricity, and the availability of certain devices. It can be stolen but is otherwise protected from most types of fraud. It is incredibly popular and widespread. For those who are poor and/or do not have reliable access to banking, cash is also absolutely vital. And of course, this all makes it a real haven for criminals. Then Why Is Cash Doomed? To be fair, we knew for a while that cash was not going to make it into the future. And arguably, Bitcoin was to cashless future what Elon Musk was to Martian colonies. We always knew we were going to have them, but now we fully expect them to happen in our lifetimes. For the past decade, the conversation about cash going away has reached its peak and became less theoretical and more observational. We now have a clear and logical understanding of why cash is not going to make it. The reality of our lives right now dictates that our day-to-day activities, including the financial ones, are increasingly moving online. Technologies are evolving while safety and transparency increasingly become more important values than privacy and anonymity. Regulators do not really want us to use cash, this vessel of corruption and criminal activities, and it seems that most of us begrudgingly agree. China is far ahead of everyone else on the frontlines of the war on cash. Being an authoritarian state it can safely ignore its citizens’ thoughts on privacy, and emphasize the need for safety and control. Even now the most popular instrument for payments in urban areas is online currencies maintained by Chinese online giants Alibaba and Tencent. And the latest developments suggest that China will emerge from the pandemic with a strong digital currency that will potentially be even more widespread than the existing digital payment methods. The USA is notoriously more liberal and until now was not ready to bail on cash. Some regulators are already fighting an uphill battle against the advance of cashless businesses. In Europe, regulators follow the opposite trend, artificially limiting the amount of cash that consumers are allowed to spend or transfer. Such limits exist in Italy, Spain, and some other countries. A similar restriction is being introduced in Australia. Scandinavian countries are already halfway to the cashless society. Many banks in Sweden no longer deal in cash. The use of cash for payments has plummeted to 10% by 2018. Despite all this, the general consensus saw the demise of cash questionable or at least gave it another 20 to 60 years. Covid-19 may have changed everything. Dirty Money We kind of always knew that licking fingertips when counting money was a gross and unhealthy habit. As early as 2014 researchers at New York University have identified as many as 3,000 kinds of bacteria living on dollar bills. While the Daily Mail noted, that there were more germs on a £1 coin than a toilet seat. But what really could be the bell tolling for cash was the WHO’s warning that banknotes may be spreading Covid-19. On March 3rd, the World Health Organization issued a warning against cash payments, suggesting to instead switch to contactless payment methods to avoid the transmission of the virus. Following this we have seen a slew of measures directed at handling paper money during the pandemic, including world governments quarantining banknotes, especially coming from abroad. Cash payments were already seeing a decline in many technologically advanced countries as more and more businesses transition to credit and virtual payments. But the lockdown posed a challenge before all businesses, who now had to respect the social distancing rules while serving their customers. According to Square, there were only 8% of self-described cashless sellers in the U.S. on March 1. But by April 23, that number went up to 31% and the growing trend is continuing. The numbers tripled in a matter of months and the pandemic is nowhere near its end. Moreover, it is not just cash that came under scrutiny during the Covid-19 pandemic but also instruments that facilitate its use. We have seen specialists warning the public about using ATMs too. And some studies show that credit cards may potentially be even more contaminated than currency. All this led to an increase in consumer demand for all forms of contactless payment. As reported by The Futurist Group in a March research, the WHO announcement initiated a huge shift in consumer payment preferences. According to the research, 38% of consumers evaluating a credit card offer with a contactless feature indicated that this feature is a “table stake” need, a 26.6% increase compared to the period prior to WHO warning. What Cashless Society Means for Bitcoin? Some experts predict that the immediate future of money may not be in fact cryptocurrencies but the CBDC. Still, Bitcoin’s adoption will likely benefit from the governments’ efforts to discontinue paper money. An important thing to consider here is that without cash there will be no convenient and reliable means to transact value without the government tracking and controlling your money other than Bitcoin. If there is no cash then all illicit activities will indeed shift to Bitcoin. Yet without cash, it would be nigh impossible to money-launder darknet Bitcoins and withdraw them into the normal economy. This may lead to a situation where two economies exist simultaneously and do not really interact. One—absolutely transparent and controlled by the government, and another—anonymous, volatile, and shady. This leads to a surprising conclusion that Bitcoin perhaps needs the cash as a scapegoat and a buffer to avoid actually being marginalized and dogged by the state. Governments claim that CBDCs will enable them to better protect citizens from criminals and terrorists. This is true but still ignores the risk of the government itself becoming corrupt and tyrannical. Total control over money will make such a corrupt government incredibly potent and virtually invincible. Bitcoin can become the financial equivalent of the second amendment. A weaponized financial instrument to protect citizens from the corrupt government. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

This spring, an array of European countries faced a massive cyberattack campaign, with nearly 80 critical infrastructure institutions in Eastern and Central Europe affected. The attacks reportedly were in favor of Russia’s and China’s interests in Europe. A credential dump related to the attacks was discovered by a researcher from Trend Micro, a cybersecurity and defense company, who wanted to remain anonymous. After discovering the credential dump cleaned with almost 8 million lines of email/password combinations and analyzing it, they shared their findings with forklog.media. The malicious schemes deployed by the threat actors included a botnet operation, identity spoofing, using phishing infrastructure, as well as espionage. The Cyberattack Affected Governmental Organizations The researcher analyzed the leak mainly for the Czech Republic, concluding that the attack affected the country’s government, the Parliament, a power plant, several technical universities, the operator of all the dams on the Vltava river, and local public media like the Czech Television. Following the discovery, the researcher informed the Czech Security Information Service and the National Cyber Security Center (NUKIB), which confirmed that 79 critical entities had been affected by the attack. The agencies reportedly took quick actions in response to the incident. Describing the method the researcher used to discover the attack, they said: “I take the data, create an edgelist, and turn it into the directed multigraph. Then I run various calculations using the SNA/CNA methods. This helps to understand the hidden dynamics in the dataset. By doing so, I detected statistically significant communities that supported the hypothesis about bots/cybercrime and about the real origin of these credentials. This analytical approach is based on graph theorem and helps to process data with more contextual information. From the outside, it looks like regular statistics, which it in fact is, but the inner dynamics are different. Even the database architecture has to be different than regular SQL DB.” The Stolen Credentials Statistics Out of the analyzed data, some of the passwords were dated 2011, but there was also a portion of new passwords and mail combinations created at the end of 2019. Among usual usernames and passwords, there were also rather exotic usernames, passwords, or not so usual usernames or passwords used with a number of different email domain providers. Top usernames exposed in the attack The findings further revealed the top 20 email providers affected by the cyberattack, with gmail.com, hotmail.com, yahoo.com, and aol.com taking the lead. Top 20 email providers exposed to the attack Top first-level domains exposed to the attack “In case of email reoccurrence in the dataset, there are several possible hypotheses. Either the email was used more times with different passwords, or it posed significant importance for the attackers so that they put all known existing credentials versions of the victim, or possibly the user was hacked multiple times and therefore more of his passwords have leaked. However, in case of high numbers like ~20+, chances are that the attackers simply put all available relevant password versions for the victim email into the list to be sure to succeed,” the report further read. Bot statistics According to the researcher, if the password is used with a higher number of usernames and/or if the username is used with a higher number of domains and has the password which is also reused frequently, it is considered suspicious. No Direct Attribution Is Possible, But... Although the researcher said that no direct attribution is possible in regard to what group of people/entities stand behind the attack, they said that the file had been found in "Russian" darknet waters. “By the time of finding, governments, hospitals, power plants, and other crucial parts of infrastructure were targeted with a cyber attack, accompanied by strong propaganda on social networks. The circumstances, therefore, suggest a nation state-sponsored threat actor. This hypothesis can be stated with a high level of confidence,” they added. They, however, noted that it can be that somebody only wanted the attack to be attributed to Russia and China and therefore chose timing and targets suggesting the origin of the attacks. Just recently, a hacking group linked with the Russian government has reportedly carried out a series of attacks on energy, water, and power sectors of Germany. German authorities tend to believe that the efforts to compromise the country’s critical infrastructure were taken by the Berserk Bear hacking group. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The U.S. police are using social media to find people involved in looting and violence, as well as those who were going to get involved and posted about it. According to Politico, there are several currently unfolding cases, in which the police acted on hints taken from Facebook. In one of the cases, in Arizona, the defendant reportedly created a private Facebook chat group where he was calling people to riot and loot a local pharmacy. Using an undercover account, the police infiltrated the group and obtained screenshots of the messages there, some of which suggested that the defendant was going to burn down the county courthouse. Other cases allegedly involve defendants who filmed themselves looting, instructing on making and using Molotov cocktails and encouraging others to engage in violent behavior. One of the defendants posted about his plans to loot a place on Facebook, time and location included. He later filmed himself carrying allegedly stolen goods, thus fulfilling the plan. While there was no “unlawful overreach” reported on the part of federal authorities, civil liberties advocates are concerned by the methods law enforcement uses to identify suspects. Primarily, social media surveillance may deter people from voicing their opinions freely, especially on sensitive or private topics. “Research shows that when people know that what they are saying is being watched, they feel more inhibited. They don’t feel as free to share unpopular or radical viewpoints, and they also don’t feel as free to speak generally or to share more private thoughts,” said Vera Eidelman, a staff attorney at the ACLU’s Speech, Privacy, and Technology Project. Similarly, EFF’s Karen Gullo said that scrutiny by law enforcement will impede free speech and association both for users being monitored and those they communicate. “Social media monitoring is a longstanding police practice by police surveilling dissident movements. Unless carefully restricted, this monitoring can undermine our First Amendment rights to associate, assemble, and protest, and our Fourth Amendment rights to be free from unreasonable searches and seizures,” she explained.  According to an anonymous law enforcement official who talked to Politico, not using public social media posts as evidence could harm agencies’ effectiveness: “If their logic is that law enforcement should turn away and avert their gaze when they see something in public that could be illegal or incriminating, I am not sure how effective protecting the public the police could be,” the official told Politico. “For instance, would this extend to barring the police from checking ‘Craig’s List’ for goods reported stolen from a local break-in? What about looking through the glass case of a local pawn shop for stolen items? Where would they like the line to be drawn?” Importantly, there are real-world examples that may prove useful when trying to sort out such an “effectiveness or civil liberties” dilemma. Russia already has a history of people getting jail terms for social media posts. There, you don’t have to go as far as filming yourself committing or planning a crime: a politically-inclined joke or a post appearing to criticize the country’s administration will suffice for law enforcement to act. The U.S. is in a tough spot. Protesters, individual police officers, and regulators all have difficult decisions to make. Assuming that a meaningful police reform comes, the issue of social media surveillance will have to be addressed and regulated. The same goes for facial recognition technology and a slew of spy tools available to modern police forces. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Amazon’s controversial face recognition tech Rekognition will not be available to use by law enforcement, the company announced on June 10th. The moratorium is year-long and was reportedly introduced to give regulators time to come up with solid ethical rules of using the tech for policing. Rekognition is Amazon’s advanced AI-based computer vision tool for photo and video analysis released in November 2016. It is a flexible technology that can be used for tasks like face recognition, sentiment analysis, text analysis, object pathing in video frames, and such. Microsoft, IBM, and Google have their own computer vision systems, so do a number of smaller narrower-focus companies. The capabilities of Rekognition and similar systems are fascinating, but there are technical and ethical challenges that become especially apparent in law enforcement applications. Importantly, automatic recognition systems are prone to biases and mistakes. As shown in the 2018 Gender Shades study by MIT researchers Joy Buolamwini and Timnit Gebru, the accuracy of face recognition results depends greatly on the race and gender of the person in analyzed photos. Initially, the researchers have compared solutions from Face++, IBM, and Microsoft, then followed the paper up with data on  Kairos, and Amazon Rekognition systems in January 2019. Both parts of the study highlighted the fact that, although improving over time, face recognition solutions perform best on white male faces, struggling to accurately identify photos of females with darker faces. In another 2018 test, this time by the ACLU, Rekognition was tasked with matching photos of the U.S. Congress members with 25,000 of publicly available mugshots. As a result, the system found 28 matches, where it should’ve found none. Again, people of color were disproportionately misidentified comprising 38% of false matches, while representing only 20% of Congress. In 2020, a similar test by Comparitech involving 430 Representatives and 100 Senators in the U.S. dataset. In the test, the Rekognition system was outputting 32 incorrect matches on average at an 80% confidence threshold. Given the racial bias issues associated with law enforcement, these flaws of face recognition tech have great potential to cause harm and ultimately widen the gap between police forces and the communities they ought to protect. Concerns about the use of Rekognition by police departments across the U.S. have been around at least since 2018. Back then, the ACLU found documents indicating that since 2017 Washington County sheriff and the city of Orlando have been using the technology to match photos and videos of suspects with mugshot databases. Washington County Sheriff’s Office listing among Rekognition customers. Source: Amazon Later in 2018, pushed by the tech’s potential to cause privacy and human rights issues, Amazon’s own shareholders and employees called against marketing Rekognition to government agencies like ICE and DHS. “In the face of this immoral U.S. policy, and the U.S.’s increasingly inhumane treatment of refugees and immigrants beyond this specific policy, we are deeply concerned that Amazon is implicated, providing infrastructure and services that enable ICE and DHS,” an internal letter from Amazon employees to Jeff Bezos said. Unfortunately, there is no concrete number of law enforcement agencies in the U.S. using Recognition. Even Andy Jassy, CEO of Amazon Web Services, said he doesn’t know for sure: "I don't think we know the total number of police departments that are using [Amazon's] facial recognition technology. We have 165 services in our technology infrastructure platform, and you can use them in any combination you want." Now, in June 2020, while the U.S. is engulfed in protests against systemic misconduct and racial bias on the part of law enforcement, Amazon puts Rekognition use by police on hold with a year-long moratorium. The single reason cited in the announcement is to give the regulators time to introduce appropriate rules. “We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested,” the company’s announcement reads. While barring the police from using Rekognition, Amazon will continue to provide the service for humanitarian organizations: “We will continue to allow organizations like Thorn, the International Center for Missing and Exploited Children, and Marinus Analytics to use Amazon Rekognition to help rescue human trafficking victims and reunite missing children with their families,” the announcement elaborates. Notably, two days prior to Amazon’s announcement, IBM decided to shut down its face recognition development because of poor accuracy and ethical concerns emphasized by the ongoing situation in the U.S. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Threat actors are now exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” The phishing emails’ subject line goes as “Vote anonymous about ‘Black Lives Matter.’” Once a user opens the attached file, it initiates the installation of the so-called TrickBot trojan. Initially, TrickBot began in 2016 as a banking trojan targeting Windows operating system to harvest emails, credentials, and steal banking information. However, the malware has evolved to perform other malicious tasks such as stealing cookies, OpenSSH keys, and Active Directory Services databases, among other things. A spokesperson for cybersecurity non-profit Abuse.ch, who discovered the attack on June 10, told Forbes: “From what I see is that the spam campaign was pretty big, apparently hitting U.S. mailboxes. Historically, TrickBot is an e-banking trojan. However, these days TrickBot is heavily used by various threat actors to install additional malware on the victim's computer. In corporate networks, this usually leads to Ransomware such as Ryuk.” Cyber Attacks Rise Amid Social Unrest Cyber attacks rise amid social unrest around the globe connected to public health crises, natural disasters, and terror attacks, among others. Thus, global uncertainty caused by the COVID-19 epidemic has resulted in a surging number of malicious campaigns circulating the Internet, according to a recent report from PwC. They began in late January, wherein threat actors posed as a trusted organization like a bank or a merchant, and rocketed by the middle of March. The most popular criminal schemes include business email compromise scams, with cybercriminals attempting to obtain sensitive information or funds, as well as credentials, to further compromise companies’ information systems. Often, bad actors disguise phishing emails as government announcements. The report explains: “Emails include links to items of interest, such as ‘updated cases of the coronavirus near you.’ Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.” This spring, cybersecurity firm Kaspersky Lab alone identified 403 users of its security products, who were attacked with around 500 coronavirus-related files. In late May, Minneapolis police were hit with a DDoS attack amid protests over the police killing of George Floyd earlier that week. The hackers attacked the PD’s website and promised to expose a history of crimes committed by the officers. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

While it lasted, Telegram’s TON project has been a tempting target for investors. A few managed to get into TON’s private token sale while the rest had to wait till launch or look for futures contracts for Gram tokens, which were offered by several trading platforms. When, following prolonged litigation with the SEC, the original developers terminated the TON project, the money invested in Gram futures ended up in limbo. Some investors got their money back, others not so much. ForkLog turned to real cases to figure out what happened. BitForex Going with Modest Refunds A cryptocurrency trading platform BitForex started offering Gram futures back in July 2019. The holders of the futures would have been able to buy out the tokens at 1:1 price after TON is launched, which was expected to happen on October 31st, 2019. Description and terms of Gram Futures sale. Source: BitForex website A BitForex user Oazisdemyanovi told ForkLog that the exchange sold off all of its $500,000 worth of futures, $0,5 each, by October 2019. On May 12th, 2020, Pavel Durov announced that the original team will cease working on the project. Unable to fulfill the contracts, BitForex had to close the trading pair and cancel all the Gram futures deals. The decision came through on May 16th. Much to users’ surprise, the reimbursements for those deals amounted to about 2% of the initial investments. “Instead of the actual $0.5 per futures, they repaid only $0.01. Out of all the money they got they’ve only returned 2% for some unexplained reasons. I had 8094 Gram futures. The platform locked them and paid me only $101,” Oazisdemyanovi said. The user explained that for 8 months since October 2019, Gram futures were sold for $2 on average. Gram/USDT Chart. Source: Bitforex “People were buying and selling for $2. Five hours before the pair has been closed, BitForex artificially dumped the price to the minimum, filled the order book with hundreds of thousands of cheap futures that came out of nowhere, and closed trading. They paid Gram futures holders $0.01 per contract,” BitForex user explained. After the incident, Oazisdemyanovi asked for help in the BitForex Russian chat in Telegram. The user said that the chat administrator immediately deleted his post and blocked him. Telegram screenshot, the message reads “Unfortunately, the chat is not available.” Source: captured by Oazisdemyanovi “I’ve also contacted BitForex support. They sent me a standard response and didn’t react to the next three messages,” he added. Screenshot of the conversation with BitForex support. The user asked why the platform returned only 2% of the money, the support explained that token prices depend on the market. Source: captured by Oazisdemyanovi Several other users reported similar cases. “I’ve invested about $35 thousand and they returned $27. There are messages from the platform’s support but no good news,” one of the users said. Another user purchased 200 Gram tokens for $2 each, but the exchange reportedly repaid them only $0.0125 per token. Similarly, a user Andry M didn’t get to profit from Gram futures: “Initially, I was buying about 30 Gram for $2 each. In the last days, hoping that the platform will pay for the tokens at the market price I’ve bought 250 more. The return price was $0.01.” All of the clients reporting said there were no additional payouts or benefits offered by the platform. When contacted by ForkLog, BitForex representatives first said that the end of Gram development is unfortunate: “Initially, we and other early Gram investors had high hopes for the future of the token. At the same time, the institutions we’ve worked with and the early Gram investors like us and the users faced losses on different scales.” According to BitForex, the idea behind the futures was “to reflect the value of Gram in the market and allow all users who can’t access initial investments in Gram to take part in this historic moment.” The team said that to provide liquidity and parties to the deals they offered users collateralized loans for Gram tokens. “The price drop is the result of the users’ trading and profit strategy. Since caring about users is our primary value, we will offer compensations to different categories of users who took part,” they added. After the trading was closed, Gram holders received a $10 bonus applicable to new perpetual contract positions. ForkLog also asked about the “hundreds of thousands of futures” placed on sale and the “artificial price dump” mentioned by Oazisdemyanovi. “The order book for Gram sales consisted of purchased and collateral tokens. The crypto-market tends to follow trading trends, especially when there is terrible news. This is the force of the market and the pressure from traders combined,” BitForex answered. Other Platforms Selling Gram Before It Was a Thing BitForex wasn’t the only platform offering users to profit on Pavel Durov’s unborn cryptocurrency. In June 2019, a Japanese crypto-exchange Liquid announced that it is preparing to sell Gram tokens obtained from a relatively obscure South Korean company Gram Asia that allegedly served as an incubator for TON. https://twitter.com/Liquid_Global/status/1138327362116956160 Back then, one of TON investors noted that they never heard of Gram Asia before, although the company called itself Asia’s largest Gram token holder. Its domain name has been registered two weeks prior to Liquid’s announcement. Gramasia.com domain name information. Source: Whois.net Initially, CEO of Liquid Mike Kayamori claimed that the sale of tokens from the third-party fund is part of Telegram’s official strategy, but he later admitted that Telegram has nothing to do with the listing on Liquid. The deal was about derivatives, not tokens, and took place only between the exchange and Gram Asia. Liquid promised that the buyers’ funds will be kept in escrow until Gram tokens are available and the platform won’t be able to use the money. The sale began on July 10th, 2019, and lasted for about 60 hours. The platform offered 12.5 million tokens in total at $4 per Gram. Many potential buyers thought that the price is too high. Opinion about the price found on Twitter. Source: Bloomchain.ru According to Liquid’s marketing, the majority of buyers were from Russia. “We haven’t published final sales data yet, but I can say that Russians were the most active Gram buyers. We are happy with the results. Everything went well on our side,” a Liquid spokesperson told Bloomchain in August 2019. After the sale, the platform nearly stopped mentioning Gram in social networks. By January 2020, Liquid had to return all the money to investors since TON didn’t launch in October 2019, which was the main condition of the sale. Refund announcement. Source: Liquid A week before the start of Gram sale on Liquid, a crypto-loan company Nexo announced loans with Gram as collateral. They later clarified that the feature was to be expected after TON launches. https://twitter.com/NexoFinance/status/1148546018121781249 At the end of July 2019, an Azerbaijan-based exchange Cross Exchange offered about 277 thousand Gram tokens for the platform’s native token XEX. https://twitter.com/apricot_jamo/status/1150996595078418432 Conclusion Gram sales boom of 2019 isn’t hard to explain: multiple delays of the TON launch forced investors to get rid of the tokens on the secondary market in violation of the SAFT contract. The list of sellers included several OTC platforms and crypto-exchanges, as well as at least one investment fund. The seller’s benefit was obvious: Gram price on the secondary market fluctuated between $1.60 and $2, while the prices in the 1st and 2nd rounds were $0.37 and $1.33 respectively. Scammers jumped on the opportunity as well. People have received letters offering to buy Grams and inviting them to take part in an ICO. Fake email from scammers posing as the Telegram team. Source: Kod Durova Scam communities popped up in social networks and at one point, there was a scam website posing as ForkLog. The veil of secrecy around TON and comments from its developers being few and far between made scammers’ task easier. It took until November 2019 for Telegram to officially advise against buying Gram tokens on third-party websites. The end of the Telegram Open Network story is both expected and unpredictable. People were anticipating Pavel Durov to fight, but it turned out that the end of the project was the main aspect of a peaceful settlement with the SEC. This is an adaptation of the original Russian-language article at ForkLog.com and some sources are only available in Russian. Originally written by Lena Dzhess, adapted by Krzystof Shpak Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Tech giant IBM will no longer develop and sell facial recognition software for mass surveillance. The move came in response to the death of George Floyd, which raised concerns about the accuracy of face-scanning software in terms of race and gender, as well as about how the police use facial recognition technology (FRT) to track demonstrators and monitor neighborhoods. IBM CEO, Arvind Krishna, made a dedicated announcement in a letter to a group of Democrats working on police reform legislation in the United States Congress. Krishna questioned whether FRT should be deployed by the police at all, saying in the letter: “We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”  Just recently, tests performed by Comparitech showed that Amazon’s face recognition technology incorrectly matched over a hundred of the U.S. and United Kingdom politicians with photos of arrested people. Comparitech noted the racial issue as Rekognition turned out to be racially biased, stating that “out of the 12 politicians who were misidentified at a confidence threshold of 90 percent or higher, six were not white. That means half of the misidentified people were people of color, even though non-whites only make up about one-fifth of the U.S. Congress and one-tenth of the U.K. parliament.” Issues Surrounding FRT In the meantime, FRT use cases are growing in number as it is used by casinos, dating sites, law enforcement, and security agencies, credit card companies, hotels, bars and restaurants, and even social media, among others. A survey on policy and implementation issues of FRT from the Center for Catastrophe Preparedness and Response pointed out the need to ensure that the benefits of FRT must be weighed against the possible adverse effects it may have on subjects’ freedom and autonomy. The report suggested that before using FRT, entities should consider how it addresses issues such as performance, evaluation, operation, policy concerns, and moral and political considerations. The deployment of FRT should reportedly address issues such as possible creation of new security risks, protection of data, including gallery images, probe images, and data associated with these images, and secure transmission of related information. The report concluded: “There are good reasons to believe that it will still be some time before FRT will be able to identify ‘a face in the crowd’ (in uncontrolled environments) with any reasonable level of accuracy and consistency. It might be that this is ultimately an unattainable goal, especially for larger populations. Not because the technology is not good enough but because there is not enough information (or variation) in faces to discriminate over large populations—i.e. with large populations it will create many biometric doubles that then need to be sorted out using another biometric.” Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Block.one, the company behind EOS project, will launch the Voice social network on July 4, the platform’s CEO Salah Zalatimo announced. https://twitter.com/Salafel/status/1269045937021878274 Voice is the upcoming blockchain-based social network developed by Block.one, the team behind EOS blockchain. Curiously enough, Dan Larimer, the tech maven behind EOS, has previously co-founded a social network somewhat similar to Voice—Steemit. Rumors pertaining to Larimer’s dissatisfaction with his firstborn and the desire to “replace” it have circulated among Steemians for years. Reportedly, the new iteration of blockchain social networks is supposed to fix the issues of its predecessor, like unfair distribution among other things. What Is Voice? Voice was first announced precisely a year ago, in early June 2019 and entered the beta stage in February. Block.one has invested heavily in this project, allocating $150 million to development alone and buying the voice.com domain name for record-breaking $30 million. The Voice’s main features so far include mandatory verification and content monetization. There will be no bots, anons, or burner accounts. All users will have to verify their identity. And creating content will be rewarded not unlike how it is rewarded on Steemit. Each like will bring content creators some digital cash. Users will also gain tokens just for showing up (Nimses flashbacks intensify). Curiously enough, Voice was initially meant to run on EOS blockchain but in December 2019 it was decided that it will be hosted on a custom-made EOSIO platform instead. The difference between the two may be subtle for a layman, but basically, EOS is a specific blockchain platform while EOSIO is a software that powers it. This move garnered some criticism toward EOS as the community realized that EOS, as admitted by its creators, was not ready to host an ambitious project like Voice due to some objective inadequacies. https://twitter.com/AlexSaundersAU/status/1218459732563771394 Initially, the launch of Voice was planned for this fall but Voice Ceo Salah Zalatimo noted that he had to move the deadline because of the dire need for a new social network that would wrestle back control over people’s social lives from the yoke of big tech corporations. https://twitter.com/Salafel/status/1269045936170377216 Why Such Hurry? With everything that is happening in the world right now, Salah Zalatimo could not be more spot-on saying that something needs to happen asap. In his personal blog he says that despite some sorts of speech being obviously illegal and thus eligible for hard censorship, many legacy social networks take it upon themselves to wade into gray area and posture as a moral authority on less clear-cut issues: “Often, a judgment call needs to be made to determine if a piece of content crosses the line. The higher-level question that no one seems to be asking today is: who should be making that judgment call? Corporate executives? Government regulators? Councils of elite thinkers? “Here's a crazy idea, why not let the people decide? Empower them. Architect the platform to eradicate bots by verifying identities, eliminate targeted propaganda by protecting your personal data, and prevent political corruption by organizing into communities that have the tools to effectively self-govern.” There is no use to expect a shift in corporate mentality and thus Voice team perhaps wants to seize the opportunity in the time when even the President of the United States is wrestling with a global corporation that took it upon itself to amend his tweets. Of course, Voice creators realize that content moderation is still an important task and they have a solution to find a balance between a censorship gulag and a free-for-all quagmire. Pew Research notes that “anonymity abets anti-social behavior.” Voice has dealt away with anonymity, introducing obligatory KYC just to register on the platform. Curb Your Expectations The fact that Voice will launch in July does not mean you will be allowed to start posting and exploring the platform. Until August 15 it will be a read-only experience. And even then it is not yet clear whether new users will be able to register accounts freely or if there will be further limitations introduced. It seems that Voice couldn’t wait to make a pr-statement at an opportune moment but was not yet ready to launch and start servicing users in earnest. This article is a part of our Occupy the Internet series, where we review the current trends in the nascent decentralized web and cover the burning issues of privacy and censorship. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Hackers have gained access to 160,000 Nintendo user accounts, wherein evildoers apparently used gamers’ balance and registered credit cards or PayPal to illegally make purchases in My Nintendo Store or Nintendo eShop. The Japanese video game company announced the breach on June 9 in a blog post, confirming that there was an illegal login to some Nintendo accounts via Nintendo Network ID (NNID) using a spoofed login. The announcement was an update to the April hack when the company indicated that approximately 140,000 accounts were compromised. Third Parties Got Access to Users’ Personal Data But Not Credit Card Number After getting unauthorized access to the accounts, criminals could view details such as users’ nicknames, date of birth, country/region, and email addresses. The company claimed that there was no users’ credit card number among the information that may have been viewed by third parties. Overall, less than 1% of all NNIDs globally may have been logged in without authorization, according to the company. At this point, Nintendo is in the process of refunding, with most customers having been already refunded. In a separate announcement, Nintendo UK assured users that “there is currently no evidence pointing towards a breach of Nintendo’s databases, servers, or services.” The company, however, said that it will not reveal more information about the methods hackers used to gain unauthorized access. Video Game Players are Under Hacker Attack In recent months, cybercriminals seem to have focused on video game players. Earlier this year, the Chinese Winnti hacking group launched attacks against South Korean games company Gravity. Gravity stands behind Massive Multiplayer Online Role-Playing Game (MMORPG) Ragnarok Online. Just recently, an updated version of the AnarchyGrabber trojan began circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users’ passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim’s contacts. The malware had already been around for some time, and mostly affected users’ account main points, transferring the collected tokens to third-party servers, as well as changed device folders. The modified version’s features now enable cybercriminals to steal users’ plain text password and command an infected client to spread the malicious program to a victim’s contacts on Discord. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

The world isn’t the way I remember it, and certainly not the way I left it back when I was arrested in 2009 for installing botnets and commercial remote access programs on a handful of sensitive clinic systems, which included a critical SCADA system. That was how I became the first person in recent United States history to be convicted for corrupting industrial control systems. It was such a long time ago, but in my mind it only feels like yesterday. You have to understand what it means to be a prisoner in the States. There are currently somewhere around 2.3 million people incarcerated in the Land of the Free, and Internet access is not exactly an amenity provided by the Bureau of Prisons. No Access to Current Information Access to current information is restricted to approved newspapers and magazine publications and television. Most inmates have computer access which uses a specialized access control program that allows them to email approved contacts for .05 cents a minute. However, having access to the public by use of the inmate messaging system was not a privilege I had. Being a hacker in federal prison isn’t all that great. In the summer of 2011, I was appealing my sentence. I had no affordable way to contact my attorney, so I worked out a deal with another inmate to let me use his computer, so I could send and receive emails. Eventually it caught up with me. The inmate was apprehended by the prisons’ Special Investigative Services (SIS) about the flurry of recent activity from his inmate messaging account. The SIS brought my name up, knowing that I was the one behind the recent activity. He not only played dumb, but told the SIS that he had no idea I was using his account, that I must have hacked into it. I was then detained for 13 months in a maximum security administrative segregation unit without due process, while the case was referred to the Federal Bureau of Investigation. Some people refer to these facilities as “Black Sites” because they are cut off from the media, visitors, and lawyers so that what happens in there, stays in there. Interestingly enough, the Seagoville Federal Correctional Institution was once a Japanese internment camp. That’s three showers a week. 23/5 confinement to an 8X10 cell without air conditioning, a fan, or adequate ventilation. That summer the temperature inside my cell reached 125 degrees Fahrenheit. With no evidence to support the inmates’ accusation, I was supposed to be released back into the general population. But to make a long story short, that didn't happen. Could you imagine now having no access to current information for over a year? That would be the least of your worries if you were confined to where I was. No Longer in Control In the aftermath of serving a lengthy prison sentence, I witnessed first-hand just how much technology has evolved, and it felt like stepping out of a time-machine. I had been an exile in time, excommunicado from the evolution of new technologies and how our global society has evolved with it. As a hacker, I was the founder and leader of the hacker group known as the Electronik Tribulation Army. I used to stay parallel to the latest gadgets, exploits, and socio-technological trends. I used to reverse engineer malware, perform incident responses, and hack pretty much anything left unattended. I read about these technological advancements in newspapers and magazines while I served my sentence, but when it comes down to it, I am now a foreigner, an outsider to the very things I once had mastered. To say that the teacher has now become the student is quite the understatement. Recently, I was given a new Dell Inspiron laptop. Fresh out of its packaging it feels and looks like a familiar friend to me. But as soon as I booted it up, I was greeted with Windows 10, my new enemy. It only seems like yesterday that the Windows 7 beta was just released. Windows 10 is confusing and weird to me. It has a new file system and I’m not even the slightest curious about how it works. I just want my Windows XP back with my dual boot option of Ubuntu Linux and Backtrack 3. The only solution to making me happy again would seem to download Ubuntu, mount it to a USB thumb drive, and get it installed. Had I known that Windows 10 doesn’t utilize BIOS, but has replaced it with UEFI (Unified Extensible Firmware Interface), which is a secure boot option that validates programs before giving them permission to run, I wouldn't have wasted two more days of my life trying to install my favorite operating system. Windows has seized control. Point being: I am no longer in control, and I hate it. I can spend hours on Google troubleshooting through this frustrating dilemma, and still get nowhere. I have to walk away every time, defeated. A New Norm Other things similarly have changed since I was incarcerated. I had to ask my twelve-year-old daughter what a hashtag was. That was pretty embarrassing. “Aren’t you supposed to be a hacker or something?,” she told me, sending a final blow to my dying ego. So many things have changed since I’ve exited this proverbial time machine. For example, back in my day being a hacker for hire was considered a taboo. It was dangerous territory. Now it seems that every hacker is for hire to the extent that being a hacker has become a kind of norm, for the good and bad. Bug bounties have become a legitimate and legal source of income for many, as companies grant permission to hackers to test the integrity of their networks for large sums of money. Hackers are even eloquently glorified in Hollywood films, books, and video games. Many hackers such as “Mr. Robot” on the USA television network are even depicted as heroes instead of the cliche cyber villain. Governments around the globe are arming themselves with digital pirates, cyber soldiers, and saboteurs. The proliferation of destructive cyberweapons has become commonplace. It’s become the new way of things. As I probe around the web and observe this new generation of hackers, I see individuals that have lost touch with the true spirit of hacking. A brood that is motivated by greed, revenge, and anger. Harmless curiosity has become a thing of the past. A World I no Longer Feel Connected to While I remained nostalgic for the familiar things of the past, the world was moving forward in leaps and bounds. Here are some of the things I observed from outside this exciting new world. Bitcoin, the first cryptocurrency was introduced to the world (I still am uncertain how to obtain Bitcoins or how to use them). Smartphones appeared in 2007 but started to replace flip phones in 2009. I am pretty savvy with my Samsung Galaxy A10e. However, I can't figure out how to root it to save my life. I remember the first time I saw a smartphone advertised on television. “That’s the stupidest thing ever!,” I yelled at the TV. “Who’d want to put their greasy fingers all over a screen like that?” Apparently, everybody. Including me. President Obama signed an executive order outlining emergency control of the Internet, and thus the Internet kill switch was born. That’s a pretty big deal. End-to-end encrypted communication popularized in the wake of the Arab Spring as social awareness began to evolve towards using tools like Tor and encrypted communication platforms for maintaining Internet anonymity. The social networking website Myspace plunged into the great abyss, effectively ending the reign of profile building creativity as we know it. Utilitarianism seems to be the default everywhere nowadays. Banking trojans became an epidemic. ZeuS. SpyEye. BlackHole and BackSwap to name a few. The availability of IPv4 addresses quickly depleted as more devices were connecting to the Internet. It was the end of the world as we knew it. Iraqi insurgents hacked Predator drone feeds using SkyGrabber, an off-the-shelf software.  The WikiLeaks movement exploded after a large cache of sensitive state department cables had been leaked by Pfc. Chelsea Manning. The hacker group Anonymous became the hammer and war cry in support of that new revolution. The hacker group known as Lulz Sec emerged during a time of revolution, social unrest, and a growing distrust of the U.S. government, the justice system, and economic inequality.  This elite splinter group comprised of members from Anonymous began performing impressive sophisticated cyber attacks on high profile targets, embarrassing U.S. law enforcement. Edward Snowden, a National Security Agency (NSA) contractor-turned whistleblower, leaked between 9,000 and 10,000 top-secret NSA documents to journalists, exposing a massive spying program called Prism, effectively ending the NSA’s carte blanche operation. Congressional nightmare. Laws were passed. Some people got fired. The U.S. government is still spying. It always will. Stuxnet happened. Biggest, baddest computer virus ever. Cripples Iranian nuclear centrifuges, then decided to start spreading elsewhere. Big advertisers are using metadata to collect and map any given users’ Internet behaviors for content marketing purposes. I, too, used to steal users’ data. But it was a crime when I did it. Perhaps if I had sent them an ad or two it would have been less illegal? Facebook and Google have become so ingrained in the everyday activities of web users that apps and services unrelated to them now feature options to login or register using your Google or Facebook credentials. Smarthomes and smart cars are gaining popularity. With all the interconnected devices wirelessly connected into a single command and control device, it’s a hackers field day for sure. Smartwatches and smart rings? Seriously? Net Neutrality began in the U.S. as the fight to treat all Internet traffic across all devices with equality Backtrack is discontinued. Kali Linux has taken center stage, even though they're basically one and the same. A Hologram of the rapper icon Tupac Shakur appeared at a Coachella concert. Augmented Reality entered the scene with Google Glass. But due to privacy concerns and the hefty price tag, the Glass quickly is discontinued. Virtual Reality became affordable to the everyday consumer, conveniently interfacing with smartphones and video game consoles. Amazon’s virtual assistant Alexa may have been a witness to a murder. A judge ordered Amazon to hand over the recordings. Yes, always listening. Always recording. Drones became very popular. From toys to commercial drones to police drones. Ransomware is resurrected from the past. Criminal hackers began swarming computer users with extortion and corrupting personal data on a vendetta to get rich fast. Artificial Intelligence has made a quantum leap. I watched a video on Youtube of Will Smith trying to put the moves on a robot named Sophia. Government spooks started openly attending the annual hacker conventions Black Hat and DefCon held in Las Vegas in an effort to recruit hackers to secure cyberspace. Somewhere in the cacophony of critical changes HTML5 happened. Holograms. Smarthomes. Self-parking cars. Drones. Cryptocurrency. Metadata. Virtual weapons. An Internet kill switch? I stepped out of my time machine into a world I no longer feel connected to. An Uncertain Future For me, I stepped out into an uncertain future. I don’t really see meaningful human interaction anymore. I see a society that is impossibly distracted by likes and selfies, smartphones, and similar technologies, and I often find it frustrating to find my place in the midst of this new interconnected world simply because I was not there to naturally evolve with it. I was somewhere outside of time, on the other side of the looking glass. Waiting. Counting fractions of what felt like forever, for when I would be released back into society again. Only to discover a world I do not know. Written by Jesse McGraw aka GhostExodus Edited by Ana Alexandre

Brave, a popular privacy-focused browser, has faced a backlash from the community after users noticed affiliate links popping up in the autocomplete form in the browser’s address bar. In a discussion on Twitter, Brave CEO Brendan Eich called the links in autocomplete a mistake and promised not to let such a thing happen again. The recent autocomplete issue was highlighted in a post by a cryptocurrency podcast host Yannick Eckl (@cryptonator1337) on June 6th. When he tried to type in the URL binance.us, the autocomplete in the browser suggested an affiliate link with Brave’s identifier added. https://twitter.com/cryptonator1337/status/1269260767913795584 Brave CEO Brendan Eich responded by calling the incident a mistake and assured that all links on the pages and URLs typed in are served as is, no hijacking. https://twitter.com/BrendanEich/status/1269313200127795201 Brave is known to be Binance’s partner. The browser offers a Binance widget integrating simple trading features into the user experience. The affiliate links included in the autocomplete suggestions haven’t been clearly presented or discussed with the community, which is why some felt like the developers tried to sneak the addition in. Since Brave is heralded as being focused on privacy and putting users in control of ads they see, the community started questioning the credibility of the developers. https://twitter.com/JuliusCrypto/status/1269334946474102784 Importantly, Brave’s open-source code on GitHub included affiliate links to other websites as well. The Block’s researcher Larry Chermak tweeted about the same thing going out with Ledger, Trezor, and Coinbase. He mentioned that the links were originally discovered by Dimitar Dinev of JRR Group. https://twitter.com/lawmaster/status/1269321803815673856 Aside from adding an affiliate tag to binance.com, binance.us, coinbase.com, ledger.com, and trezor.io, the browser tagged search queries for bitcoin, btc, ethereum, eth, litecoin, ltc or bnb.  It also turned out that Brave users have been noticing affiliate links in the browser as far back as 2018. In March 2020, there’s also been a debate about Brave’s promotion of eToro exchange “This ignores the legally required disclosures for affiliate links—the disclosures that Brave also ignored for the eToro links in March. In the US, the FTC has required full disclosure of affiliate marketing since 2009—you have to put it right there on the page. Similar rules apply in the UK and the EU,” author and cryptocurrency critic David Gerard wrote.   Brave’s Brendan Eich said that there’s a way to toggle the affiliate links in autocomplete in the browser settings and announced that the feature will be turned off by default in the following releases. Notably, despite the generally negative response from the community, some users expressed their support to the project, emphasizing that Brave is still a privacy-focused browser that has advantages over products of Google and Facebook. https://twitter.com/agnelvishal/status/1269655292280627204 As of the press time, the latest version of the Brave browser available for download still came with affiliate links in autocomplete turned on. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

In an exclusive interview with ForkLog, the co-founder of Tendermint and Cosmos Ethan Buchman reveals why he sees the future of the crypto-economy in Proof-of-Stake systems. And that despite him betting long on Bitcoin. Today, Ethan Buchman is the CEO at Informal Systems, a Canada-based company which in January 2020 spun out of Interchain Foundation, the organization promoting decentralized technologies and applications in Cosmos ecosystem. Despite certain controversies within the Cosmos team and several key members leaving the project, he is still very much active in the development process, as well as in the research of a broader PoS ecosystem. FL: Hey Ethan, tell us more about Informal Systems, what is the company exactly doing and why it needed to spin off the Interchain Foundation into a separate entity?  Ethan Buchman: Informal Systems grew out of the frustration we had developed both in building distributed software and running distributed organizations. In both of these contexts, there are a lot of very error-prone difficult human processes that are very hard to prove. If you want to have high assurance that the distributed system you are building is correct, or that the organization you are running is correct from the contract and bookkeeping points of view, in both cases, it requires a lot of manual work. And it is actually very hard to prove that you are doing things correctly or that if you make changes there is a high degree of certainty you haven’t broken anything. Therefore our mission at Informal Systems, as we say it, is to verify the ability of distributed systems and organizations. In some sense, you can think of it like auditing a company for security and finances, but we really focus on developers and their tooling, helping them to build higher quality distributed systems software. We see the distributed systems of machines and the distributed systems of humans as two sides of the same problem. This means not only having a greater assurance that their software is built correctly and functions the way it has to function, but also that they are building their corporations properly and that the organizations they are running are easier to manage. More broadly this is known as formal verification, and formal verification has become really overaged at blockchain systems these days, because there are millions, billions of dollars locked up in smart contracts running on unaudited systems that don’t have the same recourse to corrections that traditional systems do. And if something gets wrong, the consequences are a lot direr. We are not focusing that much on smart contracts like some auditing companies, but rather on the underlying consensus algorithms and distributed systems protocols that those smart contracts run on top of. Nearly every blockchain we have today might have a virtual machine but underneath it, there is a consensus protocol, and many of them are designed as new consensus protocols. You have those new Proof-of-Stake protocols like Polkadot, NEAR, Solana, Tezos, they all are developing their own consensus protocols, but there are very few people and companies specializing in formal verification of these underlying consensus protocols. And that is where we have tremendous expertise—we not only formally verify consensus protocols, but we also help people with getting assurances that the software they use is implemented correctly. FL: As far as we know, currently Cosmos is Informal Systems’ sole client. Do you consider extending that list? This could be particularly relevant in light of the ongoing debates of the dangers of the state mass surveillance which becomes increasingly present in the new Coronavirus pandemic era. Ethan: Even though we are currently more focused on Cosmos, we are absolutely open to expanding to a broader ecosystem and helping other protocols with formal verification of their systems. And we are especially interested in that network because part of the Cosmos’ goal is to interconnect many blockchains. To do that you need Inter-Blockchain Communication (IBC) protocol which is a sort of layer-zero protocol, a client for all other protocols. Getting a better understanding of their consensus algorithms and properties is a step number one of actually integrating those blockchains into Cosmos and facilitating interoperability. Speaking more broadly, and especially when you bring it to the spectrum of mass surveillance, yes, we are absolutely interested in expanding beyond the blockchain space. We’d like to help other companies that are designing distributed systems protocols and understand what properties those protocols provide and guarantee. With that being said, right now we are probably less focused on cryptography. Of course, cryptography plays a big role in many consensus protocols and we have to be aware of those things, but we are less focused on proving that any particular cryptographic protocol allows you to do certain things, like COVID tracing, without revealing your identity. There are other projects that have more expertise on the cryptography side of the things, but as soon as it becomes a part of a broader deployment system we will come and help for sure. FL: You were among the co-founders of Cosmos, the project which earlier this year celebrated its one-year anniversary of the official launch. What are Cosmos’ biggest achievements over these past 15 months? Ethan: Big achievements are the network itself running without interruptions for over a year, we have 125 validators including some major institutions, but maybe most importantly we see the technology itself being adopted by a number of large projects who are deploying their own blockchains using the Cosmos technology. Maybe the leading example of this are Binance who have adopted our technology to build their own decentralized exchange. So the level of adoption that we see and the smoothness with which the software seems to be running are obviously among those achievements. Another one which we are really proud of is the level of decentralization in the community. While it takes probably 20 big validators to control around two-thirds of the stake, we see amazing governance and on-chain vote turnout which is really promising. The same applies to the development level where there is a tremendous level of decentralization as a lot of companies are literally basing their business models around the success of Cosmos and its technology and are really contributing in a big way. So it’s no longer a single company or a couple of companies that are really responsible for everything. FL: If you had the power to go back and do some things differently, what would they be? Ethan: If we go back and try to do something differently… Maybe we would like to push for formal verification sooner; also there’s a lot of complexity with the software which we probably could have done a better job of taming had we pushed sooner for more complete specifications. Development decentralization is another thing we could have done sooner, but it’s a complicated matter and it takes a lot of time. As an engineer, I can always say that certain things could have been done better, but overall it was going quite well and for the most part, we are happy with current developments. FL: Speaking about the validators, some PoS-projects have already been criticized for the concentration of large organizations capable of accumulating significant amounts of coins, not only leaving almost no chance to smaller players but also possibly endangering the decentralization of the network. What is Cosmos doing in order to prevent centralization of power? Ethan: We are definitely concerned about smaller validators and centralization tendencies in groups of large stakers. There are some proposed protocol changes that will better incentivize decentralizing the validator set. For instance, the idea is around correlated slashing, where the amount you slash is correlated with how much stake you have and how much of your stake has been detected as faulty at a given time. That would make the consequences of being a very large validator a lot more severe. So we either force them to run multiple validators, which we can already see in other networks, or we end up having them delegating their stake more widely. But to be honest, I’m not sure if this something that can be entirely solved at the global blockchain level. I have always been advocating for a more local approach to blockchain scaling which means more blockchains that can be geographically defined. I mean city-based municipal blockchain systems for validators which allow to find more balance between the crypto-economic world and traditional legal systems. FL: Will the current mechanism with a maximum of 300 validators after ten years after the launch be enough to address those concerns? Ethan: Trying to predict the future in blockchain systems for 10 years is always hard. Cosmos design is a flexible governance mechanism, and if the validators decide a change on that, they are more than welcome to do that. It could well be that in a year or two we will see a system that supports thousands of validators. Things move so fast and anything can happen in the future. The whole point of Cosmos, its value proposition and core philosophy are about sovereignty, and if the community decides to change something, it has all the power to do that. FL: At what stage is the development of the Inter-Blockchain Communication Protocol, that key element to provide interoperability between different blockchains? Ethan: The IBC Protocol is at the advanced testnet stage. We are working on the specs, the software is being implemented and tested extensively. There are still a lot of changes to be made in the upcoming release and over the summer we will be engaged in a big upgrade process, but I think we can expect it to be rolled out on the mainnnet at some point this year. FL: Cosmos’ SDK is becoming increasingly popular among various projects, including those creating DApps in the DeFi sector. What’s your take on the role of DeFi in the broader crypto economy? Ethan: DeFi is cool and there are certainly some interesting things happening there, but I don’t think it’s quite yet there where it was meant to be. DeFi is meant to rebuild the existing financial system in a slightly more transparent way. I’m all for transparency, transparency is good, but my impression of DeFi is that looking at the traditional financial system you know that you are going to get screwed somewhere, but it’s not exactly clear how, while in DeFi you know that you are going to get screwed somewhere, and it is a lot more clear how this will happen because everything is much more transparent. What I’m hoping for is that we can build is a financial system where you are much less likely to get screwed, where we have a much more sustainable foundation for human social economics which doesn’t involve that rat race to make more money out of money. And I don’t really think DeFi helps with that. It’s nice and fun, everyone is experimenting with new crypto-economic mechanisms, but we have a lot more work to actually make a proper foundation for a new economic system. The current trends are promising, but there are a lot of risks there, and maybe we are selling ourselves a lie. So going back to local economics and building local sustainability, stablecoin designs will be really important. But I don’t think it’s going to be a single global stablecoin pegged against the US dollar and that it addresses the issues of the modern financial system. So current DeFi systems are incredibly risky and we are sort of kidding ourselves. FL: Bitcoin with its PoW mechanism, and the PoS ecosystem, how will they co-exist in the future? Ethan: I have been a leading PoS advocate for maybe five years now, I was one of the first people to push those systems in early 2014 and 2015, and together with other people working on that we realized that the only way blockchains would scale and make any sense was through PoS rather than through PoW. I remember September 2014, we were close friends with Vlad Zamfir and were staying up all night thinking about what blockchains will be like in the next 5-10 years. It was then when I got fundamentally convinced that PoS is the future, and everything we were talking about has materialized over the next 5 years. It’s really fascinating to see that. PoS is incredibly important for the economics of many blockchains but I am still a firm believer in the importance of at least one global PoW chain. There’s plenty of talk about how PoW is wasteful, and that’s certainly the case if you are going to run every blockchain on PoW. Also, PoW provides something that PoS cannot provide which is a more firm academically-derived source of truth. In PoS there’s always some politics and you can’t avoid the fact that somewhere between the lines you have to deal with subjective reality. PoW systems are much less corruptible in that sense, and I am happy that Bitcoin has that immutability. I am certainly long on Bitcoin and there is a lot of value in Bitcoin’s PoW, and I also hope we can find a way for PoS systems to anchor themselves into PoW. FL: What do you think of the recent projects creating things like Ethereum on Bitcoin, wrapped Bitcoins, etc? Ethan: These are very exciting projects. As I said, there are a lot of risks involved in these systems, custodial risks, economic risks, and users need to be aware of them and better understand the security model these systems provide. We have that recent example when an attempt to bring Ethereum to Bitcoin lasted just a few days. Still, it’s very important that we start experimenting with these kinds of things and develop the interoperability of the infrastructure. FL: That’s interesting, and recently you have admitted to being a closet Bitcoin maximalist yourself. Will you share more background about yourself, how you came to crypto in the first place, and what inspired you to start working on the Tendermint project? Ethan: My background is in biophysics, that’s something I studied at the university and I became fascinated with the origins of life and the emergent phenomenon of the universe. I was interested in how do we have systems that run up, how do organisms exist, how do forests exist and got really obsessed with the sustainability of the systems around us. In early 2013 we discussed Bitcoin with Vlad Zamfir a lot, we called each other and became really obsessed with how it could address problems in the financial system and its amazing potential in cryptography. We also got really excited about crypto-economics as a discipline. In early 2014 we discovered Ethereum, met Vitalik, and went to meetups in Toronto where we discussed different cryptographic protocols and their ability to build more sustainable economic systems. So basically all those things that people are discussing today, how blockchain can transform different industries around us, we talked about that already in 2014. And while we all loved Bitcoin, Ethereum at the time was a much more avant-garde experiment. Bitcoin was certainly more conservative in its approach, and in the intersection between computer science and economics, Ethereum was like an open invitation. So, in 2014 we started really into Ethereum, we were doing early PoS researches, and were trying to develop ASIC-resistant designs for PoW. Those still were early days for crypto-systems, the mechanisms were interesting, but we also realized that this wasn’t about scaling blockchain and that a better consensus mechanism was needed, especially for enterprise applications. Earlier the same year Jae Kwon has developed a prototype of the Tendermint system which followed all that research that Vitalik, Vlad, and myself were working on, drawing on decades of academic background in consensus systems. Being an academic myself, I found it very inspiring, and in early 2015 we started working on it together. At the time we lived in what we called the “Proof of Stake Palace,” a place in San Francisco where a number of PoS enthusiasts and researches were living together and working on different PoS ideas. That was a unique experience that helped us share thoughts about the world with thousands of blockchains and they will talk to each other. At that time I was working at a company called Monax, we needed a PoS solution for Ethereum, and Tendermint turned out to be the leading contender for an alternative. The software looked more mature than anything else, so we implemented an EVM on top of Tendermint, and the Monax team was using it. Over time, I got more interested in the consensus mechanism itself and by the end of 2015, I decided to leave Monax to go full time with Jae and to try to build something around Tendermint. I became the co-founder of the Tendermint project, in 2016 we tried to raise venture capital, but many didn’t know what we were talking about as it were early days. That leads us back to our initial motivation of a public cryptocurrency project and public financing and ultimately to the idea of creating Cosmos. Somewhere by 2016, we started to design Cosmos. FL: That were the times when ICO’s were starting to gain popularity, but you didn’t go that way, right? Ethan: We did a public fundraiser in 2017, but we didn’t call it an ICO. We didn't really position it as such and we were very careful and conservative in our approach to raising funds. We did almost no marketing, from the very beginning this was very much about building a decentralized community of people who wanted to be validators and to have a say about the governance of the blockchain. So our focus was not on people who would buy a token and profit from it, but rather on people who were genuinely interested in the underlying technology and the vision and the values of the project. So, In 2017 we did a public fundraiser and then made a recommendation for the initial allocation of the token, the community adopted that recommendation, and ultimately Cosmos was born into this world. Other projects around were raising hundreds of millions at the time, we were happy with our $17 million, which was a lot anyway, and we have completed the hardcap in maybe 30 minutes. FL: Will you agree with the idea of the ICOs being detrimental to the crypto space? Ethan: Hard to say. On one hand, it created a lot of excitement and brought a lot of money, and that money is being deployed in a very productive way. The entire space of cryptography, formal verification, secure hardware… you cannot deny that the money pouring into the space are propelling the crypto science in a very fundamental way. A lot of these things are being funded from the money that came in during the ICO boom. At the same time, there was a lot of hype and scams, people lost money, and the regulators came down hard. And that was bad because while regulators have to protect retail investors, they shouldn’t be staying in the way of innovations. So it’s unfortunate that today it’s not that easy to raise money for real innovations. At the same time, it also raises the bar to scam people. FL: Today, when the dust has settled and you are in a position to take another look at those events when some key figures left Cosmos, do you have personal regrets things turned out that way? Ethan: This really goes back to your previous question about what we could have done differently. Maybe we could have set a more robust governance structure earlier. A lot of issues that materialized, they really were about governance. There were only three of us at the Interchain Foundation, while Jay was the CEO and the sole board member of All In Bits, the company behind Tindermint. Maybe we could have done more work to improve the governance, to bring more community members onto the board of the foundation. It’s not unusual, you see governance issues all the time at tech companies, just look at the dramas at Uber or WeWork. What I want to say is that no one has really left the project in any material way, everyone is still contributing to Cosmos in a major way. We are fortunate that we have figured out a way to continue to constructively work on things. We do have more companies now, companies that were contributing in the past are taking more leadership roles, some people left to create other corporate structures. And from the perspective of decentralization and development, things are very positive today. Jay and I are on great terms and we are working on the foundation board together. FL: Let's wrap things up on a somewhat philosophical note. We're all going through pretty much hard times right now. The pandemic shut down the borders, most people on the planet are isolated, and lots of enterprises halted their operation. Some people, however, disagree with this approach insisting that the normal way of life has to be restored for the sake of salvaging the economy. One of them is Elon Musk who even tweeted about the need to free America right away. Nassim Taleb commented on that saying there’s a need to free America from psychopaths. Which side would you take on in this dispute? https://twitter.com/nntaleb/status/1255485519821254656 Ethan: I would probably stick with Taleb on that one. The economy died in 2009 and everyone is just in the denial. It doesn’t matter if this coronavirus or something else: all that we have built is so fragile and so fundamentally unsustainable. And don’t think everyone really understands that. I’m not sure Elon Musk approaches sustainability in the right way. When Taleb talks about a sustainable financial system, for him it’s localism first, and that very much aligns with my beliefs. Elon Musk is much less concerned with localism, he’s more concerned with hi-tech and the utopian vision the technologies can solve our problems. Technologies can go a long way, but the solution to traffic is not to build an electric vehicle or underground tunnels that you can through at hyperspeed. The solution to traffic is to reduce the need for people to drive cars, and it’s more about socio-political decisions rather than technological ones. Our economy was due to topple one way or another, and the current pandemic is maybe one of the least bad things that could have happened. I really hope it will be taken as an opportunity to rethink the structure of our global financial system and to try to build it from the bottom again. And Elon Musk is not particularly helpful with that. FL: Saifedean Ammous, another renowned thinker, is also among those who call for lifting up the restrictions and letting the virus have its way so that people would have herd immunity. He quotes the examples of Sweden and Belarus that refused to introduce restrictions on the state level. Was it a mistake to introduce a global quarantine? Do you agree with the idea that we should have let things have their course and hope for the better? Ethan: No, I don’t. The problem is in the uncertainty. We don’t know when the virus will be over, and the more we learn, the more we realize how different it is from any other virus that we have had in the past, the better it will be for us. It’s not the flu, we have no idea what this thing is doing, we don’t understand how to be immune to it, so the idea of just hoping for the best is more criminal than just pure negligence. So all these talks about slowing down the pace of our economy… People have been talking about climate change for decades, so here’s an opportunity to actually act on that. And if you are concerned about the growth of the economy, GPD, all those things, it’s just a farce and mockery of real wealth. There’s no real wealth created in stock markets today, it’s cannibalism. So this is our chance to reset the global economy. Unfortunately, there’s no way to do that without a tremendous amount of suffering and ultimately deaths. So for me, the idea of just opening up the economies right now is criminal. And psychopathic. Free America from psychopaths! Ethan Buchman was interviewed by Andrew Asmakov Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

• #bitcoin

According to Gallup, in 2018, about two-thirds of people worldwide had confidence in their local police. Given the law enforcement response to the protests in the U.S., this number will probably be quite different in subsequent reports. But batons, rubber bullets, and tear gas aren’t the only tools for the job. In this piece, we look into digital surveillance measures police can use to track people, the efforts to curb excessive use of authority on the legislative level, and the ways to protect one’s own right to privacy as much as a law-abiding citizen can. Tools for the Job Law enforcement agencies have been using digital surveillance and analytics tools for a while and on multiple levels. There are preventive measures that involve complex algorithms crushing data on past crimes and spitting out information potentially useful in preventing future crimes. One of those is a pattern-recognition system called Patternizr introduced back in 2016 NY police to dig through the department’s archives. Although, the public announcement about the new tech took until 2019 to come through. It turned out that such “robotic detectives” can be as racist as some of the regular officers of flesh and bone. Another aspect is street-level surveillance, explored by the EEF’s namesake project. This category encompasses the eyes and ears of the law enforcement, as well as the back-end systems interpreting the collected data: officers’ body cameras CCTV networks gunshot detection networks automated license plate readers spy drones face, tattoo, and iris recognition systems electronic monitoring cell-site simulators and IMSI catchers Some entries from this list may seem more familiar than others. People are generally used to security cameras, both wearable and mounted, automated speeding tickets, small wearable monitoring devices that tell authorities one’s location or blood alcohol levels, and even spy drones laden with sensor arrays. Other systems are a bit more curious. As such, acoustic gunshot detection networks sport sensitive microphones typically planted high above the ground, in a way similar to security cameras. These microphones are meant to register gunshots and alert police responders, but can also overhear a thing or two if people talk near them. Cell-site simulators, on the other hand, can completely hijack cellphone calls by posing as a normal cell-tower. Basically, when such a system can fool the target’s phone into connecting to it and then relay the information to and from the actual cell network. Whatever data goes through this channel, as well as the phone’s location and metadata, would be accessible to the system operator. In addition, it is hard to tell if a phone is connected to a legitimate cell-tower or a cell-site simulator run by the police. There are other somewhat simpler methods, such as obtaining the log of one’s calls and movements from their service provider. “Every day, the threats to our rights expand as police use surveillance technologies to compile enormous databases filled with our personal information. On top of the damage to our Fourth Amendment rights, these technologies can be used to spy on citizens engaged in First Amendment activities or deployed disproportionately against marginalized communities,” the Street-Level Surveillance project introduction reads. Importantly, it is near-impossible to see the full extent of the surveillance measures utilized by the authorities, as illustrated by Recode’s efforts to learn about digital spying tech serving the NYPD. Not journalists, nor privacy advocates could shed light on what’s going on behind the scenes, aside from a glimpse at predictive policing tools, facial recognition, and some other bits of information. A vast pool of advanced surveillance technologies doesn’t go too well with the lack of transparency, at least for the public. This is a problem that becomes especially apparent in times of crisis. Efforts to Limit Surveillance And Make It Accountable On the bright side, there are calls for a change. The Civilian Control over Police Surveillance (CCOPS) effort launched in 2016 by the American Civil Liberties Union (ACLU) aims to push laws that empower people to decide “if and how surveillance technologies are used.” According to the ACLU website, Maine and California have sponsored state-level CCOPS legislation. Another initiative that gets the spotlight amid the current crisis in the U.S. is the Public Oversight of Surveillance Technology Act or the POST Act introduced by New York City Council Member Vanessa L. Gibson. The bill is meant to make the New York police tell the City Council about the surveillance technologies they use, as well as “close the appropriations loophole that lets the NYPD purchase unlimited surveillance equipment with federal grants and private donations while circumventing local oversight.” The debates about the necessity of such legislation are still on. As facial recognition technologies (FRT) got good enough for law enforcement agencies to consider, several states opted to ban the use of this particular tech. In May 2019, San Francisco became the first U.S. city to put a limit on FRT use making it out of limits for all city agencies, including the police. A couple of months later, the City Council of Somerville, MA also banned the use of FRT by city agencies. The city of Oakland, CA did the same. In October 2019, California introduced a three-year state-wide ban on the use of FRT on videos from officers’ body cameras. Organizations like the ACLU and S.T.O.P., as well as state legislators, continue to push for transparency and privacy safeguards, but changing the laws and, most importantly, the calcified habits and biases present in the system will take time. Unfortunately, societal crises tend not to wait for people to prepare. Keeping Privacy In Protesting Crowd And Otherwise It isn’t easy to protect one’s own privacy in normal times when those who are after our personal information are mostly trying to sell us kayaks or shoes. When instead of advertisers it’s the police with all the spy tools at their disposal, the task gets quite a lot harder. As highlighted in the recent Wired story, the main vulnerability of a person involved in a protest march is their smartphone. For that matter, anybody walking outside in the U.S. has the same vulnerability and nearly the same chances of being “looked into” by law enforcement. Smartphones can hold all sorts of personal information on their owners and their contacts: messages, calls, browsing history. Without many hi-tech gimmicks, a police officer may be able to access one’s phone and therefore the information in it, even though they would need a warrant for that. Whether or not the information is directly incriminating, it can be used against the phone owner or someone they know. The best precaution against such scenarios is not to have a smartphone when there’s a risk of facing police. An old-school cell phone can be used as a substitute for communication. Aside from the information inside, a smartphone transmits information over to the carrier. As mentioned before, authorities can hijack the channel and see whatever unencrypted data it lets through. Encrypted messaging services may help in this scenario, but things like location data and calls will still be accessible to police. In fact, in this scenario, any sort of a cell phone will be giving away its owner’s position, unless it is entirely shielded from radio waves. Since the protests get a lot of online coverage by journalists and protesters themselves, it is also critical to be cautious of what gets posted. https://twitter.com/evan_greer/status/1266907713704988673 Importantly, ACLU published a set of guidelines for taking photos, videos, and audio recordings during such events. Being suspected of taking part in a protest can present risks. Hypothetically, local authorities may use information obtained through digital surveillance to target people from the crowds or find those who documented cases of police misconduct. Sadly, it is not unheard of for police to seek revenge when someone shows their crimes to the world. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

For decades Google has been widely criticized for privacy breaches and turning its host of services into a perfect global surveillance mechanism. But it took a while until this global corporation owned up to the criticism, albeit silently. It was the year 2018 when Google officially dropped its long-standing “don’t be evil” motto and shifted to a much more sustainable “do the right thing.” Evil may be a vague concept, but often immediately identifiable by onlookers. The right thing, on the other hand, is just what someone thinks is right for them. See No Evil Why 2018? Some connect this to Google’s attempt to rekindle the relationship with China. When you want the Chinese market and the Chinese government tells you to do the “right thing," you do it. Because filtered Google has to be better than no Google at all. But the “do no evil” part gets buried under the torrent of accusations of hypocrisy. Do all global corporations just have to do evil to function? Perhaps, given their nominal goal is making profits. Often they are tempted with overwhelming profits that require certain adjustments in core values. We’re of course talking about China. China is a litmus test for every global corporation proclaiming adherence to western liberal values, like freedom and human rights. Disney failed this test, as did other corporations like Blizzard, NBA, and Apple. At first, Google pushed back even withdrawing from the Chinese market for a while. But eventually, it did try to dip its toe in Chinese waters once more, at the same time working with other not very liberal governments. Even according to Google’s ex-execs something was rotten in the state of Denmark: “Some will say that Google was always a bad corporate actor, with less than transparent privacy practices. But there is a significant difference between serving ads based on a Google search and working with the Chinese government on artificial intelligence or hosting the applications of the Saudi government, including Absher, an application that allows men to track and control the movement of their female family members,” Google ex-Head of International Relations Ross LaJeunesse wrote in his blog. The Leak In his blog, Ross LaJeunesse talks about a noticeable cultural shift within Google. In the wake of this shift in 2018, Google quietly sheds its “don’t be evil” slogan and behind the closed doors comes up with a new censorship paradigm, fashioning itself a “good censor.” This is an incredibly important document that tells volumes about the corporate outlook on the issue. It is safe to assume that many other digital corporations nowadays use the same guidelines. So, what is a good censor? The presentation rightly establishes that Google has tremendous power over global and local socio-political agenda. “For a long time, we thought of censorship in terms of governments and nation-states, and I think now we’re in an era in which people are starting to realize that private companies, probably more than ever before, control people’s ability to amplify their voices, and whether or not their speech stays up or comes down, also what they see and what they can listen to, what they can read,” the presentation quotes the Internet scholar Kalev Leetaru. With great power comes great responsibility. Google sees itself as King Solomon trying to resolve a seemingly unresolvable grievance. One side champions free speech, while the other demands censorship of “bad behaviour,” The presentation then attempts to rationalize why the scales are tipping on the side of censorship. It mentions the first amendment and subtly hints that it just might be outdated because people, due to the peculiarities of their very nature, tend to misbehave. “Human beings en masse don’t behave very well,” the presentation quotes scholar Jason Pontin. And while “the Internet was founded on the utopian principles of free speech” it so happened that “the early utopian period of the Internet has collapsed under the weight of bad behaviour.” The premise here is that Google wielding power over global social and political discourse can dictate the public at large what is good and what is bad behaviour (even outside the U.S. law). Google decided to impose moral authority upon its users who must be protected from each other’s bad behaviour by a corporation that was caught being naughty on multiple occasions. The concept of a “good censor” is no different from the concept of a “benevolent tyrant” whose despotism is, as John Mill put it, “a legitimate mode of government in dealing with barbarians, provided the end be their improvement.” It is important to note, that this presentation came at the time when Google was working on Project Dragonfly, a tool meant to help the Chinese government spy on its citizens. The project was since discontinued. But this document, apparently concocted to justify the necessary revision of values within the framework of Google’s cooperation with China, still haunts the Internet. So What? Aren’t They All Like That They probably are. As suggested by our friend, one of the biggest crypto YouTubers Tone Vays, decentralized solutions are not necessarily any better than legacy ones. “I don’t see any of these projects actually being decentralized. Any company that is hosting your content is responsible for your content. If one of these projects, whether its Steemit or BitTube or Hive, gets big enough they will become YouTube. And they will censor you all the same,” he said. Our Occupy the Internet project in part started to challenge this idea. But it is becoming obvious that Tone was correct in his assessment of the situation on many levels. Even now Steemit is involved in censoring its recent offshoot Hive. Platforms like Mastodon were also seen exercising arbitrary censorship. Mastodon instance admins can basically deny users of their instance the ability to discover certain other instances within the network, thus filtering and controlling the flow of information. Mastodon has also donned the “good censor” mantle. Even legacy media sees decentralized solutions not as ideological rivals but only as a means to conveniently alleviate some of their current burdens and are ready to embrace and co-opt them. https://twitter.com/jack/status/1204766078468911106 Conclusion All that being said, decentralized solutions with time can still breach a dent in the tremendous monolith that is a few global corporations. Corporations that alone hold a nigh absolute power to censor and direct the global social discourse. No government in human history ever had the power of that magnitude and we are still grasping to realize the scale of damage it can do to democracies. Instead of fighting this oligopoly, governments often strive to use these platforms as their extension to suppress speech. Except, apparently, President Trump who is universally hated by the entire Silicon Valley to a point where they are unable to cooperate. We can already see the backlash coming from the POTUS stemming from Twitter’s altering President’s tweets. And given the previous court ruling, which stated that Trump’s Twitter account amounted in fact to a “public forum,” he might have a solid case. A final thought on free speech is that there will likely be no solution that will be absolutely adamant on protecting consumer’s right to freely access and disseminate non-illegal information. Every denizen of the web ultimately will have to take care of himself which in this case means having to diversify his presence in social media and use both legacy and decentralized social networks to broaden the personal scope and reach. This article is a part of our Occupy the Internet series, where we review the current trends in the nascent decentralized web and cover the burning issues of privacy and censorship. Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.