Supply Chain Attacks Nearly Doubled in 2018

By Ionut Arghire on February 20, 2019

The number of supply chain attacks observed last year was 78% higher compared to the previous year, a new Symantec report reveals. 

Aiming to compromise a target by exploiting third-party services and software, supply chain attacks take many forms, including the hijacking of software updates to inject malicious code into legitimate software. Threat actors abuse stolen credentials or compromised third-party libraries to exploit software developers in their attacks.

2018 has seen a surge in formjacking attacks, once again proving that supply chain can be a weak point for online retailers and eCommerce sites, Symantec reveals in its latest Internet Security Threat Report (ISTR). Many of these formjacking attacks steamed from compromised third-party services used by online retailers, including chatbots and customer review widgets.

Ransomware attacks went down 20% compared to 2017, but attacks against enterprises increased 12% and mobile ransomware surged 33%. Cryptojacking attacks dropped by 52% between January and December, likely influenced by a 90% drop in the value of Monero.

The use of off-the-shelf tools and operating system features to conduct attacks increased as well in 2018, with PowerShell usage showing a massive surge: the number of scripts blocked at endpoint went up 1,000% compared to the previous year.

“While we block on average 115,000 malicious PowerShell scripts each month, this only accounts for less than 1 percent of overall PowerShell usage. Effectively identifying and blocking these attacks requires the use of advanced detection methods such as analytics and machine learning,” Symantec notes.

Attackers also switched focus to smaller organizations, which were more likely to be hit with spam, phishing, and email malware last year.

Spam levels continued to rise in 2018, reaching 55% of all emails, email malware remained stable, but phishing dropped from 1 in 2,995 emails to 1 in 3,207 emails.

Microsoft Office accounted for 48% of all malicious email attachments, as cyber-crime groups such as Mealybug and Necurs used not only macros in Office files, but also malicious XML files and Office files with DDE payloads. There were fewer URLs used in malicious emails (7.8%) as attackers focused on malicious attachments.

The use of zero-day exploits continued to decline last year, with only 23% of attack groups using zero-days. Some attack groups such as Gallmaker switched to relying solely on “living off the land” techniques, without using malicious code.

Large attack groups intensified their activity in 2018 and also diversified their targets. More and more groups focused on compromising operational computers to mount disruptive operations, a tactic pioneered by the Dragonfly espionage group. The method was also adopted by groups such as Thrip and Chafer last year.

According to Symantec, the increased interest in potentially disruptive attacks was also reflected in the number of groups known to use destructive malware, which went up by 25% in 2018.

The number of indictments in the United States against people alleged to be involved in state-sponsored espionage also went up last year, with 49 individuals or organizations indicted. The US charged 18 alleged Russian agents with involvement in attacks relating to the 2016 presidential election, 19 Chinese individuals or organizations, 11 Iranians, and one North Korean.

“This sudden glare of publicity may disrupt some of the organizations named in these indictments. It will severely limit the ability of indicted individuals to travel internationally, potentially hampering their ability to mount operations against targets in other countries,” Symantec notes.

 

from: https://www.securityweek.com/supply-chain-attacks-nearly-doubled-2018-symantec

 

 

Shift in Trust: Half of US Millennial Investors Trust Crypto Exchanges More Than Stock Exchanges

Nearly half of millennial traders have more trust in digital currency exchanges than in United States (U.S.) stock market exchanges. Data regarding millennial investment attitudes was collected in a new study from investment platform eToro and published on Feb. 19.

Per the report, 43 percent of the surveyed millenial online traders demonstrate less trust in the traditional stock market, while having more faith in cryptocurrency exchanges. 93 percent of millennial cryptocurrency traders reportedly said that they would invest more in digital currency if traditional financial institutions proposed such an option. At the same time, 71 percent of millennials that do not trade cryptocurrency said that they would begin if it were offered by conventional institutions.

Managing Director of eToro U.S., Guy Hirsch, said that the market is now witnessing a generation shift in trust from traditional stock exchanges to digital currency ones.

“Immutability is native to blockchains and that makes real-time audit to be sensible and cost-effective and that is why millennials and Gen X perceive crypto exchanges as less likely to be subject to manipulation and less likely to be a place where bad actors get rewarded with taxpayer money,” Hirsch explained.

45 percent of the respondents expressed interest in allocating cryptocurrency in their 401(k) retirement savings plans, and 74 percent of digital currency traders would like to receive that option from their 401(k) plan providers.

The research was conducted by market research and strategy firm Provoke Insights on behalf of eToro in September 2018. Throughout the course of the study, the company surveyed 1,000 online investors from ages 20 to 65. The company notes that the margin of error is around 3 percent.

Research published last November revealed that cryptocurrency investing is most popular among millennials earning from $75,000 to $99,999 annually. The survey collected responses from over 1,000 Americans between ages 18 and 80. Almost 40 percent of respondents cited peer influence as a main reason for investing in crypto, and over 35 percent have reportedly been lured into the crypto market by the “Fear of Missing Out.”

from: https://cointelegraph.com/news/survey-half-of-millennial-investors-trust-crypto-exchanges-more-than-stock-exchanges

German Government Consults Industry About Blockchain Technology

The German government is consulting companies and industry groups that could become stakeholders in the country’s blockchain development, Reuters reports on Feb. 18.

The unnamed companies and groups have reportedly been invited to supply recommendations from this week onwards. Reuters also cites unspecified government sources saying that it is still unclear if those recommendations will translate into regulation in the near future, but concrete results are currently being sought.

According to the article, about 170 startups in Berlin are involved with blockchain or distributed ledger technology (DLT), and startups in the space “have said that without a legal framework, there are high entrance hurdles.”

As Cointelegraph reported in January, a major global securities marketplace in Germany, Deutsche Börse, has said that it is “making significant progress” on its blockchain-based securities lending platform. The platform is being developed in partnership with Luxembourg-based blockchain liquidity management platform HQLAx.

In December last year, news broke that German railway operator Deutsche Bahn AG, considered to be the largest in Europe, had partnered with blockchain integration platform Unibright to examine the possibility of tokenizing its ecosystem.

Also in December 2018, it was reported that Germany’s second-largest bank SolarisBank and Stuttgart Exchange Group are jointly developing infrastructure for a cryptocurrency exchange.

 

from: https://cointelegraph.com/news/german-government-consults-industry-about-blockchain-technology

 

 

Blockstream Publishes Schnorr-Based Test Code for Bitcoin Blockchain Upgrade

The Schnorr-based multi-signature scheme MuSig, a test code for a potential upgrade to the Bitcoin (BTC) blockchain, has been released by blockchain tech firm Blockstream, according to an announcement published on Feb. 18.

Last January, four Bitcoin developers released a paper outlining how Schnorr multi-signatures (‘multisig’) could help scale the Bitcoin blockchain, saying that the technology could reduce its transaction size and “improve both performance and user privacy in Bitcoin”. In the paper, the developers state that MuSig is designed as “a protocol that allows a group of signers to produce a short, joint signature on a common message.”

Today’s announcement reveals that MuSig has been turned from an idea into usable code, while this week the code was also merged into secp256k1-zkp, a fork of secp256k1 representing “the high-assurance cryptographic library used by Bitcoin Core.”

In the post, the developers explain their decision to develop MuSig by creating “a misuse-resistant API without sharp corners, and which doesn’t encourage dangerous usage patterns even in constrained environments.” The post also stresses the necessity of improving verification efficiency and developing provable security in the public key model. MuSig signatures purportedly improve privacy since they hide the exact signer policy.

However, since the beginning of the MuSig development, its creators have reportedly found that a number of already published signature schemes —  including an earlier unpublished version of MuSig — are insecure. The post further reads:

“MuSig signatures, just like Schnorr signatures or ECDSA, use in their construction a secret ‘nonce’ which must be produced uniformly randomly. Any deviation from uniform, even by a single bit, can lead to secret key loss and stolen funds.”

For now, the developers are asking community members to test the code, which is reportedly posted on GitHub, and provide feedback.

Bitcoin’s next halving is expected to happen in May 2020. Bitcoin halving is an event that happens roughly once every four years, after which the amount of new BTC created and earned by miners will be cut in half.

In anticipation of the next halving, United States-regulated trading and clearing platform LedgerX released a new type of derivative contract unique to BTC called LedgerX Halving Contract (LXHC). The new product represents a binary option and reportedly “allows you to get a fixed payoff if the next halving block (#630,000) happens before a certain date and time. If the block is discovered after, the contract expires at zero.”

from: https://cointelegraph.com/news/blockstream-publishes-schnorr-based-test-code-for-bitcoin-blockchain-upgrade

Bitmain Announces 2nd Energy-Efficient 7nm ASIC Chip for Mining Bitcoin and Bitcoin Cash

Chinese mining giant and ASIC hardware producer Bitmain has announced its next generation 7nm (nanometer) ASIC mining chip, according to a press release published on Monday, Feb. 18.

The new mining hardware, BM1397, is designed for mining cryptocurrencies that use the SHA256 algorithm for their proof-of-work (PoW), such as Bitcoin (BTC) and Bitcoin Cash (BCH).

BM1397 requires less power for mining cryptocurrencies, representing a 28.6 percent improvement in power efficiency in comparison with the company’s previous 7nm chip, BM1391.

The new chip will be used in new Antminer models — S17 and T17 — which will be revealed later this year.

As Cointelegraph previously reported, Bitmain has recently faced difficulties due to the prolonged bear market and at least two class action lawsuits filed against the company. The Chinese giant reportedly shut down a blockchain development center in Israel, suspended its operations in Texas, and also reduced its operations in the Netherlands in the past few months.

Other major mining companies are also facing challenges due to the crypto market decline. For instance, Japanese internet giant GMO Internet Group revealed it was leaving the Bitcoin mining hardware sector in December 2018, citing the significant Q4 losses.

At the same time, United States gaming and computer hardware manufacturer Nvidia, which was one of the companies most affected by the market downturn and associated lack of demand for mining components, has recently reported full-year revenue gains despite Q4 losses and a “crypto hangover.”

 

from: https://cointelegraph.com/news/bitmain-announces-energy-efficient-asic-chip-for-mining-bitcoin-and-bitcoin-cash

 

 

Japan’s Cloud Storage Security Regulation (similar to United States, Britain, and Australia)

The Japanese government plans on strengthening its defenses against cyber attacks from China, among other nations. It aims to do so through regulating and securing the use of cloud services.

The government plans to draw up security standards and start trial runs this year, with the aim of introducing the full system in 2020.

An increasing number of companies are adopting cloud storage services as an efficient means of data management that saves the time and effort that in-house information systems require, according to elevenmyanmar.com.

The government is also working out a policy to encourage government-linked institutions to use cloud services, in principle, including for information systems that store the public’s data, such as on taxes.

However, unsecured cloud systems are vulnerable to data leaks from cyber-attacks. Therefore, the government decided to create a framework to screen the security of cloud service providers and prioritize services that fulfill certain security standards.

There are to be three security grades. The highest — level three — would require the establishment of a defense mechanism for data centers and the confirmation of the safety of telecommunications equipment.

Institutions that handle highly confidential data, such as on national security, would only be allowed to use cloud services from providers that fulfill these standards.

To ensure security standards are being met, the auditing body that the government authorizes would regularly inspect these operators.

A list of approved providers would be created. Government institutions would invite providers on the list to bid for government contracts.

On the other hand, legal regulations demand that specified secrets and highly classified documents be kept in storage mediums that are not connected to the internet. Thus cloud storage would not be used for these types of data.

The United States, Britain and Australia already have similar certification systems. The Japanese government is considering a mutual recognition system in which different countries would approve each other’s security standards.

It is said that the United States is moving to exclude Chinese companies from supplying telecommunications equipment that government institutions use, and applying strict security standards to cloud services would further freeze out Chinese firms.

The Japanese government is also planning to essentially ban Huawei Technologies Co. and ZTE Corp. — major Chinese communications equipment manufacturers — from supplying government institutions with telecommunications equipment.

The government is gradually transferring data management and administrative systems operations from in-house servers to private cloud services.

The government believes it is safer and more efficient to leave the defense of increasingly sophisticated cyber-attacks up to the specialized technology of the private sector.

However, the government lacks uniform standards on cloud security. The United States, Britain and other nations have voiced concerns over sharing information with Japan due to possible “back doors” in its security systems.

 

from: https://i-hls.com/archives/89120

 

 

Blockchain’s New Civil Aviation Application

[Tip: this is not really “Blockchain”, when “permissioned” is part of the deal.
Defeats the purpose and violates core principles of Blockchain.]

Blockchain technology has a wide range of applications.

Currently, it is tested as a means to ensure the privacy and security of aircraft flight data.

NASA claims that blockchain networks and smart contracts can help mitigate some security issues.

Blockchain is a digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value. Smart contracts help exchange anything of value in a transparent, conflict-free way while avoiding the services of a middleman.

The U.S. authorities have been mandated by the Federal Aviation Administration (FAA) to use a new surveillance system – Automatic Dependent Surveillance Broadcast (ADS-B) – which will publicly broadcast aircrafts’ identity, position and other information. That has raised security concerns, as the ADS-B system “does not include provisions for maintaining these same aircraft-privacy options, nor does it address the potential for spoofing, denial of service, and other well-documented risk factors,” claims Ronald Reisman, an aero-computer engineer at NASA Ames Research Center.

Civil aircraft companies would prefer to keep some data private, he writes, for example, to counter tracking executives as part of corporate espionage operations, according to coindesk.com.

Military aircraft traffic data, meanwhile, is defined by the Department of Defense as “Information that, if disclosed, would reveal vulnerabilities in the DoD critical infrastructure and, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities.”

The solution could be the Aviation Blockchain Infrastructure (ABI), based on Hyperledger Fabric and smart contracts, which allows control over what data is shared publicly or privately with authorized entities.

For instance, aircraft “state information,” such as altitude, indicated airspeed, heading, etc., could be kept secure via a private channel, while flight-plan information, such as aircraft type, origin, destination, filed route, etc., can be published on a public channel for access to approved members.

The solution offered is a “‘lightly permissioned’ blockchain framework to enable the ADS-B systems to meet or exceed the same levels of privacy and security currently provided by radar-based systems in the NAS [National Airspace System].”

 

This post is also available in: heעברית (Hebrew)

from: https://i-hls.com/archives/89109

 

 

 

SIM Swappers Swindle Millions — Biggest Criminal Threat in Crypto in 2019?

Cryptocurrency crime trends have been in the spotlight in recent weeks, but SIM swapping has been strangely absent in a number of reports on 2018.

Cryptocurrency analytics companies CipherTrace and Chainalysis released two different reports focusing on the major crime trends in the space in 2018. While their data and findings sum up the biggest threats of the last 12 months, they’ve omitted the prevalence of SIM swapping in recent times.

How it works

SIM swapping is a relatively simple concept to understand, but the potential damage that can be done to an individual is scary, to say the least.

Cointelegraph approached multinational cybersecurity and anti-virus company Kaspersky Labs to provide an accurate definition of how SIM swapping works and the various ways in which it is carried out.

Attackers obtain basic information about an individual, then use that to request that user’s phone number to be switched to a SIM card that the attackers own. Once that is done, the attacker is able to receive any SMS that the victim receives.

With that access, the attacker can then request passwords and other sensitive user data from various service providers — like banks — and gain access to private accounts.

Kaspersky Labs security researcher Alexey Malanov says the act of replacing SIM cards to access two-factor authentication (2FA) credentials has become prevalent:

“A typical scenario can look like this: an attacker arrives at a regional department of a communication provider — like a mobile operator — with forged documents that are supposed to prove a customer’s valid identity. Or, the attacker simply gets in close contact with an employee of the department and receives a duplicate of a victim’s SIM cards. The authentic SIM card in the victim’s phone turns off at that moment, so all subsequent SMS communications and phone calls are redirected to the attacker’s phone.”

Access to a user’s 2FA gives a hacker a massive advantage when it comes to accessing and changing account details, which eventually gives them access to data and funds.

Two-factor authentication is an added security measure to protect access to a service like a cryptocurrency wallet. Users are still required to know the password to an account and possess a device to prove their identity.

However, once a hacker has access to a user’s credentials through a SIM swap, they can access the second factor of authentication, being able to receive SMS codes of the original users phone. Therefore, hackers have a far greater chance of being able to reset passwords to accounts, as Malanov explains:

“If you have forgotten the password from the service, then you can often restore it using the same phone number to receive a text message. Sometimes additional knowledge is required (for example, a login or email address), but such information is often not strongly protected. That is why obtaining an unlocked phone from a victim, or at least access to receiving their SMS communications, will practically guarantee the success of the hack and a theft of funds.”

Sim-swapping — more powerful than phishing?

SIM swapping is not a new phenomenon, but given the technological advances of smartphones over the last decade, the information that can potentially be garnered by criminals using this method makes it a big threat to individuals and their privacy.

Modern times have seen the emergence of applications that allow people to access and manage their bank accounts and other sensitive financial information using smartphones and other devices.

While this has created a new age of convenience, it also provides a unique opportunity for criminals to steal data and money from people around the world with relative ease.

As Chainalysis reported, Ethereum scams were of particular concern over the last two years, and a major tool of the scam artists and criminals was phishing. Simply put, users were duped by emails or communications that looked official, which lead to them providing sensitive information like usernames and password.

This gives criminals access to their accounts, which are then emptied by these nefarious groups.

Given that attackers can get enough information about a user, they can convince a service provider to carry out a SIM swap, giving the attacker access a user’s SMS service.

Once they’ve done this, the battle is already won, as they can request one-time passwords and other services that give them access to the user’s accounts.

This modus operandi has traditionally targeted users’ bank accounts, but these financial institutions have made concerted efforts to double-down on security checks and verification. However, if a user’s funds are stolen, most financial institutions are able to roll back transactions or cover these circumstances with insurance protection.

This, unfortunately, is not the case when it comes to cryptocurrencies. If an attackers gains access to a user’s private key or cryptocurrency wallet and sends cryptocurrency to another wallet, it is impossible to roll back the transaction.

This is why cryptocurrency wallets and private keys are seemingly becoming a focal point for SIM-swapping attacks.

Crypto users in the crosshairs

One need look no further than the most recent SIM-swapping scandals in the crypto space to understand that this has become a lucrative way to steal and launder funds.

An in-depth report in November last year delved into the murky details of SIM swapping in the crypto community.

According to numerous sources, attackers make use of social engineering to trick or convince telecommunication employees to carry out these SIM swaps. In some instances, the attackers bribe or threaten employees, while other employees abuse their access to customer information and feed that to hackers for financial incentives.

Furthermore, cryptocurrency users are a preferred target due to the anonymous nature of the technology, which makes it easier to launder stolen funds. This has led to prominent people in the cryptocurrency space becoming targets of these attackers.

Krebs on Security’s interview with California-based law enforcement group Regional Enforcement Allied Computer Team (REACT) Task Force uncovers a number of instances in which active members of the crypto community have fallen prey, like Christian Ferri, CEO of cryptocurrency firm BlockStar.

Hackers managed to carry out a SIM swap through Ferri’s mobile operator, whose database they had access to. Once that was done, they reset his Gmail password with the use of his cellphone number — then specifically used information from a Google Document to steal funds from his crypto wallet. As KrebsonSecurity notes, the hackers could have stolen more, but they seemed to be targeting Ferri’s cryptocurrency holdings.

Catching perpetrators

SIM swappers have enjoyed relative success through their endeavors, but a swathe of arrests in 2018 highlighted the carelessness of a few young criminals.

July 2018 marks the first time someone was arrested for SIM swapping in the crypto space, as California police arrested 20-year-old Joe Ortiz, who had allegedly hacked around 40 victims. Ortiz and a group of still unidentified collaborators targeted users in the crypto space, hacking a number of victims at the Consensus conference in New York in May. The 20 year old pleaded guilty to theft amounting to $5 million and accepted a plea deal of 10 years in prison for his crimes at the end of January 2019 — in what authorities describe as the first conviction of a crime for SIM swapping.

Following that, 19-year-old Xzavyer Narvaez was arrested in California in August 2018 for using SIM swapping to commit computer crimes, identity fraud and grand theft. Narvaez was careless in his use of his ill-gotten gains, buying a number of sports cars over a two-year period, which formed part of the evidence authorities used to press charges. Furthermore, Narvaez’s cryptocurrency account processed around 157 Bitcoin between March and July 2018, valued at over $1 million dollars at the time.

Just a month later, in September 2018, 21-year-old hacker Nicholas Truglia was arrested for stealing $1 million worth of cryptocurrency by using a SIM swap to access the victim’s account.

In November 2018, two men — aged 23 and 21 — were arrested for stealing $14 million from a cryptocurrency company by using SIM swaps.

Following Ortiz’s prosecution in January 2019, 20-year-old Dawson Bakies was indicted in February for stealing the identities and funds of over 50 victims across the country in a SIM-swapping scandal orchestrated from his home. This was the first successful indictment of a criminal for using SIM swapping in New York.

Manhattan District Attorney Cyrus R. Vance said the case sends out a strong message to perpetrators of these crimes:

“Today my Office is putting the small handful of sophisticated ‘SIM Swappers’ out there on notice. We know what you’re doing, we know how to find you, and we will hold you criminally accountable, no matter where you are. We’re also asking wireless carriers to wake up to the new reality that by quickly porting SIMs — in order to ease new activations and provide speedy customer service — you are exposing unwitting, law-abiding customers to massive identity theft and fraud.”

On Feb. 4, California prosecutors indicted 21-year-old Ahmad Hared and 23-year-old Matthew Ditman with conspiracy to commit computer fraud and abuse, access device fraud, extortion and aggravated identity theft through the use of SIM swapping. The pair are accused of trying to gain access to funds controlled by executives of cryptocurrency-related companies and cryptocurrency investors. They face potential five-year jail sentences and hefty fines.

Should service providers share the blame?

An United States investor, Michael Terpin, who fell prey to a SIM swap carried out by Truglia, made a move in August 2018 that would look to hold telecom service providers accountable for negligence that led to fraudulent SIM swaps. Terpin filed a $224 million lawsuit against U.S. telecoms provider AT&T for negligence that led to the loss of around $24 million in cryptocurrency holdings. The victim is understood to be the co-founder of an angel group of Bitcoin investors known as BitAngels.

Terpin filed a 69-page report with the U.S. District Court in Los Angeles against AT&T because the $24 million theft was a result of the “digital identity theft” of his cell phone account. In the papers, Terpin accuses AT&T of cooperating with the hacker, gross negligence, violation of statutory duties and breaking the commitments of its privacy policy.

The victim described the telecom company’s behavior “like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.” Terpin is looking for $24 million in compensation from AT&T, as well as $200 million in punitive damages.

In January 2019, Terpin also set his sights on Truglia, whom his legal team has identified as the primary suspect in the SIM swap. Truglia and a group of accomplices are alleged to have carried out the SIM swap that led to the theft of $24 million worth of cryptocurrencies.

Combatting SIM swapping

The prevalence of SIM swapping and the amount of media coverage on the subject has made many people aware of the threat this poses to their privacy, data and financial assets. Nevertheless, knowledge of the subject can only do so much to stem the amount of these crimes being carried out.

As Malanov tells Cointelegraph, the onus is primarily on mobile operators and banks to protect the credentials of their users and clients. He suggests that, should a SIM be swapped by an operator, all SMS communications should be blocked for a short period of time to protect the user, as is done by all mobile operators in Russia:

“This is a very inconvenient procedure for honest authentic users, but also a very effective one. Once a SIM card is replaced with a new one, as a rule, one cannot receive sms for a while, which can be uncomfortable. However, such action gives users time to inform their mobile operator in case they did not request to replace the SIM card. This measure is currently used by all major mobile operators in the Russian Federation.”

Furthermore, telecom companies should implement strict identity checks, and request users to confirm certain details and information before a SIM swap is carried out.

The banking sector can also play a part in the prevention of theft and fraud through SIM swapping. According to

Malanov, banks are able to notice the change of a SIM card ID, and can refuse to send an SMS with a code until a user undergoes certain security checks, such as voice analysis, password or code confirmation, and other information.  The security researcher also notes the power of anti-fraud systems used by banks, which analyses customer behavior through mobile or bankings apps:

“It is very important to analyze transactions. Obviously, the withdrawal of any amounts of money — large or small — that are unrelated to the customer’s regular account behavior is extremely suspicious and such activities should be stopped regardless of any fraudulent activity surrounding the customer’s SIM cards or passwords.”

Conventional institutions have a big role to play when it comes to combating SIM-swapping crimes. However, the cryptocurrency space provides a unique challenge that requires individuals to take great care of their information and data.

Malanov highlights this fact, given the decentralized and trustless nature of cryptocurrencies, and the lack of stricter security measures offered by some cryptocurrency exchanges and wallet services:

“Cryptocurrency is unique when it comes to security procedures. As a rule of thumb, prevention and protection measures used by banks are not used by exchanges and online wallets. This is not only due to the lower maturity of cryptocurrency organizations in comparison with banks, but also the ideology of cryptocurrencies. For instance, the owner of cryptocurrency (the one who has access to a private key) is entitled to make any transfers without restrictions from anti fraud systems. Another complication is that cryptocurrency transfers cannot be cancelled, disputed, reimbursed or blocked. What is stolen will remain stolen.”

from: https://cointelegraph.com/news/sim-swappers-swindle-millions-biggest-criminal-threat-in-crypto-in-2019

IBM Partners With Boehringer Ingelheim to Test “Blockchain” in Clinical Recordkeeping

[Hyperledger Fabric as a base is not a true Blockchain infrastructure]

The Canadian unit of American tech giant IBM has partnered with pharmaceutical company Boehringer Ingelheim to deploy “blockchain” in clinical recordkeeping, according to a press release published on Feb. 12.

The cooperation between the two companies aims to test whether the integration of blockchain technology with clinical recordkeeping provides the proper level of data integrity, transparency, and patient safety, in addition to reducing costs and automating processes.

Dr. Uli Broedl, Vice President, Medical and Regulatory Affairs, Boehringer Ingelheim (Canada) said, “The clinical trial ecosystem is highly complex as it involves different stakeholders, resulting in limited trust, transparency and process inefficiencies without true patient empowerment.” Within the collaboration, IBM will reportedly provide blockchain technologies to ensure trust and transparency around the trial process.

IBM has participated in several healthcare-related projects. In January, the tech company partnered with American insurance giant Aetna to create a blockchain network tailored to the healthcare industry. Estimated to serve over 39 million clients globally, the blockchain system will reportedly be designed to streamline insurance claims processing and payments, as well as manage directories.

Established in 1885, Boehringer Ingelheim is a global research-driven pharmaceutical company that also focuses on the development of therapies. In 2017, the company’s net sales was reportedly around 18 billion euros ($20.4 billion). The Canadian headquarters of Boehringer Ingelheim was established in 1972 in Montreal, Quebec.

Yesterday, blockchain tech company Bitfury announced a partnership with radiology blockchain marketplace Medical Diagnostic Web (MDW) to create a blockchain-based platform for maintaining, sharing and securing medical imaging and diagnostics information such as X-rays and CT scans.

Earlier in February, a medical R&D consortium, the Pistoia Alliance, expanded its blockchain project to include data sharing, data identity, and data integrity. The project will focus on the use of blockchain to validate sources in identifying data and improve sharing between organizations.

 

from: https://cointelegraph.com/news/ibm-partners-with-boehringer-ingelheim-to-test-blockchain-in-clinical-recordkeeping

 

 

 

Buterin-Proposed Constantinople Ethereum Feature Allegedly Introduces Attack Vector

Ethereum (ETH) co-founder Vitalik Buterin has proposed a new smart contract creation function dubbed “Create2.” This function reportedly introduces a new attack vector to the platform, according to a post on the Ethereum developers forum Ethereum Magicians published on Feb. 8.

According to a Medium post by software developer Tim Cotten, the original create function creates a new contract at an address that is calculated (through a hash function) with the creator’s address and a random number (nonce) associated with it. Create2, on the other hand, reportedly does the same, but with the difference that the contract is created at an address that can be determined beforehand by different parties.

In the GitHub page dedicated to this Ethereum Improvement Proposal (EIP), EIP-1014, the motivation for the new function is described as the ability to permit an interaction with a contract that does not exist on the blockchain yet.

More specifically, this EIP would allow for interactions “with addresses that do not exist on-chain yet but can be relied on to only possibly eventually contain code.” This EIP has been approved and is scheduled for mainnet deployment in the upcoming Constantinople hard fork, according to a ConsenSys blog post.

However, chief scientist at blockchain startup Indorse Rajeev Gopalakrishna has suggested that the Create2 implementation in Ethereum could have negative security implications for the platform. According to him, Create2 implies that smart contracts will be able to change their address after being deployed.

Gopalakrishna said that in some circumstances using this function, it is possible to replace a previously benign smart contract with a potentially malicious one. Jason Carver, senior staff engineer at the Ethereum Foundation, explained that he thinks that it will be possible to use Create2 to replace a self-destructed contract with a new one.

Gopalakrishna also pointed out:

“Doesn’t this change a major invariant assumed by users today and introduce a potentially serious attack vector with CREATE2 ? Doesn’t this mean that any contract post-Constantinople with a selfdestruct [function in its code] is now more suspect than before?”

Still, software developer Noel Maersk specified that the self-destruction function in and of itself isn’t suspect. According to him, what should be seen as suspect in contracts on a Create2-enabled blockchain is non-deterministic init code, since it renders foreseeing what code the newly generated contract would contain.

This way, a malicious contract could get hold of the pre-approved interactions with the address which could let the attacker, for instance, steal some tokens. Furthermore, Carver also points out that “it looks like a lot of contract devs aren’t aware that (new) contracts will be able to change in-place after” the implementation of this update.

As Cointelegraph recently reported, Ethereum (ETH) core developers have delayed the decision to implement application-specific integrated circuit (ASIC)-resistant proof-of-work (PoW) algorithm ProgPoW until a third party will have audited the algorithm.

Other than implementing Create2, the upcoming Constantinople hard fork is also meant to delay the so-called “difficulty bomb” and feature the so-called “thirdening”: a reduction of the reward for every miner block from 3 to 2 ETH.

from: https://cointelegraph.com/news/buterin-proposed-constantinople-ethereum-feature-allegedly-introduces-attack-vector

***

Ethereum Daily Mining Rewards Аre at Lowest Level Ever Reported

New Ethereum (ETH) being generated through mining is at its lowest rate ever, Etherscan data reveals on Feb. 11.

According to Etherscan, on Feb. 10, 13,370 new ETH have been created, down from over 20 thousand in December 2018 and an all-time-high of over 39 thousand reported on July 30, 2015. The recent sharp decrease in the quantity of newly mined ETH was evidently caused by a sudden increase in Ethereum mining difficulty, which Etherscan data revealed on Feb. 10.

As Cointelegraph reported in September last year, Ethereum’s core developers decided on their regular meeting on August 31, 2018 to delay the so-called “difficulty bomb,” by agreeing to include the code for such a change into the upcoming Constantinople hard fork.

The difficulty bomb, also known as Ethereum’s “ice age,” is a mechanism implemented on the Ethereum chain which makes Proof of Work (PoW) mining ETH progressively harder (increasing the difficulty).

The reason for the implementation of this feature is to prevent miners from continuing their activity on the chain after Ethereum’s switch to a Proof of Stake (PoS) consensus algorithm. Still, PoS implementation has been delayed multiple times, which is why Ethereum developers have delayed the difficulty bomb though updates as they plan to do with the Constantinople hard fork.

Moreover, delaying the ice age also lowers mining difficulty. To compensate for the easier mining process, Constantinople will also feature the so-called “thirdening”: a reduction of the reward for every miner block from 3 to 2 ETH.

Such an update would raise the quantity of daily minted ETH again, by making the creation of new blocks easier. This upgrade is currently scheduled to happen at block 7,080,000, which forecasted to be mined on Feb. 27, according to a Consensys blog post.

Last week, the Ethereum Foundation refuted alleged plans to spend a prospective $15 million on the development of Verifiable Delay Functions (VDFs) for use in its transition to a Proof-of-Stake (PoS) network.

from: https://cointelegraph.com/news/ethereum-daily-mining-rewards-are-at-lowest-level-ever-reported

 

 

Oracle’s First Dozen Cloud “Blockchain” Applications Are Now Live

[Hyperledger Fabric as a base is not a true Blockchain infrastructure]

by Ian Allison

Despite years of hype and chatter, enterprise “blockchain” deployments actually in production are few and far between.

But according to Oracle, the list just got a little bigger.

Announced Tuesday, the software giant now has up to a dozen enterprise customers using live applications that have sped into production since its cloud-based blockchain platform went live last July.

This includes a cargo tracking consortium called

  • the Global Shipping Business Network (GSBN);
  • China Distance Education Holdings, which shares educational and professional certificates;
  • Circulor, which tracks conflict minerals;
  • SERES, a solution for dealing with invoices between franchisors.

Oracle said other customers at the production stage are:

  • Arab Jordan Investment Bank,
  • Certified Origins,
  • NeuroSoft,
  • TradeFin,
  • HealthSync,
  • OriginTrail,
  • ICS FS,
  • SDK.Finance,
  • Nigeria Customs.

Previously, the only major enterprise blockchains in production were built using IBM Blockchain; namely trade finance solution we.trade and Food Trust (it’s notable that both Oracle and IBM have used Hyperledger Fabric to create their blockchain platforms.)

Frank Xiong, group vice president of blockchain product development at Oracle, told CoinDesk:

“Other vendors may still be experimenting but we do have real customers in live production. I would say around 10 to a dozen are in a live situation.”

By “in production,” Xiong said he means these applications have their own end users and are handling live transactions. He said transaction numbers vary from customer to customer, with them all gradually rising.

“To start with we were seeing transactions probably among hundreds an hour. But are expecting many of them to grow to thousands of transactions per second,” said Xiong.

This also depends on the size of your payload, or transmitted data, and the number of peers on the network, he added.

Taking on IBM

The GSBN consortium, which formed last year, includes five ocean carriers (COSCO, CMA CGM, Evergreen Marine, OOCL, and Yang Ming) as well as terminal operators: DP World, Hutchinson Ports, PSA International Pte Ltd, and Shanghai International Port.

As such, it’s a clear competitor to IBM and Maersk’s TradeLens, which also seeks participation from shipping carriers, freight forwarders and port authorities.

Xiong said the GSBN consortium grew out of Oracle’s close partnership with CargoSmart, an independent software vendor that put the consortium together. CargoSmart is a subsidiary of OOCL and therefore some way comparable with IBM and Maersk. But he said GSBN works out cheaper.

As a pricing model, we charge by transactions,” he said. “So it becomes a very attractive model for new entrants. Once you are established, the transaction charges are very low at this point.”

Xiong also dispelled any potential confusion over IP ownership, which was seen by some as an obstacle for TradeLens.

We own the IP for our platform, the piece we put in there,” he said. “CargoSmart develops the application on top and they own the IP on that.” (CargoSmart, which itself was previously known to be an Oracle blockchain customer, did not answer requests for comment by press time.)

Fabric of the future

It’s fine to see Oracle going great guns with Hyperledger Fabric, but one criticism which has been leveled at the vendor is the lack of code it has supplied to the open-source project.

Asked if this was a fair comment, Xiong pointed out that Oracle has been working on Fabric for over a year and contributed a number of bug fixes.

In addition, Oracle worked out certain enhancements around the database, said Xiong, specifically switching out Fabric’s Level DB and using Oracle’s Berkeley DB which, he said, has better performance and richer querying capabilities.

“For these enhanced areas we will make a decision about when we will contribute the interface to the community. I would say definitely yes, we are going in the direction of making more contributions to this OS community.”

And measure for measure, Oracle is open to collaborating with IBM and others when it comes to blockchain, Xiong said.

“We offer a very rich Rest API connection for a Fabric-based blockchain,” he said. “So whether you are IBM Bluemix [cloud] developer or other cloud or on-premises – you can be integrated with our platform.”

 

from: https://www.coindesk.com/oracles-first-dozen-cloud-blockchain-applications-are-now-live

 

 

 

Russia to Implement Blockchain Tech in University Exam for Education Quality Control

The Russian Federal Service for Supervision in the Sphere of Education and Science, (Rosobrnadzor) will implement blockchain technology in the country’s main graduation examination, major Russian news agency TASS reports Feb. 5.

Starting this year, Rosobrnadzor intends to implement blockchain technology in the Unified State Exam (USE), which is the only form of graduation examinations in schools and the main form of preliminary examinations in universities in Russia.

The announcement was made by the head of the Federal Service, Sergey Kravtsov. He stated:

“We also talked about the use of blockchain technology in the USE, and this year this technology will be used in the USE, using new technologies of printing and scanning [of the exam].”

Last week, the Ministry of Education and Science of Russia introduced a platform based on blockchain technology designed to track natural diamonds, as Cointelegraph reported on Jan. 30.

Also in January, Astana, the capital city of Kazakhstan, introduced a system based on blockchain tech designed to manage waiting lists to kindergartens, Cointelegraph wrote on Jan. 29.

Russia is currently in the process of creating legislation for blockchain and cryptocurrency regulation in the country. However, after passing the related legislation in its first reading May 2018, Russian lawmakers have sent the bill to back for edits.

 

from: https://cointelegraph.com/news/russia-to-implement-blockchain-tech-in-university-exam-for-education-quality-control

 

 

 

The Emergence of Blockchain Technology: a New Paradigm For Self-Sovereign Digital Identity

According to the latest estimates, we generate around 2.5 quintillion bytes of data every day. That’s 2.5 followed by 17 zeros — or rather 2.5 trillion million — a number that’s impossible to visualize intuitively, but nonetheless has massive implications for our privacy online, our security and our ability to keep our digital identities within our own personal control. Indeed, recent surveys indicate that as many as 89 percent of consumers believe that corporations currently aren’t doing enough to protect their data, while over half of all CEOs and C-suite executives admit that most consumers are right to doubt them on this.

Given the overwhelming scale of this problem, there’s little chance it will be resolved overnight. However, as Cointelegraph reported in an analysis last year, a growing number of blockchain-based platforms have emerged with the promise of making the data related to digital ID more manageable. Thanks to the emergence of blockchain technology, a new paradigm — self-sovereign identity — is now possible, one which is shaping up to provide individuals with direct control over the nuggets of data and the credentials that prove who they are. Organizations such as the Sovrin Foundation, Bloom and Civic are all vying to realize this paradigm, while an expanding range of private and public institutions are now planning to build blockchain-based systems of their own.

There is, then, plenty of evidence to indicate that the hype of 2017 and 2018 is now bearing fruit when it comes to blockchain and digital identity. However, as encouraging as it is to see the new blockchain-based platforms actually being used, the sheer profusion of these platforms presents problems of its own, insofar as it could make it harder to arrive at the kind of universal system of digital ID the companies featured in this article are working toward, in which digital ID and personal data isn’t siloed.

Use cases

Blockchain and digital ID platforms have already come a long way since last year. This is evident in the number of notable organizations that have recently involved themselves in the sector. In January, the Iceland-based ID verification platform Authenteq revealed that it had secured $5 million in a Series A funding round led by Draper Associates — which, in the past, had invested in Tesla, Skype and Baidu. That same month, the chief executive of the Canadian Bankers Association (CBA) stated that it was favorably investigating the idea of using a blockchain-based solution as part of the open-banking ID system it was planning to develop.

2018 brought other examples of governmental and commercial interest in blockchain-based ID, including from the European UnionMicrosoft, Telefonica and Johnson Controls. For the most part, such interest isn’t merely the result of the novelty of blockchain and the hype surrounding it, but rather of the genuine progress a variety of startups and organizations have made in developing their platforms.

Sovrin Foundation’s chair, Dr. Phillip Windley, explains to Cointelegraph, self-sovereign identity refers to ID credentials that are held and controlled by the person they identify — and in Sovrin’s case, these credentials are collated from multiple sources, meaning that there is no single centralized source for all of them. “Sovrin’s approach to identity is based on multi-source identity where identity attributes are vouched for by many credential issuers,” he says.

“Anyone can become a credential issuer. Identity owners can hold credentials from multiple sources and present them to prove things about themselves. Credential verifiers determine which credentials they will trust. This is how identity works in the physical world. Sovrin brings it online.

Since launching at the end of 2016, the Sovrin Foundation has expanded and developed quickly. According to Windley, the “Sovrin network now boasts stewards on every continent except Antarctica,” with IBM, Cisco, T-Labs and Swisscom counted among the 60 stewards tasked with running the validator nodes that make the Sovrin ledger work.

The governments of British Columbia and Ontario have created over 6 million credentials representing business registrations and licenses for businesses in those two provinces,” he explains, while another  example comes from the development of a platform for credit unions by CULedger, which plans to issue a million credentials in the coming year.

Other blockchain-based ID platforms have witnessed tangible growth in the past year: Civic signed partnerships with Telefonica and a number of other companies, while United Kingdom-based Nuggets recently signed a deal with Lateral Payment Solutions to bring decentralized ID to the latter’s payment platform. There’s also the credit-scoring and digital ID platform Bloom, which, according to co-founder Ryan Faber, made significant advances in user growth, because its app is attracting bigger organizations as well as individual users.

“Big corporations are looking toward Bloom as a solution for secure and streamlined lending. Over the last few months, we announced public collaborations with American Express Middle East and BMW Financial Services, among others.”

One other company worth mentioning is Lynked.World, a Netherlands-based firm that’s using the Ethereum blockchain to provide ID verification, as well as professional and educational verification. In December, it produced the first-ever blockchain-based birth certificate to be issued in India, after it secured a partnership with the municipal government of Kolkata. It also has partnerships with a range of state-run companies in the South Asian country, including Coal India Limited, the Metal Scrap Trade Corporation Limited (MTSC) and the West Bengal Forest Corporation Limited, with which it will issue digital ID cards and passbooks in order to mediate between local traders and markets.

Such beginnings are still relatively modest, but establishing working relationships with real organizations is furnishing additional proof that there’s a genuine appetite for blockchain-based ID solutions, which are trustworthier and more secure than pre-existing alternatives.

Universal or “siloed” systems?

There is hope that blockchain-based platforms will play an increasingly important role in securing digital ID and personal data in the future. However, since the organizations to which we have to prove our identities are growing so quickly as to stretch into almost every corner of our lives, it’s clear that it’s still going to take a long time before blockchain-based ID systems become widespread. What’s more, added resistance will be provided by all those platforms and companies that profit from the current system, in which people don’t have control over their personal data.

“Big companies manipulate data, so they are not very interested in decentralizing this kind of information,” notes Vlad Dobrynin, the CEO and founder of Humans.net, a blockchain-based social network for people to directly trade skills and help. Dobrynin warns that personal data is a highly profitable market, and one that no company or industry would give up without a fight.

In fact, there is a huge shadow data industry worth billions of dollars each year that is absolutely dependent on hoovering up personal data and which many large organizations sell their data into. As such, there will be resistance at this level and no doubt many clever arguments will be put forward as to why personal data gathering and data ‘analysis’ should continue. However, it ultimately depends on users and a critical mass of startups that use blockchain-based digital IDs to start turning the tide.”

As Phillip Windley also argues, network effects will prove key in driving adoption, with startups and organization initially having to push very hard for several years before they reach that all-important tipping point where others are forced to join for fear of being left behind.

Self-sovereign digital identity will grow similar to other platforms with large network effects: slowly at first and then all at once. The production uses […] use credentialing within an ecosystem: Canadian business licensing, credit unions, and healthcare professionals. Those organizations and others are doing the hard work of getting people used to a new model, building partnerships, and launching systems. But once enough of these exist in isolation, the interaction of these people starts to put pressure on others outside those ecosystems to accept these credentials, or organizations outside these ecosystems start to see how accepting these credentials could save them time or money.”

At the moment, there are in fact plenty of blockchain-based ID systems “in isolation,” as Windley puts it. For example, there is Linum Labs’ platform (recently tested by the Swiss Federal Railways), the platform now being developed by startup Attest in partnership with Deloitte, and also the Digital ID system for cross-border payments being built by Visa in collaboration with IBM.

There is, in other words, a large number of platforms offering very similar services, and the worry here is that the relative abundance of competing platforms may actually prevent a universal system of digital ID from emerging. Because if you have to use one blockchain-based platform to prove your identity to company X, and then another for bank Y, and then yet another for governmental agency Z, then you clearly still haven’t escaped a world where identity is “siloed,” as the current situation is described by the Netherlands-based Gemalto (among others).

Still, while this is a potentially serious problem, the organizations working within blockchain-based ID don’t seem too fazed by the large number of startups and established companies piling into the area. Phillip Windley, for one, also thinks the waters will be muddied further by the emergence of ‘blockchain-based’ platforms that aren’t truly decentralized.

“The interest is heartening because it shows that there are real problems here that people are willing to spend money to solve. But it also muddies the waters. Most of these blockchain-based digital ID systems are not self-sovereign or multi-source. Consequently, they are perpetuating the old, single-source identity model that has failed on the internet for the last 20 years. They are not decentralized identity, like a multi-source ID system, but centralized despite using the blockchain. This will cause confusion in the businesses that are necessary to launch the ecosystem.”

The existence of blockchain-based, yet centralized digital ID platforms may potentially cause confusion among organizations and the general public. That said, it’s likely that the advantages of the best decentralized platforms will inevitably make themselves known to the general public, so that eventually a few dominant platforms will emerge, possessing enough reach to provide their users with a single point of entry for proving their identity online, regardless of who they’re dealing with and what they want to prove.

As explains Ryan Faber, who’s nonetheless positive about the coexistence of different platforms:

“Competing identity systems will evolve as a response to market demand, and those that best address the problems of consumers will eventually determine the direction of the ecosystem. [Our] standard is globally accessible and open source, but we do not believe a single standard will rule the world. Identity needs flexibility. We are excited about cross-platform efforts to develop interoperable and extensible identity solutions to bring digital IDs to reality.”

And at the very least, even if decentralized digital ID remains comparatively siloed between a handful of competing platforms, such a situation will still be preferable to the current, non-blockchain-based framework. That’s because, as the kind of use cases and deployments above have been proving, blockchain-based ID offers real advantages of security, transparency and control to users — advantages that an increasing number of people and institutions will be taking up in the coming years.

 

from: https://cointelegraph.com/news/blockchain-based-digital-id-systems-are-increasingly-finding-real-world-use

 

 

 

Das sind die häufigsten Deal Breaker mit VCs

by Jan Schnedler – 08 FEB 2019

Im schlimmsten Fall kann einer dieser Punkte ausreichen, damit ein Investor sich gegen die Finanzierung eines Startups entscheidet. Werden mehrere dieser Punkte erfüllt, wird es für Startups bei professionellen Investoren sehr schwer, eine Finanzierung zu erhalten.

In meiner langjährigen Startup-Beratung haben sich einige Punkte herauskristallisiert, die für professionelle Investoren oftmals entscheidungsrelevant sind und die ich daher als (potenzielle) Deal Breaker bezeichne. Im schlimmsten Fall kann einer dieser Punkte ausreichen, damit sich der Investor gegen eine Finanzierung eines Startups entscheidet. Werden mehrere dieser Punkte erfüllt, wird es für Startups bei allen professionellen Investoren sehr schwer werden, eine Finanzierung zu erhalten.

Sollten bei Ihnen (potenzielle) Deal Breaker vorliegen, sollten Sie versuchen, diese zu beseitigen. Ist dies derzeit (noch) nicht möglich, sollten Sie zumindest Lösungsansätze und Argumentationsketten erarbeiten, wie Sie mit diesen potentiellen Deal Breaker umgehen, bevor Sie einen professionellen Investor ansprechen.

Diese Deal Breaker sind für institutionelle Investoren wie Fonds und Venture Captials noch wichtiger als für Business Angels. Investoren sind jedoch keine gleich handelnde homogene Gruppe. Daher können die aufgeführten Punkte von Investoren unterschiedlich stark gewichtet werden oder gegebenenfalls für einige Investoren gar keine Deal Breaker darstellen.

Nachfolgend finden Sie eine Checkliste potenzieller Deal Breaker. Bei allen genannten Punkten handelt es sich um Gründe, die mir in meiner Beratungspraxis tatsächlich begegnet sind und dafür ausschlaggebend waren, dass ein Investor Abstand von einem Investment genommen hat.

TEAM:

* Die Chemie im Startup-Team stimmt nicht oder es gibt bereits Streit im Team.
* Schlüsselmitarbeiter verlassen das Unternehmen im Finanzierungsprozess.
* Einer der für die Geschäftsentwicklung benötigten Gründer hält keinen fairen Geschäftsanteil am Startup.
* Schlüsselpersonen sind nicht ausreichend durch Geschäftsanteile, virtuelle Anteile oder Gehalt inzentiviert.
* Das Startup besteht entweder aus nur einem Gründer oder aus sehr vielen Gründern. Jeff Bezos, der Gründer von Amazon, hat dazu gesagt: „If you can’t feed a team with two pizzas, it’s too large.”
* Unqualifizierte Freunde oder Familienangehörige besetzen Managementpositionen des Startups.
* Familienangehörige oder Freunde haben Geschäftsanteile am Startup ohne durch Geld oder Zeit zum Erfolg des Startups beizutragen.
* Die Gründer wollen nicht ins Unternehmen wechseln, sondern „es nebenbei machen“. Dies kann teilweise sinnvoll sein (z. B. ein Doktorvater eines Gründers), aber nicht für alle Gründer.
* Es besteht eine räumliche Trennung der Schlüsselpersonen des Startup-Teams nach der Anfangsphase und keine Bereitschaft der Gründer, dies zu ändern.
* Kein Mitglied des Kernteams präsentiert die Gründungsidee/das Startup vor den Investoren.
* Zwei der Gründer sind ein Paar.
* Das Kernteam geht umfangreichen Nebentätigkeiten nach.
* Das Kernteam hält Beteiligungen an Wettbewerbern oder Konkurrenten.
* Die Gründer wollen Gründer sein, weil das gerade angesagter ist, als in einer Beratung zu arbeiten und brennen nicht für das eigene Produkt/Geschäftsmodell/Dienstleistung.
* Anstellung von persönlichen Assistenzen in der Anfangsphase, z. B. vor der Serie-A- Finanzierung.
* Ein Rechtsanwalt ist Gesellschafter eines Startups, obwohl das Startup kein Produkt im Feld der Rechtsberatung anbietet.
* Das Management wird sehr hoch vergütet.
* Starkes Übertreiben bei der Darstellung vorhandener Erfahrungen oder eine arrogante Einstellung des Gründerteams.
* Die Gründer benötigen häufig mehr als 48 Stunden, um dem Investor per E-Mail zu antworten.
* Kommunikation über Assistenz und komplizierte Terminfindung
* Dead-Equity-Anteile im Startup sind größer als 10 %.
* Zu viele Investoren sind mit sehr geringen Anteilen am Startup beteiligt.
* Viele Gesellschafter sind mit sehr geringen Geschäftsanteilen beteiligt, die nicht gepoolt sind.
* Ein Software-Startup hat keinen Softwareentwickler im Gründerteam.
* Die Gründer haben schon mehr als fünf Preise bei Pitch-Wettbewerben gewonnen. (Die Fokussierung auf die Weiterentwicklung des Produkts und der Geschäftsidee wird hierdurch gegebenenfalls in Frage gestellt.)
* Startup-untypische Rechte/Vergünstigungen, z. B. Dienstwagen in der Anfangsphase, Rentenansprüche, sehr hohe Reisekosten (weil Business oder First Class geflogen wird).
* Es sind keine Mentoren oder Supporter etc. vorhanden.
* Die Gründer haben zu früh zu viele Anteile zu einer zu geringen Bewertung abgegeben.
* Einem Inkubator oder Company Builder gehören zu viele Geschäftsanteile.

PRODUKT:

* Es ist noch kein minimum viable product (MVP) vorhanden.
* Es ist kein Kunden-Feedback vorhanden (es ist schwierig, ein gutes Produkt ohne Kunden-Feedback zu entwickeln).
* Es ist kein Alleinstellungsmerkmal vorhanden.
* Der Fokus des Pitch-Decks liegt ausschließlich auf dem Produkt und lässt andere Aspekte weitgehend unberücksichtigt.
* Business-to-Consumer-Produkte mit weniger als 25 Prozent Marge und keinem Konzept, die Marge zu erhöhen.

FINANZIERUNG:

* Die Gründer haben nicht ernsthaft in das Startup investiert, obwohl sie es könnten.
* Obwohl wesentliche Probleme identifiziert wurden, wurden diese weder vor dem Start des Fundraising geklärt noch Lösungsansätze erarbeitet.
* Es bestehen keine Kenntnisse über die eigenen Key Performance Indicators (KPIs, Kennzahlen für die operative und strategische Ausrichtung und Steuerung des Startups).
* Das Investment soll nicht für die Geschäftsentwicklung, sondern (auch) für viele Altlasten genutzt werden, z. B. aufgelaufener Lohnverzicht, gestundete Geschäftsführervergütung, Gesellschafter- oder Bankdarlehen und gestundete Zinsen.
* Die Gründer haben sich vor dem ersten Treffen nicht ausreichend über den Investor informiert. Grundsätzlich sollten das Portfolio, die Strategie und der Industriefokus des Investors bekannt sein.
* Die Finanzierung/Liquidität des Startups reicht nur noch für weniger als zwei Monate oder es liegt bereits eine Überschuldung vor.
* Die im Investorentermin gezeigten Unterlagen werden auf Anforderung nicht digital zur Verfügung gestellt.
* Nach dem ersten Meeting mit den Investoren werden die finanziellen Kennzahlen nicht zur Verfügung gestellt.
* Investoren, die bereits in das Startup investiert haben, gehen bei einer weiteren Finanzierungsrunde ohne wirklich überzeugenden Grund nicht mit.
* Die Bewertung des eigenen Unternehmens ist unrealistisch.
* Hohe Burn Rates/monatliche Ausgaben können nicht sinnvoll begründet werden.
* Die Nennung „mutiger“, aber noch begründbarer Zahlen hinsichtlich prognostizierte Wachstumsraten und Marktanteile wird meist von Investoren akzeptiert, wenn die Zahlen bei einem deutschen Unternehmen innerhalb von 5 Jahren zu einem Milliardenumsatz per anno führen, sollte man sich dies aber gut überlegen.

MARKT:

* Es sind keine Marktzahlen vorhanden
* Der Fokus liegt auf zu kleinen Märkten und es fehlt zudem die Kompetenz größere Märkte zu erschließen (z. B. fehlende englische Sprachkenntnisse).
* Das Startup behauptet, keine Wettbewerber zu haben.
* Es ist nur ein einziger Zulieferer vorhanden und es können keine weiteren identifiziert werden.
* Es werden Kunden oder Kooperationspartner in den Unterlagen angegeben, obwohl zu ihnen in Wirklichkeit keine Beziehung besteht.
* Es gibt Wettbewerber, die mit sehr hohen Investments ausgestattet sind.
* Nahezu der gesamte Umsatz wird mit einem Kunden gemacht.
* Das Startup hat kein Vertriebskonzept.
* Die Gründer kennen den Fachjargon der fokussierten Branche/Märkte/Industrie nicht.
* Das Wachstum beziehungsweise die Userzahlen stagnieren.
* Der erzielbare Exit ist zu klein.
* Es ist kein starkes Verständnis der eigenen Businessstrategie vorhanden.
* Es ist kein nachvollziehbarer Marketingplan vorhanden. (Wofür steht die Marke/das Startup?).

RECHT:

* Das Startup ist nicht als Kapitalgesellschaft organisiert.
* In der Due Diligence Prüfung tauchen (bewusst) verschwiegene Probleme auf.
* Das Startup besteht auf die Unterzeichnung einer Geheimhaltungsvereinbarung bevor ein Pitch-Deck an den Investor geschickt wird.
* Das Geschäftsmodell/die Produkte sind nicht durch Schutzrechte geschützt.
* Das Produkt ist nicht frei von Schutzrechten Dritter.
* Die Geschäftsidee berücksichtigt nicht existierende Gesetze, z. B. das Datenschutzrecht.
* Das Startup wird steuerlich nicht beraten.
* Open-Source-Software ist unter einer unpassenden Lizenz in der Software des Startups enthalten.
* Es bestehen ungeklärte Eigentumsrechte am geistigen Eigentum des Startups.
* Es gibt laufende oder angedrohte Gerichtsverfahren über wichtiges geistiges Eigentum, das vom Startup verwendet wird/des  Startups.

 

Zum Autor
Jan Schnedler ist Autor des Buches Startup-Recht. Rechtsanwalt Schnedler liefert in seinem Werk nicht nur einen umfassenden Überblick in Sachen juristischen Aspekte rund um Startups aller Art, nein, er schriebt dies alles auch noch in lesbarer Form zusammen. Nach der Lektüre sollten Gründer in der Lage sein, informiert Entscheidungen zu treffen, Fehler zu vermeiden oder zumindest zu korrigieren. Die Bandbreite reicht dabei von Gesellschaftsformen über Logofindung bis zum Thema Investoren-Verträge.

 

from: https://www.deutsche-startups.de/2019/02/08/das-sind-die-haeufigsten-deal-breaker/

 

 

 

Parity Technologies Fixes Node Vulnerability, Urges All Ethereum Nodes to Update

[Again … and by a simple Remote Procedure Call (RPC)]

Ethereum blockchain infrastructure developer Parity Technologies experienced a security compromise that required nodes to perform an urgent update, the company stated in a blog post on Feb. 3.

Parity, which is a popular technology stack for Ethereum users, said it had received notification of a loophole which would allow an attacker to shut down nodes running its client.

“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash,” officials summarized.

On social media, Parity confirmed it had issued a patch to fix the vulnerability within hours, with nodes running the affected versions nonetheless required to update their software.

“While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, [MyEtherWallet], MyCrypto, etc), we recommend everyone to update their nodes immediately,” a tweet read.

In late 2017, one user of Parity’s Ethereum (ETH) wallet accidentally quarantined 513,774.16 ETH (around $54 million). In April 2018, an Ethereum Improvement Proposal (EIP) that would restore a disabled contract to unfreeze the funds was voted down.

In June 2018, another vulnerability discovery led to a similar request to install node updates.

Last month, the organization received a grant from the nonprofit Ethereum Foundation worth $5 million to fund development on Casper, sharding and infrastructure.

 

from: https://cointelegraph.com/news/parity-technologies-fixes-node-vulnerability-urges-all-ethereum-nodes-to-update

 

 

 

Ethereum’s Blockchain Has Been the Platform of Choice for Scammers

From Ponzi Schemes to ICO Exits, Ethereum’s Blockchain Has Been the Platform of Choice for Scammers

ETH scams trends have changed dramatically over the past 24 months, and this seems likely to continue

According to a recent report from crypto analytics specialists Chainalysis, Ethereum (ETH) has become the crypto platform of choice for scam artists. Its research suggests that 2018 saw far more sophisticated, higher-earning scams carried out using ETH, although the actual number of these crimes dropped significantly year on year.

The amount stolen through ETH-based scams doubled from $17 million in 2017 to $36 million in 2018. This equates to 0.01 percent of ETH in circulation.

Chainalysis identified over 2,000 scam Ethereum addresses, which have managed to secure funds from nearly 40,000 unique users in the network. In the space of two years, the modus operandi of scammers seems to have changed, according to data collected by Chainalysis.

Phishing, Ponzi schemes and initial coin offering (ICO) exits are still the most prevalent, but there has been a shifting trend.

Phishing scams were all the rage in 2017, which led to a surge in this type of crime. Users cottoned on to the ever-increasing number of these attacks, which led to a decrease in the efficacy of phishing scams. As a result, the average amount sent to a scam address was nearly half of the amount in 2017.

2018 then saw the rise of elaborate Ponzi schemes and ICO exit scams, which yielded millions of dollars in income.

The reason for Ethereum’s perceived popularity with scam artists is its utility as a platform in which people can start and launch their own native cryptocurrency tokens through ICOs.

It is fairly easy for any project to put together a convincing website and business proposal, and raise funds in a decentralized way through the Ethereum blockchain. As the price of Bitcoin and other cryptocurrencies surged in 2017, investors easily parted ways with their crypto holdings, in the hopes of seeing massive returns on their investments.

Nefarious individuals and groups took advantage of the situation, which has inevitably fleeced many an unsuspecting investor.

The three ETH scams of choice

Firstly, it must be noted that Ethereum, as a platform, does not inherently provide the right environment or tools for scam artists to carrying out various schemes. The simple fact is that Ethereum is the platform of choice for entrepreneurs looking to launch decentralized, blockchain-based projects. As per data provided by Chainalysis, 82 percent of all ICOs are created on the Ethereum blockchain.

As the leading platform to raise crypto funds, scam artists went about hunting for unsuspecting victims using three main methods.

Phishing is considered to be the most popular type of ETH scams over the past few years. The modus operandi is fairly simple, scammers send potential victims emails or other communications that tricks them into sharing private financial information that gives attackers access to their ETH wallets.

Ponzi schemes have become more prevalent. These schemes promise investors abnormally high returns on an initial investment. Initial returns are paid out by new investment funds coming in, but eventually the scammers make off with most of the funds, leaving victims empty-handed.

ICO exits have also become more popular as of late. Criminals set up fake companies or projects with elaborate marketing material and websites. Funds are raised through ICOs but once that is complete, the criminals sell off the proceeds and disappear with all the capital, once again leaving investors with nothing.

As Chainalysis explains, phishing scams were the most-popular scamming method in 2017, but users became more wary the following year and the prevalence of these scams reduced. Furthermore, as criminals began to change up their methods of attack, the median amount of money stolen from individuals seemed to drop.

In 2018, the average amount sent to a scam was $94, nearly $50 less than 2017’s median. The median total revenue made in 2017 was more than $6,500, but that dropped drastically to less than $2,500 last year.

 

 

In 2017, 49 scam operations made less than $100, while that number increased to 181 in 2018. Sixty-five of these scams made less than $10, indicating that investors are becoming far more savvy at picking out fraudulent operations.

Ponzi schemes, ICO exits most lucrative

While the overall success of scams seems to be dwindling, a small number of these activities have managed to steal millions of dollars from unsuspecting investors.

What this could indicate is that criminals have had to get smarter in the way they dupe potential victims, with complex scams that have garnered massive amount of money. To this end, Chainalysis notes that twice as many users lost up to four times as much in 2018 compared to 2017.

As the graph below shows, the methods of scam artists has been in a constant state of flux for the past two years.

 

 

Toward the end of 2018, there were massive spikes in the yield from a couple of Ponzi schemes and ICO exit scams, showing that these projects still pose a big threat in the crypto ecosystem.

This data is backed up by a report from crypto analytics company Ciphertrace, which states that at least $725 million was lost in 2018 to scams including Ponzi schemes, ICO exits and fraudulent ICOs.

Thus, the trends of scams have changed dramatically over the past 24 months, and this seems likely to continue, according to Chainalysis.

Given the anonymous nature of decentralized technologies, the report suggests that criminals will use these platforms in the future to carry out their crimes.

Criminals could begin to use encrypted applications in 2019 like Telegram and WhatsApp, shifting away from darknet markets. Cryptocurrencies will continue to be a method to launder and move money, which will lead to further regulatory moves by authorities.

 

from: https://cointelegraph.com/news/from-ponzi-schemes-to-ico-exits-ethereums-blockchain-has-been-the-platform-of-choice-for-scammers

 

 

Major European Publisher Axel Springer Partners with SatoshiPay

Kudos Meinhard!

Europe’s largest digital publisher Axel Springer SE has partnered with blockchain startup SatoshiPay to enable direct payments using blockchain, investment news agency London South East reports on Jan. 31.

Blockchain micro payment firm SatoshiPay has reportedly started a collaboration with Axel Springer yesterday, Jan. 31, in order to develop a platform enabling readers to pay for content using SatoshiPay Wallet.

According to the article, the new blockchain solution will enable direct payments eliminating third party involvement, and will be integrated into Axel Springer products in order to get experience in user acceptance.

The press release was provided by tech-focused investment firm Blue Star Capital (BLU), which reportedly has a 30 percent stake in SatoshiPay. Blue Star Capital has seen a rise in share price subsequently after the partnership announcement, with its shares having reportedly grown by 20 percent to 0.16 pence ($0.21) on Jan. 31, as reported by British daily tabloid newspaper Morningstar.

Valentin Schöndienst, senior vice president of new business and “Mr. Blockchain” at Axel Springer, said that blockchain tech has the potential to enable a new option for content monetization by reducing transaction costs significantly.

Axel Springer SE is the biggest digital publishing company in Europe, containing a number of media news brands including Business Insider, Rolling Stone and others. The company reportedly generated around 3.3 billion euros ($3.7 billion) in total revenues in the financial year of 2015.

Earlier in January, blockchain tech firm ConsenSys joined a project developing a new revenue-generating news platform by WordPress, the world’s most popular website management system. Through an investment of $350,000, ConsenSys joined leading publishing industry organizations such as Google News, The Lenfest Institute for Journalism and The John S. and James L. Knight Foundation.

from: https://cointelegraph.com/news/report-major-european-publisher-axel-springer-partners-with-satoshipay

***

SatoshiPay and Axel Springer
cooperate on blockchain technology usage

Commencing on 31 January 2019, SatoshiPay and Axel Springer SE will begin working on a joint offering, enabling users to pay for content with the digital SatoshiPay wallet. Powered by blockchain technology, the wallet will be used to send direct payments from the user’s device to the publisher without an intermediary.

As part of the project, SatoshiPay’s payment solution is to be integrated into Axel Springer products in order to gain experience in user acceptance and generate initial revenues.

Dr Valentin Schöndienst, Senior Vice President New Business, Axel Springer SE states:

“Blockchain payments can significantly reduce transaction costs and thus enable new monetisation systems for content. SatoshiPay offers a turnkey solution that allows us to instantly use blockchain technology and offer it to our customers”.

Meinhard Benn, Founder and CEO of SatoshiPay [also: formerly Chief Software Officer @ Blockchain Industries] says:

“We are excited to work with Axel Springer, who recognise the immense potential of blockchain technology. As one of the few companies with a market-ready blockchain payment solution, we are focused on bringing this technology from laboratories into the mainstream. This has been SatoshiPay’s mission since its foundation in 2014, and a partner with the tremendous reach of Axel Springer gives us the opportunity to deliver on this promise.

We would also like to thank the Stellar Development Foundation, which supports this cooperation with a seven figure partnership grant.”

SatoshiPay uses the Stellar blockchain for secure worldwide payment processing in a matter of seconds. This is possible for any form of value, including Euro and Dollar transfers.

SatoshiPay, which had completed the Axel Springer Plug and Play startup program in 2015, offers tailor-made solutions for blockchain-based payment and customer loyalty systems to companies, especially in the areas of online publishing, gaming, IoT, and telecommunications — for integration into their own products, websites, or apps. Going forward, SatoshiPay will transfer the advantages of different blockchain ledgers into the simplicity and stability of a standardised programming interface (API).

SatoshiPay CEO Meinhard Benn (left) with COO Alexander Wilke

About Axel Springer

Axel Springer SE is the largest digital publishing house in Europe, with leading multimedia news brands such as Business Insider, Bild, Die Welt and Upday. It employs more than 15,000 people and generated total revenues of over €3.5 billion in 2017. Digital media activities contribute more than 60% to its revenues. Headquartered in Berlin, Germany, the company is active in more than 40 countries with subsidiaries, joint ventures, and licensing.

About SatoshiPay

SatoshiPay was founded in 2014 and is headquartered in London, with development led through its Berlin office. SatoshiPay offers a frictionless micropayment solution to help digital publishers monetise content globally. The SatoshiPay platform is based on scalable blockchain technology supplied by the Stellar.org network. Find frequently updated information at the company’s website www.satoshipay.io, its blog www.medium.com/@SatoshiPay and Twitter @SatoshiPay.

from: https://medium.com/@SatoshiPay/satoshipay-and-axel-springer-cooperate-on-blockchain-technology-usage-7bde7f2d34c8

Global Pharma Giant Merck Wins US Blockchain, AI Patent for Product Authenticity

Merck, the world’s oldest operating pharmaceutical firm, has won a blockchain patent from the United States Patent and Trademark Office (USPTO), Cointelegraph auf Deutsch reported Jan. 30

The German multinational has developed a system that uses a combination of Artificial Intelligence (AI) and blockchain tech to establish the authenticity of unique physical objects. As Merck reports in a press release Jan. 30:

“The new technology uses machine learning to link physical objects to a blockchain through their own unique identifiers or ‘fingerprints‘.”

According the firm, the new patent describes a technology that can identify and record any unique feature of a physical object as its so-called “fingerprint,” including chemical signatures, DNA and image patterns.

The company claims that the technology described in the patent can increase the security of systems such as supply chains, aiming to eliminate counterfeit. The tech is reportedly being developed in Merck’s Innovation Center, the firm’s research and development arm.

Citing data from the World Health Organization, Merck noted that more than 50 percent of pharmaceutical products purchased on illegal websites are in fact fake.

Yesterday, Russia’s Ministry of Education and Science introduced a new blockchain-powered platform for tracking natural diamonds across the entire supply chain, from extraction and polishing to the final owner.

Last week, U.S.-based health insurance giant Aetna partnered with tech mogul IBM to build a blockchain network designed for the healthcare industry, specifically addressing insurance processes.

On Jan. 24, the United Kingdom’s national standards body, the British Standards Institution, teamed up with blockchain firm OriginTrail to increase supply chain transparency.

 

from: https://cointelegraph.com/news/global-pharma-giant-merck-wins-us-blockchain-ai-patent-for-product-authenticity

 

 

 

Swiss Wallet Firm to Produce Microchipped Physical Banknotes for Marshall Islands Digital Currency

Tangem, a Switzerland-based ‘smart card’ wallet manufacturer will reportedly issue physical banknotes for the Sovereign (SOV), the state digital currency of the Marshall Islands, according to an announcement on Jan. 28.

Per the announcement, physical representations of the digital currency will purportedly ensure that citizens have “fair and equal access to their digital currency, whether or not they have internet connection.” The firm states that a physical SOV will be a “controllable mechanism” for issuing the currency by the Marshallese government.

Minister David Paul, Minister-in-Assistance to the President of the Marshall Islands, stated, “Tangem will help us ensure all citizens, including those living on more remote outer islands, are able to easily and practically transact using SOV.”

Tangem states that each note will contain a blockchain-enabled microprocessor which will “combine the familiar advantages of paper banknotes with the security of blockchain technology.” The firm issued physical representations of digital currency in May 2018, when it produced 10,000 physical Bitcoin (BTC) banknotes of various denominations in a pilot program.

In February 2018, the Republic of the Marshall Islands first announced that it would release its own cryptocurrency complete with an initial coin offering (ICO) and free trading. Two government officials said that, once issued, the Sovereign will circulate alongside the nation’s other official currency, the United States dollar.

The idea of issuing a national cryptocurrency became a controversial topic within the country and with international organizations like the International Monetary Fund (IMF). In August 2018, the IMF urged the Marshallese government to reconsider issuing the Sovereign, saying that it could pose risks to the country’s financial integrity and relationships with foreign banks.

Marshallese President Hilda Heine’s support for the Sovereign led to a vote of no confidence in the country’s parliament, the Nitijela. While the parliament had initially backed the creation of a national digital currency, critics of the president declared that the proposed plan for a state-backed digital currency could harm the country’s reputation.

Heine narrowly survived the vote of no confidence in November 2018, with the Nitijela split 16-16. The president reportedly told the parliament that the attempt to overthrow her was a “referendum about our own politics,” and hailed plans for the Sovereign as a “historic moment for our people.”

from: https://cointelegraph.com/news/swiss-wallet-firm-to-produce-physical-banknotes-for-marshall-islands-digital-currency

Immer weniger Tote auf Autobahnen (Statistik)

Die Zahl der Unfalltoten auf Bundesautobahnen ist in den letzten Jahrzehnten immer weiter gesunken. Im Jahr 1972 gab es pro 1 Milliarde Fahrzeugkilometer 27,9 Getötete – 2017 waren es vorläufigen Zahlen des Statistischen Bundesamtes (PDF, S. 222) zufolge noch 1,7 Getötete. Dies entspricht einem Rückgang von rund 94 Prozent. Dazu beigetragen haben verschiedene Faktoren, wie etwa die Senkung der Promillegrenze und die Einführung einer Anschnallpflicht. Auch die Weiterentwicklung von Sicherheitsfeatures in Pkw (u. a. des Airbags) haben ihren Anteil an der Entwicklung.

 

from: https://de.statista.com/infografik/16783/unfalltote-auf-bundesautobahnen/

 

 

 

By continuing to use this site, you agree to the use of cookies. Please consult the Privacy Policy page for details on data use. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close