Monthly Security and Regulatory Newsletter
Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.
Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight incidents pertaining to security, regulations, and compliance that have happened in the past month and how one can follow better Security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Dive in and get a detailed analysis of everything related to security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Web3 Security Compromises in February
BitForex shuts off website after $57 million withdrawal
The Hong Kong-based BitForex cryptocurrency exchange has shut down access to its platform after a suspicious outflow of around $57 million on several blockchains. Users who have tried to log in see a CloudFlare page explaining that they are blocked from accessing the website by CloudFlare's DDoS protection service.
The withdrawals were first noticed by blockchain detective Zachxbt, who also noted that the exchange has stopped processing withdrawals and has not been replying to customer support inquiries.
It seems likely that the outflows were an exit scam rather than an outside attack, particularly given the lack of communication and the somewhat shady status of the exchange. The firm faced regulatory scrutiny in Japan in mid-2023 for operating without a license and has been accused of inflating its trading volume. Its CEO resigned in January but promised a new team would take over.
RiskOnBlast gambling platform rug pulls for $1.3 million
RiskOnBlast, a gambling and trading platform on the new Ethereum layer-2 Blast blockchain, appears to have performed the blockchain's first major rug pull — before the blockchain has even officially launched. Blast was created by the developers of the Blur NFT platform and received funding from the Paradigm Crypto VC.
The team behind Blast had even helped to promote the RiskOnBlast platform, tweeting from its official account that Blast was "a new challenger" in the ecosystem with "undeniable" potential.
On February 25, the platform drained more than 420 ETH (~$ $1.3 million) from more than 750 user wallets on its platform. The project's anonymous team then laundered the funds through various services and exchanges. All social media accounts for the project were taken offline.
Axie Infinity co-founder suffers $9.5 million loss after wallet compromise
Jeff "Jihoz" Zirlin, a co-founder of the Axie Infinity blockchain game, lost around $9.5 million as two of his crypto wallets were compromised. The thief stole 3,248 ETH ($9.5 million), which they quickly laundered with the Tornado Cash cryptocurrency mixer.
Some were briefly concerned that Axie Infinity's Ronin Bridge had been hacked (again), since the funds had moved out of it. Jihoz and others were quick to emphasize that the bridge had not been affected and that it was simply a personal wallet compromise.
Recommended by LinkedIn
Web3 Regulatory Practices for December
Hong Kong Launches Consultation to Regulate OTC Crypto Venues
In its latest move, Hong Kong is stepping forward with a public consultation to potentially introduce a licensing regime for over-the-counter crypto trading service providers.
The initiative, running until April 12, 2024, focuses on measures to mitigate risks associated with money laundering and terrorism while ensuring investor protection.
The proposed legislation mandates licensing for entities offering crypto spot trading services and strengthens the regulatory authority of the Commission of Customs and Excise (CCE).
On the positive side, this may enhance the security of the trading environment, providing safeguards against fraudulent activities and unlicensed platforms. Such regulatory clarity, in turn, will foster responsible innovation within the virtual asset space, potentially attracting more institutional investments.
However, the introduction of stringent licensing requirements might pose challenges for smaller entities and startups, possibly stifling innovation due to increased compliance costs and operational hurdles. Additionally, while aiming to protect investors, this regulatory shift could consolidate the market, favoring larger players over emerging ones.
US Secretary Treasury Calls for Crypto Regulation Beyond Securities Laws
In a recent Congressional hearing, U.S. Treasury Secretary Janet Yellen emphasized the need for specific legislation to address cryptocurrencies and stablecoins.
Highlighting the absence of a comprehensive regulatory framework, Yellen pointed out the risks associated with the current state of crypto platforms, including volatility and potential financial instability.
She also cited the collapses of Signature Bank and Silvergate as indicators of the systemic risks posed by unregulated stablecoins
While the prospect of regulation may bolster investor confidence and mitigate run risks associated with stablecoins, it also brings the challenge of navigating an increasingly complex regulatory landscape.
Enhanced oversight could throttle innovation, as crypto businesses and startups might be entangled in stringent compliance requirements.
Key Takeaways
Stay #LiminalSecure
These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices.
At Liminal, we're committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our institutional custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.