N. Korea to Launder Stolen BTC Via HK Firm, - UN

The stolen cryptocurrency was exchanged for cash after passing through at least 5,000 individual transactions in several countries
07 November 2019   403

North Korea laundered stolen bitcoins and fiat currencies through a Hong Kong-based company. This is reported by Chosun with reference to the quarterly report of the UN Security Council Sanctions Committee.

To circumvent international sanctions, the country has registered in Hong Kong a shipping and logistics company Marine China, operating on a blockchain platform. The sole owner of the company was a man named Julian Kim, also known under the pseudonym Tony Walker. According to the committee, he tried several times to withdraw money from banks in Singapore.

The cryptocurrency previously stolen by North Korea was exchanged for cash after passing through at least 5,000 individual transactions in several countries, the report says.

Earlier, UN experts estimated that the country stole approximately $ 2 billion of assets from bitcoin exchanges and banks through cyber attacks to mitigate the effects of financial sanctions. In North Korea, the charges have been refuted.

The report indicated that North Korean hackers used targeted phishing technology to select the target and accuracy of the attacks. One of the country's cyber-specialists malicious code transferred stolen bitcoins to the server of Kim Il Sung University in Pyongyang.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   903

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.