Monthly Security and Regulatory Newsletter – June

Hello world, we at Liminal are extremely proud to present to you the monthly edition of our Security and Regulatory Newsletter. 

Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in June

Jimbos Protocol exploited for $7.5 million

A green infinity symbol, made out of straight lines(attribution)

Three days after the launch of its v2 protocol, the Arbitrum-based Jimbos Protocol was exploited for 4,090 ETH (~$7.5 million). The project had not properly controlled for slippage, which enabled an attacker to use a flash loan to manipulate the trading pairs on the project. The attacker then bridged the stolen funds to the Ethereum chain.

After the attack, Jimbos Protocol tweeted, “We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals. We will release further information when possible.” They also sent an on-chain message to the exploiter, offering to stop all investigations if the hacker returns 90% of the stolen funds.

Croatian cryptocurrency investment company BitLucky reportedly collapses; more than $75 million allegedly missing

A blue outline of a Bitcoin symbol, with a jagged arrow through it pointing to the upper right, enclosed in a blue circle(attribution)

Croatian company BitLucky told its customers that it would invest their money in cryptocurrencies, promising 5–25% monthly profits. However, its director, Luka Burazer, wrote an email to clients on May 19, explaining: “Dear clients, with a series of bad trades and decisions, unfortunately, I have brought the state of the company into a crisis situation. We will have more information in the following days”. He and the company co-founder have since gone dark, turning off their cell phones, not replying to emails, and deleting their social media presence. 

According to the Croatian news outlet Jutarnji list, a secretary for the company reached out on the phone and explained, “The director went crazy and spent all the money”. The losses allegedly involve crypto assets notionally worth €70 million (~$75.7 million), and affect at least 700 individuals.

Some have expressed the opinion that BitLucky was a Ponzi scheme all along, given the unreasonable promises of 5–25% monthly returns. The editor of a crypto news outlet also expressed that “there was a ‘line of [red] flags'”, including that Burazer never wanted to appear in the media or have his picture shown online

MoonPay executives pocketed $150 million raised from Series A

A large indigo circle with a smaller indigo circle to the top right of it, followed by “MoonPay” in black sans serif(attribution)

According to a report from The Information, MoonPay executives, including CEO Ivan Soto-Wright, pocketed $150 million from their $555 million Series A funding round completed in November 2021. MoonPay is a crypto payments platform known for its NFT “concierge” service, popular among celebrities, and for the various allegations of undisclosed promotions levelled against it related to some of those celebrity deals.

According to The Information, MoonPay never disclosed that $150 million of the Series A funding was used to purchase shares from insiders, including Soto-Wright, and never went to the company. Several weeks after the funding round, Soto-Wright purchased a $38 million Miami mansion

Themis Protocol hacked shortly after going live

Themis Protocol is a lending platform that has had an excruciating rollout, with users waiting even longer for the platform to finally go live as they endured multiphased airdrops but no usable product. On June 16, the project finally launched in beta on Arbitrum, an Ethereum layer 2.

Only eleven days later, on June 27, the team boasted that the project “has grown to over $1m TVL in 2 working days”. An hour after that, they announced that they would be suspending the protocol and beginning an immediate investigation into an apparent theft. Themis boasts in its documentation that “security is the highest priority” of the project and lists multiple audits from PeckShield.

An attacker was apparently able to exploit the project, draining around 220 Themis-wrapped ETH (nominally worth ~$417,000). Due to liquidity issues, they could only swap these for around 94 ETH (~$178,000) and almost $190,000 in stablecoins, for a total haul of around $368,000..

$1.25 million stolen in 2 months in Polygon NFT phishing scheme

A phishing scam in which scammers airdropped fake NFTs impersonating real projects has landed the scammers around $1.25 million in the last two months. The scammers have created more than 1,350 fake NFTs appearing to come from real projects, including RocketPool, ApeCoin, Polygon, Uniswap, and Aave, then airdropped them to more than 500,000 wallets. When they viewed the NFTs, the victims were directed to phishing sites where they signed malicious signatures.

Around $1.25 million in various assets have been stolen thus far, with the largest single loss exceeding $150,000.

Ponzi scheme promising a blockchain app to identify dogs by their nose-prints scams investors out of $127 million

A company that promised an app that could identify dogs by their nose-prints — built on the blockchain, of course — has been alleged by South Korean police to be “a typical Ponzi scheme” that lured investors with promises of up to 150% returns in 100 days. The company raised around ₩166.4 billion (~$127 million) from approximately 22,000 people. The victims, according to Korean police, are mostly “in their 60s or older with no expertise in cryptocurrencies”.

As for the noseprint reader, well, it was found to be a fake product that (shockingly) didn’t use a blockchain at all. The company had also promised to build “theme parks for pets”, but had not leased any of the sites it had identified.

Web3 Regulatory Practices for May

Banking on Crypto Regulations: The Cross-Border Partnership Between Hong Kong and the UAE

The collaboration between the central banks of Hong Kong and the United Arab Emirates (UAE) promises to enhance financial cooperation, particularly in cryptocurrency regulations and fintech development. This partnership has wide-ranging implications for crypto users and the overall ecosystem.

With harmonised regulatory measures, investors could gain confidence due to stronger consumer protection and reduced risk of fraud. This cooperative approach might encourage other countries to develop aligned rules, promoting regulatory consistency for global investors.

At the same time, tighter regulations can pose challenges. Crypto creators may find a complex regulatory environment daunting, resulting in slower growth in the sector.

Additionally, new rules could conflict with the basic principles of decentralisation and anonymity that define cryptocurrencies.

South Korea Takes Lead in Cryptocurrency Regulations Amid Scandal

South Korea’s National Policy Committee took a bold step forward by approving a landmark cryptocurrency regulation bill, the first of its kind in the nation’s history.

This action is a direct response to a controversy involving a high-profile opposition lawmaker, who has been accused of heavy cryptocurrency speculation. Now consolidated from 19 similar drafts, the bill is headed for the Legislation and Judiciary Committee, where it will face a thorough review.

According to legislators, this bill aims to protect digital asset investors, thwart unfair cryptocurrency trading, and establish a reliable framework for trading stablecoins. In a significant move, it empowered the Financial Services Commission, South Korea’s premier financial regulator, to oversee cryptocurrencies.

Crypto Regulation Takes Center Stage: A Global Update from the EU, Argentina, Thailand, and the UK

Advancements in cryptocurrency regulation are shaping the global financial landscape, with the European Union, Argentina, Thailand, and the United Kingdom taking significant strides in this space.

Starting off with the European Union, a pivotal consensus has been reached to revise banking regulations, integrating new rules specifically for crypto assets. This reform, as per EU authorities, aims to harmoniously incorporate digital assets into the traditional financial system while mitigating potential risks associated with unbacked cryptocurrencies.

Moving over to Latin America, Argentina demonstrates a keen interest in adhering to international norms by planning to adopt the crypto regulations outlined by the Financial Action Task Force (FATF). The FATF is an international entity dedicated to combating money laundering and terrorist financing. This alignment signals Argentina’s commitment to meeting global standards and could improve its chances of securing a financial aid package from the International Monetary Fund.

Cross-Party UK Group Pushes for Swift Crypto Regulation

The Crypto and Digital Assets All Parliamentary Group (APPG), a cross-party body in the UK, has urged the government to expedite the regulation of cryptocurrency financial services.
The APPG recently published a report outlining 53 recommendations for cryptocurrency regulation, aiming to position the UK as a leader in the global crypto market. It advocates for expanded powers for lawmakers over the crypto sector to boost financial security and consumer protection.

The group’s report, launched in response to a vision of making the UK a crypto hub, also highlights the need for dedicated units within regulatory bodies to handle digital assets. Additional recommendations include backing stablecoins with high-quality fiat currency assets and considering the environmental implications of digital assets.

This proposal by the APPG diverges from a recent suggestion by the House of Commons Treasury Committee to regulate crypto-like gambling.

Instead, the APPG’s report focuses on establishing a comprehensive tax framework for crypto, mitigating financial stability risks, and curbing economic crimes linked to crypto. The group is also examining the potential for a Central Bank Digital Currency.

Stay #LiminalSecure because it is the new definition of security.