What’s new in the crypto security world? Here’s a roundup of some of the latest headlines:
Exchange CEO’s death leaves $190m in customer funds inaccessible
Thousands of customers of a Canadian cryptocurrency exchange have been unable to access their accounts – with a total value of $190m – since the reported death of the company’s CEO on 9 December 2018. In an online message posted on 31 January, QuadrigaCX’s board of directors said the company had filed for creditor protection in Nova Scotia court “to allow us the opportunity to address the significant financial issues that have affected our ability to serve our customers’. Gerald Cotten, the exchange’s CEO, died “while travelling in India due to complications from Crohn’s disease”. His sudden passing has left QuadrigaCX unable to pay out funds owed to customers because Cotten reportedly was the only person to know the private keys needed to access that money, held in cold storage. While the company’s website currently provides no further details beyond the board’s message, past updates can be viewed via the Internet Archive’s Wayback Machine.
Crypto crime goes up in 2018, but overall illicit activity is down
Crypto crime remains a “significant problem” and criminals have become “far more sophisticated” in their cryptocurrency activities, according to a new report from the blockchain analysis firm Chainalysis. At the same time, the report noted: “Crypto crime increased in 2018, but it made up a smaller slice of a much larger market. Indeed, according to our analysis, illicit transactions comprised less than one per cent of all economic bitcoin activity in 2018, down from seven per cent in 2012.” Among some of the report’s key takeaways: two hacking groups are responsible for at least 60 per cent of the attacks that led to $1bn in thefts last year, darknet market activity bounced back dramatically in 2017 after major closures the year before, and Ethereum scams are “small in scale but evolving fast”. To combat evolving crypto threats, Chainalysis recommends that industry organisations enable KYT (know your transaction) capabilities, make sure their compliance strategies take into account different types of crypto crimes, and work across exchanges and other institutions to identify and weed out bad actors.
California wins guilty plea for SIM swapping and crypto theft
The first person to be convicted of SIM swapping pleaded guilty to using that strategy to steal around $5m in cryptocurrency, according to a report in Motherboard. Joel Ortiz, 20, accepted a plea deal in California that will see him serve 10 years in prison for SIM swapping the phone numbers of some 40 victims. “Ortiz is one of a handful of SIM swappers who have been arrested in the last year for hijacking phone numbers and using them to then hack into emails, social media accounts, and online Bitcoin wallets,” Motherboard’s Lorenzo Franceschi-Bicchierai wrote. “Other people who have been arrested are Xzavyer Narvaez, who’s accused of stealing around $1m in Bitcoin; Nicholas Truglia, who’s also accused of stealing millions in Bitcoin; and Joseph Harris, one of the most infamous SIM swappers who allegedly stole more than $14m in cryptocurrency.”
NASA: Blockchain could meet air traffic mandate while improving security
Using an open-source permissioned blockchain could enable air traffic controllers to protect privacy for certain flights while still complying with a coming mandate from the US Federal Aviation Administration, according to a recent paper by a NASA researcher. “Current radar-based air traffic service providers may preserve privacy for military and corporate operations by procedurally preventing public release of selected flight plans, position, and state data,” writes Ronald J Reisman of NASA’s Ames Research Centre. “The FAA mandate for national adoption of Automatic Dependent Surveillance Broadcast (ADS-B) in 2020 does not include provisions for maintaining these same aircraft-privacy options, nor does it address the potential for spoofing, denial of service, and other well-documented risk factors.” Reisman says his proposed blockchain framework could not only succeed where other efforts to make the ADS-B system more secure have failed, but could also be deployed “economically and rapidly”.
AI and blockchain could help smart cities protect privacy and security
A decentralised framework using blockchain and artificial intelligence could enable governments to provide better security and privacy in cities, according to a chapter in a new book about smart city cybersecurity and privacy. Written by a trio of researchers at the UK’s Northumbria University, the chapter describes how such a framework could help detect and prevent denial-of-service and malware attacks, support anonymity and encryption for privacy, provide scalable network permissions, and generate IDs and blockchain addresses for users. “The blockchain technology ensures the privacy, security and integrity of sensitive information, while the AI advances power the development of intrusion detection and prevention systems,” write researchers Longzhi Yang, Noe Elisa and Neil Eliot.