Posted on

Denver Municipal Election: Another Small Stop on the Road to Universal Blockchain Voting

Despite widespread suspicion of the technology’s ability to underpin secure elections, some U.S. jurisdictions are pushing ahead with limited blockchain-enabled voting trials.

On March 7, news broke that Denver is slated to become the second United States jurisdiction to pilot a blockchain-powered mobile voting platform in its upcoming municipal election. Absentee voting will start on March 23 and will run until the Election Day, May 7. The announcement came almost exactly one year after the first initiative of this kind — deployment of mobile voting solution in West Virginia primaries and then midterm elections — was made public in March 2018.

Once again, it was the Tusk Philanthropy foundation that spearheaded the effort, while Boston-based technology company Voatz took care of the software side of it. This time around, the partnership also included the National Cybersecurity Center, a nonprofit that works to raise awareness of cyber threats to the integrity of election systems.

Whereas in West Virginia elections last year just about 150 people opted in to cast ballots via their mobile devices, the Denver campaign in May could see a much wider utilization of the technology. The target voting population is both service members and overseas citizen voters from the city and county of Denver, totaling around 4,000 people.

As the idea of using distributed ledger technology to record the expression of citizens’ electoral preference is still met with near-universal suspicion, this trial might become the largest blockchain-facilitated campaign to fill political offices in the United States to date.

County Snapshot / Denver County, United States

Forging the partnership

Tusk Philanthropies is on a mission to fix American democracy by means of dramatically increasing voter turnout — which should, in turn, improve the quality of political representation. They believe in mobile voting as a shortcut to more inclusive elections. Blockchain technology is an integral part of the organization’s strategy, due to the security and auditability that it brings to the process. At the same time, Sheila Nix, president of Tusk Philanthropies, made it clear in an email to Cointelegraph that the organization views the technology as an instrument rather than an end goal, and it remains open to an alternative solution, should it prove more useful:

“Blockchain is the most secure option that exists right now but we are vendor and technology agnostic and are open to new solution in the future. We think there is a lot of growth potential for blockchain-based voting — especially due to the auditability features.”

Always on the outlook of expanding their ambitious mobile voting program, the Tusk Philanthropies leadership began talking with the city of Denver and the National Cybersecurity Center last year. The foundation was attracted by the city’s “strong reputation in the area of elections” and saw the opportunity to move mobile voting ahead.

For Denver Elections Division, the two major selling points were convenience and security. Out of the two, security was paramount, so the city government engaged in a meticulous vetting process before giving the project a thumbs-up. As Jocelyn Bucaro, the unit’s deputy director of elections, recounted:

“We’ve been following the pilot in West Virginia very closely. We’ve conducted several demonstrations with Voatz and another vendor, and we ultimately decided, after talking with the West Virginia Secretary of State office, after Voatz went through a rigorous security review by our tech services team and after seeing the review conducted by Tusk Philanthropies of the security of the vendor, and after working with them to make improvements even over the West Virginia pilot last year to their application, we felt that it was appropriate for us to pilot this for our military and overseas citizen voters in municipal election cycle.”

Interestingly, the initiative took off without any involvement on behalf of the famously pro-blockchain Colorado Governor and former U.S. Representative Jared Polis, who hadn’t even announced his candidacy for governor at the time the project was conceived. Bucaro and her colleagues, however, sought some input from the Colorado Blockchain Council, whose several members were involved in the demonstrations.

Limited application

Bucaro also pointed out that mobile voting in the Denver election is not meant to replace paper-based ballots. Rather, it will be used to facilitate the process for a specific group of absentee voters — those who serve in the military or live overseas — and who are currently using email to return their ballots to election administrators:

“Military and overseas voters fall under an overseas statute that requires us to email them a ballot, if they choose to receive their ballot by email. Colorado law also permits them to return their ballot electronically. So this voting population was already able to receive a ballot that they could mark on a hosted website, and then generally they would email the ballot back to us as a PDF attachment to an email — which is not a very secure method of return, which is why this method using blockchain secure encryption, a distributed ledger that can’t be changed, offers a higher degree of security and auditability than simply an email attachment.”

Eligible voters will be required to request an absentee ballot, install the Voatz application, and go through the biometric authentication process. Identity verification entails submitting a photograph of voter’s government-issued ID and a 10-second “selfie” video. Once this is out of the way, the app permits the user to cast their vote, which it records to a distributed ledger. This is where the convenience part comes in: Each stage of the procedure doesn’t require anything except a cell phone, in contrast to the trouble of printing out, filling out and scanning paper ballots before emailing them as a PDF attachment.

The initial response from Denver’s military and overseas voters was rather enthusiastic. In less than one day following the announcement, some 90 people signed up to vote via their phones in the upcoming municipal election cycle. This showing, as Jocelyn Bucaro notes, is a good reason to be optimistic:

“Generally speaking, our overseas voters tend to participate in municipal elections at much lower rate than in federal elections. They don’t live here, so they are not as connected to who’s on city council or who’s running for mayor, so these elections have a much lower turnout among that population. So we were pretty excited to see almost 90 people sign up in just the first day after we’ve sent this newsletter out.”

Scaling hurdles

Despite the Denver pilot being a step forward in terms of expanding the potential number of voters involved, it still confines the use of the mobile platform to a very specific and narrow population. Given the pushback against the idea of using blockchain as a primary technological infrastructure in mainstream voting on behalf of the majority of influential election technology experts, it would be too bold to predict that the future of ubiquitous mobile voting is just around the corner.

As Cointelegraph reported last year, even West Virginia’s Secretary of State Mac Warner, who exuberantly reported on the success of the state’s trailblazing effort, made a point to emphasize that he will never advocate for using blockchain-powered voting solutions beyond overseas absentees.

To be clear, this time, it is not only about blockchain. For example, the authors of a recent report by the National Academy of Sciences on the future of elections contend that no internet-based modality could provide better security than paper-based voting — since at the current level of technological development, there is no way to completely rule out the threat of DDoS attacks and malware intrusion. With regard to blockchain, the report holds that this technology is not compatible with the inevitably centralized nature of elections, which is hard to dispute. There is a fundamental disagreement between the character of today’s institutional politics and the ideology of blockchain governance, so shifting to elections run on distributed ledgers will require not just instrumental, but ideological transformation.

Still, more practical issues persist: Cryptographers and election technologists remain unimpressed by the extant identity-management functionality of blockchain-based systems, as well as by the idea that a voter might lose their right for democratic representation for good once they lose their cryptographic key.

Neither of these seems to be a show-stopper for blockchain-enhanced elections advocates. The Tusk Philanthropies’ campaign to promote mobile voting is picking up steam, according to Sheila Nix:

“We have begun conversations with several other cities and states and expect to have additional pilots later this year and in 2020. We are especially excited to test the mobile voting technology for those with accessibility needs.”

Targeting special groups of voters that could benefit from technological developments the most seems to be the dominant strategy for the near future of blockchain and mobile voting. Jocelyn Bucaro also shares this vision:

“We think there is a lot of potential to offer with this type of voting technology, assuming this pilot is successful, to not only our military and overseas citizen voters but also to voters with disabilities who may not be able to vote via a mailed paper ballot at home without assistance. We’d love to be able to offer them a convenient way to vote independently and privately at home as well.”

Blockchain-friendly as Colorado is, there is also hope for statewide adoption, Jocelyn Bucaro admits:

“We have worked closely with the secretary of state office here in Colorado through our mock election period, and we’re engaging with them, and they are closely monitoring how the pilot goes. It would be a decision of the state, and possibly even the state legislature, whether or not to implement it on a statewide basis. We are certainly going to report out broadly how the pilot goes.”

Posted on

Businesses Increasingly See Crypto Mining Attacks in Cloud Infrastructures

American telecoms firm AT&T said that businesses are more seeing crypto mining attacks despite the ongoing bear market.

Cryptocurrency mining is reportedly one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, according to a report by AT&T Cybersecurity on March 14.

The cybersecurity wing of United States telecoms firm AT&T stated that organizations of all sizes continue to face major crypto mining attacks despite the ongoing bear market.

In the new report, AT&T examined the most significant forms of cryptojacking associated with mining attacks on organizations’ cloud infrastructure.

AT&T outlined four major cryptojacking tactics used by hackers such as compromising container management platforms, control panel exploitation, theft of application programming interfaces (APIs), as well as spreading malicious Docker images.

Container management is a major process deployed by enterprise systems, which includes all necessary components to run software, including files and libraries. AT&T researchers have found that crypto jackers were using unauthenticated management interfaces and opened APIs to compromise container management platforms for illicit cryptocurrency mining.

In this regard, AT&T cited an attack reported by security vendor RedLock, where an attacker compromised open-source container management system Kubernetes. The attackers used the compromised Kubernetes server in Amazon Web Services to mine Monero (XMR) and take over access to client data.

After providing a detailed description of hackers’ strategies to mine crypto through cloud structures, AT&T provided a number of recommendations for detecting mining attacks on cloud systems.

Recently, crypto mining service Coinhive announced its closure, as the platform has reportedly become economically inefficient. It reportedly had to shut down its services amidst a 50 percent decline in hash rate following the last Monero hard fork. The firm said its would halt operations on March 8, 2019, while users’ dashboards will be accessible until April 30, 2019.

Following the news, researchers from Canadian Concordia University reported that Coinhive script was placed on more than 30,000 websites, representing 92 percent of all websites based on JavaScript cryptocurrency mining scripts.

Posted on

North Korea Has Accumulated $670 Million in Crypto, Leaked UN’s Report Says

The unilateral embargo promoted by the United States against North Korea has forced the nation to look for funding sources in order to survive, and cryptocurrencies provide a powerful tool to achieve this purpose since they are not controlled by rival governments of financial organizations

A leaked draft of a report by the UNs’s Security Council, obtained by Nikkei Asian Review, claims that a panel of cybersecurity experts informed the council that according to their research, Pyongyang has accumulated about $670 million in crypto and traditional fiat currency.

Cyberattacks: The Best Way For North Korea To Get Its Hands on Crypto

Nikkei reports that the prevailing method of getting funds is through cyber thefts. Blockchain technologies allow North Korean hackers to cover their tracks and perform illegal actions.

The paper says that “North Korea waged cyber attacks on overseas financial institutions from 2015 to 2018.” Nikkei elaborates on how experts are convinced that there is a group of remarkably successful hackers operating within the isolated country, which already sees cyber attacks as a matter of strategic interest:

“The government has stolen money through cyberattacks, creating a pool of illicit funds that has grown since 2016, the panel said. The attacks are believed to be conducted by a specialized corps within the North Korean military and are now an important part of North Korean government policy.”

The accusations against North Korea are not something unusual in the cyber security industry; however they have increased over the recent years. In 2017, a report by the Department of Homeland Security had already alerted about the “HIDDEN COBRA” group which would be in charge of orchestrating cyber attacks through diverse methods varying from sending corrupt files to more elaborate schemes.

Lack Of Control By Financial Powers Make Cryptocurrencies Attractive for Non-Aligned Countries

According to the report, the Korean government may be interested in cryptocurrencies because – despite the transparency of the blockchain – they provide a greater pool of opportunities to circumvent sanctions.

“(Cryptocurrencies) provide the Democratic People’s Republic of Korea with more ways to get around sanctions, given that they are harder to trace, can be laundered many times and are independent from government regulation.”

Several countries such as Russia, Iran, Venezuela, Marshall Islands, Bahamas, and other nations are already contemplating the adoption of cryptocurrencies as an alternative to protect their economic development without the need to align themselves with the strategic interests of powers such as the United States.

The official report will be published next week.

The post North Korea Has Accumulated $670 Million in Crypto, Leaked UN’s Report Says appeared first on Ethereum World News.

Posted on

Report Shows Cryptojacking Is Prime Example of Shift Towards Discreet Cyberattacks

A recent report shows that cryptojacking is a prime example of cybercriminals’ shift to “low and slow” attack approaches.

Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14.

Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019.

The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, cryptojacking might be a better approach.

He added that “it [cryptojacking] is low and slow and guarantees a profit,” while ransomware does not. ComputerWorld also quotes Heinemeyer as stating that the barriers to entry to creating cryptojacking malware are low.

Heinemeyer also said that other methods, such as stealing credit card credentials, are cumbersome since criminals need to establish money laundering networks in order to avoid law enforcement. Lastly, he also noted:

“We’ve seen so many different variants of how these pieces of malware are spreading or being loaded.”

Per the report, he cited a company based out of the United Kingdom that saw over 400 devices very quickly infected by a cryptojacking malware after an initial infection via a phishing email. Also, according to Heinemeyer, one system admin installed a mining device underneath the floorboards of the data center where he worked at a major European bank in a creative cryptojacking move.

The article also suggests that such attacks mine the Monero (XMR) blockchain, since unlike Bitcoin, it is more suitable for mining on non-specialized, even consumer-grade, hardware. However, Cointelegraph recently wrote that a Monero upgrade has made the coin more resistant to ASIC mining.

As Cointelegraph has reported, of about 400 servers running virtualization software Docker that were found to be vulnerable to outside exploitation, most were seemingly running Monero mining software.

Also, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero coin mining code in February.

Posted on

Japan: Hacked IoT Devices and Cryptocurrency Networks Doubled in 2018

In Japan, the number of hacked IoT devices and cryptocurrency networks nearly doubled in 2018 when compared to the previous year.

In Japan, the number of hacked Internet of Things (IoT) devices and cryptocurrency networks nearly doubled in 2018 when compared to the previous year. English-language local media Asahi reported on March 7.

Per the report, the Japanese Police Agency data shows that an average of 2,752.8 intrusions per sensor per day were detected last year, up 45 percent from the previous year. Furthermore, the data also reportedly shows that almost all of the attacks came from overseas.

According to the article, if one considers only cryptocurrency networks and IoT devices, the data shows an average of 1,702.8 intrusions per sensor per day in 2018, which is about double the 875.9 reported in 2017. Seemingly, this isn’t part of a broader trend to attack all devices more, since the report notes:

“The number of intrusions of networks used for sending and receiving e-mail messages and browsing websites has remained at about the same level since 2016.”

The report also covers the location of the attackers, stating that 20.8 percent are located in Russia, 14.1 percent in China, 12.6 percent in the United States, 6 percent in the Netherlands and 5.1 percent in Ukraine. Attacks originating from inside Japan reportedly accounted only for 1.6 percent of the total.

As Cointelegraph reported in February, more than 7,000 cases of suspected money laundering tied to crypto were reported to Japanese police in 2018, a more than tenfold increase from the 669 cases over a nine-month period during the previous year.

Meanwhile, Cointelegraph reported that five Japanese banks have collaborated to launch a financial services infrastructure based on distributed ledger technology.

Posted on

Kaspersky CEO: Cryptocurrencies Are Great, But the World Is not Ready Yet

Eugene Kaspersky, the CEO of cybersecurity company Kaspersky, said that “cryptocurrencies are a great idea, but the world is not ready for them yet.”

Eugene Kaspersky, the CEO of the cybersecurity giant Kaspersky, stated in a recent interview that “cryptocurrencies are a great idea, but the world is not ready for them yet.” Kaspersky made the statement to financial news website Arabian Business on March 1.

Kaspersky elaborated, stating that he believes that in the future — “perhaps in a 100 years’ time” — the world will be united under a single government, which turn will have a single, digital currency. According to the entrepreneur, “the world must be united if we want to have encrypted currencies. At the moment, governments will want to control them.”

He also argued that in the future, digital currencies will see little competition for use, as he predicts the dominance of a single currency:

“Some other currencies may be available, but on a global scale the currency will be unified.”

Kaspersky also noted that he believes that the future currencies will be digital, arguing, however, that “today’s digital currencies, such as Bitcoin (BTC), cannot replace the current financial system.” Still, he concedes:

“Some of the ideas and techniques on which these [crypto]currencies are based can be used in the future currency with little modification, leveraging blockchain technology.”

Kaspersky had previously expressed a similar view on crypto in the past. As Cointelegraph reported in December 2015, he said that while “cryptocurrency is a great invention” he is also convinced that “geopolitically this world is not ready to use it yet.”

As previously reported, the co-founder and CEO of Twitter, Jack Dorsey, also thinks the future holds the potential for a single, dominant digital currency. He, however, has argued that the global currency will be Bitcoin.

Posted on

Majority of 400 Vulnerable Docker Servers Found to Be Mining Monero, Research Shows

Hundreds of vulnerable servers on software Docker were seemingly running Monero mining software.

About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4.

A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice.

Since a hacker could install any software this way, the vulnerability doesn’t only permit cryptojacking, but also the installation of any other malware or use of the hosts to carry out any kind of attacks. Researchers at Imperva claim to have found 3,822 misconfigured hosts (with the API exposed), of which about 400 were actually accessible. The report notes:

“We found that most of the [400] exposed Docker remote API IPs are running a cryptocurrency miner for a currency called Monero.”

Lastly, the data on the server is also accessible to the hacker, including the database and some unencrypted credentials, including passwords, Imperva notes.

As Cointelegraph reported in mid-February, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero mining code.

Also in February, Cointelegraph wrote that cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero.

While cryptojaking is seemingly widely used as a way to earn money among cybercriminals, legitimate cryptocurrency mining service Coinhive, which specifically mines Monero, has shut down at the end of February, as the project has reportedly become economically inviable.

Posted on

PwC: Bitcoin Ransomware Hackers Laundered Money via WEX Exchange

Iranian Bitcoin hackers used the WEX exchange to launder Bitcoin acquired through ransomware, according to a PwC report.

Big Four consulting and auditing company PwC has linked Iranian nationals behind Bitcoin (BTC) ransomware scheme SamSam to the crypto exchange WEX in a recent report published in February.   

The report is based on information that was previously disclosed by the United States Department of Justice (DoJ). As per the DOJ, two Iranians — Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri — were responsible for creating SamSam. SamSam is a ransomware demanding Bitcoin that reportedly damaged multiple U.S. companies, government agencies, universities, and hospitals. Within 34 months the hackers managed to extort over $6 million in Bitcoin and cause over $30 million in losses.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also sanctioned two more Iranians, Mohammad Ghorbaniyan and Ali Khorashadizadeh. They were allegedly operating Iran-based crypto exchanges that helped Savandi and Mansouri to exchange the BTC extorted via SamSam.

After analyzing wallet addresses and emails provided by the U.S. government, PwC came to the conclusion that Khorashadizadeh and Ghorbaniyan could be linked to crypto exchange WEX.

WEX was known as BTC-e prior to a rebranding move in September 2017. The exchange rebranded in order to distance itself from a money laundering investigation that shuttered BTC-e in July of that same year. PwC further states that BTC-e was involved in exchanging at least $1.9 million related to SamSam:

“BTC-e is known for its involvement in laundering approximately $4 billion and is responsible for cashing out 95 percent of all ransomware payments made from 2014 to 2017 — of which $1.9 million came from SamSam ransomware.”

Moreover, PwC cites another investigation that links Bitcoin transactions on BTC-e to Russia’s Main Intelligence Directorate of the General Staff (GRU). The cyber espionage group “Fancy Bear” has purportedly been linked to a cyber attack on the Democratic National Committee ahead of the 2016 United States presidential elections.

As Cointelegraph previously reported, Alexander Vinnik, the alleged former operator of defunct BTC-e, was arrested by Greek police back in July 2017 as the DOJ accused him of fraud and money laundering. Russian human rights officials have sought Vinnik’s extradition back to his home country following health complications that are the result of a months-long hunger strike.

Posted on

Circle Hires AI-Powered Service to Fight Pump and Dumps, Market Manipulation and Insider Trading

Circle is determined to be a pioneer in the promotion of transparent policies for fintechs and is actively working to avoid dishonest practices on its platform.

According to a press release published on February 27, Circle contracted the services of Nice Actimize, an Israel-based cybersecurity company, to monitor the financial operations carried out on its platform in order to detect and counteract potentially illicit situations.

Nice Actimize will use its Cloud Markets Surveillance (CMS) service to detect practices that have negatively affected crypto trading activities over time. Initially, they will focus on insider trading schemes, pump and dumps, wash trading and layering.

In this way, trading through Circle’s platforms —an activity which totaled more than 24 billion dollars in 2018— will have an additional layer of security, without compromising the privacy of users.

Robert Bench, Head Regulatory Counsel and Chief Compliance Officer at Circle pointed out that the firm chose Nice Actimize’s services because of its ability to adapt to the company’s standards and current legal regulations:

“Circle has adopted a strong position on policy and crypto-related regulatory issues that focuses on the safety of our customers and investors. Adapting innovative technology solutions, such as the financial markets compliance solutions from NICE Actimize, to meeting the potential needs of regulators and protecting our assets brings this commitment full circle…

There are a number of markets surveillance vendors that address traditional asset classes, but we needed a partner that could adapt their traditional market expertise to the unique elements of the crypto market. NICE Actimize was chosen as the partner which could offer that adaptability.”

For his part, Craig Costigan. CEO of NICE Actimize, pointed out that the cybersecurity firm is confident in meeting Circle’s expectations. He was enthusiastic about the possibility of contributing to the development of a better platform, with safe and cost-effective solutions in the event of a problem:

“As we lead the digital financial services industry with breakthroughs in artificial intelligence and advanced analytics, NICE Actimize will continue to innovate on behalf of the newest financial product categories, including cryptocurrencies, digital wallets, and more …

We recognize that Circle is a category leader committed to the highest standards of customer safeguards and are excited to be one of the industry’s first financial crime solutions providers to tackle the exciting new cryptocurrency category with secure and cost-effective protections.”

Nice Actimize will provide Circle with its traditional solutions; however, one of the most emblematic features will be the implementation of ActOne, an “AI-enabled financial crime investigation management platform.”

The specific date of implementation of these technologies has not been disclosed, but it is very likely that the upgrades on the Circle platform will start soon, including maybe Circle-owned crypto exchange Poloniex.

The post Circle Hires AI-Powered Service to Fight Pump and Dumps, Market Manipulation and Insider Trading appeared first on Ethereum World News.

Posted on

Coinomi Wallet Addresses Vulnerability Concerns

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spellchecker servers in unencrypted text.

Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27.

In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message.

Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi states that the spell-check requests sent to Google were not cached or stored, since they were flagged as bad requests by the servers and were not processed further.

The cause of the problem was reportedly a bad configuration in a plug-in software contained in the desktop version of Coinomi wallets.

The company claims that on Feb. 22 Warith Al Maawali created a support request on their board regarding a vulnerability contained in their wallet which, according to Maawali, has led to a wallet being hacked, as he claims on the dedicated website AvoidCoinomi.

Coinomi purportedly flagged the request as high priority and investigated into the matter. The company COO Angelos Leoussis said on the firm’s official Telegram group that the user kept “threatening, swearing, and blackmailing us for insane amounts.”

While a video posted on AvoidCoinomi aims to demonstrate the alleged vulnerability, it appears to show that the option to decrypt HTTPS is selected in the software.

Leoussis shared an alleged copy of the conversation with Maawali with Cointelegraph, where the user suggests that the wallet contains a backdoor and declares:

“You have few hours to return my assets back or I will go public with all the the [sic] evidence against you.”

According to information shared with Cointelegraph, on Feb. 23 Maawali requested the company to refund the allegedly stolen crypto assets or their equivalent in dollars, stating that otherwise he has “no choice other than reporting this in social media.” Still, he did not share the details of his findings, saying that he will wait until the company shows its willingness to refund the allegedly stolen funds.

Per Leoussis , Coinomi responded that the company did not consider this to be a responsible disclosure and asked for details concerning the alleged vulnerability. Maawali seemingly responded to the request by stating that he will not disclose details without assurance of a refund.

On Feb. 26 Coinomi purportedly declared that the company will report the stolen assets to Chainalysis, which will blacklist the funds so no exchange will accept them.

In December 2018, researchers were reportedly able to demonstrate that they were able to hack the Trezor One, Ledger Nano S and Ledger Blue hardware wallets. At the 35C3 Refreshing Memories conference researchers used several different strategies to attempt to compromise the wallets. The Ledger team also claimed that the alleged vulnerabilities discovered in its hardware wallets were not critical.