CryptoLaw Newsletter #15 - 17 August 2021
DeFi's largest hack (so far), a Binance hack ends up in a London court, Vitalik Buterin on DAOs, dark web users built their own bitcoin analytics tool and the US Treasury tries to assuage fears.
Fortune’s Aug.-Sept. issue is all about ‘crypto v. Wall street’. The cover design by crypto design darling pplpleasr was turned into an NFT for the occasion, netting fortune US$ 1.3 million worth of ether. Read how crypto went ‘from mania to mainstream’, how Avanti’s Caitlin Long ‘turned Wyoming into crypto country’ and how ‘DeFi takes on Wall Street’. If you’re interested in NFTs, the issue features an NFT50 list too.
Digital assets
US - The US Treasury, which oversees the IRS and FinCEN, has no intention of going after miners, validators and developers as ‘brokers’ under the much-debated Infrastructure Bill. It plans to publish guidance on the issue, which could be released as soon as next week. The guidance should alleviate fears voiced by the crypto community that the broad definition of ‘broker’ could impose tax reporting requirements on bitcoin miners or software developers, among others, who are incapable of complying. (Bloomberg)
UK – London’s High Court ordered crypto-exchange Binance to help recover a user’s funds allegedly stolen by hackers. Tech company Fetch.ai had requested this measure, claiming hackers had taken tokens worth US$ 2.6 million from its Binance accounts. Binance confirmed it is helping Fetch.ai recover the assets. (Reuters) The order was made by Judge Pelling QC on 15 July but only unsealed recently. It discusses a number of interesting questions under the laws of England & Wales, largely relying on precedent (crypto-assets are property, private keys are ‘confidential information’ and the location (locus situ) of crypto-assets is where its owner resides). See our spotlight below.
Spain – The National Securities Market Commission (NSMC) yesterday issued warnings to a dozen crypto-related entities and websites, including huobi.com and a Bybit entity. The regulator said these entities operated without having registered for investment services. (Cointelegraph)
Singapore – The crypto industry is exploring new rules to comply with the much-discussed ‘travel rule’ contained in anti-money laundering laws. In Singapore, a new tool is reportedly being rolled out to facilitate compliance with the travel rule for the crypto transactions. The tool, called VerifyVASP, will be used by an entity linked to the operator of Upbit, South Korea’s largest exchange by volume. Next month, the tool will also be used for Upbit’s activities in South Korea. (Coindesk)
Dark web - Cybercriminals have built their own blockchain analytics tools to facilitate money laundering, according to crypto-analytics company Elliptic. Soon after the dark web tool Antinalysis was discovered by blockchain analysts, it was shut down. Antinalysis relied on data provided by third party provider AML Bot, which cut off access and reported crypto-addresses using the Antinalysis tool to law enforcement. (Decrypt)
The dark web tool Antinalysis, allowed bitcoin holders to check the likelihood that their bitcoin wallets and funds would be flagged by existing blockchain analytics software. It’s a bit like anti-virus software: if you know what the software is looking for, you can outsmart it by developing a virus that the software likely won’t detect (yet). ‘Users of Antinalysis are charged around $3 to check a single bitcoin address,’ Elliptic wrote. The quality of the tool was rather poor, it added. At the same time, the tool made blockchain analytics freely available to the public ‘for the first time’. Users or merchants could have used it to check that funds they receive are not tainted coins. The very existence of Antinalysis ‘likely reflects the difficulties faced by the market and its vendors in cashing out their Bitcoin proceeds,’ according to Elliptic – a point made repeatedly by crypto proponents in the aftermath of the Colonial Pipeline ransomware attack.
US - The Department of Justice opened a Dark Web (Tor-based) tips-reporting line offering up to $10 million to informants for data on state-backed hacks. Reward payments will be in cryptocurrency. (CNN) That’s one way for the DoJ to make use of the seized crypto it holds.
US – The New York Department of Financial Services (NYDFS) is looking for a new Deputy Superintendent for Virtual Currency. NYFDS is in charge of New York’s BitLicense regime. NYFD’s Superintendent Linda Lacewell, who previously acted as chief of staff of former Governer Cuomo, is set to leave the agency on August 24. (Coindesk)
EY published Crypto-Assets – the global regulatory perspective. The report sees financial crime as a key driver for crypto-asset regulation. DeFi ‘poses an increased risk of money laundering’, according to the authors. It gives a brief overview of anti-money laundering measures taken and concise summaries of crypto approaches adopted in select jurisdictions.
EU – Does MiCA make an undue distinction between rules applicable to crypto-asset issuance and crowdfunding? Industry association Eurocrowd thinks so, and lays out its arguments in a position paper.
DeFi
A new record in DeFi – this time for the largest DeFi hack so far, with U$600 million taken from the Poly Network. The hacker, exploiting a vulnerability in the Poly Network code, said they were not doing it for the money. Part of the funds were returned soon after, but the hacker has yet to provide the key to return the remaining funds. (Coindesk) The hacker(s) initially refused a US$ 500,000 bounty offered by Poly Network for their ‘work’, although they appear to be reconsidering. Although Poly referred to the hacker as Mr White Hat, and the hacker claimed to have acted with benign intentions in a self-written Q&A-type message, not everyone is convinced the hacker started off with good intentions. Did they simply get cold feet as the net closed around them? (BBC)
Reuters’s Tom Wilson dedicated an article to DeFi. ‘Would-be robbers are often able to exploit bugs in the open-source code used by sites. And with regulation still patchy, there is usually little or no recourse for victims.’ Centralised crypto-exchanges have tightened their compliance efforts after a spate of regulatory crackdowns, including on crypto-exchange Binance. That makes DeFi an attractive alternative for unlawful activity (such as the Poly hack), according to one source quoted.
DeFi crimes hit an all-time high in the first seven months of 2021, according to CipherTrace. Losses from thefts, hacks and frauds totalled US$ 474 million from January to July. Then came August, which saw the largest DeFi hack so far, with US$ 600 million worth of value siphoned off the Poly Network (although almost all of the proceeds were returned by the hackers alter). That brings the total to roughly US$ 1 billion – an amount regulators are unlikely to ignore. (Reuters and CipherTrace)
DAOs
Moving beyond coin voting governance is the title of a new post on token governance in DeFi by Vitalik Buterin. ‘[W]e need to move beyond coin voting as it exists in its present form,’ he argued. DAO governance is becoming a hot topic and we expect many more comments on this issue this year.
CBDC
Ghana - Bank of Ghana partnered with Giesecke+Devrient (G+D) to pilot a general purpose Central Bank Digital Currency (retail CBDC) in the country that would not require either a bank account or a smartphone. The project is part of the 'Digital Ghana Agenda' and the 'e-Cedi' is intended to complement physical cash. ‘It also aims to facilitate payments
without a bank account, contract, or smartphone, by so doing boosting the use of digital services and financial inclusion amongst all demographic groups’, the central bank said in its press release.Korea – Bank of Korea will pilot CBDC on Samsung mobile phones, testing offline payments between users. (Decrypt)
US – Can a CBDC reduce inequality? The Federal Reserve should not only consider how a digital dollar would affect monetary policy, but also how it can improve economic opportunity, according to an opinion piece. (Bloomberg)
Spotlight: A Binance hack ends up in London’s High Court
A UK-based Binance user turned to the High Court in London after its Binance accounts were allegedly hacked by unknown persons. The judge pondered over legal questions such as: are crypto-assets ‘property’ under the laws of England & Wales? What is the legal classification of a private key? Which Binance entity should a legal order be served on, especially when its corporate structure is so murky? And where are crypto-assets ‘located’ for the purposes of determining the jurisdiction of an English court and applying the laws of England & Wales?
Read more on our blog here…
Thank you for reading!