Leading cryptocurrency investor law firm Silver Miller Law has filed suit against cell phone giants AT&T and T-Mobile on behalf of several digital asset investors who were victims of the identity-theft tactic known as “SIM swapping.” The suit alleges that both companies possessed flaws in their security systems and failed to properly train their employees to work against hackers seeking to gain access to users’ smartphones.

SIM swapping occurs when a hacker gathers information on a potential victim, such as their phone password, answers to their security questions and their financial holdings. Once they have the data they need, the hacker will contact the person’s cell phone provider and claim that their SIM card has been lost or damaged and request that a new one be activated, with the end goal of accessing the victim’s finances — in this case, cryptocurrency.

The lawyers at Silver Miller Law claim that many of their clients had their crypto wallets drained via SIM swapping techniques, including one individual — an AT&T holder — who had roughly $621,000 stolen despite the phone company’s assurances that security had been beefed up following an earlier hack attempt on his account. Two other instances involved T-Mobile clients, who were ultimately robbed of $400,000 and $250,000 respectively.

This is not the only SIM jacking case brought against AT&T; the mobile carrier is also the subject of a separate $224 million lawsuit brought on by Michael Terpin, the founder of angel investment group BitAngels. Terpin claims that the company’s weak security protocols led to his loss of roughly $24 million in crypto funds through two separate SIM swap attacks.

In a deposition filed in August, Terpin claims that the hackers obtained access to his phone number with the help of an AT&T customer service representative. The hackers were then able to access his cryptocurrency wallet and steal funds.

Terpin states, “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.” He is now seeking roughly $200 million in damages.

Silver Miller Law has developed a reputation in the space for bringing investor-led lawsuits to court. Notable judgments and settlements in the firm’s history include Liu v. the Florida-based cryptocurrency exchange Cryptsy, in which roughly $50 million (approximately 11,300 BTC) was ordered returned to the company’s many traders and investors. It has also filed suits against Coinbase for its alleged mishandling of December 2017’s bitcoin cash listing.

Colorado State Securities Commissioner Gerald Rome has issued a cease and desist order to four Initial Coin Offerings (ICOs) for allegedly offering unregistered securities, according to an official notice published Nov. 8.

The orders come as part of a state operation by the “ICO Task Force” within the Department of Regulatory Agencies (DORA), which in May of this year commenced investigations into potentially unlawful activity targeting cryptocurrency investors. With yesterday’s orders, DORA has now issued 12 cease and desist actions against ICOs.

On Nov. 8, Rome signed four orders to Bitcoin Investments, Ltd. — which is also conducting  business as DB Capital — PinkDate, Prisma, and Clear Shop Vision Ltd.

Per the notice, Bitcoin Investments claims to be a blockchain investment firm with over $700 million assets under management across multiple funds. The company allegedly promised its customers over one percent daily returns along with additional returns on internal trading of the “DB Token.”

The company reportedly claimed that “the average registered investment return over a two month period in 2017 was an amazing 95 percent,” while its ICO lists a number of celebrity promoters.

Bitcoin Investments’ website reportedly deploys the same format, visual content, and employee team as the U.S. Securities and Exchange Commission’s (SEC) educational site about related risks for potential crypto investors. Per the statement, DB Token ICO has not been registered as a security with the Division of Securities.

“Anonymously-operated, worldwide escorting service[s]” company Pinkdate allegedly seeks to fundrise more than $5 million via an ICO in tokens referred to as PinkDate Platform (PDP). The statement says that the firm promises investors “50 percent of Net Profits through dividends” in Bitcoin (BTC), Ethereum (ETH), Monero (XMR), or Bitcoin Cash (BCH). The PinkDate ICO allegedly has not been registered with the Division of Securities.

As for Prisma, its website allegedly requires users to buy its native crypto Prismacoin (PRIS) to use a proposed lending and arbitraging investment platform, through which investors could ostensibly profit up to 27 percent on their initial investment. The “arbitrage bot” is claimed to generate returns of up to 1.5 percent daily.

The last company on the list, Clear Shop Vision, Ltd, has promoted three ICOs since June 2018 and offered “ORC Token” with a “serious appreciation potential.” The company’s site allegedly directs investors to send ETH directly to Clear Shop’s ETH wallet, but not through a crypto exchange.

Per the notice, all mentioned companies have to immediately cease and desist all alleged violations of the Colorado Securities Act, including unregistered securities and fraud.

Former chairman of the U.S. Commodity Futures Trading Commission (CFTC), Gary Gensler said that most tokens sold through Initial Coin Offerings (ICOs) should be classified as securities, Bloomberg reported Oct. 15.

Should cryptocurrencies be considered securities, they would fall under the regulatory purview of the U.S. Securities and Exchange Commission (SEC). Issuers of coins would have to comply with certain laws, register with the SEC, and disclose specific information like a description of the organization’s properties or financial statements.

When asked whether blockchain technology should be regulated, Gensler asserted that “we should be technology-neutral.” He continued, stressing the necessity to ensure investor protection within certain blockchain applications, such as cryptocurrencies. Gensler said:

“I think that cryptocurrencies like Bitcoin (BTC) need more protection, and probably more protection than even the oil markets.”

Speaking about future developments in blockchain regulation, Gensler said that there should be some sort of oversight — “traffic lights and speed limits” — to ensure confidence on “crypto roads.” Gensler said he thinks that the two will coexist, but “it will take a number of years to sort it through and get the balance right.”

Gensler’s words echo a statement from SEC Senior Advisor for Digital Assets and Innovation, Valerie A. Szczepanik, who said that “if you want [the crypto] industry to flourish, protection of investors should be at the forefront.”

Speaking at a U.S. SEC and CFTC senate hearing in February, SEC chairman Jay Clayton said that while every ICO token the SEC has seen so far is a security, a distinction should be made between tokens and major digital currencies such as BTC and Ethereum. The definition of ETH as a security has reportedly been questionable.

In December last year, Clayton issued a public statement, concluding that most tokens sold in ICOs are likely securities under U.S. law. Clayton then noted that the content of the transaction is more important than the form in determining if an investment is a security.

Bitcoin’s open-source developers don’t agree on many things, but you’d be forgiven if you thought something best known as an “attack” might be one of them.

Still, there’s a divide forming in conversation surrounding bitcoin’s long-standing “timewarp attack” – and for good reason. First and foremost, Blockstream co-founder Mark Friedenbach recently found that the exploit could be harnessed to help bitcoin scale – that is, reach more users and process more transactions faster, if developers embrace and implement the idea.

But since its unveiling last week, the discovery has driven a shift in the conversation around the attack, meant to describe how miners might submit blocks featuring timestamps that are larger than they should be to push down the difficulty of creating new blocks (a trick that could help them to earn and collect more bitcoin rewards).

The result is that prominent thinkers in the bitcoin development community now appear split on an issue that’s been the subject of discussion since 2012..

Greg Maxwell, a Blockstream co-founder and one of bitcoin’s most prominent developers, for example, recently called for a fix to the long-standing bitcoin attack on the bitcoin mailing list, the leading gathering point for development conversation globally. Maxwell has been silent on Friedenbach’s proposal specifically, but the call did occur after chatter began about the research, formally called “forward blocks.”

As a result, this divide might be likely to continue.

Friedenbach’s research, after all, proposes an idea that developers seeking to secure the protocol find enticing: It allows bitcoin’s block size to be increased without asking all of those operating the software to upgrade. (Seeing as this minor parameter has been a hot point of contention among the community for so long, some see it as a sort of “breakthrough.”)

That said, some argue Friedenbach’s new research makes fixing the attack even more pressing.

Time traveling

To begin, however, it helps to understand why the attack exists to begin with.

Individual actors (miners) on the network report the time an event happens – when a transaction was made or when a block was created. So, there’s a small chance someone can manipulate the time a little bit, even while following the rules of the bitcoin code that network nodes are constantly checking.

As such, miners report blocks with the wrong time on occasion. It’s easy to tell because every once in a while, a block rolls in with a timestamp that’s earlier than the block before it (essentially appearing out of order).

To explore why this happens, blockchain analysis company Chainalysis recently pulled together a report exploring how the error rates have changed over time.

“The declining error over time in timestamps reflects the evolution of people getting involved,” Gladwell, who co-authored the report, told CoinDesk, arguing that according to the data, timestamp errors seem to “spike” when the mining industry sees a technology shift.

For example, when miners started joining together to form “pools” early on in 2012 the percentage of timestamp errors rose to 8 percent of timestamps.

Gladwell argues that this data suggests the errors are accidental, rather than done for malicious reasons, as miners need to get used to new equipment.

The timewarp “attack” is a bit different, though, in that it requires much more specific manipulation by miners who twist the rules in the hopes of earning money. This can happen when miners collude together to report incorrect timestamps that are farther apart, messing with the rate at which blocks can be mined.

Luckily, this attack is difficult to execute.

“I, and I assume others, haven’t put a big priority into fixing this vulnerability because it requires a majority [of mining] hashrate and could easily be blocked if someone started using it,” Maxwell said.

In the case where one group of miners were to collect most of the hashrate, a time attack would be the least of bitcoin’s worries. (“And then there will be other problems,” as Chainalysis chief economist Philip Gladwell put it in conversation with CoinDesk.)

For one, it would mean centralization of the network. And the main thing that is supposed to set bitcoin apart from other cryptocurrencies is that it isn’t controlled by any one entity. Not to mention, at this point, the miners in power would be able to perform what’s known as a “51 percent attack,” thereby using their numbers to exert influence over the network.

The proposals

But even if it’s difficult to execute, developers see it as a problem, one that can be fixed easily if so desired.

In his call for proposals, Maxwell mentioned that he had an idea that he tried out on bitcoin’s testnet years ago, but he wants to make sure there isn’t some other, better idea out there before plugging away at his fix.

“Before I dust off my old fix and perhaps prematurely cause fixation on a particular approach, I thought it would be useful to ask the list if anyone else was aware of a favorite backwards compatible timewarp fix proposal they wanted to point out,” Maxwell continued.

“Backwards compatible” is key here. The requirement is for the change to not have a chance of splitting the network.

At Maxwell’s request, a few different proposals have trickled in.

Bitcoin Core contributor Johnson Lau put forward a couple of ideas, both good and bad, to show the tradeoffs of various approaches. He argued that the most “naive” approach would be to just require a block to not submit a time lower than the block before it.

But since this would require a certain type of change, it could lead bitcoin’s software to split into two versions. Lau argues the trick is finding a solution that decreases the likelihood of a timewarp attack, while also not risking a split.

“The aim is to find a [time value] which is small-enough-to-prohibit-time-warp-attack, but also big-enough-to-avoid-split,” he said, adding that he thinks this can be accomplished with a “weaker” version of this naive approach.

Lau’s idea even sparked a little philosophical discussion about “soft forks,” a backwards-compatible way of making such a code change in bitcoin, and how different types can have different consequences.

“In general, soft forks are better when they don’t cause orphaning on non-upgraded miners,” wrote BitTorrent creator Bram Cohen, who’s been focusing his developer efforts on cryptocurrency these days.

All in all, though, he supported Lau’s proposal, but argued for a time window of three hours. “It suffers from still allowing the attack a little bit, but three hours out of every two weeks seems like no big deal,” Cohen said.

Another developer, Scott Roberts, submitted a proposal that turned out to not be “off the mark” for bitcoin in particular, he told CoinDesk. In the end, he agrees with Cohen, though he thinks three hours might be “too tight.”

“I don’t know what the decision will be, but I think the fix is as simple as limiting timestamps to plus or minus something like three to 24 hours from the previous timestamp,” Roberts said.

Another idea

But the problem is that eradicating the time warp attack would ruin forward blocks.

“‘Fixing’ the time-warp attack in the sense of making time warp impossible would prevent entirely forward blocks from achieving on-chain scaling. It might still be worth deploying for the proof-of-work upgrade or increase censorship resistance of sharding,” Friedenbach told CoinDesk, adding:

“But the main advantage [of scaling bitcoin] which excites people would be gone.”

Thinking about this, Friedenbach came up with another proposal, one that would preserve forward blocks, but would expunge the “worst exploits” of the timewarp attack. He went on to argue it “could be deployed early to prevent reckless exploitation of the time-warp bug,” he added.

But many bitcoin technologists seem unsure that pure forward blocks are worth preserving.

Blockstream CEO Adam Back argues that while he thinks it’s interesting research, he’s not sure the community would support it.

“I think it’s useful to explore the technical possibilities, which is what Mark has done. But the main limitation is, will there be consensus for making a big tradeoff of decentralization, censorship-resistance and self-validation cost for brute-force layer1 scale,” Back told CoinDesk.

While forward blocks are interesting because they increase bitcoin’s capacity without a hard fork, a type of change that could split bitcoin in two, it’s still forceful.

And since forcing through a change that not everyone wants and could decrease decentralization was a key reason why the community fought so zealously in bitcoin’s years-long scaling debate, Back argues the community wouldn’t take this type of a change lightly either.

He went as far as to argue that “there are likely simpler, less hacky approaches” than Friedenbach’s to boost bitcoin’s layer-one scale.

With this type of criticism still rolling in, it seems to be an ongoing discussion, as Friedenbach continues to argue forward blocks are worth preserving as a tool:

“The dangerous outcomes of the time-warp bug can be prevented without fixing the bug entirely, and therefore without blocking off forward blocks or related scaling solutions.”

“Shock” is perhaps the word that best describes the mood ever since one of bitcoin’s most severe bugs was discovered and patched last week.

As the community reels over the vulnerability that was hiding in the code for two years, and that could have been exploited to print more bitcoins than the 21 million is hard-coded to be produced, developers are wondering: Is there a way to prevent such a severe bug from being added to the code again?

Days after the discover, there hasn’t been any formal proposals. But that’s not to say the event hasn’t prompted discussion about how bitcoin works and how similar bugs in the cryptocurrency’s most popular software implementation, Bitcoin Core, can be identified and resolved in the future.

It’s an important question, too – What if a malicious actor had found the exploit first? What if there are other hidden bugs in the code right now?

To this point, pseudonymous bitcoin subreddit moderator ‘Theymos’ urged the community not to forget the bug.

He argued it was “was undeniably a major failure” in a widely-circulated post, adding:

“If all of Bitcoin Core’s policies and practices are kept the same, then it’s inevitable that a similar failure will eventually happen again, and we might not be so lucky with how it turns out that time.”

That said, there’s an argument to be made that Bitcoin Core, powered by an open network of global participants, now has a more robust process for code review than at any time in the technology’s history.

Right now, the implementation has more developers than ever contributing to the open-source codebase. And it is tested quite a bit; by one estimate, tests make up nearly 20 percent of the codebase.

The community’s ‘fault’

Still, developers argue more could be done to make sure the digital money works smoothly.

Theymos thinks one avenue would be to build “more sophisticated” tests tailored at locating severe, but hard to find bugs, like the one last week. “Perhaps all large bitcoin companies should be expected by the community to assign skilled testing specialists to Core,” he continued, adding:

“Currently a lot of companies don’t contribute anything to Core development.”

Bitcoin Core contributor James Hilliard stressed much the same, suggesting that developers can increase the “amount” and “quality” of testing. Though, this might be easier said than done. Bitcoin Core contributor Greg Maxwell agreed in Theymos’s thread that testing is important, but the quality and detail of the tests is important.

“Directing more effort into testing has been a long-term challenge for us, in part because the art and science of testing is no less difficult than any other aspect of the system’s engineering. Testing involves particular skills and aptitudes that not everyone has,” Maxwell said.

This sort of expertise is hard to find.

“Bitcoin development is largely bottlenecked by code review and there are not a large amount of people out there who are able to do that,” Hilliard told CoinDesk.

Yet, many others believe the responsibility shouldn’t only rest on developers. A common sentiment shared was that as a decentralized project with no leaders, keeping bitcoin free of errors is a shared responsibility.

“My main problem with a lot of the backlash is people pointing at specific developers to assign blame. The entire project is open, there is no ‘membership’ and users have just as much of a responsibility to audit code as developers actively contributing,” pseudonymous bitcoin enthusiast Shinobimonkey told CoinDesk.

Such a sentiment was shared by Bitcoin Core maintainer Wladimir van der Laan who tweeted, “It was wrong that the buggy code was merged. Yes, we screwed up but the ‘we’ that screwed up is very wide. The whole community screwed up by not reviewing consensus changes thoroughly enough.”

Chaincode engineer John Newberry agreed. Even though he didn’t write the buggy code, he argued that as a developer in the bitcoin world, he played a role in the error, too, by not looking closely enough.

He went as far as to say that the code in question had looked funny to him. Yet, he assumed others had already checked.

“Instead of verifying for myself, I trusted that people smarter and wiser than I am had it covered. I took it for granted that someone else had done the work,” he stated.

Multiple Bitcoin Cores

Still, some argue there will always be a risk of bugs.

“There’ve been bugs in bitcoin before and there’ll be bugs again. It’s just software. There’s nothing magical to it,” tweeted Blockstream COO Samson Mow.

Along these lines, there’s another popular idea floating around.

Today in bitcoin, there’s one main bitcoin software, Bitcoin Core, run by 95 percent of bitcoin nodes. (At least that’s according to one count – interestingly, there’s no way to see every bitcoin node, because some nodes want more privacy and don’t advertise their existence to the rest of the network.)

One idea, then, is to make more bitcoin code implementations. That way if one implementation has a disastrous bug that crashes the network, the other implementations could still be fine, keeping bitcoin as a whole running.

And to a certain degree, this already exists. There are lesser-known code implementations, such as Bitcoin Knots and Btcd. Elsewhere in the cryptocurrency world, this is becoming the norm. For instance, ethereum has two dominant implementations, geth and parity, each of which can be used by anyone running the software.

Still, many bitcoin developers worry that adding more than one implementation could introduce problems that would be even worse than last week’s vulnerability.

“What many people do not realize is that having people run different implementations makes it easier for attackers to partition the network,” Bitcoin Core contributor Andrew Chow argued in a conversation outlining the pros and cons.

As such, developers don’t necessarily agree on exactly what needs to be done.

Theymos perhaps put it best when he said:

“I don’t know exactly how this can be prevented from happening again, but I do know that it would be a mistake for the community to brush off this bug just because it ended up being mostly harmless this time.”

Japanese financial authorities are ramping up their scrutiny into the domestic crypto exchange sector after last week’s ¥6.7 billion ($60 million) hack of Tech Bureau’s exchange Zaif.

In an announcement today, Japan’s Ministry of Finance struck Osaka-based Tech Bureau, operator of the licensed cryptocurrency exchange Zaif, with “administrative penalties” wherein the latter sees a number of enforced mandates in the aftermath of last week’s hack.

Specifically, the company is now required to determine the facts and the cause behind the theft, as well as formulate and execute measures to prevent another hack. Pointedly, the company is also tasked to determine the attackers behind the hack.

Further, the exchange operator will also need to respond to customers to assess damages in an adequate manner.

This is Tech Bureau’s second business improvement order in the space of three months.

Tech Bureau disclosed details of a sizeable hack involving the theft of ¥6.7 billion (just under $60 million) in bitcoin, bitcoin cash and monacoin from the exchange’s ‘hot wallets’ (online wallets that are more vulnerable to theft than offline, cold-storage wallets).

The hack initially occurred between 1700 and 1900 local time on September 14. Tech Bureau reported the breach to the Financial Services Agency (FSA), Japan’s financial regulator, prompting an investigation into the breach that ultimately led to today’s action.

As reported previously, Tech Bureau revealed plans to sell a majority of its shares to a publicly-listed financial firm in an agreement that will see the operator gain a cash injection of ¥5 billion (approx 45 million). These funds will directly help reimburse an estimated ¥4.5 billion ($40 million) stolen from customer accounts.

The exchange operator also sees a deadline to submit written reports revealing its own investigation into the theft and its progress on implementing improved measures after its first business improvement order, issued by the FSA, in June.

The incident draws parallels to the $530 million theft of Coincheck in January, the biggest crypto exchange hack in history. By April, the Tokyo-based exchange was wholly acquired by Japanese financial brokerage giant Money for ¥3.6 billion ($33.5 million).

While the thefts have unquestionably raised concerns – Japan’s National Police claim crypto theft has tripled in the first half of 2018 – about the security and reputation of  Japan’s domestic cryptocurrency exchange industry, it has scarcely dampened the ever-growing appetite for crypto adoption in Japan. Earlier this month, the FSA revealed it is expecting in excess of 160 applications from companies seeking licenses to launch cryptocurrency exchanges in Japan’s regulated market which already sees the likes of YahooLINE and Rakuten operating exchanges.

The computing giant first filed the patent in March 2017, detailing how blockchain could be used to securely store data associated with unmanned aerial vehicles (UAVs) — more commonly known as drones. The patent notes that a blockchain system can provide “effective techniques for managing data related to a UAV […] particularly when a security risk level is considered to be relatively high.”

According to the filing, such data may include the drone’s location, its manufacturer and/or model, its flying behaviour (“e.g. erratic”), the model’s capabilities such as camera resolution, contextual information such as weather conditions, and the vehicle’s proximity to restricted or forbidden flight zones

The patent filing suggests that transaction data could be added “more frequently” as a block to the chain if and when a risk level is considered to be high. In terms of managing privacy concerns, if a drone is equipped with a high-resolution sensor, for example, the filing proposes that this could be recorded on the blockchain, with additional data transactions added whenever the sensor is detected to be activated.

As such, according to the filing, a shared and immutable ledger can enable multiple parties — which could include other drones, airspace controllers, regulatory bodies, and so forth — to participate as peers in managing risk. Validator nodes within the network could moreover grant special permissions, using the transparently stored data to verify that a drone has the authorization to fly in a particular zone.

The patent further proposes that smart contracts could be used to interface the blockchain system with extra information generated by machine learning models or other algorithms that compute historical data, both on- and off-chain. Such off-chain data could comprise, for example, raw video streaming data that has been capture during the drone’s flight.

IBM has been steadily expanding its involvement in blockchain across diverse fields, this summer signing a seminal five-year $740 million deal with the Australian government to use blockchain to improve data security and automation across federal departments.

Fresh data published late August revealed that IBM is vying with Chinese e-commerce giant Alibabafor the top spot on a new list ranking entities by the number of blockchain-related patents they have filed to date. Having filed 89 blockchain patents, IBM was only just outflanked by its rival — which filed 90.

Bitcoin Core has released an update following the recent detection of a vulnerability in the software, according to a September 18 press release by the Bitcoin Core Project. According to the statement, Bitcoin Core 0.16.3 was released with a fix for a denial-of-service (DoS) vulnerability.

The vulnerability could reportedly cause a crash of older versions of Bitcoin Core if they attempted processing a block transaction that tries to spend the same amount twice. According to the press release, such blocks can be only created by a miner since they are invalid. In order to create such block, a miner would be required to burn a block of “at least” 12.5 Bitcoin (BTC) worth about $80,000 as of at press time.

The new update includes a feature that eliminates a potential crash by enabling the software to “quietly reject” invalid blocks created by miners.

Emin Gün Sirer, an associate professor of computer science at Cornell University, told Motherboard that the entire network could have been crashed for less money than “a lot of entities would pay for a 0-day attack on many systems.” Sirer said that there are many “motivated people” that could have taken this opportunity to bring the network down.

According to Casaba Security co-founder Jason Glassberg, the recent vulnerability found on Bitcoin Core software could “take down the network.” He explained that the network crash “does not appear” to target users’ wallets, but would rather “affect transactions in the sense that they cannot be completed,” as the expert told tech media agency ZD Net.

Cobra Bitcoin, co-owner of Bitcoin.org, said the recent issue in Bitcoin Core was a “very scary bug” that could have affected a “huge chunk of the Bitcoin network.”