UK National Cyber Security Centre Lists Cryptojacking As “Significant” Threat

  • The UK's National Cyber Security Centre revealed cryptojacking is a cause for concern, and that it may become a legitimate source of income for website owners.
  • Cryptojacking has been growing in popularity among cybercriminals, and may affect a growing number of people in the next few years.

According to a report published by the UK’s National Cyber Security Centre (NCSC) this week, cryptojacking will be categorised as a form of cybercrime in the UK, as it is now seen as a “significant” cybersecurity concern. Per the organization, it’s likely going to “become a regular source of income for website owners.”

Cryptojacking essentially sees cybercriminals use other people’s computer resources to mine cryptocurrencies. Often, criminals mine privacy-centric cryptocurrencies like Monero (XMR), both to avoid detection and maximize profits mining with CPUs.

In the NCSC's comprehensive report, activities like cryptojacking, the use of cryptocurrency within targeted cybercrime, and ransomware were added as cause for concern. Unlike conventional currencies, cryptocurrencies like Monero offer anonymity to their users, cutting off potential trails leading to the criminals’ arrest.

Cryptojacking On The Rise

According to the report, cryptojacking cases have been increasing in number since 2016. Research conducted in December 2017 showed that 55% of businesses across the world have been infiltrated by cybercriminals looking to use their systems to mine.

By 2018/19, it's believed that cryptojacking will expand and affect a fast-growing number of people and businesses across the world. The report goes on to demonstrate that there are already 600 websites operating in the UK using visitor CPU resources to mine cryptocurrencies. The document reads:

"The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website."

NCSC report

The report further notes that when being cryptojacked, users may only notice a “slight slowdown in performance,” meaning some cases go undetected. Although most cases involve cybercriminals using people’s resources without their consent, some websites ask for user consent as an alternative to showing ads.

The NCSC, at the end of the report, advised users to protect themselves with ad blockers and anti-malware programs that block cryptojacking scripts. A few browsers, including Opera and Brave, have built-in tools that block cryptocurrency miners.

Cybercrime in the UK has increased over the past few years; from WannaCry to present, with a growing number of crimes taking place in the UK. According to the Office of National Statistics, the volume of cybercrime has risen by 63% compared to last year.

The monetary cost of the rising cybercrime attacks has provoked action; the cabinet office reported that, without countermeasures, cybercrime would cost British businesses and taxpayers up to £27 billion (~$38 billion) annually.

U.S. SEC Needs More Time to Consider VanEck Bitcoin ETF Proposal, Invites Comments

The U.S. Securities and Exchange Commission (SEC) announced on Monday (May 20) that it needed more time to consider the VanEck–SolidX Bitcoin ETF proposal. This delay also gives interested parties more time to comment on the proposal and address the SEC's main concerns. 

On 30 January 2019, Cboe BZX Exchange ("BZX") filed with the SEC a proposed rule change to list/trade shares of "SolidX Bitcoin Shares", which would be issued by the VanEck SolidX Bitcoin Trust. This proposed rule change was published in the Federal Register on 20 February 2019. It then had 45 days to approve, disapprove, or ask for a delay.

(Note, however, that BZX had filed its original proposal back in June 2018; the SEC delayed a decision on this proposal several times, and February 27 was the final deadline for the SEC to make a decision. However, due to the U.S. government shutdown that occurred in December 2018 and ended in January 2019, the SEC was partially out of action during this period. By the time that the SEC fully operational again, there was only a few weeks left till the final deadline. So, to give this Bitcoin ETF proposal the best chance of success, on 22 January 2019, BZX withdrew its original proposal, and re-applied (in order to reset the clock) on 30 January 2019.)

Anyway, on 29 March 2019, the SEC released a notice to say that it had selected 21 May 2019 as the date by which it should approve, disapprove, or ask for a further delay to consider the grounds for disapproving the Bitcoin ETF proposal. Why 21 May 2019? Because 90 days is the maximum amount of time it could ask for, and 21 May 2019 is 90 days from 20 February 2019, which was the date that the proposal got published in the Federal Register.  

Well, yesterday (i.e. just one day before the expiry of the 90-day deadline), the SEC decided to delay making a decision, and this time it had to provide "notice of the grounds for disapproval under consideration" (i.e. explain why it thinks that it might deny the proposal).

Here are a few of the SEC's concerns, and it is inviting the ETF's sponsor, i.e. BZX, and other interested parties to provide written comments (in either electronic or paper form):

  • Has BZX "entered into a surveillance-sharing agreement with a regulated market of significant size related to bitcoin?"
  • What is the relationship between the Bitcoin futures market and the Bitcoin spot market?
  • The proposed Bitcoin ETF uses "a non-public, proprietary index to value holdings based on OTC activity", but is this really "an appropriate means to calculate the NAV of an exchange-traded product"?
  • BZX has said in its proposal that it "has entered into a comprehensive surveillance sharing agreement with the Gemini Exchange and is working to establish similar agreements with other bitcoin venues." But is the Gemini digital asset exchange "a regulated market of significant size"?

Any arguments regarding whether the proposal should be approved or disapproved need to be submitted within 21 days of publication in the Federal Register of yesterday's order (Release No. 34-85896; File No. SR-CboeBZX-2019-004), and anyone who wants to "file a rebuttal to any other person’s submission" must do so no later than within 35 days of the date of publication in the Federal Register.

The following tweets were sent out on May 19, i.e. the day before the SEC made this latest announcement, by Crypto Twitter's favorite U.S. attorney, Jake Chervinsky:

According to Chervinsky, "VanEck's new deadline is August 19," and the "SEC can & likely will delay one more time for a final deadline of October 18."

This is how Gabor Gurbacs, Director of Digital Assets Strategy at VanEck/MVIS, expressed his personal thoughts on the SEC's ultra cautious attitude towards Bitcoin ETFs:

The SEC choosing to delay making a decision on the VanEck Bitcoin ETF proposal did not come as a surprise to the crypto markets, which reacted very calmly (Bitcoin's price only went down slightly), and in fact, at press time (11:00 UTC on May 21), according to data from CryptoCompare, Bitcoin is trading at $7,945, up 0.33% in the past 24-hour period:

BTC - 24 Hour CC Chart - 21 May 2019.png