Moria, a BCH-based stablecoin issuance protocol, has been successfully audited by Hashlock, a Web3 security and smart contract auditing company. The audit found the code powering the stablecoin platform was “secure, logically ordered, and constructed with clear intent.” BCH Stablecoin Issuance Protocol Moria Passes Security Audit Moria, a BCH-based stablecoin issuance protocol, has passed a […]

At Kraken, we’re committed to building a secure and trusted platform for our clients. Over the past few years, we’ve significantly strengthened our global compliance framework – investing deeply in the people, processes and systems that keep our platform secure. We recently reached a key milestone in that journey: the completion of a multi-year effort to enhance our sanctions compliance program across the board. This achievement reflects not only our ongoing engagement with regulators – including the finalization of commitments made in past years – but also the ongoing advancement of Kraken’s approach to risk, oversight and operational excellence. As part of our ongoing work with U.S. regulators, Kraken recently completed its third and final certification with the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) – an external validation of the robust controls and processes we’ve put in place to manage sanctions risk. A companywide effort toward a common goal What began as an initiative to enhance our sanctions controls quickly evolved into something much bigger: An overarching effort to build one of the most robust, scalable and future-proof compliance programs in the industry. What powers compliance at Kraken:

• GeoIP firewalls & VPN screening
  Sophisticated tools that proactively restrict unauthorized access based on geographic and network indicators.
  
• Comprehensive screening across the board
  End-to-end product, client, and transaction-level screening to ensure real-time risk detection.
  
• Over 100 embedded internal controls
  Automated checks and balances built into every layer of Kraken’s infrastructure.
  
• Upgraded policies, procedures and processes
  A ground-up redesign of how compliance is approached across teams and workflows.
  
• Rigorous risk assessments, audits and training
  Regular evaluations and company-wide education to keep our defenses sharp and aligned.
  
• Sanctions controls at every layer
  Holistic safeguards integrated throughout Kraken’s architecture.
  
• Regulatory benchmarking and licensing expansion
  Tools and standards that enable smoother licensing and faster time-to-market globally.
  
• Proactive engagement with regulators
  Open, constructive dialogue that helps shape thoughtful, effective regulation.
  
• Enhanced due diligence for investors, M&A and product launches
  Strategic compliance integrated into how we grow.

Every one of these upgrades is a step toward our larger goal: making Kraken the most trusted and secure venue for crypto. Together, these capabilities help protect our clients, strengthen trust and reinforce Kraken’s role as a responsible industry leader. Built for scale, designed for trust Strong compliance isn’t just about risk reduction – it’s a strategic advantage. With these improvements, Kraken is ideally positioned to:

• Expand our business into new countries and with new products
  
• Foster stronger banking relationships
  
• Navigate regulatory environments with confidence
  
• Reduce audit and operational risk
  
• Support faster, safer growth across markets

The compliance infrastructure we’ve built is scalable, resilient, and dynamic – designed not only to meet today’s demands but to anticipate those of tomorrow. We’re proud of how far we’ve come and even more excited for where we’re headed. Because at Kraken, building responsibly isn’t just a goal. It’s how we lead the way, create a safer industry ecosystem and accelerate crypto adoption. Get Started with Kraken The post Strengthening sanctions compliance: Building for scale and trust appeared first on Kraken Blog.

We are proud to share that we closely collaborated with the United States Secret Service (USSS) on an extensive investigation into a crypto fraud scheme. Fraudsters used social engineering techniques to build trust with victims over time, an approach commonly known as “pig butchering.” This joint effort resulted in the largest-ever crypto seizure by the USSS, totaling approximately $225 million. The USSS investigation targeted sophisticated fraud rings that prey on individuals, luring them into fake cryptocurrency investments. Victims of pig butchering schemes are gradually encouraged to deposit increasing amounts, only to eventually discover their funds have been stolen. The $225 million in question was initially frozen by Tether in 2023, after being linked to pig butchering in a United States Department of Justice investigation. The stolen funds were tied to the perpetrators’ accounts at a non-Kraken centralized exchange. Identifying the victims and returning their funds presented a challenge, requiring significant knowledge of blockchain analytics. In March 2024, we joined several cryptocurrency exchanges in an intensive, weeklong law enforcement sprint. Our compliance and investigative teams provided rapid, real-time responses to crucial information requests and our timely provision of transaction and account information was instrumental in identifying nearly 500 victims. This directly supported the USSS in obtaining the seizure warrant for the unprecedented $225 million confiscation of stolen funds. We remain dedicated to cooperating with law enforcement to safeguard the cryptocurrency ecosystem. Our rapid-response approach and meticulous record-keeping reflect our ongoing commitment to security, transparency and protecting our customers. We also have strict policies and procedures to protect client privacy while supplying data when we have a legal obligation to do so. We continue to actively participate in efforts aimed at identifying and stopping fraud, supporting victim recovery and maintaining trust within the crypto community.

“Protecting clients is our highest priority, and we’re proud to have supported efforts leading to this historic recovery of stolen funds. Our rigorous compliance practices, cutting-edge security protocols, and onchain investigative capabilities reflect our deep commitment to safeguarding client assets and preserving confidence in crypto. We will continue to fight fraud and help ensure the crypto ecosystem remains safe and secure for all users,” said David Zacks, Kraken Deputy Chief Compliance Officer. If you believe you are a victim of cryptocurrency fraud, we encourage you to report your case to your local authorities and to the FBI Internet Crime Complaint Center at https://www.ic3.gov/. Your prompt reporting can help prevent future scams. Get Started with Kraken The post Kraken assists U.S. Secret Service in record-breaking crypto fraud seizure appeared first on Kraken Blog.

North Korean hacking groups are developing new methods to target Web3 companies, including some aimed at infecting Apple systems. Additionally, the use of social engineering is becoming more prevalent in these attacks, highlighting the level of preparation involved in these operations. North Korean Hackers’ New Methods: Nim Malware and Clickfix Hackers groups from North Korea […]

The goal of Bitcoin dust attack is to expose your identity and holdings. An attacker will send a small amount of crypto to different wallet addresses hoping the wallet owner will eventually batch or consolidate their UTXOs, including the dust, to use in a future transaction. Once the recipient (you) spends the dust in a transaction, the attacker can connect the dots to associate the dusted address with other addresses you own.  For example, if you inadvertently send the dust to a centralized exchange to cash out, the attacker could target you with a phishing attack to compromise your account or install malware.  Most dust can’t be spent on its own because it’s too small and less than the network fee.   To spend the dust, you must combine the dust with other UTXOs which is exactly what the attacker wants you to do.   How to protect your wallet from bitcoin dusting? You can’t prevent a dusting attack because anyone can send Bitcoin to any address without censorship.  Here are some proactive measures to protect against a dust attack:

1. Before creating a transaction, regularly scan your wallet for dust size UTXOs.
2. Most wallets have default dust thresholds that will automatically reject, isolate and freeze suspected dusting UTXOs.  Bitcoin Core has a 546 satoshi dust limit.  
3. Create a rule in your wallet, if available, that prevents UTXOs under a certain value from being included in a transaction.  
4. Only use wallets with a Coin Control feature.  The wallet owner can select to include or exclude certain UTXOs from a transaction. 
5. Use an HD Wallet to generate a new address every time you receive Bitcoin.  Hackers often fine tune their research looking for addresses which have received more than one transaction which can place a target on your back.  
6. Whitelisting, if provided by your wallet, sets specific addresses and prevents inadvertently sending crypto to an address you haven’t previously authorized.  
7. Don’t commingle coins from different sources or addresses.  
8. Practice UTXO management, including a UTXO consolidation strategy.
9. Execute good crypto operational security.  For example, use a VPN to avoid geolocation and log in to a website from your browser rather than clicking a link in an email the website sent you.  Inadvertently scanning fake QR codes on bogus phishing sites or offline IRL is another exploit hackers will target.  
10. Avoid signing up for free airdrops of crypto as these sites are often created by the attacker to resemble authentic sites with the purpose of getting you to connect a wallet or disclose an address or other personally identifiable information.
11. Avoid using vanity addresses which are susceptible to ‘address poisoning’ where the attacker finds your vanity address, creates a similar address to transact with your vanity address hoping you accidentally transact with the fake address instead of your real address at some point in the future.  Double check you’re using the correct address.

As the Bitcoin price goes up and Bitcoin transaction fees increase, dusting attacks are becoming more expensive for the attacker.  The natural reaction for the attacker is to focus their attention on wallets with higher balances which should put Bitcoin wholecoiners on high alert.  What should I do if my wallet is dusted? The proactive actions we suggested in the previous section may help you mitigate a crypto dusting attack. If you’ve been dusted, don’t freak out and don’t spend any Bitcoin dust in a transaction.   In fact, don’t even click on the token to prevent any malicious code in a smart contract from activating.   Pro Tip: Identify the unsolicited dust-size UTXOs.  Freeze the UTXOs you deem as malicious or mark/note as Do Not Spend.  Archiving the UTXO is your safest option and be cautious if your wallet offers a dust conversion to swap the UTXO for another coin.   The attacker is baiting you to interact with the dust so they can track the transaction, even if it’s a swap, then analyze future transactions until they find a vulnerability.  Software wallets, particularly browser-based, are more frequently attacked with altcoin dusting because these wallets are primarily used for Web3, Decentralized Apps (DApps), and altcoins.   You can use a blockchain explorer to trace the transaction if you receive dust.  Check your address to see who the sender was.  Next, check the sender’s address on the explorer to see how many other dust transactions were created.   Report dusting attacks to your wallet provider and to law enforcement’s cyber division like the FBI’s guidance for cryptocurrency scam victims.  Will I lose my Bitcoin if I spend the dust? Transacting with Bitcoin dust won’t necessarily allow the hacker to drain your wallet but does open the vulnerability for them to de-anonymize the wallet and target you with a phishing attack to eventually gain access.  Crypto dusting with altcoins is more common than Bitcoin dusting because it’s cheaper and more susceptible to smart contracts which do have the ability to access your keys and drain the wallet thanks to blind signing.   Smart contracts are embedded into transactions and most wallets do not show the details of the functions in the smart contact.   The vulnerability of smart contracts is linked to code designed to execute when you link your wallet to a specific website, most commonly a decentralized exchange, which can execute a set of instructions to drain your wallet.  This happens more commonly with DeFi compared to Bitcoin because it’s cheaper to transact and easier to exploit Risks of Promotional Crypto Dusting Not all dust is a scam or attack.   Researchers use dust to gather data.  Governments use dust to identify criminal activity.  Developers use dust to stress test their software.  Marketers use dusting to promote new projects. New crypto projects (NFTs and coins) dust addresses similar to spamming an email address.  The dust UTXOs could be benign and contain promotional messages or simply meant to entice you to search for the project and visit the project’s website.   You still shouldn’t engage (click, transact, swap) with dust, ever! How do you know that the site you’re visiting is legitimate?  What if an attacker created a fake spoofed site (or app) and got it to rank higher than the legitimate site? Even if you’re certain the site is legitimate, once you open the site your IP address can expose city, state, country, latitude, longitude, ZIP code, time zone, ISP and other sensitive data.   Now that the marketer or hacker knows your location, if you interact with the dust you could get doxed and and inadvertently reveal your crypto net worth. Getting doxed by a dusting attack is easier than you might think.  Transacting with dust is always a NO! Personally, accepting airdrops from sites that I haven’t vetted are always a NO!   There’s no such thing as a free lunch. Stay vigilant, trust no one, and do your own research! Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.  The post How to Prevent and Detect Bitcoin Dust Attacks first appeared on Stratus Crypto.