ICO security company launches Chainwatch, a real time monitoring product for ICOs
Positive.com’s specialist anti-fraud team found an average of five separate vulnerabilities in each project they examined in 2017, revealing the extent of risk for ICO management teams and investors alike. 47% of ICO vulnerabilities uncovered by Positive.com’s anti-fraud team were medium to high severity. Just one vulnerability is enough for attackers to steal investors’ money and do irreparable damage to corporate reputation.
With large sums of money available, incentives for cybercriminals are high, and in fact, we saw 7% of all funds raised in ICOs last year stolen, to the value of $300 million. Of all the security audits conducted for Positive.com clients active in ICOs and blockchain deployment in the banking industry in 2017, only one did not contain any critical flaws.
Positive.com has today launched the open beta phase of its unique Chainwatch product, which provides real-time monitoring and detection of attacks on ICO smart contracts and wallets. Currently in trial with customers, and the open beta phase making it open to the public, Chainwatch allows timely response to suspicious activity through predefined rules (blockchain metrics), which alert when a threshold is reached and an anomaly detected – such as abnormal money withdrawal. Early alerts to potentially fraudulent activity allow ICO organizers to take evasive action, such as withdrawing funds or warning investors to hold money transfer.
Chainwatch is the only product that can monitor all Ethereum smart contracts in real-time, with automated alerts to owners and investors, meaning ICO organizers can take a proactive approach to security and monitor the load on the service. New checks are being added daily, but Chainwatch already detects key attack types, including Transaction Ordering Dependence (TOD), Reentrancy, Short Address Attacks and anomalous attacks.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive.com said “In an ICO, time is of the essence, and short time frames mean that anticipating attacks well in advance is critical for avoiding financial losses. The latest figures have shown the rapidly increasing rate of crime and fraud on the cryptocurrency market, with cybercriminals recognizing the opportunity presented by the dramatic rise of the cryptocurrency market in recent months. However, none of the ICOs protected by Positive.com fell victim to cyberattacks and all successfully completed their ICOs without incident.”
Positive.com found that 71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO. Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, vulnerabilities in smart contracts occur due to lack of programmer expertise and insufficient source code testing, with high-profile incidents, including the recent BatchOverFlow bug and the Parity Wallet vulnerability in late 2017. And one third of all ICO vulnerabilities detected by Positive.com experts were in smart contracts.
Half of audits revealed vulnerabilities in ICO web applications, a huge risk with unauthorised control of a website and its contents potentially causing multi-million dollar losses in just minutes.
The team found vulnerabilities were divided into five groups;
- Vulnerabilities allowing attacks against ICO organizers– in fact, Positive.com found that 1 out of 3 ICOs had flaws that enabled attacks against organizers. Attack strategies can include hijacking the email account of the ICO organizer, using information on social networks, gaining text message information from darknet merchants or social engineering techniques to bypass two-factor authentication, for example. Once the email account has been hijacked, attackers can reset the password for the ICO domain or web host, and subsequently replace the wallet address, for example as in an attack against Coindash.io, resulting in a $7 million loss.
- Vulnerabilities in smart contracts– typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others. Generally these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing.
- Vulnerabilities in web applications– some of these involved the security of the blockchain itself and its backend implementation (for example with web3.js), whilst others are more general, including code injection, web server disclosure of sensitive information, insecure data transfer and arbitrary file reading.
- Vulnerabilities allowing attacks against investors– the risk of social engineering-based attacks can be mitigated by smart pre-planning by ICO teams, registering all possible versions of the project domain name, misspellings and signing up/registering names on social media accounts. And ICO teams should take notice of this — 23% of projects tested by Positive.com experts contained flaws that allow attacks against investors.
- Vulnerabilities in mobile applications– created by some ICO teams for investor convenience, the Positive.com team identified 2.5 times more vulnerabilities in ICO mobile apps than in ICO web applications. And alarmingly, vulnerabilities were detected in 100% of ICO mobile applications. The most common flaws found include insecure data transfer, storage of user data in backups and session ID disclosure. These flaws may be useful in gaining details about a project, its organizers and investors, prompting use by attackers in subsequent attacks.
Galloway continued: “The second a company goes public with an intention to do an ICO, it’s waving a huge flag to cyber criminals that it’s both valuable and also in a very vulnerable phase of its company growth. ICO teams have a responsibility to ensure their security posture is as robust as possible, from the development of the smart contract and web applications, to monitoring load once the ICO has begun and helping investors avoid phishing attacks.”
Dollar edges lower as investors favor higher-risk currencies
By Stephen Culp
NEW YORK (Reuters) – The dollar lost ground on Friday as market participants favored currencies associated with risk-on sentiment over the safe-haven greenback.
Risk appetite was stoked by better-than-expected economic data and expectations that U.S. President Joe Biden’s proposed $1.9 trillion coronavirus relief package will come to fruition.
“The dollar’s down against other currencies but not by a whole lot,” said Oliver Pursche, president of Bronson Meadows Capital Management in Fairfield, Connecticut. “I expect the dollar to be where it is now at the end of the year, and the main reason for that is while I see some signs of improvement in the economy, monetary policy is going to stay where it is.”
“I don’t think the dollar is underpriced or overpriced,” Pursche added.
For the week, the dollar slid about 0.2% against a basket of world currencies, the euro was essentially flat, and the yen lost more than 0.5%. But the British pound advanced more than 1.1% against the dollar, its best week since mid-December.
Bitcoin continues soar to record highs. The world’s largest cryptocurrency was last up 6.6% at $54,961.67, hitting $1 trillion in market capitalization.
Its smaller rival, ethereum, was last up 0.7% at $1,953.28.
The digital currencies have gained about 89% and 1,420%, respectively, year to date, leading some analysts to warn of a speculative bubble.
“One concern I’ve always had (about cryptocurrencies) is how susceptible they are to manipulation,” Pursche said. “But they’re going to continue to gain legitimacy.”
“While it’s great that Tesla made an investment in bitcoin, I’m more intrigued by Blackrock and other major investment firms taking a hard look at cryptocurrencies as a viable investment.”
The Australian dollar, which is closely linked to commodity prices and the outlook for global growth, was last up 1.21% at $0.7863, touching its highest since March 2018.
The New Zealand dollar also gained, closing in on a more than two-year high, and the Canadian dollar advanced as well.
Sterling, which often benefits from increased risk appetite, rose to an almost three-year high amid Britain’s aggressive vaccination program. It had last gained 0.27% to $1.40.
The euro showed little reaction to a slowdown in factory activity indicated by purchasing manager index data, rising 0.21% to $1.2116.
The yen, gained ground against the dollar and was last at 105.495, creeping above its 200-day moving average for the first time in three days.
(Reporting by Stephen Culp, additonal reporting by Tommy Wilkes; editing by Jonathan Oatis)
Shares rise as cyclical stocks provide support; yields climb
By Saqib Iqbal Ahmed
NEW YORK (Reuters) – A gauge of global equity markets snapped a 3-day losing streak to edge higher on Friday, as the recent selling pressure on high-flying big technology-related stocks eased even as investors showed a preference for economically sensitive cyclical sectors.
Oil prices fell from recent highs as Texas energy companies began preparations to restart oil and gas fields shuttered by freezing weather, while the U.S. Treasury yields extended their recent rise.
The MSCI’s global stock index was up 0.47% at 681.88, after losing ground for three consecutive sessions.
On Wall Street, stocks steadied as cyclical sectors edged higher while tech names made modest advances after concerns about elevated valuations led to some selling in recent sessions.
“What we saw (this week) represents a market that is tired and may not do very much. So we are headed for some sort of a pullback, but I don’t think we’re there just yet,” said Peter Cardillo, chief market economist at Spartan Capital Securities in New York.
“Investors are not really pulling out of the market, but they are becoming more cautious. It already has factored in another good positive earnings season.”
The Dow Jones Industrial Average rose 119.97 points, or 0.38%, to 31,613.31, the S&P 500 gained 12.93 points, or 0.33%, to 3,926.9 and the Nasdaq Composite added 92.58 points, or 0.67%, to 13,957.93.
The S&P 500 technology and communication services sectors, housing high-value growth stocks, were among the smallest gainers in early trading, while financials, industrials, energy and materials rose more than 1%.
European shares edged higher on Friday as an upbeat earnings report from Hermes boosted confidence in a broader economic recovery. The pan-European STOXX 600 index was 0.64% higher.
U.S. Treasury yields on the longer end of the curve rose to new one-year highs on Friday as improved risk appetite boosted Wall Street, while the yield on 30-year inflation-protected securities (TIPS) turned positive for the first time since June.
Core bond yields have pushed higher globally, led by the so-called reflation trade, where investors wager on a pick-up in growth and inflation. Growing momentum for coronavirus vaccine programs and hopes of massive fiscal spending under U.S. President Joe Biden have spurred reflation trades.
The benchmark 10-year yield was last up 5.1 basis points at 1.338%, its highest level since Feb. 26, 2020.
Oil prices retreated from recent highs for a second day on Friday as Texas energy companies began preparations to restart oil and gas fields shuttered by freezing weather.
Unusually cold weather in Texas and the Plains states curtailed up to 4 million barrels per day (bpd) of crude oil production and 21 billion cubic feet of natural gas, analysts estimated.
Brent crude futures were down 28 cents, or 0.44%, at $63.65 a barrel, while U.S. West Texas Intermediate (WTI) crude futures fell 66 cents, or 1.09%, to $59.86.
Copper jumped to its highest in more than nine years on Friday and towards a third straight weekly gain as tight supplies and bullish sentiment towards base metals continued after the Chinese New Year.
Spot gold XAU= was down 0.58% at $1,785.71 an ounce.
The dollar lost ground on Friday, extending Thursday’s decline as improved risk appetite sapped demand for the safe-haven currency and drew buyers to riskier, higher-yielding currencies. The dollar index was off 0.295%.
Bitcoin hit yet another record high on Friday, hitting a market capitalization of $1 trillion, blithely shrugging off analyst warnings that it is an “economic side show” and a poor hedge against a fall in stock prices.
(Reporting by Saqib Iqbal Ahmed; Editing by Nick Zieminski)
Oil falls after surging past $65 on Texas freeze
By Stephanie Kelly
NEW YORK (Reuters) – Oil prices fell on Thursday despite a sharp drop in U.S. crude inventories, as market participants took profits following days of buying spurred by a cold snap in the largest U.S. energy-producing state.
Brent crude fell 41 cents, or 0.6%, to settle at $63.93 a barrel. During the session it rose as high as $65.52, its highest since January 2020.
U.S. West Texas Intermediate (WTI) crude futures fell 62 cents, or 1%, to settle at $60.52 a barrel, after earlier reaching $62.26, the highest since January 2020.
Brent had gained for four straight sessions before Thursday, while WTI had risen for three.
“The market probably got a little bit ahead of itself,” said Phil Flynn, a senior analyst at Price Futures Group in Chicago. “But make no mistake, this selloff in oil doesn’t solve the problems. The problems are going to persist.”
Though some Texas households had power restored on Thursday, the state entered its sixth day of a cold freeze. It has grappled with refining outages and oil and gas shut-ins that rippled beyond its border into Mexico.
The weather has shut in about one-fifth of the nation’s refining capacity and closed oil and natural gas production across the state.
“The temporary outage will help to accelerate U.S. oil inventories down towards the five-year average quicker than expected,” SEB chief commodities analyst Bjarne Schieldrop said.
Prices dropped despite a decrease in U.S. oil inventories. Crude stockpiles fell by 7.3 million barrels in the week to Feb. 12, the Energy Information Administration said on Thursday, compared with analysts’ expectations for an decrease of 2.4 million barrels.
Crude exports rose to 3.9 million barrels per day, the highest since March, EIA said.
“The big nugget was the big jump in exports of crude oil,” said John Kilduff, partner at Again Capital in New York. “We’ll have to see what happens with that next week weather in Texas, but I have been looking for a pickup there for a while.”
Oil’s rally in recent months has also been supported by a tightening of global supplies, due largely to production cuts from the Organization of the Petroleum Exporting Countries (OPEC) and allied producers in the OPEC+ grouping, which includes Russia.
OPEC+ sources told Reuters the group’s producers are likely to ease curbs on supply after April given the recovery in prices.
(Additional reporting by Yuka Obayashi in Tokyo; editing by Emelia Sithole-Matarise, Steve Orlofsky, David Gregorio and Jonathan Oatis)
Former Bank of England Governor Carney joins board of digital payments company Stripe
By Kanishka Singh (Reuters) – Mark Carney, former head of the UK and Canadian central banks, has joined the board...
Airbus CEO urges trade war ceasefire, easing of COVID travel bans
By Tim Hepher PARIS (Reuters) – The head of European planemaker Airbus called on Saturday for a “ceasefire” in a...
Why a predictable cold snap crippled the Texas power grid
By Tim McLaughlin and Stephanie Kelly (Reuters) – As Texans cranked up their heaters early Monday to combat plunging temperatures,...
UK could declare Brexit ‘water wars’ – The Telegraph
(Reuters) – Britain could restrict imports of European mineral water and several food products under retaliatory measures being considered by...
Commerzbank to lose 1.7 million clients by 2024 – Welt am Sonntag
FRANKFURT (Reuters) – Commerzbank expects to lose 1.7 million customers by 2024 as part of its current restructuring, resulting in...
Bitcoin and ethereum prices ‘seem high,’ says Musk
(Reuters) – Billionaire CEO Elon Musk said on Saturday the price of bitcoin and ethereum seemed high, at a time...
Sunak to raise business tax to pay for COVID-19 support – The Sunday Times
(Reuters) – British finance minister Rishi Sunak is set to increase a tax on business to pay for an extension...
FTSE Russell to include 11 stocks from China’s STAR Market in global benchmarks
SHANGHAI (Reuters) – Index provider FTSE Russell will add 11 stocks from China’s STAR Market to its global benchmarks, according...
Foxconn chairman says expects “limited impact” from chip shortage on clients
TAIPEI (Reuters) – The chairman of Apple Inc supplier Foxconn said on Saturday he expects his company and its clients...
Bitcoin, ether hit fresh highs
SINGAPORE (Reuters) – Bitcoin hit a fresh high in Asian trading on Saturday, extending a two-month rally that saw its...