Here’s what happened in crypto today

Today in crypto, Bitcoin bull Michael Saylor has advised against proof-of-reserves, Dubai has launched the Middle East’s first tokenized real estate project, and a crypto investor lost $2.6 million across two phishing scams.

Saylor says onchain proof-of-reserves a ‘bad idea’

Michael Saylor, the executive chair of major Bitcoin-buying firm Strategy, formerly MicroStrategy, said on May 26 that institutions posting onchain proof-of-reserves is a “bad idea” that poses security risks.

“The current, conventional way to publish proof of reserves is an insecure proof of reserves,” Saylor said when asked by Blockware Solutions head analyst Mitchell Askew at an event about institutions adopting the measure. “It actually dilutes the security of the issuer, the custodians, the exchanges and the investors. It’s not a good idea, it’s a bad idea.”

Saylor didn’t answer whether Strategy, which has the largest Bitcoin (BTC) holdings of any public company, would publish a proof-of-reserves.

Saylor said the industry learned from the collapses of crypto exchanges FTX and Mt. Gox, but said proof-of-reserves isn’t the correct measure to take for institutions as no “enterprise security analyst would think it’s a good idea to publish all of the wallet addresses, such that you could be traced back and forth.”

Dubai launches first licensed tokenized real estate project in MENA region

Dubai has launched the first licensed tokenized real estate project in the Middle East and North Africa (MENA) region, previewing appetite for real-world tokenization in one of the world’s burgeoning crypto hubs.

Partners in the project include the Dubai Land Department (DLD), the Central Bank of the United Arab Emirates, and the Dubai Future Foundation, according to an announcement from the Dubai government. The tokens will be tradeable on the newly launched “Prypco Mint” platform, with Zand Digital Bank appointed as the bank for the project’s pilot phase.

On May 19, Dubai’s Virtual Assets Regulatory Authority (VARA) updated its rules to include real-world asset (RWA) tokenization, allowing such tokens to be traded on secondary markets.

The project will allow individual investors to buy tokenized shares in “ready-to-own properties in Dubai,” with investments starting at 2,000 Emirate dirham ($545). During the pilot phase, all transactions will be carried out in the dirham (AED), with no cryptocurrency to be used. Although the pilot program will be limited to those with UAE ID holders, there are plans to expand it globally.

In April, the DLD and VARA agreed to link Dubai’s real estate registry with the tokenization of property. The stated goal was to attract global investors and enhance liquidity in Dubai’s real estate market. The project was initially announced in March.

Crypto investor loses $2.6 million in stablecoins in double phishing scam

A single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins.

According to data shared on May 26 by crypto compliance firm Cyvers, the victim sent 843,000 worth of USDt (USDT), followed by another 1.75 million USDt around three hours later. Cyvers said the scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.

Zero-value transfers are an onchain phishing technique that abuses token transfer functions to trick users into sending real funds to attackers. The attackers exploit the token transfer From function to transfer zero tokens from the victim’s wallet to a spoofed address.

Since the amount transferred is zero, no signature by the victim’s private key is necessary for onchain inclusion. Consequently, the victims will see the outgoing transaction in their history.

The victim may trust this address since it is included in their transaction history, mistaking it as a known or safe recipient. They may then send real funds to the attacker’s address in a future transaction.

In one high-profile case, a scammer using a zero-transfer phishing attack managed to steal $20 million worth of USDT before getting blacklisted by the stablecoin’s issuer in the summer of 2023.