Monthly Security and Regulatory Newsletter – May

Hello world, we at Liminal are extremely proud to present to you the monthly edition of our Security and Regulatory Newsletter. 

Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in May

0VIX Protocol exploited for $2 million

Five purple triangles arranged in an inverted U, followed by “0VIX” in white capitals(attribution)

The 0VIX defi protocol on the Polygon blockchain was exploited for around $2 million. This was a substantial portion of the project’s roughly $6.4 million TVL around the time of the hack. The attack was perpetrated by an attacker who manipulated an oracle, which then allowed them to execute a flash loan attack on the project.

The protocol was paused following the attack. 0VIX later tweeted that they had been collaborating with security firms to investigate the hack and had offered to let the attacker keep $125,000 if they returned the remaining funds in a bug bounty agreement that would also involve 0VIX not pursuing legal action. 

AT&T customers suffer crypto wallet compromises reportedly totalling $15–$20 million

AT&T logo, with a blue globe, made up of varying width stripes, followed by AT&T in black text(attribution)

TechCrunch reported that attackers were able to gain access to AT&T email accounts, which they then used to gain access to customers’ cryptocurrency accounts. Various customers reported their accounts at exchanges, including Coinbase and Gemini, had been drained. One individual victim lost $134,000 from their Coinbase account.

An anonymous source corresponding with TechCrunch claims that the total amount of cryptocurrency stolen is somewhere between $15 million and $20 million. The tipster also claimed that the hackers have the ability to gain access to any AT&T account via the AT&T employee portal; AT&T has denied this and instead claimed that “the bad actors used an API access.”

Bitrue crypto exchange hacked for $23 million

A yellow hexagon with a yellow b inside it, followed by “Bitrue” in black lowercase(attribution)

The Singapore-based Bitrue crypto exchange suffered a hack on April 14 in which attackers siphoned tokens, including Ethereum, Shiba Inu, and MATIC (the token for the Polygon network). Altogether, the stolen funds were estimated to be around $23 million.

Bitrue didn’t release details on how the attack had been achieved but explained that one of their hot wallets had been impacted. They announced that they would be pausing withdrawals for several days as they investigated the incident and that they would be compensating affected users.

Web3 Regulatory Practices for May

IOSCO to Launch Crypto Regulation Consultation in Q2 2023

The International Organization of Securities Commissions (IOSCO) plans to release a consultation report on regulating crypto assets in Q2 2023, with the final recommendations to be published by the end of the year.

IOSCO’s Fintech Task Force has dedicated two major workflows to decentralized assets, covering digital assets and DeFi, focusing on investor protection.

The Commission has previously published reports on DeFi, stablecoins, and influencers, recommending national regulators acquire supervisory capacities such as regulatory channels for consumer complaints and evidence-tracking processes.

UK to Introduce Crypto Regulations Within a Year

The UK government plans to introduce specific cryptocurrency regulations within the next year, according to Andrew Griffith, economic secretary to the UK Treasury.

The consultation period for proposed regulations ends on 30 April.

Liechtenstein Adjusts Blockchain Laws

Liechtenstein is adapting its blockchain laws in response to the evolving crypto landscape.

The Token and Trusted Technology Service Providers Act (TVTG) has drawn crypto service providers to the country, contributing to the growth of the crypto ecosystem. These adjustments present both opportunities and challenges for the industry.

Stay #LiminalSecure because it is the new definition of security.