Connect with us

Technology

Hacked Crypto Exchange ‘Cryptopia’ Is Selling Their Assets

Published

on

The hacked company is going into liquidation.

The barely regulated world of cryptocurrencies has undeniably has its risks, and people are only realizing it when their crypto deals go sour or when the crypto exchange becomes bankrupt. The lesson was learned the hard way by the user of the hacked crypto exchange company Cryptopia when the company announced this week that they are selling their assets for them to recover from the significant loss they experience after their system was attacked earlier this year.

The news was announced Wednesday by the company’s assigned liquidator, professional services firm Grant Thornton New Zealand. The company confirmed the news through a post on their Twitter account as well as on its website.

The announcement follows the unexpected shutting down of Cryptopia’s website on Tuesday for being “under maintenance” without any warning to their users or the public on its social media accounts. A Redditor noticed the downtime in the company ‘s website and asked whether hackers once again targeted them.

The unfortunate incident started when Cryptopia went offline on January without any warning only to notify the public after a few weeks saying that the exchange had “suffered a security breach which resulted in significant losses.”

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

David Ruscoe and Russell Moore from Grant Thornton will help Cryptopia secure its assets “for the benefit of all stakeholders,” according to today’s announcement.

“While this process and investigations take place, trading on the exchange is suspended,” Grant Thornton said, adding that the complex investigation will take “months rather than weeks.”

Understandably, Cryptopia’s customers have expressed frustration over the fact that they were still not able to withdraw from their accounts since the hacking occurred. Some of them are even calling for creditors to organize and take legal actions against Cryptopia.

As a response, Ruscoe promised that his firm would conduct an investigation and do their best to come up with the best solution for all stakeholders.

“We realize Cryptopia’s customers will want to have this matter resolved as soon as possible. We will conduct a thorough investigation, working with several different stakeholders, including management and shareholders, to find the solution that is in the best interests of customers and stakeholders.”

What happened to Cryptopia is only one of many instances that highlighted the critical sentiments against cryptocurrency. Another crypto exchange company, Quadriga CX, has been in hot water in the past few months when the company could not pay $200 million – worth of funds to their customers following the death of their Chief Executive Officer.

CEO Gerard Cotten died last December and brought with him all the digital assets of the company including passwords and encryption keys of the cold and hot storages where the funds were supposedly kept for safety. However, the investigation by the monitor appointed by the court, Ernst & Young, revealed that the company owes more money than it owns.

The report reveals that Quadriga CX only has $20 million plus in assets while it owes more than $200 million. While the company maintains that there are more assets in cold storages or offline “wallets,” EY was still not able to verify the claim except when some of the Quadriga funds were questionably transferred from one hot wallet to several addresses.

Until now, the company is still trying to figure out how to repay 115,000 of their customers, and they are currently in the brink of bankruptcy.

Meanwhile, Grant Thorton is expected to file an initial report on the case next week on the New Zealand Companies Office website.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Hackers Can Manipulate Media Files Sent Through WhatsApp And Telegram With A Zero-Day

The vulnerability is dubbed as “Media File Jacking.”

Published

on

Photo: Microsiervos | Flickr | CC BY 2.0

Popular instant messaging apps WhatsApp and Telegram contain an unpatched zero-day vulnerability that can be exploited by threat actors and hackers to manipulate files shared across the messaging platform.

Security researchers from Symantec Modern OS Security team found out that there is an existing vulnerability that can allow hackers and cybercriminals to manipulate images, audio files, documents, and other forms of data sent from one user to another.

Both WhatsApp and Telegram, along with other instant messaging platforms, have end-to-end encryption — which makes the message safe to send and receive. End-to-end encryptions only allow the sender and the receiver to read the contents of the images, and even the company has no human-readable copies of the messages sent.

However, according to the researchers, the vulnerability, dubbed as “Media File Jacking” can bypass the end-to-end encryption in the said apps and works on Android by default for WhatsApp and on Telegram if certain features are enabled.

“It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge,” wrote Yair Amit, VP & CTO, Modern OS Security in a blog post together with Alon Gat, a software engineer.

“If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or wreak havoc.”

End-to-end encryption does not make an app immune to threat actors

The researchers said that users of instant messaging platforms are particularly vulnerable in this instance because of the assumptions that because these apps have end-to-end encryption, they are automatically immune from hacking. But that is definitely not the case, as illustrated by Symantec’s discovery.

“As we’ve mentioned in the past, no code is immune to security vulnerabilities. While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code,” they added.

How the exploit works. Photo: Symantec

The problem comes from how these apps store media files as end-to-end encryptions don’t work if the files were saved externally. When files are stored on external storage, other apps can access and manipulate them. On WhatsApp, data are stored externally by default, while on Telegram, the vulnerability is present if “Save to Gallery” is enabled.

Additionally, the Media File Jacking vulnerability, as the researchers said, points to a more significant issue of app developers’ non-secure use of storage resources.

Impact of the exploits

Researchers from Symantec raised the alarms as malicious actors can use the discovered vulnerability in different ways. Hackers can fundamentally alter images in a near real-time manner as sent by one user to another just by exploiting the zero-day. In a demo video released by Symantec, the researchers were able to change the faces of two men in an image to that of Nicolas Cage as the picture was being sent from one test account to another.

Furthermore, threat actors can also exploit the vulnerability by altering numbers in invoices in a bid to rewire payments to a different bank account number. To make matters worse, researchers said that the invoice-jacking modus can also be carried out without a specific target and could be broadly distributed, looking for any invoices to manipulate, affecting multiple victims who use IM apps like WhatsApp to conduct business.

“As in the previous scenario, an app that appears to be legitimate but is, in fact, malicious, watches for PDF invoice files received via WhatsApp, then programmatically swaps the displayed bank account information in the invoice with that of the bad actor. The customer receives the invoice, which they were expecting to begin with, but has no knowledge that it’s been altered. By the time the trick is exposed, the money may be long gone,” the report said.

The exploitation of the vulnerability may also come in the form of audio-spoofing where an attacker exploits the relations of trust between employees in an organization a the attacker can also program the new and manipulated file to mimic the voice of another person.

At the end of the day, Symantec is encouraging IM users to by disabling the feature that saves media files to external storage in order the mitigate the possible attacks using the exposed vulnerability.

Continue Reading

Technology

Huawei Exec Backtracks: Hongmeng OS Is Not For Smartphones

Liang Hua said they prefer Android as the OS of their smartphones.

Published

on

Photo: Kārlis Dambrāns | Flickr | CC BY 2.0

When Chinese smartphone giant, Huawei, was caught off-guard by Google’s revocation of its Android license following the ban imposed by Washington against the company, the smartphone maker made people believe that they are ready for such situation, and announced that they are developing an alternative operating system called Hongmeng.

However, in an interview, Liang Hua, an executive from the tech superpower, backtracks and says that Hongmeng was developed not as an alternative for Android but for the development of their IoT products instead.

Liang Hua said at a Friday press conference in Shenzhen that the operating system, which was rumored to be 60% faster than android, was not developed for smartphones and that the company still prefers Android as their “first choice” for a smartphone OS.

“The Hongmeng OS is primarily developed for IoT devices that will reduce latency… In terms of smartphones, we are still using the Android operating system and ecosystem as a “first choice.” We haven’t decided yet if the Hongmeng OS can be developed as a smartphone operating system in the future,” said Liang Hua.

Earlier reports revealed that Huawei has been developing Hongmeng since 2012. The company has been testing the new OS on selected devices under a closed door and closed environment. The source also said that the testing was accelerated for the new operating system to be ready for situations such as the latter.

Nonetheless, it is still unclear whether Hongmeng will be the official name of the OS coming from Huawei. Experts note that even if Huawei can successfully launch its operating system, the company will still be faced with the challenge of establishing an app ecosystem. It would take Huawei a lot of time to build apps that are compatible with the new operating system.

When Huawei was subjected to a witch hunt by the US government for allegedly aiding the Chinese government in its efforts to spy on the country, and as a pivotal player to potentially economically sabotage the country, an executive order was launched against the China-based tech giant that effectively forced U.S. tech companies to sever ties with Huawei.

The ban from Google has brought Huawei’s future into limbo; making it uncertain for users, especially concerning security updates for their Huawei and Honor phones —or the general idea whether their devices will still be able to run altogether. Following the announcement, Huawei assured its users that all phones that were sold ahead of the banning and those that are already in stock would continue receiving updates from Android.

Now, Huawei’s backtrack follows the bilateral meeting between Trump and China’s Xi Jinping in the recently concluded G-20 Meeting held in Tokyo; the American president announced that American companies could already resume in selling their products to Chinese companies.

The two presidents, in a closely watched sit-down with each other, have agreed for a truce and cease-fire over the long-disputed trade wars between the two superpowers.

“U.S. companies can sell their equipment to Huawei. We’re talking about equipment where there’s no great national security problem with it. I said that’s O.K., that we will keep selling that product, these are American companies that make these products,” Donald Trump said after his meeting with the Chinese president. “That’s very complex, by the way. I’ve agreed to allow them to continue to sell that product so that American companies will continue.”

While the relief is what Huawei has been looking forward to from the G-20 meeting today, it seems like it could be a temporary relief as negotiations regarding the matter is bound to continue, and the ad hoc decision of Trump may still be overturned at some point of the negotiations. Nonetheless, it’s time for the Chinese smartphone superpower to breathe better.

Washington officials are reportedly holding meetings on how they will implement the new orders from Trump. However, special attention has to be given on how to deal with Huawei and its presence on the “entity list,” as the relief does not explicitly remove Huawei from the said list.

Continue Reading

Technology

This App Uses AI To Track Dogs By Their Unique Nose Prints

Authorities can also use it to monitor “uncivilized dog keeping.”

Published

on

Photo: Soumyaroop Chatterjee | Flickr | CC BY-ND 2.0

There’s no denying: facial recognition and biometrics identification is everywhere. They are in airports to help passengers board faster, in smartphones to allow users to unlock their devices automatically, in conservation reservoirs to track endangered animals, and in law enforcement agencies to help catch criminals.

And the development of artificial intelligence (AI) that allows facial recognition technology to evolve is moving faster every day. This time, a China-based start-up has developed an AI that has the capability of identifying and recognizing dogs through their nose prints.

Similar to how human fingerprints are unique to every human, dog nose prints are also unique to every dog. That is why, Megvii, a Chinese start-up, who is also an independent surveillance system contractor for the Chinese government, have developed and trained an AI to recognize dogs using their nose prints.

Photo: Megvii

The identification system is available through the Megvii app, and users need to scan their dog’s noses from multiple angles — same as how users register their fingerprint credentials to use the biometric unlock system of a smartphone.

The company says, that unlike previous identification methods like chip implants to pets the Megvii nose print identification app is much cheaper and is less invasive.

Apps that could identify and recognize animals like dogs aren’t new in the market at all. An app called Finding Rover uses facial recognition and machine learning to match photos of dogs submitted by owners of lost pets to a massive database of shelters and dog homes to recognize and find lost dogs.

Moreover, using nose prints to identify and recognize dogs and other pets aren’t new as well. Kennel clubs around the world are known to use nose prints to match lost dogs with shelter dogs. One primitive way to take a nose print is by coating the nose with ink and pressing it against white cardboard.

What’s new with Megvii’s market offering is the method by which dog prints are collected. In the new app, coating dog’s nose isn’t necessary anymore, as the AI only need photos of dog noses to locate key identifying markers — creating a unique profile of a dog in the database.

The company claims that amidst the differences in camera resolution, their identification system can verify a dog’s identity against an existing record with 95% accuracy. It also says that the system could identify a dog with “high precision” by checking it against records from a larger database, although the company didn’t elaborate on the accuracy rate in that scenario.

Aside from identifying lost dogs, Megvii says that their apps can also be used to track inappropriate pet-owner behaviors, and authorities can monitor “uncivilized dog keeping.” In China, actions, like walking a dog in public without a leash and not scooping after a dog has pooped, are considered uncivilized, and in some instances in several cities, are considered illegal.

Biometrics identification tech application on animals

The advent of facial recognition and biometric identification technology has not only helped pet owners in keeping track of their beloved pets. The technology has also been known to be used by conservators in China to track the movement of endangered animals like the endemic panda population.

A group of researchers from the China Conservation and Research Centre for Giant Pandas have developed an app that could recognize individual pandas using facial recognition technology. The app will draw from more than 120,000 images and video clips of giant pandas to identify the animals that are living in the wild.

Camera traps in China have captured images and video footage of giant pandas that are often difficult to see in the wild. The photographs and video are some of the most amazing photos ever of pandas and other species in their remote habitat, which were caught on film as part of long-term wildlife monitoring projects set up in panda nature reserves by the Chinese government and WWF.

The development of the new facial recognition app will presumably help conservationist monitor their programs by keeping track of how many pandas are left. It will also provide significant insight regarding the breeding program that conservationist has been implementing to encourage an increase in the panda population.

Continue Reading

Trending