.svg)
As hackers wreak havoc on decentralised finance (defi) platforms, a US regulator has issued its largest crypto enforcement action to date following a multi-year investigation into suspected sanctions-busting.
First up, it has been a hell of a month for crypto hacks, as new data from crypto analytics firm Chainalysis suggests that October is already the worst month of 2022 for crypto hacks, and it is still far from over.
So far this month, $718m has been stolen from defi platforms in 11 separate hacks. This puts October just ahead of March as the worst month for value lost, but March still leads in terms of number of hacks.
At this rate, Chainalysis predicts that 2022 will likely surpass 2021 as the worst year on record for value lost to hacks. So far, hackers have already stolen $3bn from a total of 125 hacks.
Last week, as reported by VIXIO, Binance was hit by a $570m hack of one of its cross-chain bridges, but ultimately it was able to recover most of the funds.
This week, Solana-based Mango Markets, another defi platform, was hit by a $100m hack.
While the Binance hacker attempted to duplicate a large transaction and cash out the difference, the Mango hacker was able to drain the platform of funds by manipulating the price of its MNGO token.
By artificially raising the price of MNGO, the hacker was able to use it as collateral to take out enormous loans in other crypto-assets from Mango liquidity pools.
In a statement, Mango said it has called on other crypto platforms to help freeze the stolen funds and has disabled further deposits to its own platform.
Bittrex $53m Settlement With Regulators
In the US, the Treasury’s Office of Foreign Assets Control (OFAC) revealed that it has reached a $24m settlement with crypto exchange Bittrex, as part of its largest crypto enforcement action to date.
In the first parallel enforcement action of its kind, the Financial Crimes Enforcement Network (FinCEN) also reached a $29m settlement with Bittrex due to violations of the Bank Secrecy Act (BSA).
Following investigations, OFAC found “apparent violations” of multiple sanctions by Bittrex, while FinCEN found “wilful violations” of anti-money laundering (AML) and suspicious activity reporting (SAR) requirements outlined in the BSA.
The $24m settlement covers Bittrex’s “potential civil liability” for the sanctions offences, while the $29m settlement covers Bittrex’s failure to apply AML and SAR controls under the BSA.
The sanctions case against Bittrex dates back to 2014 and runs until 2017, during which time the exchange is alleged to have committed more than 116,000 sanctions violations.
According to OFAC, Bittrex allowed $263m worth of trades to be entered by persons “apparently located” in the sanctioned jurisdictions of Crimea, Cuba, Iran, Sudan and Syria.
Meanwhile, from 2014 to 2018, FinCEN found that Bittrex had failed to maintain effective AML controls.
Bittrex’s transaction monitoring was described by FinCEN as “inadequate” and “ineffective”, resulting in “significant exposure” of the exchange to illicit finance.
Moreover, between 2014 and 2018, FinCEN found that Bittrex had failed to file any SARs, despite a significant number of transactions involving sanctioned jurisdictions.
“For years, Bittrex’s AML program and SAR reporting failures unnecessarily exposed the US financial system to threat actors,” said Himamauli Das, acting director of FinCEN.
“Bittrex’s failures created exposure to high-risk counterparties including sanctioned jurisdictions, darknet markets, and ransomware attackers.”
Das stressed that FinCEN will not hesitate to act against crypto companies in future if it identifies wilful violations of the BSA.
Bored Ape catches interest of SEC
This week another US regulator, the Securities and Exchange Commission (SEC), issued queries and subpoenas to a number of non-fungible token (NFT) companies, including Yuga Labs, creator of the Bored Ape Yacht Club collection.
According to a report from Bloomberg, the SEC has been investigating NFTs since March this year to establish whether they are being used to raise money in the same way as traditional securities like stocks and bonds.
If so, then NFT issuers and re-sellers could be held liable for unregistered securities violations under the 1933 Securities Act.
As the creator of Bored Ape Yacht Club, the world’s most valuable NFT collection, Yuga Labs stands to be affected significantly if the SEC were to classify NFTs as securities.
At its peak in May this year, the Bored Ape collection hit a market cap of $1.8bn, but has since shed about 50 percent of its value at the time of writing.
Jim Preissler, co-founder of defi platform SOMA.finance, said a two-tier classification model may be the best fit for NFTs.
Even if NFTs are not classed as securities at the time of issuing, he said, there is precedent for certain instruments to be classed as securities once traded on a secondary market.
“The NFT may or may not be a security, but the exchange that actively trades them could be required to be a licensed security exchange, and the NFTs may need to be treated as such on that exchange,” he said.
Preissler also pointed out that fractionalised NFTs and NFT community tokens, such as Yuga Labs’ ApeCoin, are even more likely to be seen as securities.
Such instruments would not have the “wriggle room” of standalone NFTs, said Preissler, which are often likened to digital works of art.
According to Bloomberg, the SEC is also investigating whether Yuga Labs’ launch of ApeCoin constitutes an unregistered securities offering.
Coinbase launches new payments tie-up with Google Cloud
Finally, to close out the week, perhaps some positive news for the crypto industry as Coinbase announces the launch of a new payments partnership with Google Cloud.
Under the deal, Google Cloud will allow customers to pay for its services using selected cryptocurrencies via Coinbase Commerce.
Coinbase Commerce is a global platform that helps merchants accept crypto payments, and provides access to crypto integration and business analytics tools.
Merchants currently using Coinbase Commerce include WeWork, Alo Yoga and Budweiser brewer Anheuser Busch.
Owen Lau, senior analyst at investment bank Oppenheimer, told CoinDesk that the deal will be seen as a “validation” of the crypto industry in the eyes of bigtech and the traditional finance world.
However, anonymous crypto analyst Bitfinex’ed pointed out that Google will not technically be accepting the final payment in crypto form, as payments will first be converted into fiat when passing through Coinbase Commerce.
“Google isn’t accepting bitcoin, they’re immediately liquidating bitcoin for dollars,” he said. “This isn’t a bullish event. Everyone that pays for Google services with Coinbase is selling their crypto.”
Nonetheless, traditional finance institutions are clearly seeing some form of validation in crypto, as can be seen from the entry this week of the US's oldest bank, BNY Mellon, into the crypto custody market.
Using BNY Mellon’s Digital Asset Custody platform, clients will be able to hold and transfer bitcoin and ether, which together make up almost 60 percent of crypto’s total market cap.
