Posted on

Huobi Resumes Trading in Japan as FSA-Licensed Exchange

Cryptocurrency exchange Huobi, currently the world’s 7th largest by daily traded volume, has relaunched as a fully licensed platform in Japan.

Cryptocurrency exchange Huobi — currently the world’s 7th largest by daily traded volume — has relaunched as a fully licensed platform in Japan after merging with BitTrade. The news was announced in a press release published Jan. 17.

As reported, Huobi Global’s wholly owned subsidiary, Huobi Japan Holding Ltd, acquired a majority stake in BitTrade last September. At the time, BitTrade was one of only 16 crypto exchanges in the country to have secured a license from national financial regulator, the Financial Services Agency (FSA).

Leon Li, Huobi Group Founder and CEO, has said that securing the license represents a significant milestone for Huobi, given the importance of the Japanese market.

Huobi’s press release takes pains to emphasize security provisions, outlining that Huobi Japan “features specialized distributed architecture, a Distributed Denial of Service (DDoS) attack countermeasures system, and A+ ranked SSL certification (the highest available).”

According to the press release, Huobi Japan supports trading of Bitcoin (BTC), Ethereum (ETH), Bitcoin Cash (BCH), Litecoin (LTC), Ripple (XRP), and Monacoin (MONA).

While a license has been mandatory for all crypto exchanges operating within Japan since the amendment of the country’s Payment Services Act back in April 2017, the FSA has continued to ratchet up requirements for applicants throughout 2018, in the wake of last January’s industry-record-breaking $532 million theft of NEM tokens from Coincheck.

Ahead of Huobi’s majority stake deal — BitTrade became Japan’s first FSA-licensed platform to be fully acquired by an international investor, the Singaporean multi-millionaire and entrepreneur Eric Cheng. The investor also acquired BitTrade’s affiliate company, FX Trade Financial Co., Ltd — one of Japan’s leading forex trading platforms. Following the Huobi deal, FX Trade Financial retained 25 percent of the BitTrade’s shares.

Founded in China in 2013, Huobi Group has been headquartered in Singapore since Beijing’s crackdown on domestic crypto-fiat exchanges in September 2017. As part of its ongoing overseas expansion efforts, the platform has recently rebranded its United States-based strategic partner trading platform HBUS to the better known Huobi name.

Following Coincheck’s very recent acquisition of an FSA license, the total number of regulator-approved exchanges in Japan stands at 17.

Last fall, an executive from leading U.S. crypto exchange Coinbase made positive remarks about Japan’s crypto regulatory climate, saying that the FSA’s intense focus on security is “good for us.” Coinbase has had plans to secure a license to operate within the country in the works since June 2018.

Huobi has seen $299.6 million in trades over the 24 hours to press time, according to CoinMarketCap data.

Posted on

Report: Critical Vulnerabilities Leaking User Data Found on DX.Exchange, Patched Later

Estonia-based cryptocurrency and tokenized stock exchange DX.Exchange has reportedly patched a critical vulnerability that leaked sensitive user data.

Estonia-based cryptocurrency and tokenized stock exchange DX.Exchange has reportedly fixed a critical vulnerability that leaked sensitive user data.

Technology news website Ars Technica reported on the security leak Jan. 9, citing an anonymous trader who conducted a security analysis of DX.Exchange.

According to Ars Technica’s article, a trader, who wished to remain anonymous due to legal concerns, noticed that the exchange was sending sensitive data of other users to their browser. After examining the data, the trader has reportedly found that the data included other users’ authentication tokens and password reset links:

“I have about 100 collected [authentication] tokens over 30 minutes, […] if you wanted to criminalize this, it would be super easy.”

The authentication tokens were reportedly formatted in the JSON Web token standard and could be easily decoded with the use of online tools, obtaining full names and email addresses of the exchange’s users.

According to Ars Technica, the trader has explained that the tokens could grant access to their associated accounts, as long as the user hasn’t manually logged out after the token was leaked.

The trader has also reportedly found a way to permanently backdoor an account by using the platform’s programming interface, which would grant them access even after a user has logged out.

Furthermore, Ars Technica reported that some of the login data leaked by the platform belongs to the employees of the site. The article explains the severity of the issue:

“In the event that such a token gave unauthorized access to an account with administrative privileges, the hacker might be able to download entire databases, seed the site with malware, and possibly even transfer funds out of user accounts.”

Ars Technica itself has reportedly checked and confirmed the presence of the vulnerabilities discovered by the trader, obtaining what it described as a large number of authentication tokens through the publicly available programming interface.

Ars Technica contacted the DX.Exchange, and according to the article, the leak has now been fixed. However, the company declined to comment on its intentions to warn the users about the now-patched vulnerability:

“Ars sent a response asking if DX.Exchange planned to reset all user tokens or passwords and to notify users that a leak exposed their names and email addresses. So far, the officials have yet to respond.”

As Cointelegraph reported Jan. 3, DX.Exchange leverages Nasdaq’s Financial Information Exchange (FIX) protocol and allows its users to trade tokenized stocks of major companies, including Google, Facebook and Amazon.

As of press time, DX.Exchange has not responded to Cointelegraph’s request for commentary.

Posted on

White Hat Hackers Earned $878,000 from Crypto Bug Bounties in 2018, Data Shows

Hackers have reportedly been awarded $878,000 in bug bounties by blockchain companies on vulnerability disclosure platform HackerOne this year.

White hat hackers have been awarded $878,000 in bug bounties this year, technology news website TheNextWeb reports on Dec. 30.

Bug bounties are a type of competition in which companies that develop software invite hackers to break their software and responsibly disclose the vulnerabilities, so they are able to fix them before they are exploited.

According to TheNextWeb, hackers earned $534,500 on HackerOne, a bug bounty platform connecting companies with hackers just from Block.one, the company which stands behind EOS. In fact, Block.one is reportedly responsible for 60 percent of all the bounties handed in this year.

Major cryptocurrency exchange Coinbase is reportedly the second-largest bounty spender and spent $290,381 in 2018. Tron is third-largest bounty spender, reportedly paying $76,200 this year.

Nearly four percent of all bounties awarded on the platform were for blockchain vulnerabilities, a HackerOne spokesman told TheNextWeb. The average prize in the blockchain industry was $1,490 this year, while the average HackerOne bounty in Q4 2018 was about $900.

As Cointelegraph recently reported, EOS decentralized apps (DApps) have reportedly lost up to $1 million to hacks since July. Also, hardware wallet Ledger recently expressed regret over the fact that the security researchers disclosed vulnerabilities in its hardware wallets publicly instead of following the standard security principles that are written in Ledger’s Bounty program.

Posted on

Former Mt. Gox CEO Karpeles Declares Innocence in Final Argument

The former CEO of now-defunct cryptocurrency exchange Mt. Gox, Mark Karpeles, claimed his innocence as the trial nears its end.

Mark Karpeles — the former CEO of now-defunct cryptocurrency exchange Mt. Gox — has affirmed that he is not guilty in the final argument for his trial, Cointelegraph Japan reports Dec. 27.

In court in Tokyo on Thursday, Karpeles apologized for not being able to avoid his exchange being hacked, but also reiterated the idea that he is innocent. As Cointelegraph Japan reported, in July, he declared that he treated the subtracted money “as a loan from the company,” and that he was going to settle later.

Mark Karpeles has been charged with embezzlement of approximately 340 million yen (about $3 million) from the exchange and manipulating its data to inflate its cash balance. Karpeles allegedly transferred 340 million yen belonging to customers from a Mt. Gox account to his personal account between September and December 2013.

As Cointelegraph recently reported, prosecutors asked for a ten-year prison sentence for Karpeles, who is currently facing the charges in Japan. During his trial, Karpeles has repeatedly denied having stolen money or manipulated Mt. Gox ledgers.

According to today’s report, the ruling for Karpeles’ trial is set to be delivered on March 15, 2019.

Nobuaki Kobayashi, the trustee of Mt.Gox, released a statement in September in which he claims to have liquidated almost 26 billion yen (about $230 million) in Bitcoin (BTC) and Bitcoin Cash (BCH) in around four months.

In the document, he informed the public that since the third quarter of 2017 he sold 24,658 BTC and 25,331 BCH.

Posted on

Coinbase CEO First Crypto Entrepreneur to Join Buffet-Founded Billionaire Charity Pledge

CEO Brian Armstrong is the first crypto entrepreneur to join billionaire-backed charity program The Giving Pledge.

Coinbase CEO Brian Armstrong has become the first crypto entrepreneur to join billionaire-backed charity program The Giving Pledge, CNBC reports Friday, Dec. 21.

Founded by moguls Bill Gates and Warren Buffett, the Giving Pledge campaign is now for the first time supported by a representative of the crypto industry, with Armstrong joining more than 180 pledgers including Elon Musk, Ray Dalio, Bill Ackman and Michael Bloomberg.

Aiming to inspire wealthy people all over the world to give at least half of their net assets to philanthropic causes, The Giving Pledge was established in 2010. In 2018, the pledge has amassed $365 billion in donations with signatories from 22 countries. The campaigns mainly attracts billionaires, and does not obligate its entrants to actually donate any money, according to Wikipedia.

In his pledge, the Coinbase CEO wrote that following his “crazy [goal to] start a billion dollar tech company” about ten years ago, he has now actually become the founder of a multi-billion firm. Armstrong noted that he has always had strong admiration for those “whose ambition to improve the world supersedes any goal related to personal wealth,” adding:

“Once a certain level of wealth is reached, there is little additional utility from spending more on yourself.”

Ranked the 14th top crypto exchange by daily trading volumes, Coinbase is a major United States cryptocurrency trading platform and a wallet. Recently, Coinbase reported that the firm has carried out the largest crypto transfer on record with an “on-blockchain migration of approximately $5 billion.”

In late June, 2018, Armstrong announced the launch of its own charitable program backed by the crypto community in order to support people living in emerging markets. The non-profit initiative GiveCrypto.org aims to help people in need by sending direct-cash transfers in crypto.

Earlier today, an Irish startup partnered with the Irish Red Cross to use blockchain technology in a new application that improves transparency for charitable donations.

Previously, Binance Charity Foundation, philanthropic division of top crypto exchange Binance, opened a new fundraising channel on its blockchain-based donation platform.

And today, Dec. 21, Coinbase announced the expansion of its services to six additional markets over the globe including such countries as Andorra, Gibraltar, Guernsey, Iceland, the Isle of Man and Lithuania.