Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.
Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Web3 Security Compromises in December
Wallet gets phished for $4.4 million
Someone had a not-so-fun end to the year when they fell victim to a phishing attack and had around 275,700 LINK drained from their crypto wallet. Those tokens are priced at around $4.4 million.
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorising the malicious drainer. It’s not clear if that’s how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.
Fraudsters steal more than $25 million in “AI-powered” crypto ponzi
Two fraudsters capitalised on the hype around both cryptocurrency and artificial intelligence, advertising an “artificial intelligence automated trading bot” that they promised would earn large returns for their investors. Instead, however, the fraudsters spent the money on themselves, paying for private chartered jet flights, luxury hotel accommodations, private mansion rentals, a personal chef, and private security guards.
In addition to pulling off the original scam, the fraudsters also came up with a fake investigative agency called the “Federal Crypto Reserve”, where they directed victims who were seeking to recover their losses.
The scammers were charged with wire fraud, money laundering, and obstruction
OKX DEX suffers $2.7 million hack
OKX DEX is a service by OKX that aggregates decentralised exchanges (or DEXes) to help users access features and prices across multiple projects. On December 12, an attacker appeared to gain administrative control of the DEX’s smart contract. They upgraded the contract so that they could transfer tokens to themselves, then proceeded to do exactly that until they had stolen around $2.7 million in various cryptocurrencies.
It appears the attacker was able to gain access to the smart contract admin key, which gave them the ability to upgrade the contracts to enable malicious functionality.
OKX announced that they would reimburse the losses and pursue legal action against the exploiter.
Web3 Regulatory Practices for December
Spain’s Crypto-Asset Declaration Regulation:
Jurisdiction: Europe (Spain)
Regulatory Body: Agencia Tributaria (Spanish Tax Administration Agency)
Change: Mandatory declaration of crypto-assets held on non-Spanish platforms for Spanish residents.
Details: The regulation applies to individuals with a balance exceeding US$55,000 in crypto assets. It is set to be effective from January 1, 2024.
Kenya’s Capital Markets (Amendment) Bill:
Jurisdiction: Africa (Kenya)
Regulatory Body: National Assembly’s Finance and National Planning Committee
Change: Proposal to bring crypto trading under taxation.
Details: The bill seeks to tax crypto exchanges and digital wallets, allowing the Kenya Revenue Authority to tax Kenyans holding crypto assets.
United States’ Deploying American Blockchain Act of 2023:
Jurisdiction: North America (United States)
Regulatory Body: House Committee on Energy and Commerce
Change: Unanimous passage of a blockchain bill.
Details: The bill focuses on deploying blockchain technology for national security and economic stability. It awaits a full house vote.
Stay #LiminalSecure because it is the new definition of security.