TheDinarian
News • Business • Investing & Finance
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
thedinarian
April 14, 2023
post photo preview

(Dinarian Note: Whenever possible, ALWAYS go directly to the source versus clicking on an email link or google ad. Note: When searching on Google, the first 3 or 4 results are ads, do NOT use those. Also, ALWAYS double-triple check your pasted wallet address when withdrawing funds and ALWAYS use a VPN and Antivirus-Malware program, especially when you own crypto. Having cold storage is great, but when sending-recieving funds you are vunerable. Question everything, even if it seems legit.)

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.

Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges.

Rilide is not the first malware SpiderLabs has observed using malicious browser extensions. Where this malware differs is it has the effective and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background. During our investigation into Rilide’s origins, we uncovered similar browser extensions being advertised for sale. Additionally, we found that part of its source code was recently leaked on an underground forum due to a payment dispute.

Malicious Campaigns Leading to Rilide Stealer Extension

SpiderLabs uncovered two malicious campaigns leading to the installation of the Rilide extension.

Figure 1. Infection Chains Leading to the Execution of the Rilide Extension

Campaign 1: Ekipa RAT Installing Rilide Stealer

One of the Rilide samples identified by Trustwave SpiderLabs was distributed through a malicious Microsoft Publisher file. This file is part of Ekipa RAT, a Remote Access Trojan (RAT), designed for targeted attacks and often sold on underground forums.

We previously described Ekipa RAT in one of our blogs. It is important to note that Microsoft Publisher was not affected by Microsoft's decision to block macros from executing files downloaded from the Internet. As a result, when a user attempted to open a Publisher file, they would receive a warning but could still enable the execution of malicious content by clicking the ‘Enable Macros’ button. On 14 February 2023, Microsoft issued an update that resolved the Publisher security flaw. With the implementation of the ‘Mark of the Web’ feature on the .pub file, users are now left with only one option, ‘Disable Macros,’ which should have been the case all along.

Any association between the threat actors behind Ekipa RAT and those using the Rilide infostealer remains unclear. However, it is probable that Ekipa RAT was tested as a means of distribution for Rilide, before finally switching to Aurora stealer.

Figure 2. Publisher’s macro and Document_Open procedure executing remote Excel Workbook

Three tasks were configured on the C2 server:

  1. Download payload from hxxps://nch-software[.]info/1/2[.]exe to %temp% directory as.txt
  2. Change downloaded file’s extension to .exe
  3. Execute the payload.

File 2.exe is a Rust-based loader, responsible for installing the Rilide extension for Chromium-based browsers.

Campaign 2: Aurora Stealer Abusing Google Ads

Aurora is a Go-based stealer, which was initially spotted being advertised in April 2022 as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums. The malware is designed to target data from multiple web browsers, cryptocurrency wallets, and local systems.

Recently, the threat actors behind Aurora have been observed abusing the Google Ads platform to spread the malware. According to a report published by Cyble, campaigns mimicking legitimate Team Viewer installers have been utilized to deploy Aurora. As reported by @1ZRR4H and @malwrhunterteam, Aurora was also spread via another campaign that imitated an NVIDIA Drivers installer. A downloaded sample was packed with Themida, a well-known commercial protector for executables. We used the UnpacMe service to unpack the sample.

Figure 3. Aurora campaign imitating the NVIDIA Drivers installer as shown in 1ZRR4H’s Twitter post

Restoring Function Names

The Aurora Stealer sample was stripped of debugging symbols, thus making the analysis harder. Since Go binaries are statically linked, which means that all the necessary libraries are included in the compiled binary, the number of potential functions to analyze is large. However, the original function names can be restored from the pclntab structure, as described in the CUJOAI Senior Threat Researcher Dorka Palotay’s post. Using the go_func.py script for Ghidra we were able to restore the functions names.

How an Aurora Module Downloaded Rilide Stealer

One of the eight grabbing modules, configured in the analyzed sample, contained a base64 encoded blob of data storing the URL for the Rilide Rust-based loader. The payload, hosted on Discord CDN, was saved to the %temp% directory with filename <10-alpahnumeric-characters>.exe and executed via start-process PowerShell cmdlet.

Figure 4. Part of Aurora Stealer routine downloading and executing Rilide loader

The Common Link Between Two Campaigns

The Rilide Rust-based loader samples analyzed as part of the Aurora campaign were packed with a VMProtect commercial packer. After unpacking the samples and analyzing strings contained in the binary, we found multiple references to Windows paths in the C:\Users\ilide\ directory. The same username was observed in the PDB Path of the Rilide sample obtained from the Ekipa RAT campaign.

Figure 5. The same username in a path found in Rilide Rust-based loaders samples from both campaigns.

Rilide Stealer Extension Targeting Chromium-Based Browsers

Rilide leverages a Rust loader used to install the extension if a Chromium-based browser is detected. Rilide mimics benign Google Drive Extensions and abuses several built-in chrome functionalities. The loader modifies LNK shortcut files opening targeted browsers, so that they are executed with parameter --load-extension pointing to the dropped malicious Rilide extension.

Figure 6. Rilide Stealer extension mimicking Google Drive and looking at its manifest revealing the configured permissions

Rilide’s background script attaches a listener to the tabs.onActivated and webRequest.onHeadersReceived events and removes the Content Security Policy (CSP) directive for all requests. This allows the extension to perform an XSS attack and load external resources that would otherwise be blocked by the CSP. The app script adds another listener to the DOMContentLoaded event and retrieves a list of targeted domains from the C2. If the current domain matches any of the listed targets, designated scripts are injected into the webpage.

Figure 7. Configuration list indicating targets such as email services and cryptocurrency exchanges.

Additionally, the background script carries out regular checks on the browsing history and exfiltrates URLs that are matched against the targeted domain list. Moreover, it is capable of capturing and exfiltrating screenshots of the currently active tabs on demand.

Figure 8. Rilide Stealer Execution Flow and Functionalities

Automatic Cryptocurrency Withdrawal

Rilide’s crypto exchange scripts support automatic withdrawal function. While the withdrawal request is made in the background, the user is presented with forged device authentication dialog in order to obtain 2FA. Email confirmations are also replaced on the fly if the user enters the mailbox using the same web browser. The withdrawal request email is replaced with a device authorization request tricking the user into providing the authorization code.

Figure 9. Withdrawal Requests replaced with Authorize New Device emails in Gmail mailbox

Figure 10. Content of the original and forged email. The verification code was extracted from the original message body.

We found no substantial variations in the code between the samples dropped by Ekipa RAT and used in the Aurora Stealer campaign. Both campaigns utilized a Rust dropper, and the functionalities of the browser plugins are nearly the same.

Figure 11. Code differences between Rilide Stealer plugin samples, both using the same C2 server

Rilide Stealer Origins

In the course of our research, we have encountered several stealer extensions for sale that advertised capabilities closely resembling those of the Rilide samples. However, we were unable to definitively link any of them to Rilide. One noteworthy finding was a botnet sale advertisement from an underground forum dated March 2022. Although the advertised functionalities matched those of Rilide, the botnet also included additional features such as a reverse proxy and ad clicker. Notably, the botnet's automatic withdrawal function supported the same exchanges observed in the Rilide samples.

Figure 12. Underground forum post advertising sale of botnet with Rilide-like capabilities

On February 27, 2023, a member of the same underground forum posted a link to the source code for the Rilide extension, reportedly due to an unresolved payment dispute. The leaked source closely resembles that used in the Aurora Stealer campaign but did not contain any of the injected scripts observed in the campaign sample.

Figure 13. Underground forum post, dated February 27, 2023, containing a link to part of the Rilide extension source code.

Notably there is one feature implemented that is missing in the later versions - swapping cryptocurrency wallet addresses in the clipboard. The list of addresses to be replaced is hard coded in the source code.

Figure 14. Clipboard hijacking routine in the analyzed sample from the forementioned forum post.

Pivoting on the Command-and-Control domain ashgrrwt[.]click hard coded in the sample, we identified additional Rilide loaders leading us to the GitHub user gulantin.

Figure 15. Github repository storing multiple Rilide loader and extension samples

Repositories created by this user contain loaders for the Rilide extension, but they are not Rust-based. The sample in the repository named ‘77’ is a .NET extension loader only for the Chrome browser, unlike the later Rust-based version that works for all Chromium-based browsers. Other loaders found in repositories 19 and 789 are based on Advanced Installer – a legitimate Windows Installer Packaging Tool for MSI installers.

Figure 16. Extension loading routine of the custom .NET loader from gulantin’s repository 77

The address contained in the domain variable that is supposed to store the C2 domain suggests that this version of a loader was still under development when submitted to GitHub.

Figure 17. Part of JavaScript configuration in the Rilide extension hosted on GitHub

Conclusions:

The Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose. Disguised as a legitimate Google Drive extension, Rilide provides threat actors with the ability to carry out a wide range of malicious activities, including monitoring browsing history, capturing screenshots, and injecting malicious scripts to steal funds from cryptocurrency exchanges.

While the upcoming enforcement of manifest v3 may make it more challenging for threat actors to operate, it is unlikely to solve the issue entirely as most of the functionalities leveraged by Rilide will still be available.

Informational overload can dull our ability to interpret facts accurately and make us more vulnerable to phishing attempts. It is important to remain vigilant and skeptical when receiving unsolicited emails or messages, and to never assume that any content on the Internet is safe, even if it appears to be.

Ultimately, it is crucial to stay informed and educated about the latest cybersecurity threats and best practices to minimize the risk of falling victim to phishing attacks.

Indicators of Compromise:

Publisher File:

File name

Hash Type

Hash

Tes7777.pub

SHA256

0e31ff6406b03982581246b7dd60f3b96edcf0bd007b31766954df001fd68f69

SHA1

e049f56198c23d86e9083142bfe80042e21d4b8e

MD5

558104b26ccadec3d3eb2925113387a6


Aurora Stealer:

File name

Hash Type

Hash

PackageLauncher.exe

SHA256

e623984143e0dc6e35c79869ab1521c6714e588e8e648606496f8372ca0d8416

SHA1

b1c100d5a99ae34ccb3654c7b7f8573376a44fd9

MD5

c28a180de1f80c8c98d0904e64142bef

-

SHA256

ebd72806abd354f3162eec0991d127f993a5dde1a0c719b47087c9ee0edefeaf

SHA1

abaaa2644b1e84e8b39119988dd711572377c839

MD5

1baaeedd1a26edf4fa79ded370e3d19a

 

Rilide Loader:

File name

Hash Type

Hash

2.exe

SHA256

0f11aeecbde1f355d26c9d406dad80cb0ae8536aea31fdddaf915d4afd434f3f

SHA1

b4b918a5898463dad1c7d823e0b3f828bac15aad

MD5

0a4f321c903a7fbc59566918c12aca09

waBp.exe

SHA256

8342b134cddeaf34ce05bafa9e860dacf6cd01b85fd00147d90a350516c055e5

SHA1

25f3fb6d2dab206a5e9b2c0ef26ec6d6a56c5767

MD5

561797d7e5cf956e33735180d93be5b6

 

Rilide Extension:

File name

Hash Type

Hash

background.js

SHA256

4cc83be0fa496855d244050616ee2e86b044a9bc87bc5ca70b305986c1ba3bb8

SHA1

70167e7e5d71fba7d92796324b488c0fb9727712

MD5

766d020e902b6470d0510e5c6cfcd6e8

background.js

SHA256

55251c725e9f6f51b8db7a631b54dd85b1b59d644c3219e03ceffb0c49cd00a4

SHA1

a39d252e7927ae1adf518e6a3dd08f37e7ee7c26

MD5

d9cca3dd5bdaeb0466d52821b584602b

background.js

SHA256

1b01c3e554700e1282c7fdd2dcb54314516ee1f0c5eef3560cdbabc1ba776293

SHA1

ffebf78a9692293a23f9a477ea8a79f7f6ef5aa2

MD5

9e5f43b2dc1606e27fa0cfdfb4e363d2

app.js

SHA256

a28c623d120a76dcfeef9504eaeefabac9d33f292576ccf012fa458b8d7bc6ef

SHA1

a46586bfe22f4d84cd9174238740af275bf50c69

MD5

740606987f4d588c89d0a5b68648e31e

app.js

SHA256

8989f4244667626728c6c0083422ff714cb622c92c35a53f9cb1e9891f4528ff

SHA1

5012e783b2ee29cb40b04a10d1a40d0bfda683d9

MD5

1c54dd00bc7cc52b60ad4a46e2fb3a77

vpn.js

SHA256

170a13a7a8757336babe857804fa24b6cb20aaa9593b32546d7151f23095a510

SHA1

eafdc35b233600ef552b87e684faa3ab3396eae9

MD5

d54fa225b07298ec34be872cd4ebf4ae

manifest.json

SHA256

bb57a504e0b821552344cecb3da9ecdd0d61817264617a4917d6f5e64a1df7e5

SHA1

0cb1d9c2a3c8b776ef1e3ec1316fbf595ced7863

MD5

baee9ba0b94ea1e2b2e566fc8a615554

manifest.json

SHA256

d70e933e10e667ae7ef6e68a625c447be8aabe9b29affdad999c969bd8769003

SHA1

84db08e3dcbe40c7cbc998a77788f7303d4a2905

MD5

99dc4073f2fe91f48fd16bc65e7dcbc2

binance.js

SHA256

c8939f8d6237fcc17d486981a800b1e7e9974377de21d7e76677babe8ed536af

SHA1

f689396c73055e99a06e002c39e3a74d3d402607

MD5

2cc204564b68c5a98b1ff68d861b66c5

bitget.js

SHA256

2e310391d77022bcc708c354140319718777ca35efdfb76d6c80cb9de8c8091e

SHA1

05536aa80f8280ddc31be5c0ac3ca995f2190a0a

MD5

646b9404a29febe9f3741797b79e300c

blockchain.js

SHA256

4bbb0584eed0c082b5c43d3f259f37cf1a0b64eabb485e85090951a6566d98d4

SHA1

28ae2440c56350f65b607e4e99b67a2632db873b

MD5

253f4319673673d2bf5285558a6903df

bybit.js

SHA256

9dca66f52f31dca921fb238bd36bfc1b1a59d3e4af7b071da9bc4c6bf294e402

SHA1

61acdad59223a9eb0b392ccd085db1e49700d65

MD5

50e363409ba77b20fb6f0bce4eff7b1

coinbase.js

SHA256

4df0f18a7e05518bbe93758e751f1f462fef212cdc786c7217d50ddbda14efb5

SHA1

39f546a4ec94e63e603e3c2481fecab2b5e8a475

MD5

c1f40584e4ac391d97218ce137a63fb3

ftx.js

SHA256

ef20c929f5204b223b6e53dc406ea0bcd76d9e98c9ae4942037902883d4bb22a

SHA1

0ead1d32ce6b15c4a90373fce58d1554035cd40f

MD5

ebce63fdc8ef245f117f06ada3ba0f6d

huobi.js

SHA256

e1ad66cc0244fc075e0aabe0fd19502d4c9617829b90aa210e74be1d915275d2

SHA1

2449e4b27d778f6a4ffc00bb7b73926ac2c54e8a

MD5

4abe60d2c3506f4767e163d135f89f92

kraken.js

SHA256

a7f0fdfdfdf1ef65799fd2114bf5c1e133a8b7635b498b334553fbb64b218a05

SHA1

ec6de82efa93e59da148f4d696efcfca851e051e

MD5

b85c5659e946b5d7ad78410356288928

okx.js

SHA256

68278b40b59b1b0db2f814d2d864f0b9c2b4285f5795d22cabf60715f922989c

SHA1

415d790b54ca8e374f37fdbb00090110b823ba18

MD5

ff4e2df1a46d49862ab2a0af830a007e

gmail.js

SHA256

2f947644c7752ba014eae7971b247be60249a6088923c66ffe9886a7f5c5fe1c

SHA1

add0d61399c8c47f8ac73dc83cc83dfa31cddeca

MD5

c0e120778853f0a4865e006a07cd728a

 

Phishing Websites:

Malware

Domain

Aurora

nvidia-graphics[.]top

 

C2 Servers:

Malware

Domain

Ekipa RAT

nch-software[.]info

Aurora

45[.]15[.]156[.]210

Rilide

vceilinichego[.]ru

Rilide

ashgrrwt[.]click

 

Wallet Addresses:

Cryptocurrency

Address

BTC

bc1qkczacyp5jq29s5kaphth4asu8cv2y4u4gdgj7q

BTC

bc1qsjg8dqx6ga30h6szjd8dv2wg50ch50qrey4t7j

BTC

1KqequymujeNJuyB4gH7oJSFTB3En3Hf5n

ETH

0xDBc1330056E2F5e2FB11FB3C96dE2c44B313eA8d

LTC

LRYpzmnqBVozkbzJhTWndzYDPfjmNPyaLv

XRP

rUPTadzFN6LS662Z2d2AvNyqU1xwg2japJ

TRON

THiD8hFLiEyULVKLp3DSbBXQSbR3MQxm4X

DOGE

D5asYfjtbTtFmFkrEwqVgbJKYv9YT7Tgjh

Link

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
thedinarian@thedinarian
February 19, 2025
Thetas Latest Alphacrypto Report 💥
00:00:57
Reply
thedinarian@thedinarian
February 18, 2025
XRP Crushes All Crypto Polls & Bitcoin Maxi Calls Ripple And Stellar Scams
00:15:30
Reply
thedinarian@thedinarian
February 18, 2025
👀 A Top Cancer Expert Wars Of A “Whirlwind Of Cancers.” 👀

Piers Morgan, once a strong proponent of mRNA vaccines, now claims a top cancer expert warned him that Pfizer and Moderna shots have triggered a “whirlwind of cancers.”

00:00:31
Reply
thedinarian@thedinarian
October 31, 2024
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading
Reply
thedinarian@thedinarian
6 hours ago
Countries Shift Strategies, Sell Treasury Bonds

Recent data from the U.S. Treasury reveals that China, Japan, and the United Kingdom collectively offloaded $81 billion in Treasury bonds in December. This significant reduction in holdings raises questions about the implications for the U.S. fiscal deficit and increasing borrowing costs.

● What Do the Numbers Say About U.S. Treasury Bonds?

In a noteworthy move, China reduced its Treasury bond portfolio by $9.6 billion, marking a record low of $759 billion—the lowest since 2009. Conversely, Japan enhanced its holdings to $1.0598 trillion by selling $27.3 billion in bonds. The United Kingdom topped the list in divestments, decreasing its portfolio by $44.1 billion to $722.7 billion.

● How is China Diversifying Its Assets?

Starting in November, China began buying gold again, acquiring around ten tons in December alone, resulting in a total of 2,280 tons by the end of the year. This strategy reflects an effort to diversify away from U.S. assets.

Currently, the yield on 10-year U.S. Treasury bonds ...

Reply
thedinarian@thedinarian
6 hours ago
XRP Price Today: How $2.50 Level Could Decide Its Next Move

Table of Contents:

◇ XRP Technical Analysis and Upcoming Levels

◇ Current Price Momentum

$21.50 Million Worth XRP Outflow
Following the Bybit hack, sentiment across the crypto market has shifted completely toward a bearish phase, weakening assets. Amid this, XRP, the native token of Ripple Labs, has once again neared a crucial support level from the ascending trendline, which it has been testing since the beginning of February 2025.

Considering the current market sentiment and XRP's outlook, the token appears to have absorbed all the bearish pressure and is now recovering.

● XRP Technical Analysis and Upcoming Levels

According to expert technical analysis, as the XRP price reached the trendline support of $2.50 level a significant buying pressure was observed resulting in the formation of a bullish candlestick pattern. Besides this, the recent price drop has not affected XRP’s past ascending triangle price action pattern which it has formed.

Based on recent price action, if XRP holds above the ...

Reply
thedinarian@thedinarian
7 hours ago
🪙 Jaime Carrasco | Golds Comeback, Silvers Power & The US Debt Reset 🪙

Canadian metals maven Jaime Carrasco joins Denis to deliver a masterclass in decoding the future of investing through the lens of history.

From buying Bitcoin at $5 to why gold isn’t just a commodity—it’s the ultimate form of money—Carrasco lays out the case for how Trump could use precious metals to reshape the financial system.

He dives into the silver supply crunch, taps into how Mexico could flip the script on global trade, and questions whether Trump is a modern-day Roosevelt with plans to reset the U.S. debt clock.

Discover why chasing quick returns could be the biggest mistake of younger generations and why if you don’t own gold, you don’t know history or economics.

Reply
thedinarian@thedinarian
February 17, 2025
post photo preview
The Dawn of DeFi: The Hidden War for a Decentralized Future
👉 DON'T FADE THIS ARTICLE~ Crypto Michael AKA "The Dinarian"

The below article is NOT financial advice, it is being broadcast for entertainment purposes only. You should DO YOUR OWN RESEARCH and NEVER invest any more than you are willing to lose. On that note, THIS ARTICLE AND THE UNDERLYING ASSET DISCUSSED COULD CHANGE YOUR LIFE FOR THE BETTER FOREVER! You SHOULD pay close attention as this MAY BE THE MOST IMPORTANT article you could ever have read, unless you were fortunate enough to read the Bitcoin whitepaper and had invested in it back in 2008. The asset I am about to present to you, COULD EASILY FLIP BITCOIN! ESPECIALLY WITH TODAYS ADMINISTRATION IN PLACE!

~ Namasté 🙏 Crypto Michael AKA "The Dinarian"

Attempted Theft of the World's Most Valuable Property, SEC Lawfare & The ETHgate Scandal

It is widely accepted that the media often spreads misinformation and hides any truth that challenge the establishments narratives. Well, this is one of those hidden truths...
 
Loans without Banks, Trades without Exchanges, Contracts without Lawyers. Peer to Peer Capital Markets disrupts traditional finance by removing middlemen and counter-party risk, enabling you to become your own bank by holding the keys to it all in your own privately held digital wallet.
 
To what lengths do you think the establishment would go to defend their control of the financial system? A system seemingly ripe with market manipulation, naked shorts, money laundering and regulatory capture.

The Myth of Open Source

For context, in the realm of open source, major corporations can engage in Intellectual Property theft by using open source projects to gain insights, technology, or legal protections without fully reciprocating to the community. Companies might contribute code to an open source project, only to later use that same code in commercial products, extending it with enhancements, essentially using open source as a low-cost R&D resource. Patents are crucial here, serving as a defense mechanism. Although open-source licenses cover copyrights, they don't extend to patents, meaning that companies holding patents can enforce legal protections against unauthorized commercial use, ensuring that any commercial application of their patented technology within open-source software requires proper licensing or recognition. This protection has historically led to the hyper-growth of industries like mobile phones and the internet, where patented technologies could be safely shared and built upon, promoting innovation and market expansion.
 

Validating Inventorship

In fields such as technology, pharmaceuticals, and manufacturing, patents are vital for safeguarding new inventions, with Nikola Tesla's extensive patent portfolio serving as a testament to his contributions to science.
 
However, Tesla's revolutionary inventions, like the Wardenclyffe Tower which aimed at providing free wireless energy, faced fierce opposition due to their potential to disrupt established control over energy markets. Financially sabotaged by investors like J.P. Morgan, legally challenged through "the war of currents" by Thomas Edison's promotion of the less efficient Direct Current system, and undermined by media smear campaigns, Tesla's work was systematically suppressed. After his death, the FBI's seizure of his documents further suggests efforts to control or conceal his ideas that could disrupt centralized energy distribution, illustrating how innovation can be stifled to maintain existing power structures.
 
Could this type of suppression still be happening today?
 

The Genesis of Decentralized Finance

Reggie Middleton first introduced Distributed Finance what would later become known as Decentralized Finance (DeFi), in 2013 when he invented and patented technologies under the title "Devices, systems, and methods for facilitating low trust and zero trust value transfers." This included groundbreaking concepts like programmable Smart Contracts, Swaps, Tokenized Assets, NFTs, Stable Coins, Digital Wallets, and even underpin Central Bank Digital Currencies (CBDCs).
 
 
Called by many as "The Most Valuable Property in the World", his patents US11196566B2, US11895246B2, JP6813477B2, JP7204231B2, JP7533974B2, & JP7533983B2 have been cited over 138 times by major financial institutions, underscoring their foundational role in the blockchain industry.
 

His patents cover:

  • Trustless Peer-to-Peer Value Transfers: Systems for enabling decentralized and secure value transfers between parties without the need for intermediaries. Applicable to cryptocurrency transactions, DeFi platforms, and digital payment systems.
  • Decentralized Financial Systems (DeFi): Methods and devices that facilitate decentralized trading, lending, borrowing, and yield generation. Impacting decentralized exchanges (DEXs) like Uniswap, SushiSwap, and similar platforms.
  • Smart Contracts: Implementation of self-executing contracts on blockchain networks, used to automate agreements and enforce conditions without intermediaries. Essential for platforms such as Ethereum, Cardano, and other Layer-1 and Layer-2 blockchain protocols.
  • Tokenized Asset Trading: Methods for creating, transferring, and trading tokenized assets, including cryptocurrencies, non-fungible tokens (NFTs), and digital securities. Platforms like OpenSea, Rarible, and asset tokenization platforms may fall within the scope.
  • Cryptographic Security and Wallet Systems: Systems for securing digital assets using cryptographic methods, including cold storage, multi-signature wallets, and multi-party computation (MPC). Potential overlaps with services offered by companies like Coinbase, Kraken, Gemini, and institutional custody providers.
  • Decentralized Identity and Verification Systems: Technologies for managing and verifying digital identities on decentralized networks, including for KYC (Know Your Customer) purposes. Likely touching on identity solutions like Civic, BrightID, and Blockstack.
  • Blockchain-Based Voting and Governance: Systems for implementing decentralized voting, governance, and consensus mechanisms, foundational to DAO (Decentralized Autonomous Organizations). Relevant to governance platforms like Aragon, Snapshot, and MakerDAO.
  • AI Economic Agentic Computing: First introduced by the VeADIR Platform refers to the application of autonomous agents in economic systems, where software entities can make decisions, negotiate, and execute transactions independently. These agents use artificial intelligence to analyze market data, predict trends, and optimize economic activities like trading, resource allocation, and supply chain management. Used by OpenAi, Claude Sonnet, Meta and xAI.

The societal value of these patents to disrupt traditional financial models and fintech business practises, by essentially removing the banks as middlemen, create significant economic incentives to suppress his work.
 

True Decentralization

Current Decentralized Exchanges (DEXs) often fall short of being truly decentralized due to various practical and structural limitations. Although DEXs leverage blockchain technology and smart contracts to enable trading without a central authority, aspects like governance, liquidity, and user interface can introduce centralization. Governance tokens might be concentrated in the hands of a few, influencing decision-making unevenly. The frontend, controlled by developers, represents a centralized point of control or potential failure. Liquidity pools can be dominated by a handful of large providers, leading to centralized liquidity dynamics. Some DEXs implement regulatory compliance like KYC/AML, which inherently involves centralized oversight. The use of layer-2 solutions for scalability might also undermine decentralization if not fully autonomous.
 
However, patents like US11196566B2 and US11895246B2 could pave the way for true decentralization by introducing innovations in blockchain interoperability and decentralized governance mechanisms. These patents potentially offer solutions for more evenly distributed control over exchange operations, enhancing the autonomy and distribution of decision-making, thus moving closer to genuine decentralization in the DEX ecosystem, which can be expanded to other industries like Healthcare, Supply Chain, or any other industry that trades value.
 

Who is Reggie Middleton?

Reggie Middleton, through his BoomBustBlog, became a notable figure in financial analysis, particularly for his early and accurate predictions regarding the collapses of Lehman Brothers and Bear Stearns during the 2008 financial crisis. His blog was renowned for providing in-depth, contrarian insights into economic trends, investment opportunities, and corporate vulnerabilities. Reggie won the CNBC's stock draft consecutively for two years, and appeared on major financial news networks like CNBC, BBC and Bloomberg where he discussed market trends, his forecasts, and the implications of financial strategies adopted by major firms. His track record has undeniably positioned him as a significant voice in the financial commentary space.
 

Reggie's work gained public attention when he appeared on the Keiser Report and CNBC in 2014, premiering his innovations built on the Bitcoin blockchain called "Ultracoin", two years before Ethereum captured the crypto limelight.
 
 
His vision was to create sound markets for a financial ecosystem where loans could be issued without banks, trades executed without exchanges, and contracts enforced without lawyers, aiming to disintermediate traditional finance by removing the middleman that doesn't add value.
 

 
In 2014, Reggie pioneered a simple Apple trade using a Pure Bitcoin Wallet: The Ultracoin Client.
Ultracoin later renamed VERI short for “Veritaseum” meaning "of truth", was the
first to market in tokenizing precious metals, offering VeGold, VeSilver and even tokenized fiat currencies or so called "Stablecoins". Veritaseum also introduced VeRent creating yield through P2P lending, and the revolutionary VeADIR platform, an autonomous, blockchain-powered research platform that independently evaluates and acts on dynamic research in real-time, communicates in machine language, and operates by purchasing, analyzing, and distributing insights on various assets while allowing VERI token holders to access and trade this research.
 
In 2018 he created the worlds first Gold Denominated Blockchain Mortgage
with traditional written note, mortgage as well as a smart contract on a public blockchain, both of whom incorporate each other by reference. The transaction had traditional title insurance and the note was recorded with the county clerk. The mortgage was denominated in Veritaseum's VeGold product, a digital form of gold in bearer form, fully transferable and redeemable upon demand.
 
 
Merely a few examples of groundbreaking products offered by Veritaseum.
 

Coinbase's Challenge: The Patent Infringement Suit

Coinbase, a dominant force in the cryptocurrency exchange market, enlisted the services of Perkins Coie, one of the largest patent law firms, to contest the validity of Reggie Middleton's patents.
They launched an Inter Partes Review (IPR) at the Patent Trials and Appeals Board (PTAB), arguing that Middleton's patents lacked novelty. An overwhelming 85% of patents are invalidated through this process. However, Coinbase's challenge was denied along with the appeal, thereby upholding and strengthening the validity of Reggie's patents.
This IPR challenge came after Veritaseum sued both Coinbase and Circle USDC for $350 million each over patent infringement. Unfortunately, Reggie's patent attorney and close friend passed away during this suit, so the cases has been dismissed without prejudice, meaning they can be negotiated or the cases reopened at any time. This leaves Coinbase in a precarious position, especially if shareholders have not been properly informed of this risk.
 
This lawsuit details how Coinbase's infrastructure, specifically its Ethereum and Solana validator nodes, engage with client devices to facilitate transactions. Exhibit #3 meticulously outlines the patent's claims, detailing the roles of computing devices, the use of memory for key pair storage, network interfaces for transaction terms, and the generation and dissemination of transaction data records. It provides concrete examples such as the processing of NFT transactions on Ethereum and the management of transaction fees on Solana, supported by in-depth references to code and API interactions. Furthermore, the exhibit explains the verification of transactions through an external state, illustrating how Coinbase's technology aligns with the patent's principles for decentralized transaction processing without a central authority.
 

SEC's Intervention: A Turning Point

In 2019, with promising negotiations on the horizon with both the Jamaican and the Nigerian Stock Exchanges for digital asset platforms, Reggie's world was turned upside down.
 
The SEC accused Reggie of fraud, alleging he misled investors about the functionality of Veritaseum's VeADIR platform, which the SEC ordered to be shut down following a live demonstration. The SEC also made claims on the validity of Reggie's patent applications, which have since been approved by both the USPTO and the Japan Patent Office. Oddly enough, the SEC may actually infringe on these very patents through the disgorgement and storage of seized crypto tokens.
 
Despite Veritaseum's cooperation with the SEC over a two-year period, along with a detailed response addressing the SEC's allegations, and not one token holder claiming to be defrauded, these allegations still led to a Temporary Restraining Order (TRO) that froze millions in assets, destroying the company's operations, and forcing a consent judgment "neither confirming or denying the allegations". The SEC would top it all off with a gag order that barred Reggie from publicly discussing the matter.
 
Keep in mind, the SEC is claiming jurisdiction by calling Utility Tokens "Digital Asset Securities" but recently SEC Commissioner @HesterPeirce stated:
 
"...by using imprecise language we've been able to suggest the token itself is a security, apart from that investment contract, which has implications for Secondary Sales, it has implications for who can list it...
 
We've fallen down on our duty as a regulator not to be precise. So, tucking into a footnote that yes we admit that now that the TOKEN ITSELF IS NOT A SECURITY, that is something we should have admitted long ago and then started wrestling with the difficult questions."
 
 
This calls into question if the SEC even had jurisdiction to bring forth this case to begin with. The Veri Community would later challenge the SEC's unproven allegations against Reggie with
a Dossier supporting the Vacating or Setting Aside of this case, and suggesting possible misconduct by the SEC.
 

Allegations of SEC Misconduct:

  • Misrepresentation of Facts: Assertions that the SEC deliberately mischaracterized the
    functionality of the VeADIR platform, along with the patents and their value, by labeling them as lacking novelty and part of fraudulent activities.
  • Misleading Evidence: The SEC's use of declarations from Patrick Doody and Roseann Daniello, which contained misleading information about the personal ownership of a Kraken account used to misappropriate funds. Doody would later correct his statement, but the SEC did not update the court with this new information, potentially misleading the judicial process.
  • Conflict of Interest: Doody's undisclosed financial interests in the digital asset space through Lily Pad Capital LLC could suggest a bias in his testimony, which was pivotal in obtaining the TRO.
  • Coercion and Intimidation: Witnesses like Lloyd Cupp and John Doe provided affidavits claiming coercion by SEC attorneys to alter their testimonies, pointing towards witness tampering and intimidation.

placeholder

Summary Articles of the Bar Complaint and RICO Dossier

 

Comparisons with the SEC Misconduct in the DEBT Box Case

The DEBT Box case shares a troubling parallel with the Veritaseum case. In both cases a Temporary Restraining Order (TRO) freezing funds was issued using dubious evidence which suppressed the ability to defend themselves. This behavior was already admonished by five US Senators
in a letter to Commissioner Gary Gensler in which the SEC presented misleading claims in this now high-profile cryptocurrency case.
 
"Regardless of whether Commission staff deliberately misrepresented evidence or unknowingly presented false information, this case suggests other enforcement cases brought by the Commission may be deserving of scrutiny. It is difficult to maintain confidence that other cases are not predicated upon dubious evidence, obfuscations, or outright misrepresentations."
 
Given the similarities in alleged procedural misconduct between the cases, it raises systemic questions about the SEC’s litigation approach in cryptocurrency matters.
 
 
This parallel underscores a potential agency-wide issue that could involve either implicit biases against crypto companies or an explicit strategy to pursue aggressive, potentially misleading tactics in court.
 

Is The Fox Guarding the Hen House?

In a significant development, the Attorney Grievance Committee (AGC) has decided to forward a complaint against SEC attorney Jorge Tenreiro to the SEC's Office of General Counsel (OGC) for investigation. This controversial move suggests a potential conflict of interest, given that the OGC is part of the SEC, the very agency where Tenreiro was recently promoted to Chief Litigation Counsel. The complaint, filed by the Veri community, accuses Tenreiro of misconduct including alleged coercion, witness tampering, and misrepresentation during SEC investigations. The Veri Community argues that this decision undermines the integrity of the legal process, as the OGC's role is to provide legal advice and defend the SEC, not to independently investigate its own employees. This raises questions about the impartiality and transparency of the disciplinary process for attorneys, especially when it involves high-profile figures like Tenreiro.
 
"As noted in re Rowe, 80 N.Y.2d 336 (1992), the public’s confidence in the legal profession depends on transparent and impartial disciplinary processes. Delegating oversight to the SEC, where Mr. Tenreiro remains a senior official and where the OGC has a clear institutional stake, jeopardizes this confidence and risks the appearance of protectionism.”
 
The VeriDAO has submitted a response letter to the AGC along with creating a PDF generator
to help the estimated 100 complainants and anyone else interested in requesting the AGC to reconsider this action.
 

Legal and Judicial Trials

The legal battles would only continue for Reggie. The case of Hall v. Middleton, in which Hall, a 1% shareholder sued Reggie, raises concerns of judicial bias and procedural mishandling. In this case, Reggie was denied Due Process and barred from presenting crucial evidence or calling witnesses due to his former attorneys' "Office Failures" that missed deadlines to submit evidence without the knowledge of Reggie or the firm Brundidge & Stanger that outsourced his counsel as detailed in their affirmations.
 
"In my many years of practice it is a rare instance where I have witnessed an attorney intentionally not file critical documents as required by Court Order without the permission or knowledge of his client, who had an established and fully developed attorney client-relationship with said attorney, and then misrepresent that the requirements of the Court Order were being satisfied. This is one of those instances and I hope not to see another."
~ Carl Brundidge
The judge ruled that Reggie must:
  • Pay a $1M fine to his company Veritaseum Inc., in which he owns 99%
  • The plaintiff was awarded costs of $495k against Veritaseum Inc.
  • The Judge ordered Patents (filed before the creation of Veritaseum Inc.) to be assigned to the company without compensation.

Attorney's "Office Failures":

  • Sheridan England missed critical deadlines, resulting in the striking of exculpatory evidence. England’s inaction or inadequate defense exacerbated Middleton’s legal vulnerability, directly leading to adverse outcomes.

Judge Schecter’s Conduct:

  • Ignoring Exculpatory Evidence: Despite knowledge of its existence, Schecter struck Middleton’s post-trial memorandum.
  • Procedural Bias: The judge’s decisions systematically favored Hall, including allowing him to collect attorney fees from Middleton personally, contrary to the principles of derivative law.
  • Forced Patent Transfers: Schecter’s order to transfer patents to an underfunded entity (Veritaseum) which were court restrained by the same judge, rendering them defenseless against attacks and IP theft.
This ordeal was compounded when Reggie was held in Contempt for using personal funds (while Veritaseum’s funds were court-restrained) to successfully defend his patents against an IPR challenge by Coinbase in the PTAB of the USPTO in an attempt to invalidate these patents. The Forced Patent Expropriation to Veritaseum without compensation or the ability to defend them could be seen as coordinated as it benefited very large competitors seeking to avoid licensing fees or infringement claims, or possibly even IP Theft.

ETHgate: The Broader Conspiracy Allegations

Parallel to Middleton's struggles, "ETHgate" emerged, involving allegations by Ethereum co-creator @StevenNerayoff. Nerayoff claimed a government conspiracy aimed at controlling or monopolizing cryptocurrency development by targeting key figures. This narrative suggested that by attacking innovators (like Reggie Middleton as the Veri Community contends), the SEC might have indirectly cleared a path for Ethereum, which, despite its decentralized claim, benefited from a regulatory environment less scrutinized than its competition.
 
The term "ETHgate" encapsulates the belief that Ethereum's "Free Pass" from regulatory scrutiny might not just be due to its technological merits but also due to strategic regulatory maneuvers, where attacking smaller or less established DeFi projects could safeguard larger, more influential platforms like Ethereum.
 
Back in 2021, @JohnEDeaton1 from @CryptoLawUS explained XRP's side of Ethereum's "Free Pass". More recently, further SEC RICO Claims are insinuated in "RIGGED from the start" a documentary by @Fruition_News , along with posts by @KuwlShow and the XRParmy involving the SEC, Ethereum, a16z, and Consensys surrounding the Bill Hinman speech. Active FOIA requests by @EleanorTerrett seek to shed light on meetings between Hinman and Ethereum members.
 
Given the SEC protection of ETH and the high probability of Ethereum infringing on Reggie Middleton's patents as meticulously detailed in Exhibit #3 of the Coinbase case, is it ridiculous to believe Reggie Middleton could have been targeted?
 

 

Community Support: The Backbone of Resilience

Despite the SEC's narrative labeling them as "The Defrauded," the Veritaseum community rallied around Reggie.
 
                          SmartMetal with embedded NFT avalaible through VeriDAO.io
 
Financially devastated and with his funds frozen, Reggie faced foreclosure and was threatened with jail time after contempt charges for defending his patents using personal funds. In a remarkable show of support, the Veri Community rallied, raising an impressive $149,000 in less than two weeks to cover the fine while the case is under appeal.
 
They funded legal battles largely through donations and more recently with innovative means like NFT silver rounds called SmartMetal using Reggie's patented technologies, underscoring their belief in his vision. The first minted round was auctioned off for an astonishing $14,000 won by "M S"
 
"There is no better witness to the veracity of any defense than the alleged defrauded defending the alleged fraud at their own expense"
~ The Veri Community
This community support was not just financial but also moral, with efforts such as an Amicus Brief in the case against XRP, a No Action Letter (NAL) seeking clarity on secondary market sales of tokens, a Bar Complaint against the SEC's newly promoted Chief Litigation Counsel, and the @dao_veri's
#ProjectSunlight The SEC RICO Revelation.
 

A Call for a New Regulatory Paradigm

 
Reggie Middleton's saga is emblematic of the challenges faced by pioneers in the blockchain and DeFi arenas. His patents, now granted, underscore their foundational nature, yet the path to their recognition was marred by legal battles, suggesting a systemic issue where the regulatory framework might not fully comprehend or support emerging tech. His resilience, supported by an unwavering community and the validation of his intellectual property, underscores the need for a regulatory environment that fosters rather than stifles innovation. As blockchain technology continues to evolve, Reggie's story serves as a critical reference for balancing innovation with legal and ethical governance, ensuring that the future of finance remains open to all, not just those with the resources to navigate the legal maze.
 
For more information visit https://veridao.io/
 
 
I know what everyones question is, "HOW CAN I GET MY HANDS ON THE $VERI TOKEN BEFORE EVERYTHING GETS REVERSED AND RELEASED BACK TO THE COMMUNITY?" 
 
Your in luck: Mark is a trusted source, longtime Veri Vet that beta tested the VeADIR platform. Simply follow the thread below. I highly advise picking up a few, and tuck them away! This is the token that could literally FLIP BITCOIN $100k and beyond!
 
 

The information provided in this video, including but not limited to documents regarding legal matters, is for informational purposes only. It does not constitute legal (or any other) advice, and no warranties or representations are made regarding the accuracy, completeness, or fitness of the information for any specific purpose. VeriDAO and its operators do not act as attorneys or legal, financial or technical professionals or advisors and are not responsible for any actions taken or decisions made based on the content provided. Users should seek independent legal counsel for any legal advice or guidance. By watching this video, you agree that VeriDAO and its operators shall not be held liable for any damages or legal consequences arising from the use or misuse of the information contained herein.

Link

 

Disclaimer:
 
The content provided in this document is intended strictly for informational and educational purposes only. This document constitutes a research opinion and should be regarded as such. All claims, statements, allegations, and opinions contained within are based on publicly available information and are allegations unless and until proven in a court of law. The authors expressly disclaim any representation or warranty regarding the truthfulness, accuracy, completeness, fitness for a particular purpose, or durability of the information contained herein.
 
The authors of this document are not licensed attorneys or legal professionals and do not claim to provide legal, financial, or professional advisory services. Nothing in this document should be construed as legal advice, legal opinion, or any form of licensed advisory counsel. If you require legal assistance or professional advice, you are strongly encouraged to consult a licensed attorney or qualified expert in the relevant field. The authors are laypersons presenting research-based opinions, and as such, this document should not be relied upon to make any decisions of legal, financial, or professional significance.
 
The authors make no guarantees, express or implied, regarding the completeness or reliability of the information presented. No warranties of any kind are offered regarding the accuracy, validity, timeliness, or completeness of any information within this document. The information may contain errors or inaccuracies, and any use of it is entirely at your own risk.
 
Furthermore, this document may contain statements of belief, criticism, or commentary, and all such statements are offered solely as opinions protected under the principles of free speech. The authors disclaim liability for any interpretation that may be construed as libel, slander, or defamation, as the document aims to present alleged facts and subjective opinions for educational research purposes only. All statements about individuals, organizations, or entities should be understood as unproven allegations, and readers are urged not to interpret them as established facts.
 
The authors will not be liable for any damages, losses, or legal consequences that arise from the use, misuse, or reliance on the information provided herein. No responsibility is assumed for any actions or decisions that any party may make based on this document. The reader assumes full responsibility for any and all consequences that may arise from using the information contained in this document.
 
By accessing and using this document, you agree that neither the authors nor any affiliated parties shall be held liable for any direct, indirect, incidental, special, consequential, or punitive damages resulting from your use of this information. The authors reserve the right to update or revise the information in this document at any time without notice, but they are under no obligation to do so.
Finally, any statements regarding individuals, entities, or organizations are not intended to malign, defame, or harm the reputation of those mentioned. Any resemblance to real individuals or incidents is purely coincidental, unless otherwise explicitly stated, and the authors urge readers to exercise caution and discernment when interpreting the information presented.
 
This document is a work-in-progress, part of an ongoing investigative process, and should not be treated as definitive or final. Readers are encouraged to independently verify the information and seek professional advice before acting on any information herein.
 
Read full Article
Reply
thedinarian@thedinarian
13 hours ago
post photo preview
SEC Drops Dealer Rule Appeal

 The US Securities and Exchange Commission (SEC) has abandoned its appeal of a contentious dealer rule designed to classify digital asset operations as regulated securities dealers broadly.

  • A federal judge ruled that the SEC had exceeded its authority by potentially categorizing nearly any participant in buying and selling securities as a dealer.

  • This decision is part of a broader reset in the SEC's approach to digital assets under new leadership.

  • The agency’s move to drop the appeal, amid concerns that continued litigation could reduce Treasury market liquidity and increase taxpayer costs.

  • Additionally, the SEC recently sought to pause its enforcement actions against Binance, indicating its readiness to resolve disputes through alternative means.

  • Blockchain Association CEO welcomed the dismissal, expressing hope for more productive discussions between regulators and the crypto industry as the US embraces a friendlier regulatory framework for digital assets.

What’s next: With acting chairman Mark Uyeda overhauling senior staff and legal strategies, the SEC is shifting away from its historically adversarial stance, a policy long associated with former chairman Gary Gensler.

For builders and investors: The new approach encourages constructive conversations between regulators and industry players, potentially leading to clearer guidelines and a more predictable operating landscape for both builders and investors.

Link

Read full Article
Reply
thedinarian@thedinarian
13 hours ago
post photo preview
Tether Teams Up With US Lawmakers on Stablecoin Rules

Tether is reportedly working with members of the US House Financial Services Committee, specifically Representatives Bryan Steil and French Hill, to shape federal stablecoin regulations.

  • This includes contributing to the STABLE Act introduced by both lawmakers in early February, as well as offering input on two additional stablecoin bills.

  • According to Tether CEO Paolo Ardoino, the company wants its perspective heard during the legislative process and is prepared to adapt to US rules.

  • The new rules may include requirements like monthly reserve audits and 1:1 collateral backing.

  • Tether’s involvement comes amid broader regulatory discussions, including meetings between crypto industry leaders and the SEC, and the push to bring stablecoins onshore.

  • Meanwhile, the Federal Reserve is warming to stablecoins as a means of preserving the US dollar’s global dominance but remains concerned about risks such as de-pegging events and market fragmentation.

What’s Next: Tether’s collaboration with lawmakers suggests that stablecoin regulations could soon take a more defined shape and may introduce stricter compliance measures, including mandatory audits and full collateral backing.

Why it Matters: If lawmakers strike the right balance, stablecoins could cement their role in global finance, benefiting both the crypto industry and the broader economy.

Our Take: If Tether and other stablecoin issuers adapt to US regulatory frameworks, it could bring legitimacy to the stablecoin sector, encourage institutional adoption, and integrate crypto more deeply into the traditional financial system.

Link

Read full Article
Reply
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals