Monthly Security and Regulatory Newsletter – August

Hello world, we at Liminal are extremely proud to present to you the monthly edition of our Security and Regulatory Newsletter. 

Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in August

Magnate Finance rug pulls for over $5.2 million

Magnate Finance, a lending protocol built on the new Base layer-2 blockchain, rug pulled within hours of a warning from crypto sleuth Zachxbt. Zachxbt had discovered that a wallet address used by Magnate Finance was directly linked to Solfire Finance, a project that rug pulled for almost $5 million in January 2022. He warned his followers in a tweet that the project “will likely exit scam in the near future.”

Sure enough, within an hour of Zachxbt’s tweet, the project drained $5.2 million from the protocol and deleted its website and Telegram group.

According to Zachxbt, the project also shared on-chain links to the March 2023 Kokomo Finance rug pull, which saw its perpetrators profit around $4.5 million.

CoinsPaid hacked for $37.3 million

Exactly Protocol hacked for at least $12 million

“Exactly” written in white text. The E is three horizontal lines with no vertical line.(attribution)

The Exactly Protocol, an attempt to “decentralise the credit market” built on the Optimism layer-2 network, was exploited. The protocol announced a pause to investigate a security issue after they were alerted to suspicious transactions.

An attacker has siphoned more than 7,160 ETH (~$12 million) from the project, which they’ve bridged back to the Ethereum main chain. The Exactly Protocol’s TVL plunged from $37 million to under $12 million following the attack.

Exactly writes on their website that they had been audited by four different firms: Chainsafe, Coinspect, ABDK, and Cryptecon.

Zunami Protocol exploited for more than $2.1 million

A rounded square with a transparent swirl in the middle, followed by “Zunami” in black lowercase(attribution)

The Zunami Protocol stablecoin-focused yield farming aggregator was exploited for more than $2.1 million when an attacker was able to perform a price manipulation attack on the project’s primary pool. Zunami attracted users by promising “the highest APY on the market”: around 14%. The project had been audited by Ackee and HashEx.

The attack was a “classic price manipulation” exploit, according to the Ironblocks security firm. The attacker was able to steal 1,152 ETH ($2.13 million) from the protocol. They then tumbled the stolen funds through Tornado Cash.

Web3 Regulatory Practices for August

UK Adopts FATF Standards, Broad Implications Loom

The Financial Conduct Authority (FCA) of the United Kingdom is set to enforce the Financial Action Task Force’s (FATF) Anti-Money Laundering and Counter-Terrorist Financing rules, popularly known as the Travel Rule.

Starting September 1, UK-based crypto businesses must share customer information for transactions, aligning the country with 2019 FATF standards. This move comes as part of a slew of upcoming regulations in the UK’s crypto landscape, including new FCA marketing standards this October.

New Zealand Takes a Balanced Approach to Crypto Regulation

New Zealand is setting itself apart in how countries are dealing with cryptocurrency. A detailed report from its Finance and Expenditure Committee suggests watching and learning rather than rushing to set strict rules. The report sees the value and risks in crypto and recommends learning from what works and doesn’t work globally.

France Tightens Grip on Crypto Sector Ahead of MiCA Rollout: A Bid for Clarity or a Barrier to Innovation?

France’s securities regulator, the AMF, is tightening the leash on its country’s digital asset service providers (DASPs) as the European Union gears up for the MiCA regulation in late 2024.

From January 1, 2024, DASPs in France wanting to offer a full suite of crypto services—from custody to trading—will need to meet elevated registration standards.

These aren’t mere checkboxes, as the AMF is demanding robust internal control systems, clear conflict of interest policies, transparent public pricing, and ironclad custody provisions to protect client assets.

Stay #LiminalSecure because it is the new definition of security.