Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.
Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight security, regulations, and compliance incidents that have happened in the past month and how one can follow better Security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Web3 Security Compromises in January
Abracadabra exploited for almost $6.5 million, Magic Internet Money stablecoin depegs
The Magic Internet Money ($MIM) stablecoin has lost its dollar peg again, dipping all the way below $0.77 in a flash crash before returning to around $0.95.
The depeg appears to be related to an exploit of the Abracadabra lending protocol, which allows people to borrow $MIM. An attacker exploited an apparent flaw in the platform’s smart contracts to drain around $6.5 million.
Goledo Finance hacked for $1.7 million
Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK to be around $1.7 million.
Goledo Finance contacted the attacker to offer a 10% “bounty” for the return of the remaining assets. In a message on January 29, the attacker wrote: “I hacked Goledo and want to negotiate.”
Socket service and its Bungee bridge suffer $3.3 million theft
The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed them to take assets from those who had approved a portion of the system called SocketGateway.
A little over 700 victims were affected, and the highest loss from a single wallet was around $657,000. 121 wallets lost assets priced at more than $10,000.
On January 23, the protocol announced they had recovered 1,032 ETH (~$2.23 million) of the stolen funds.
Web3 Regulatory Practices for January
The EU Imposes Stricter Due Diligence Rules for Crypto Firms
On Jan. 17, the European Council and the Parliament came to a provisional agreement on parts of the Anti-Money Laundering Regulation (AMLR) that now extends to the crypto sector.
Under the new rules, cryptocurrency firms will be required to run due diligence on their customers involving a transaction amounting to €1,000 ($1,090) or more.
However, the agreement isn’t final yet as it has to be first officially adopted by the Council and Parliament before the rules can be applied.
So, after the EU passed its landmark MiCA regulation last year, which clarified rules about cryptocurrencies, regulators are now targeting the space with tighter controls.
While these regulations bolster security and trust in the crypto market, potentially attracting more cautious investors and combating financial crimes, they also present challenges.
The US State of Virginia Introduces Digital Assets Mining Rights
Recently, the Virginia State Senate introduced Bill No. 339, which outlines regulations for the transactions and mining of digital assets and their treatment under tax laws.
The legislation exempts individuals and businesses engaged in crypto mining activities from obtaining money transmitter licenses. Additionally, it protects miners from any discrimination.
Issuers and sellers of crypto are also exempted from securities registration requirements if certain conditions are met. Moreover, those offering mining or staking services are not to be classified as “financial investment” but must file a notice to qualify for the exemption.
The bill further incentivizes crypto’s use for everyday transactions by offering tax benefits. Under this, up to $200 per transaction can be excluded from an individual’s net capital gains or gains derived from using crypto to purchase goods or services, starting from Jan. 1, 2024.
Key Takeaways:
- Hackers continue to exploit vulnerabilities in DeFi protocols and cross-chain bridges, highlighting the need for robust security measures.
- Regulatory frameworks are evolving rapidly, with stricter AML rules and supportive legislation for emerging technologies like crypto mining.
- Staying informed about these developments is crucial for navigating the digital assets market safely and responsibly.
Stay #LiminalSecure
These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices.
At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our robust custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.
by Liminal
