Hello world, we at Liminal are extremely proud to present to you the monthly edition of our Security and Regulatory Newsletter.
Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Web3 Security Compromises in July
BALD memecoin plunges after $25.6 million rug pull
A memecoin called $BALD, built on the Coinbase Base test network, appears to have rug pulled for at least $25.6 million. Although the Base network is meant to be used for developer testing, some people have tried to trade on the network before its official launch.
A pseudonymous crypto user called “Bald” announced that they would be selling $BALD tokens on the Base network, and the token — apparently named after the hairless Coinbase CEO Brian Armstrong — quickly skyrocketed in price. However, the token deployer emptied tokens priced at around $25.6 million from the liquidity pool two days after launch in an apparent rug pull. The token price quickly plunged by around 90%.
Conspiracy theories emerged that the Bald account was, in fact, operated by Sam Bankman-Fried, the former CEO of FTX, who is on house arrest under strict supervision and without access to most websites as he awaits trial later this year.
CoinsPaid hacked for $37.3 million
Two concentric C’s in blue and yellow, followed by “CoinsPaid” in white(attribution)
The CoinsPaid crypto payment platform, which provides payment services to various online casinos, reportedly suspended withdrawals under mysterious circumstances. The company later deleted a handful of tweets pertaining to the incident, which they ascribed to a “technical issue”.
After prominent Bitcoiner Jameson Lopp tweeted that the issue “look[s] more like a hack”, CoinsPaid replied, “Our team is aware of the issue… Please wait for the official announcement on this topic.” Crypto researcher Zachxbt responded, “The issue is you got hacked by North Korea, that’s what, lol”, referencing the increasing suspicion that the Lazarus group may be behind the disruption. Sure enough, CoinsPaid later confirmed that they had been hacked for $37.3 million and announced that they suspected the Lazarus Group was behind it.
Some have been speculating that there are connections between this incident and the $60 million hack of the Alphapo crypto payments processor on July 22. Alphapo also provided services to various online casinos. Indeed, there are connections between Alphapo and CoinsPaid, and they may in fact be operated by the same people.
Ponzi scheme promising a blockchain app to identify dogs by their nose-prints scams investors out of $127 million
Alphapo hacked for more than $60 million
A yellow triangle, tilted to the right, with a curve resembling the crossbar of an A. Followed by “Alphapo” in black lowercase.(attribution)
The crypto payment processor Alphapo suffered a hot wallet hack on July 22 in which at least $60 million in Ethereum, Tron, and Bitcoin was stolen. Alphapo processes payments for several gambling platforms, including HypeDrop, Bovada, and Ignition.
HypeDrop disabled withdrawals on their platform and wrote on Twitter that they were experiencing “ongoing deposit and withdrawal issues” due to “an issue on the cryptocurrency provider’s side.”
Web3 Regulatory Practices for July
South Africa Rush for Licenses: Crypto Exchanges Dodging the FSCA Crack Down
South Africa’s Financial Sector Conduct Authority (FSCA) has drawn the line: crypto exchanges must obtain a license by the end of the year or face penalties.
This clear mandate by Commissioner Unathi Kamlana is backed by approximately 20 applications already on the table and the anticipation of more as the November 30 deadline approaches.
As observed in many other countries, the reasoning behind this decisive step is to shield consumers from potential financial risks inherent in the crypto market.
And no matter the size of operations, all exchanges serving South Africans will have to comply. While the directive is stern, Commissioner Kamlana assures a period of time will be dedicated to examining the outcome of these measures.
Hong Kong and Saudi Arabia Collaborate on Tokenization and Payments
Hong Kong and Saudi Arabia are strengthening financial collaboration, focusing on tokenisation and payment infrastructure. They held a bilateral meeting, signed an MoU for joint discussions on financial innovation, and exchanged expertise in tokenisation and payment technologies. However, there was no mention of cryptocurrencies. This reflects a broader trend of international collaboration among central banks and regulators in exploring digital assets and fintech.
Canadian regulator proposes new requirements for banks’ and insurers’ Crypto exposure
Canada’s financial regulator, OSFI, has proposed strict guidelines for banks and insurers dealing with crypto-assets. The rules categorise crypto assets into two groups and set a 1% exposure limit for unbacked crypto assets. The guidelines are expected to come into effect in Q1 2025 after the consultation period ends on September 20. This move aims to regulate the crypto sector efficiently and combat increasing crimes related to digital assets.
Stay #LiminalSecure because it is the new definition of security.