US Grand Jury Indicts Ethereum Researcher Virgil Griffith Over North Korea Trip

US Grand Jury Indicts Ethereum Researcher Virgil Griffith Over North Korea Trip

Ethereum Foundation researcher Virgil Griffith was indicted for violating international sanctions after giving a talk in North Korea

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

The United States District Court for the Southern District of New York has filed an indictment against Ethereum Foundation researcher Virgil Griffith on Jan. 7.

According to a court filing on Jan. 7, a federal grand jury charged Griffith with conspiracy to violate the International Emergency Economic Powers Act.

The act was introduced in 1977 and is a U.S. federal law authorizing the president to regulate international commerce in case of a national emergency coming from outside the country. Griffith is accused of knowingly and willfully having conspired to violate the measures taken against the Democratic People’s Republic of Korea (DPRK).

Griffith was arrested in late November 2019 for allegedly delivering a presentation on how to use cryptocurrencies and blockchain technology to circumvent sanctions. He is believed to have done so with other people, of which at least one — the court claims — is expected to be brought to and arrested in the Southern District of New York. The document reads:

“It was a part and an object of the conspiracy that Virgil Griffith, the defendant, and others known and unknown, would and did provide and cause others to provide services to the DPRK, without first obtaining the required approval. ”

The court is further seeking the forfeiture of any property that Griffith bought or earned as a result of his alleged activities in the DPRK. The charges carry a maximum term of 20 years in prison. 

Crypto community divided regarding Griffith’s actions

In December, Ethereum founder Vitalik Buterin said that by going to deliver speeches to North Korea, Griffith showed the virtue of geopolitical open-mindedness, stating:

“I don’t think what Virgil did gave DPRK any kind of real help in doing anything bad. He delivered a presentation based on publicly available info about open-source software. There was no weird hackery ‘advanced tutoring.’ […] Virgil made no personal gain from the trip. […] I hope USA […] focuses on genuine and harmful corruption that it and all countries struggle with rather than going after programmers delivering speeches.”

Cryptocurrency journalist Laura Shin, on the other hand, explained in a Twitter thread that North Korean citizens are not allowed to talk to foreigners and that Griffith must have interacted with the regime, not local people:

“I see people saying a talk in NK could help the people against the government. But an approved public talk means you are interacting with the dictatorship, giving them knowledge that helps them. And what do they do? They oppress 25 million people and they’ve done so for decades. […] If you want to help everyday North Koreans, it has to be in secret.”

Shin also noted that the local population has no access to the internet and no clear idea of what the internet is, alluding to the fact that DPRK citizens would have no way to access a public blockchain and the knowledge would not prove useful to them:

“Let’s say Virgil could have educated everyday North Koreans on cryptocurrency. He would likely have to start such a presentation by explaining what the internet is. […] Owning the kind of device you would need to access it is prohibited and likely something that could get you sent you to a very scary place.”

Some claim that the borderless nature of cryptocurrencies makes them particularly suitable tools for evading sanctions and moving funds without the approval of financial regulators. As Cointelegraph reported in September last year, North Korea is reportedly in the early stages of building its own cryptocurrency in what appears to be an effort to evade U.S.-imposed sanctions.

In December 2019, Iran’s president proposed to create a Muslim cryptocurrency as one of a number of means to confront the economic dominance of the United States. 

Venezuela is also attempting to circumvent U.S. sanctions using their own crypto-asset, having launched the Petro, a stablecoin purported tied to Venezuelan crude oil supplies, in February 2018.

Zur Quelle

Ethereum Foundation researcher Virgil Griffith was indicted for violating international sanctions after giving a talk in North Korea

Grand Theft Crypto: The State of Cryptocurrency-Stealing Malware and Other Nasty Techniques

Grand Theft Crypto: The State of Cryptocurrency-Stealing Malware and Other Nasty Techniques

Hottest advice to avoid having your crypto stolen? Still — common sense

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

Much of digital assets’ appeal stems from the fact that many of them are not affiliated with or controlled by governments, central banks or transnational corporations (at least, not yet). The price paid for the independence from institutions of global capitalism, though, might sometimes be extremely high, as, in the event of cryptocurrency theft, there is no one to appeal to for recourse. Further still, the irreversible nature of blockchain transactions renders it extremely difficult to get the money back once its gone.

The villains of the internet love cryptocurrencies for the same reasons. In the last few years, marked by the spike of popularity for digital money, hackers and scammers of all sorts have perfected the art of pilfering it from unwitting users, many of whom are newcomers to the space.

Roughly a year ago, Cointelegraph had already compiled a lengthy overview of many popular crypto-stealing tricks and tips on how to avoid falling prey to them. While the list remains relevant as ever, the time has come to revisit the subject to see if there are new threats to your crypto assets to beware of.

Aggregate dynamics

A recent report by cryptocurrency intelligence firm CipherTrace estimated losses from digital currency theft and scams in the first quarter of 2019 at $356 million, with additional fraud or misappropriated fund losses amounting to $851 million in the same period. Alarmingly, this Q1 total of $1.2 billion constituted 70% of the total losses to crypto crime in all of 2018, indicating intensified hacking activity in the first months of 2019.

Cryptocurrency Mining Malware Detections from 2014-2015, Courtesy of Several CTA Members

At the same time, a study conducted by a security company Positive Technologies registers a change in the structure of attacks. The share of cryptojacking — or, hidden cryptocurrency mining — in the overall volume of cyberattacks seems to be declining: Having reached a peak in early 2018, this type of criminal activity dropped to just 7% in the first quarter of 2019. The analysts noted, however, that the observed trend merely reflects the way malware previously used primarily for cryptojacking has become smarter and more versatile. If the virus recognizes that the machine it took over lacks processing power, it may divert to other modes of operation, such as clipboard jacking.

Researchers at Positive Technologies predicted an increase in the overall number of attacks in the second quarter of the year. Their report pointed out malware and social engineering as attackers’ most widely used tactics and recorded the increasing prominence of ransomware attacks. These findings are further corroborated by ransomware recovery company Coveware, whose analysis revealed a 89% increase in an average ransom from the fourth quarter of 2018 to the first quarter of 2019.

Related: Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?

Although perpetrators of ransomware attacks demand payments in cryptocurrency, nearly always, this type of criminal activity is not specific to the crypto sphere, targeting companies from a wide range of industries. This type of intrusion entails infecting the victim’s device with a piece of code that denies the owner access to their system or data, and demanding payment to regain access. Since these attacks usually prey on fairly large corporate entities, we will skip over to those that seek to part individual crypto investors with their digital funds.

Malware or social engineering?

One intuitive way to classify attacks that target users’ digital assets could be to juxtapose those that seek to find weak spots in software (say, secretly infecting victim’s computer with an ingenious virus) and those aimed at exploiting errors in human judgement (fooling a person into handing over their wallet’s private key).

Yet, in fact, these two modes exist on a spectrum rather than on a binary scale. The most successful thefts entail some degree of participation on behalf of the victim — such as opening a phishing email, using public Wi-Fi to check a crypto wallet or willingly installing a shady app — and a piece of malicious code, whether it is a Trojan or a scam bot on Slack.

Breaking the variety of threats down according to the attack vector is perhaps a more meaningful strategy. It is also far from optimal, though, as many known viruses these days can alter their behavior according to circumstances, and are capable of both installing hidden miners and simply stealing keys as needed. The following topology is therefore highly contingent.

Clipboard hijacking

Because no one wants to manually type in long strings of random alphanumeric characters that are also case-sensitive, we all use the copy/paste function to indicate the addresses we send our coins to. Clipboard hijackers (aka clippers) are pieces of malware that detect an event of clipboard use to store a crypto wallet address then trigger a script that replaces the correct address with that of an attacker. As a result, often without the victim realizing what happened, the digital currency flows straight to the thief’s pocket. Using the same technique, clippers are capable of stealing passwords and keys as well.

Related: Crypto Crime Trends Evolving as Users Wise Up: Exchange Hacks, Darknet and Money Laundering

Perhaps the most sinister specimen of clipper malware uncovered so far in 2019 is the one that made it on the Google Play Store disguised as the mobile version of MetaMask, a popular client used to access decentralized applications (DApps) from a web browser — except, there is no MetaMask version for mobile. Although it was taken down soon after discovery, the very fact that the app managed to make it past Google Store’s defenses is impressive and it reminds us that even the authenticity of software found in major stores should not be taken for granted.


Cryptojacking, also known as hidden mining, is the covert exploitation of other users’ devices to mine cryptocurrency. Usually, a targeted computer gets infected by a Trojan that installs a miner. Victims do not get stripped of their crypto assets directly, yet the losses they sustain may be quite unpleasant, from footing enormous electricity bills to having an overloaded computer break down.

The number of detected attacks of this type exhibits a curious pattern of strong correlation with crypto prices. As the aforementioned reports suggested, the overall share of cryptojacking attacks appears to be declining this year — however, the ingenuity of their perpetrators is only growing. Some hidden mining operations may reach extraordinary scale, too: As Cointelegraph recently reported, a campaign using cryptojacking malware to mine the privacy-focused cryptocurrency turtlecoin (TRTL) was found to have infected more than 50,000 servers worldwide.

Just a few days ago, two browser extensions that secretly sponged their users’ central processing units (CPUs) to mine privacy-focused cryptocurrency monero were discovered on the official Google Chrome store. Previously, such malware was found to be hiding in legitimate Adobe Flash updates and convincingly posing as Windows installation packages.

Infection Chain

Researchers from cybersecurity firm Trend Micro have uncovered a fascinating tactic employed by cryptocurrency hackers to smuggle monero miners onto Oracle enterprise servers. In order to obfuscate the malicious code, the program hides it in certificate files. This way, they go unnoticed by antivirus software that automatically treats certificate files as reliable.

Website clones

Having originated in the remote corners of the darknet, where online stores selling illicit substances have long been “cloned” by scammers seeking to trick drug users into transferring bitcoin to their accounts, the technique is well and alive as of June 2019. The latest example is the case of the crypto trading website Cryptohopper, whose malicious copy facilitated in the infection of the computers of unwitting crypto traders who visited it. The victims had both mining and clipboard hijacking Trojans installed, resulting in an aggregate loss of almost $260,000.

Cryptocurrency trading platforms and exchanges appear to be the area of crypto sphere most vulnerable to hacking attacks, as they present shortcuts to swaths of centrally stored digital assets. Sky Guo, CEO and co-founder of Cypherium, told Cointelegraph that this has to change in order for the industry to be able to cope with rising security threats:

“Security threats happen on the level of the software, the infrastructure. But our industry needs to realize that there are dangers attached to presenting something as ‘decentralized’ in order to cash in on the security advances of blockchain tech. Projects like Facebook’s Libra and some other major projects already leading in our industry still have central points of failure by virtue of their highly permissioned network structures, and they need to be more transparent about the security implications of such systems.”

Related: What Is Libra? Breaking Down Facebook’s New Digital Currency

Social engineering as a separate trend

The term “social engineering” refers to a broad scope of malicious activities whereby wrongdoers use human interactions to accomplish their goals. These attacks usually rely on less sophisticated technical solutions, seeking to exploit the victims’ lack of attention, literacy or understanding of the context in order to obtain sensitive information or extort digital assets. As more people without much technical sophistication flock into the crypto space, simple schemes that didn’t stand a chance with old-school crypto buffs might suddenly become efficient.

Matthew Finestone, the director of business development at Loopring, an open-source protocol for building decentralized exchanges, observed to Cointelegraph:

“I really see attacks drawing on human inattention becoming more prevalent. It’s dangerous because newcomers to the space aren’t aware of these threats, and they often fail to realize that there is no recourse after cryptocurrency is sent, unlike traditional financial systems that can bail you out in worst case scenarios. Being careful, and learning from resources such as your article are a good starting point.”

Finestone also recalled his recent experiences with two rather simplistic social engineering schemes: one that came with an aggressive threat to release some harmful or embarrassing information if a crypto ransom was not sent to them shortly and another pretending to come from a friend or colleague asking for some coins. He concluded that both, like the majority of social engineering schemes, could be easily combated with vigilance and a healthy dose of common sense.

In fact, these universal principles apply to any type of potential attack aimed at your digital money. While a few of them are incredibly sophisticated, the majority count on the victim’s disregard of telltale signs apparent to the naked eye. It is always a good idea to double-check wallet addresses when performing transactions and to scrutinize the spelling of trading-related domains you visit. Making sure that your antivirus software is up to date is another useful habit that could save you some bitter regrets over digital money lost forever.

Zur Quelle

Hottest advice to avoid having your crypto stolen? Still — common sense