Category: CyberSecurity

Kiffmeister’s #Fintech Daily Digest (20230707)*

~ kiffmeister

CBDCTracker.org June 2023 global CBDC developments update

Atakan Kavuklu published a summary of key central bank digital currency (CBDC) developments reflected in the end-June CBDCTracker.org database update. [Read more at Medium]

NY Fed completes PoC for regulated digital asset settlement

The Federal Reserve Bank of New York’s New York Innovation Center (NYIC), in collaboration with members of the U.S. financial services sector, published the findings of a proof of concept (PoC) that explored the feasibility of an interoperable network for wholesale payments operating on a shared multi-entity distributed ledger. The research project, undertaken jointly with private sector organizations, experimented with the concept of a regulated liability network (RLN), a theoretical payment infrastructure designed to support the exchange and settlement of regulated digital assets. The experiment successfully simulated both the domestic and cross-border scenarios, identifying shared ledger technology as a potential solution to support payment innovation. [Read more at the NY Fed NYIC]

Project Polaris: closing the CBDC cyber threat modelling gaps

The BIS Innovation Hub (BISIH) published a report on Part II of its Project Polaris which focused on the risk and resilience aspects of CBDCs built on distributed ledger technology (DLT) based platforms. It analyses several notable DLT attacks in the decentralized finance (DeFi) domain, revealing that there are gaps in existing threat modelling techniques that may not adequately address the threats and associated security controls to properly protect CBDCs that make use of novel technology (e.g., DLT, smart contracts) from the tactics, techniques and procedures (TTPs) used by threat actors in the DeFi space. Additionally, the “mean time to attack” (based on the DLT attacks studied in this analysis) is around 10 months from the launch of a DeFi implementation and the successful compromise. Hence, CBDC issuers must be positioned to monitor and repel both well understood and novel TTPs. [Read more at the BISIH]

MAS amendments to restrictions on e-money personal payment accounts

Following a public consultation, the Monetary Authority of Singapore (MAS) is going to raise the caps on e-wallets during the second half of 2023. The maximum amount of funds that can be held at any given time (“stock cap”) in each e-wallet, is being raised from $5,000 to $20,000, and the maximum total outflow over a rolling 12-month period (“flow cap”) from each e-wallet, is being raised from $30,000 to $100,000. [Read more at the MAS]

Namibia passed bill to regulate crypto and digital assets

On June 22, Namibia’s lower house of parliament passed legislation to regulate digital assets, cryptocurrencies and virtual asset service providers (VASPs) in the country. It aims to establish a framework for licensing and regulating VASPs, and appoint a regulatory authority responsible for supervising these providers and their activities. The bill is now awaiting official publication before coming into effect. [Read More at CoinTelegraph]

 

Kiffmeister’s #Fintech Daily Digest (20230227)

~ kiffmeister

Companies have sprung up that say they can recover stolen crypto. That rarely happens.

Forbes published an article about a new industry that has cropped up that promise victims of crypto scams to spend more money in order to recover their already-lost sums, with scant evidence that they regularly work as advertised. Multiple U.S. financial and law enforcement agencies generally tell scam victims to treat these services with a healthy dose of skepticism. That’s because even if one of these companies is involved, law enforcement still has to do its own independent investigation — for which victims aren’t charged. Plus, no private company has the authority to compel the freezing, much less the seizure, of crypto assets held at an exchange. [Read more at Forbes]

Over 13 Million ALGO Now Suspected Stolen, Algorand Foundation CTO Responds To The Situation

Over 13 million ($3.5 million) ALGO has reportedly been stolen between 19th to 21th of February, over 12 accounts have been affected. Most of the stolen ALGO was transferred to the ChangeNow, a non-custodial crypto exchange that operates without extending know-your-customer (KYC) to all its users. However, the ChangeNOW team has implemented anti-money laundering (AML) mechanisms designed to detect fraud and filter suspicious transactions, and had halted $1.5 million of suspicious ALGO and USDC transactions on the Algorand blockchain and stopped the malicious actors from accessing the stolen funds any further. [Read more at AlgoDaddy]

There may be a connection with MyAlgo web-based non-custodial wallets, which recently reported a targeted attack carried out against a group of high-profile MyAlgo accounts. MyAlgo wallets keep users’ encrypted private keys on their local devices, accessed using passwords and mnemonic phrases. However, being a web-based wallet, it is vulnerable to phishing attacks. According to MyAlgo, it appears that the attacked users all had significant funds in their accounts and were using mnemonic wallets with the key stored in the browser. None were using hardware wallets. The firm is strongly advising all users to withdraw any funds from mnemonic wallets that were stored in MyAlgo.

Upcoming conferences, webinars and speaking engagements:

  • I’ll be providing a (probably virtual) update on global central bank digital currency (CBDC) developments at the Digital Euro Association Digital Euro Conference on March 31 in Frankfurt. [Register here]
  • I’ll be moderating a panel on “what happens when the lights go out…different schemes for offline functionality” at the in-person Digital Currency Conference (DCC) in Mexico City on May 18. [Register here]

Kiffmeister’s global central bank digital currency monthly monitor

Just a reminder that I produce a monthly digest of central bank digital currency (CBDC) developments exclusively for the official sector. So for any of you out there who work for a central bank, ministry of finance or international financial institution who would like to receive it by email on the first business day of every month, please DM me on LinkedIn or email me at chronicles@kiffmeister.com.

The Sovereign Official Digital Association (SODA) is a technology-agnostic firm offering advisory services at the intersection of central banking, digital finance and the web3 industry, aiming to make public digital money a reality. SODA believes institutions in the existing financial ecosystem should have access to the tools and resources they need to move from discussion to action. SODA offers ‘real life’ use cases to help test digital money and drive adoption as central banks and other public institutions explore the future of a more financially inclusive world powered by interoperable blockchain-based networks. SODA would love you to join us on this journey – please get in touch (chris@sodapublicmoney.org).

Satoshi Capital Advisors is a New York-based, global advisory firm that works with central banks, governments, and the private sector to architect, implement, and operate varying initiatives. Satoshi Capital Advisors’ central bank work revolves around CBDC architecture and implementation, providing advisory services from research phase through to growth phase. Utilizing a product-market fit and technology agnostic approach to CBDC architecture and implementation enables Satoshi Capital Advisors to build tailored solutions, bespoke to local financial system nuances. Satoshi Capital Advisors welcomes requests from central bank officials for virtual and in-person CBDC workshops. [Click here for more information]

WhisperCash offers the first fully offline digital currency platform that has the same properties as physical cash. It can perform secure consecutive offline payments without compromising on security, privacy or accessibility. WhisperCash allows direct person to person offline payments without any server infrastructure or internet connectivity. It comes in various form factors including the self-contained credit card-sized “Pro” that sports an eInk screen and capacitive keyboard, and lasts for two weeks between recharges assuming a few transactions per day. [Click here for more information]

Kiffmeister’s #Fintech Daily Digest (20221112)

~ kiffmeister

FTX says it moved remaining funds to cold wallets to ‘mitigate damage’ after ‘unauthorized transactions’

Over $600 million in crypto left FTX’s wallets late Friday (November 11, 2022) and many FTX wallet holders also reported that they were seeing $0 balances in their FTX.com and FTX US wallets. The bankrupt exchange’s general counsel Ryne Miller said the exchange was “investigating abnormalities with wallet movements related to consolidation of FTX balances across exchanges — unclear facts as other movements not clear.” Shortly after that, he said that the firm had initiated precautionary steps to move all digital assets to cold storage. Also, on-chain data seems to indicate that funds are also being drained from wallets of clients of Almeda, a sister trading company of the exchange. Obviously the situation is very fluid, with all sorts of rumors floating around. For those interested in following the FTX trials and tribulations, I’m still collecting them here on my Diigo social bookmarking page.

New York Fed, several big banks testing ‘regulated liability network’

The New York Fed is reportedly poised to unveil a proof-of-concept for “regulated liability networks” — an experiment around tracking and transmitting tokenized debt issued by an array of regulated financial institutions. Citi’s Tony McLaughlin, a leader in the field of regulated liability networks. in a recent blog post on Citi’s website, wrote, “It may be possible for central banks and regulators to create a new direction for the regulated sector through a slight pivot in existing CBDC projects and the nascent tokenization of commercial bank money. They may adopt a broader view of the task at hand — not the tokenization of central bank liabilities, but the tokenization of all regulated liabilities on a common platform.” [Read more on The Block]

FTX showed the problems of centralized finance, and proved the need for DeFi

The FTX collapse was a failure of centralized finance (CeFi), not decentralized finance (DeFi). If there is a silver lining for the FTX fiasco, it is a reminder of the importance of decentralization. Like the financial institutions that collapsed in 2008, the CeFi economic incentive is to under-collateralize and take risks with user funds, play political games, and cozying up to regulators. DeFi platforms are designed to preserve the benefits introduced by Bitcoin and magnified by Ethereum: permissionless, transparency, censorship resistance and self-sovereign custody of assets. [Read the whole editorial on CoinDesk]

Binance Reserves Show Almost Half of Holdings Are in Its Own Tokens

Binance holds $74.7 billion worth of tokens of which around 40% are in its own BUSD US dollar-pegged stablecoin and its BNB native coin. Of the $74.6 billion termed as networth, about $23 billion was in BUSD and $6.4 billion in BNB. The exchange has also allocated 10.5% of its holdings in Bitcoin and 9.8% in Ether. While Binance shared details of its reserves, the dashboard does not break down how much of the assets are its own holdings, versus those of its customers. [Read more on Bloomberg]

Crypto.com Holds 20% of Its Reserves in Meme Token SHIB

Crypto.com holds 31% of its digital asset reserves in Bitcoin, 20% in the Shiba Inu token (a highly speculative “meme coin”) and 17% in Ethereum. Various other cryptocurrencies and tokens collectively account for the rest. Meme coins are cryptocurrencies and tokens that are typically inspired by internet memes, and don’t have significant functional utility. [Read more at Decrypt]

New Zealand government moves to introduce open banking to give customers a better deal

New Zealand will introduce open banking over the next two years. Minister of commerce and consumer affairs David Clark said “open banking ensures banks must share customer information if they request it, making it easier for New Zealanders to compare mortgage rates, apply for loans, and switch banks.” [Read David Clark’s statement here]

A LeVeL Paying Field: Cryptographic Solutions towards Social Accountability and Financial Inclusion

Crypto-assets rely on fixed public/private key algorithms, which are resting targets for advanced cryptanalysis. BitMint’s BitMint*LeVeL protocol allows each holder to pick their own public/private key algorithm, so that an attacker would have to compromise all the algorithms used by all previous coin owners – a substantial security upgrade relative to existing crypto-assets. LeVeL can be applied to crypto-assets and fiat currency to effectively serve as a claim check. BitMint*LeVeL can achieve decentralization via BitMint’s InterMint: Money is minted by many smoothly interchangeable mints competing for traders. [Download the paper here]

Kiffmeister’s Global Central Bank Digital Currency Monthly Monitor

Just a reminder that I produce a monthly digest of central bank digital currency (CBDC) developments exclusively for the official sector. So for any of you out there who work for a central bank, ministry of finance or international financial institution who would like to receive it by email on the first business day of every month, please DM me on LinkedIn or email me at chronicles@kiffmeister.com.

Satoshi Capital Advisors is a New York-based, global advisory firm that works with central banks, governments, and the private sector to architect, implement, and operate varying initiatives. Satoshi Capital Advisors’ central bank work revolves around CBDC architecture and implementation, providing advisory services from research phase through to growth phase. Utilizing a product-market fit and technology agnostic approach to CBDC architecture and implementation enables Satoshi Capital Advisors to build tailored solutions, bespoke to local financial system nuances. Satoshi Capital Advisors welcomes requests from central bank officials for virtual and in-person CBDC workshops. [Click here for more information]

WhisperCash offers the first fully offline digital currency platform that has the same properties as physical cash. It can perform secure consecutive offline payments without compromising on security, privacy or accessibility. WhisperCash allows direct person to person offline payments without any server infrastructure or internet connectivity. It comes in various form factors including the self-contained credit card-sized “Pro” that sports an eInk screen and capacitive keyboard, and lasts for two weeks between recharges assuming a few transactions per day. [Click here for more information]

Kiffmeister’s #Fintech Daily Digest (11/22/2021)

~ kiffmeister

SIX claims world first with tokenized bond issuance on its new Digital Exchange

SIX’s Digital Exchange has reportedly issued the world’s first tokenized bond in a fully regulated environment using distributed ledger technology (DLT), which settles trades instantly, freeing up liquidity. The bond, which was joint lead managed by Credit Suisse, UBS, and Zürcher Kantonalbank, was issued in two parts. Part A, the digital or tokenized part of the bond, accounted for CHF100 million of the total issuance volume. The remaining CHF50 million, was allocated to the traditional part of the bond (Part B). [Read more]

Global regulatory database to help policymakers unlock fintech’s potential

The World Bank has assembled a Global Database of Fintech Regulations that constitutes a curated library of enabling laws, regulations, and guidelines from nearly 200 countries in a searchable and easy-to-use format. The data show that while some countries have strong enabling regulations for fintech and digital financial services, others simply lack the necessary regulatory infrastructure. Also, foundational legislation exists in most countries, but there are important gaps, for example in the implementation of basic data-protection regulations. [Read more]

Eurosystem publishes new framework for overseeing electronic payments

The European Central Bank (ECB) has approved a new oversight framework for electronic payments following a public consultation. The Eurosystem will use the new payment instruments, schemes and arrangements (PISA) framework to oversee companies enabling or supporting the use of payment cards, credit transfers, direct debits, e-money transfers and digital payment tokens, including electronic wallets. It will also cover crypto-asset-related services, such as the acceptance of crypto-assets by merchants within a card payment scheme and the option to send, receive or pay with crypto-assets via an electronic wallet. [Read more]

4 key cybersecurity threats to new central bank digital currencies

The World Economic Forum published an article that summarizes key points from its new white paper on central bank digital currency (CBDC) technology considerations that lays out imperative considerations for CBDC cybersecurity. The bar for security is not only about “keeping the bad guys out” or minimizing unauthorized account access. It must be comprehensive and consider the full spectrum of risks, ensuring that the system works as it was designed and that its integrity remains intact. [Read more]

To get these updates sent to your inbox, please sign up here. Also, for those interested in intra-day updates and news that didn’t make the Daily Digest cut, please check out my Diigo fintech bookmarks: https://www.diigo.com/user/kiffmeister/Fintech.