Iran’s state power company is offering citizens who expose illegal crypto miners a $20 bounty as the country struggles with power shortages and severe heatwaves.

As reported by Iran International, officials from state-backed electricity firm Tavanir say illegal crypto miners, as well as a 49.7C (121F) heatwave, are causing significant disruptions to the country’s electricity network.

“Opportunistic individuals have been exploiting subsidized electricity and public networks to mine cryptocurrencies without proper authorization,” said Tavanir’s CEO Mostafa Rajabi Mashhadi.

To help encourage the public to out illegal miners, Mashahadi announced that “a bounty of one million toman (approximately $23) will be awarded to individuals who report every single unauthorized cryptocurrency mining equipment.”

Read more: Malaysian minister says crypto miners behind $722M electricity theft

According to Iran International, industrial production is facing a crisis as frequent power outages are repeatedly halting operations.

Iran discovered over 230,000 illegal cryptocurrency mining devices according to Tavanir’s CEO. He compared their electricity consumption to that of the Markazi Province saying, “Providing this amount of electricity would require the construction of a 1,300-megawatt power plant.”

Power demand major factor in crypto miner crackdown

Paraguay’s national energy supplier announced in July it had shut down 70 illegal bitcoin mines in the past five years, claiming that illicit crypto mines were stealing $60 million worth of electricity every year. 

In that same month, a Malaysian minister claimed illegal crypto miners were responsible for stealing $722 million worth of electricity between 2018 and 2023.

Iran banned crypto mining in 2021 in response to similar power shortages and blackouts but later lifted the ban after the US implemented sanctions against the country.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Iran is offering $20 bounty to snitch on illegal crypto miners appeared first on Protos.

Iranian crypto exchange Bit24.cash has reportedly leaked the personal and financial details of its 230,000 users following a security flaw in its know-your-customer (KYC) database.

The exchange’s KYC and anti-money laundering (AML) measures stipulate that users must submit a photo of themselves alongside their ID, credit card, and written consent to trade on the site.  

However, a report from Cybernews details a flaw in the exchange’s cloud software that has let slip the identifying details of its customers. According to the report, researchers accessed KYC data stored in S3 buckets, a form of cloud storage, by exploiting a misconfigured MinIO.  

Read more: Chinese billionaire behind Himalaya Exchange indicted for $1B scheme

Researchers say this flaw “poses a severe threat, as threat actors could potentially exploit the exposed data for identity theft, fraudulent transactions, and phishing attacks.” 

They added, “With access to such comprehensive personal and financial data, malicious actors could impersonate individuals, gain unauthorized access to accounts, execute fraudulent transactions, and potentially cause substantial financial and personal harm.”

According to crypto analytics firm TRM Labs, Bit24 is the fifth largest crypto exchange in Iran when it comes to incoming volume.

Bit24 responded to the Cybernews report, calling it “inaccurate and misleading.” A security engineer said, “The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols.”

The engineer said Bit24’s security is one of its ‘utmost priorities’ and that concerned users should contact the exchange. According to Cybernews, the security flaw is no longer present.

In a comment to Protos, Bit24 added, “Our platform utilizes state-of-the-art security infrastructure to safeguard user information throughout the KYC process and beyond.

“We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any sensitive user data.”

Despite these claims, Cybernews, which says it employs white-hacking techniques to unearth cybersecurity flaws, told Protos, “We firmly stand by our findings and report.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

Edit 18:20 UTC, Jan 8: Updated to include response from Bit24.

Edit 13:15 UTC, Jan 9: Updated to include response from Cybernews.

The post Iranian crypto exchange Bit24 reportedly leaks 230,000 users’ KYC data appeared first on Protos.

A group of anonymous hackers that recently attempted to extort nearly $2 million in bitcoin from a prominent Israeli university is linked to Iranian security services, reports local outlet i24NEWS.

In February, the collective calling itself DarkBit targeted the Israel Institute of Technology in Haifa (Technion). The group claimed to have stolen ‘all’ of the university’s data and threatened to put it up for sale within five days unless it received 80 bitcoins ($1.7 million) by way of ransom.

The attack forced Technion to delay a number of exams and shut down its IT systems.

Back in February, DarkBit was very much an unknown entity. Speculation was rife as to exactly who was behind the attack with guesses ranging from a disgruntled employee to a pro-Palestinian activist.

However, in a recent announcement, Israel’s National Cyber Directorate confirmed that the attack came from MuddyWater, a group that US authorities previously linked to Iran’s Ministry of Intelligence and Security.

MuddyWater has been flagged on a number of occasions by British and American investigators as targeting government and private-sector organizations in the telecommunications, defense, local government, and energy industries.

MuddyWater peppered its ransom note with anti-Israel rhetoric

Israeli authorities believe that the Israeli university hack may have been motivated more by ideology than greed due to the anti-Israel language peppering the email demand.

“We regret to inform you that we’ve had to hack Technion network completely and transfer ‘all’ data to our secure servers,” the group wrote. “Keep calm, take a breath and think about an apartheid regime that causes troubles here and there. They should pay for their lies and crimes, their names and shames.”

The note then went on to reference Israeli occupation, war crimes, and “destroying the future and all dreams we had.”

It rounds things off by claiming that MuddyWater was, at least in part, motivated by the university “firing high-skilled experts.”

Read more: North Korean hackers used new methods to target Israeli crypto

According to Israeli defense experts, this is just one of “dozens of attempted Iranian cyberattacks over the past year.” The news of this latest attack comes just hours after North Macedonian officials linked Iran-based IP addresses to a number of bomb threats in the country.

Quotes in bold are our emphasis. For more informed news, follow us on Twitter and Google News or subscribe to our YouTube channel.

The post Iran-backed hacker demanded 80 bitcoin in anti-Israeli ransom note appeared first on Protos.

Largest crypto exchange Binance knowingly skirted US sanctions by serving clients in Iran, according to a Reuters report.

CEO Changpeng Zhao (CZ) responded to the news via Twitter, saying the exchange used the Thomson Reuters World-Check data to screen customers — effectively passing blame to suggest Reuters’ know-your-customer (KYC) tool was inadequate in blocking Iranian users.

In an exclusive report published Monday, Reuters revealed at least 18 people in Iran said they traded crypto via Binance after the US reintroduced sanctions on Iran back in 2018, restricting crypto exchanges from serving customers in the country. What’s more, top ranking employees were reportedly aware of the sanction-skirting — even bragging about Binance’s popularity in Iran over Telegram messages.

Interviews with seven users revealed that it was only in September 2021 when Binance restricted their access, once anti-money laundering checks were improved. Until then, Binance was the exchange of choice due to its extremely lax requirements.

“There were some alternatives, but none of them were as good as Binance,” Tehran-based trader Asal Alizade told Reuters. “It didn’t need identity verification, so we all used it.”

Indeed, according to the news outlet, only an email address was needed for Iran users. “They succeeded in gaining a huge trading volume, with many pairs of currencies, within a short period of time,” said crypto hedge fund manager Pooria Fotoohi, who also claimed to use Binance from 2017 to 2021.

• Back in 2018, Binance marked Iran, Cuba, Syria, North Korea, and Crimea as sanctioned countries it would not work with or provide services to, according to internal documents seen by Reuters.
• CZ encouraged followers on Twitter to use VPNs in a now-deleted post from 2020, as well as generally acknowledging that year in an interview that users skirt Binance controls.
• At least three senior employees at Binance were aware and making jokes about the exchange’s continuing popularity in Iran, Reuters revealed.

Binance was proud to be skirting sanctions

After Russia invaded Ukraine back in February, Binance was unwilling to ban Russian users at the request of western powers. CZ claimed it would be ‘unethical’ to impose a blanket ban, beyond specific individuals under sanctions — only to step in line when the EU made it mandatory in April.

Binance has repeatedly claimed it consistently adheres to international sanctions and that it has a “global compliance task force” to keep things above board.

Yet serving Iranian customers has been a no-go for four years. That didn’t stop Binance’s inner circle from boasting about its success in the sanctioned country. According to Reuters, ‘senior employees’ were aware of the exchange’s success. “IRAN BOYS,” read one of several messages the outlet obtained — the text was from a higher up directly responding to data that revealed just how popular Binance was on Instagram in Iran.

Yet in response to Reuters’ exclusive investigation, CZ took to Twitter immediately to say that it used Thomson Reuters’ own screening tool World-Check to block Iran-based users.

Read more: Crypto investors sue Binance US over marketing Terra’s UST as ‘safe’

“Thomson Reuters offers opt-in, extension content, targeting specific geographies and industries that fall within the broader remit of KYC risk intelligence,” it says in its official brochure.

“Various countries imposed restrictions against Iran that bar specific exports and investments. The Iran Economic Interest (IEI) data set allows customers to screen all of their customers, partners, counterparts and business transactions for potential Iran sanction risk,” (our emphasis).

The news outlet reports that due to Iran-based users relying on Binance’s main exchange — and not Binance.US — it’s protected from US regulators when it comes to skirting US sanctions.

“But Binance does run a risk of so-called secondary sanctions,” Reuters said. “As well as causing reputational damage, secondary sanctions can also choke off a company’s access to the US financial system,” (our emphasis).

Protos has reached out to Reuters and Binance to learn more about how the World-Check can be and was used to adhere to international sanctions against Iran. We’ll update this piece should we hear back.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.

The post Binance deliberately skirted US sanctions to serve Iran users, says Reuters appeared first on Protos.