Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.
Liminal believes in optimising security and custody practices globally across the Web3 industry. Through our monthly newsletter, we highlight incidents pertaining to security, regulations and compliance that have happened in the past month and how one can follow better security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Unlock the potential of digital assets for your institution
Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Web3 Security Compromises in September
Huobi exchange hacked for $8 million
Justin Sun confirmed on September 25 that his crypto exchange Huobi (recently rebranded to “HTX”) had been hacked for 5,000 ETH ($8 million) the prior day. He reassured customers that the exchange would be covering the shortfall and that “all user assets are #SAFU”.
Sun offered a bounty to the hacker to return 95% of the funds, also promising to hire them as a “security white hat advisor” for the exchange. Otherwise, he threatened to go to law enforcement.
Two weeks later, the thief returned the funds with a note that their hot wallet key had leaked. Huobi paid the $410,000 bounty.
Mixin Network discloses $200 million hack
The operators of the Mixin Network disclosed that hackers had stolen around $200 million in funds in the largest known hack of the year (to date). Mixin Network is a cross-chain project that boasts zero transaction fees.
In their announcement, Mixin wrote that “the database of Mixin Network’s cloud service provider was attacked by hackers”, leading to some confusion as Mixin is supposed to be a decentralised network that ostensibly shouldn’t have a centralised cloud database.
Mixin announced they would be suspending deposits and withdrawals pending analysis of the incident. They also told users that they would be compensated “up to a maximum of 50%” on assets that had been stolen from them and receive “tokenised liability claims” (that is, IOUs) for the rest.
Nouns DAO fractures in $27 million split
Nouns DAO, one of the most prominent Ethereum DAOs, has split into two projects after holders of around 56% of the Nouns NFTs in circulation voted to “ragequit”. This means that they have forked into a new DAO, taking 16,757 ETH (~$27.3 million) of the original DAO’s treasury with them.
Nouns NFTs have been popular since the project’s launch in 2021, and in mid-2022 enjoyed a floor price of over 100 ETH (then over $150,000). Now, they tend to sell for around 35 ETH (~$57,000). The DAO has used its substantial treasury to fund a wide range of projects, from creating Nouns short films to distributing eyeglasses to kids to partnering with Bud Light for a Super Bowl commercial in 2022.
Now, however, more than half of the project has opted to leave, with some leavers citing flawed decision-making and lack of leadership. As for the new fork, some Nouns owners may choose to “ragequit” — that is, forfeit their NFT and cash out their portion of the treasury (around 35.5 ETH, or $57,850, apiece). Some arbitrageurs have been buying Noun NFTs for months, hoping to use this ragequit functionality to profit.
Web3 Regulatory Practices for September
Senator Gillibrand Rallies Democrat Colleagues to Adopt Digital Assets Regulation
Senator Gillibrand is mobilising Democrat colleagues for bipartisan cryptocurrency regulation amid government shutdown concerns. She emphasises the role of the Senate Banking Committee and collaborates with sceptics like Senators Warren and Brown. Gillibrand and Senator Lummis propose the Responsible Financial Innovation Act to categorise most crypto assets as commodities. The US crypto market grapples with regulatory uncertainty, prompting fears of industry migration. Recent victories for Ripple and Grayscale against the SEC offer hope for the future.
Presidential hopefuls are getting louder on crypto issues, at least for now
Cryptocurrencies are gaining attention in the early stages of the 2024 US Presidential election, particularly among Republican candidates like Vivek Ramaswamy and Florida Governor Ron DeSantis. Ramaswamy criticises regulatory agencies like the SEC for their enforcement-focused approach, while DeSantis vows to end what he sees as “Biden’s war on Bitcoin and cryptocurrency.” Although engaging with crypto voters is seen as important, both candidates face challenges in gaining popularity. There’s speculation that SEC Chair Gary Gensler, seen by some as anti-crypto, could be replaced if a Republican wins the White House. Democratic candidate Robert F. Kennedy Jr. has also expressed pro-bitcoin views. The level of importance given to crypto in the campaign may evolve over time.
EU parliament votes overwhelmingly in support of DAC8 crypto tax reporting rule
The European Parliament overwhelmingly supported the eighth iteration of the Directive on Administrative Cooperation (DAC8), a cryptocurrency tax reporting rule, with 535 votes in favour, 57 against, and 60 abstentions. DAC8 empowers tax authorities to track and assess cryptocurrency transactions, aiming to reduce tax fraud and evasion. The measure is set to be implemented by EU member states by January 1, 2026. Some critics argue that DAC8 doesn’t significantly differ from previous frameworks and may centralise oversight. Concerns also include the challenge of determining reportable crypto-assets and potential duplicate reporting.
Stay #LiminalSecure because it is the new definition of security.
by Liminal
