Arweave Suspects China in Recent Hacking Attempts

Berlin-based startup Arweave has been facing cyber-attacks, and the executives are pointing accusing fingers at the Chinese government.

Arweave is well known for having a censorship-resistant data storage network. On the 28th of October, the CEO and co-founder of Arweave, Sam Williams, received a warning that he had been expecting for some time. “We believe we detected government-backed attackers trying to steal your password,” read an email from Google about his work Gmail account.

On that same day, Arweave Chief Technology Officer Jesper Noehr also received a similar message from Google, stating that “attackers may be attempting to compromise” his account. Though there is no certainty concerning the attackers’ identity, Williams greatly suspects that China has a hand in it.

How It All Began

During the coronavirus pandemic, some techies employed bots to crawl and copy posts that have been banned on social networks in China. An example of such a social network is Sina’s Weibo, which has similarities with Twitter. It was also at this time that a project known as “Weibo uncensored” uploaded archives to the Arweave network.

After that incident, normal work continued until Arweave started to notice connectivity issues in October. The team noticed that data download speed was reduced as connectivity issues into and out of China arose. At this point, the cyber issues became very serious.

While speaking to Fortune, Williams revealed that on the 9th of October, he learned that an Arweave miner was detained by Chinese authorities. The miner is an avid supporter of the network who lent computing resources in exchange for cryptocurrency. Due to what he referred to as “physical security risks,” Williams did not reveal the miner’s name.

Apparently, the Chinese agents questioned the miner and seized his machines. Subsequently, the machines were returned on account that the miner abandon Arweave. It was at this point that the startup began to receive suspicious messages.

Arweave Receives Suspicious Messages

Two weeks after the detainment, Williams received an email. The sender of the email claimed to be the chief operating officer of a Chinese cryptocurrency exchange. The message also referred to a “listing service agreement.” This kind of agreement bears the resemblance of a cryptocurrency company that is looking to list its token on a specific marketplace.

Besides, the email further reads, “Please check out a reviewed agreement. Our legal team made one change on the redline and added our company name.” The email thread also contained a message supposedly from Jesper Noehr, Arweave’s chief technology officer, stating, “Could you update our agreement and send to Williams?” Attached to the note was a Google Drive document.

Williams told Fortune that there was something “slightly off” about the note. He further explained that “the phrasing just wasn’t completely professional. It didn’t necessarily read like perfect English. The sentence structure didn’t feel quite right.” For this reason, Williams took no action concerning the message.

However, Williams received yet another odd message couple of hours later. The email appeared to have come from Sebastian Campos Groth, Arweave’s chief operating officer. The email asked, “How does this work for us?” The message also came with a Google Drive document claiming to contain a “partnership mutual NDA form.”

The above messages showed that the scams were well targeted to impersonate executives that are related to Arweave. It was also eight days after these incidents that Williams and Noehr received the hacking warning from Google.

Williams Suspects the Chinese Concerning the Suspicious Activities

It is not clear that the notification warning from Google is in any way relates to the phishing attacks of October 20 or any other illegal scheme. However, the timing is highly suggestive. When the analysis of the phishing emails was carried out, it revealed that they were connected to an internet server in Pakistan. Williams, however, said that “that doesn’t really tell us anything.” Most hackers can launch attacks from different regions in order to cover their tracks.

Williams, however, highly suspects that China has a hand in the recent suspicious activities targeting Arweave. Judging from the uploading of the Weibo uncensored project to the detainment of Arweave’s miner, signs show that the attack is coming from Beijing.

“We can’t be sure that it’s China, but I’m telling you it looks to me an awful lot like it is,” Williams said. It is pertinent to note that there is no actual hard proof. This, however, shows that the accusation is based on purely circumstantial evidence.

As of the time of writing, Arweave’s price today stood at $2.31 with a 24-hour trading volume of $3,197,381. AR price rose by 1.1% over the last 24 hours. AR has a circulating supply of 43.8 million coins and a max supply of 66 million coins. MXC is also the current most active market trading it.

For more cryptocurrency news, visit the Altcoin Buzz YouTube channel.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.