Categories
Australia DeFi Illegal Regulation

ASIC Sues Aussie Fintech Company Block Earner Alleging Unlicensed Services

Australia’s financial markets watchdog is taking Aussie crypto platform Block Earner to court for allegedly providing unlicensed financial services and running an unregistered managed investment scheme. 

The Australian Securities and Investments Commission (ASIC) announced Wednesday November 23 that it had commenced civil penalty proceedings against Block Earner — the trading name for Web3 Ventures — in the Federal Court.

“We are concerned that Block Earner offered financial products without appropriate registration or an Australian Financial Services licence, leaving consumers without important protections. Simply because a product hinges on a crypto-asset, does not mean it falls outside financial services law.”

ASIC Deputy Chair Sarah Court

ASIC has been active when it comes to enforcement in the crypto space of late, taking legal action against the company being the Qoin token in October this year.  

Block Earner CEO Cites Lack of Regulatory Clarity

Bringing decentralised finance to the masses has been the catch-cry of Block Earner, which offers a range of fixed annual yield products backed by crypto, USD reserves and physical gold. ASIC said Block Earner’s crypto-asset-related offerings were financial products, which comes with a requirement to hold an AFS licence — which Block Earner does not have.

Speaking to Business News Australia, Block Earner co-founder and CEO Charlie Karaboga described the legal action as a “disappointing outcome”. He said the startup had invested in infrastructure to be able to operate compliantly and protect its customers against crypto market volatility. 

“Needless to say, lack of clarity around regulation in Australia for cryptocurrency-related products creates friction between regulators and innovators like Block Earner in our industry. In an ideal world, we would build these products in a regulatory sandbox with more clarity around licensing regimes. In the future, we look forward to working with ASIC and other regulators in this space to make Australia an innovative space for the crypto industry.”

Block Earner co-founder and CEO Charlie Karaboga

ASIC Supports Regulation to Protect Consumers

ASIC said it supports the development of an effective regulatory framework covering crypto assets in order to protect Australian investors — who have demonstrated a strong interest in crypto. 

Research released by ASIC in August 2022 found many new, young investors had become active in financial markets and 44 percent reported holding crypto. Just 20 percent of crypto owners considered their investment approach to be ‘risk-taking’, and many said they sourced information from social media, podcasts and financial influencers.

In its statement about legal proceedings against Block Earner, ASIC highlighted its concerns about consumers’ vulnerability in their rush to embrace crypto:

“Crypto-assets are risky, inherently volatile and complex and ASIC remains concerned that potential investors in crypto-assets may not fully appreciate the risks involved. ASIC supports the development of an effective regulatory framework covering crypto-assets to protect consumers and investors.” 

ASIC Deputy Chair Sarah Court
Categories
Banking Crypto News DeFi Payments

Mastercard and Paxos Team up to Help Banks Offer Crypto Trading

Mastercard announced Monday that it is extending its partnership with cryptocurrency trading platform Paxos to create a program to make it easier for banks and other financial institutions to offer crypto trading services to their customers.

The program, called Crypto Source, will see Mastercard act as a bridge between Paxos and banks, with Paxos providing cryptocurrency trading and custody services on behalf of the banks.

Partnership Aims to Increase Retail Confidence in Crypto

Mastercard said its role in Crypto Source is largely about creating a secure, trusted bridge between crypto markets and traditional banking. By providing this bridge Mastercard hopes to increase both banks’ adoption of crypto trading services and retail investors’ confidence and willingness to engage with crypto markets. Mastercard’s President of Cyber & Intelligence Ajay Bhalla explained:

“At Mastercard, trust is our business. What we are announcing today is a connected approach to services that will help bring users safely and securely into the crypto ecosystem. Our recent investments in this space, such as the acquisition of CipherTrace and Ekata, are providing us with a unique set of capabilities to help provide our customers and consumers with the most technically advanced solutions available in the market.” 

Ajay Bhalla, President, Cyber & Intelligence at Mastercard

Mastercard’s role centres around verifying transactions, ensuring security and regulatory compliance, and helping banks implement the technology into their existing systems. Mastercard said banks would also be able to offer additional functionality, such as digital receipts and loyalty programs, to augment the core functionality. 

Program Deepens Mastercard’s Links With Paxos

Paxos is a blockchain-focussed company perhaps best known for their gold-backed cryptocurrency PAX Gold (PAXG), which has worked with numerous large finance companies, including PayPal, on crypto-related projects. 

Last year, Mastercard worked with Paxos to enhance its payment card offerings, making it easier for its partners, such as banks and crypto exchanges, to convert cryptocurrencies into fiat currency.

Crypto Source builds on Mastercard’s pre-existing relationship with Paxos and deepens its involvement in crypto ecosystems. Speaking about the relationship, Mastercard’s Chief Digital Officer, Jorn Lambert said:

“We’re excited to build on our long-term partnership with Paxos – co-innovating to bring safe and secure technology to financial institutions. Our crypto product innovations will provide choice at scale and continue to bring one-of-a-kind opportunities to financial institutions as they seek to offer new, advanced services to their customers”

Jorn Lambert, Chief Digital Officer, Mastercard

According to Mastercard, Crypto Source is currently in a pre-pilot phase, the company has not yet announced a date for a broader rollout of the program.

Categories
Binance BNB Crypto News DeFi Hackers

Binance Network Suffers $560 Million Code Exploit

An exploit of a bug in the Binance-run blockchain network, BNB Chain, allowed a hacker to ‘trick’ the BNB Chain’s BSC Token Hub bridge into sending them roughly US$560 million worth of BNB tokens. This incident renewed concerns involving the security of cross-chain bridges.

The Binance team responded by suspending activity made on the Binance blockchain, freezing a majority of the stolen assets. It’s estimated that the hacker made off with roughly US$100 million worth of assets on other chains.

Within a day of suspension, BNB Chain tweeted that the bridge was up and running again:

In the days following the hack, the price of BNB fell by 5-7%.

Source: CoinMarketCap

Investor funds safe, extra BNB created

BNB Chain is not the first cross-chain bridge to experience a major hack — around $US$625 million worth of WETH and USDC was drained from Ronin earlier in 2022, considered one of the biggest hacks in the history of crypto. 

As the BNB Chain hack was revealed, Binance CEO Changpeng ‘CZ’ Zhao quickly moved to reassure users, tweeting that funds were safe:

The ‘extra’ BNB were essentially created from nothing, through an exploit of the bridge’s code.

A detailed analysis tweeted by security expert @samczsun explains how the hack may have been carried out, summarising by saying, “there was a bug in the way that the Binance bridge verified proofs which could have allowed attackers to forge arbitrary messages.”  

Next Steps: On-Chain Governance Vote

BNB Chain has said governance votes will determine how to approach the next steps in relation to whether to freeze the hacked funds, whether to use BNB Auto-Burn to cover the remaining hacked funds, and how to deliver a Whitehat program to find future bugs and reward hackers with bounties.

The platform also committed to contributing to a broader conversation about the vulnerabilities in cross-chain bridges, stating:

“We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.”

BNB Chain
Categories
Celsius Cryptocurrency Law DeFi Ethereum

Bankrupt Celsius Launches Lawsuit Over Alleged Theft of 1000 ETH

Bankrupted crypto lender Celsius has filed a lawsuit against a former investment manager, alleging he cost the platform tens of millions of dollars through a combination of incompetence and theft.

The complaint, which was filed in New York’s Manhattan bankruptcy court on August 23, alleges that Jason Stone, through his company KeyFi Inc, falsely presented himself as an experienced and highly skilled digital asset manager, but was in fact negligent and “extraordinarily inept” at devising and implementing profitable crypto investing strategies.

Celsius Alleges DeFi Manager Used NFTs, Tornado Cash to Siphon Funds

The filing states that Stone worked with Celsius for about seven months up to March 2021 and was given access to a Celsius-controlled wallet for the purposes of managing the lender’s DeFi investing strategy.

Celsius alleges that rather than managing its assets as requested, Stone instead invested heavily in NFTs – including CryptoPunks and Bullrun Babes – to the tune of 1070 ETH. Allegedly, Stone later sold some of the NFTs for 1071 ETH before funnelling the funds through crypto mixing service Tornado Cash to his own private wallet rather than back into the Celsius-controlled wallet.

Celsius claims Stone had no authorisation to purchase NFTs as part of his role and suggests he might have done so because he was aware it was difficult for Celsius to track NFT purchases through its internal systems, making the theft harder to notice.

In addition to what it claims was intentional theft, Celsius claims Stone also cost the lender over US$50 million through his ineptitude, saying he proved himself “incapable” of investing profitably in cryptocurrencies.

Stone, responding to these accusations through his lawyer, Kyle Roche, claims all of the investments he made on behalf of Celsius were authorised by the lender’s CEO, Alex Mashinsky.

Claims Follow Previous Suit From KeyFi Against Celsius

These complaints come six weeks after Stone’s company, KeyFi, filed suit against Celsius, claiming it was operating a Ponzi scheme and that it owed Stone hundreds of millions of dollars in unpaid compensation. 

Stone claims Celsius ran out of money because it relied on attracting new customers by offering excessively high rates of return, and because it failed to adequately manage risk by hedging its investments. He also says he generated over US$800 million in profit in seven months for the lender, further claiming that he’s entitled to 20 percent of this profit – over US$200 million.

Financial documents filed by Celsius last week as part of its bankruptcy hearing show that the lender has a US$2 billion hole in its books and could be completely out of cash by the end of October.

Categories
DAO DeFi Ethereum NFTs

BendDAO Hit With Insolvency Crisis, Only 12.5 ETH Left

NFT lending protocol BendDAO is facing the serious prospect of insolvency as the amount of Wrapped Ether (wETH) remaining in its smart contract dwindles to just a fraction of what is owed to lenders. 

According to Twitter user and NFT market researcher NFTStatistics.eth, as of August 22 BendDAO only had 12.5 wETH while it still owned lenders an estimated 15,000 ETH – quite the shortfall:

This precarious situation has arisen partly because of a crash in the value of many leading NFT collections, including Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC).

BendDAO’s Model Based on NFT Value

BendDAO is a DeFi platform that allows users to borrow ETH using ostensibly ‘blue chip’ NFTs, such as BAYC, as collateral. The ETH that NFT owners borrow comes from other users who have deposited their ETH to the platform as a way to earn interest on their holdings. It’s these lenders who are at risk of being left holding the bag.

On paper, BendDAO’s model seems risky and, as it turns out, it is. The lender launched last year while the NFT market was particularly exuberant but the market has since taken a nosedive, exposing just how vulnerable this model is to market volatility. 

What’s Happening Now?

BendDAO is trying to boost its ETH reserves by adjusting the rate of interest charged to borrowers and paid to lenders. 

Statistics from the BendDAO website show that ETH borrowers are now required to pay over 100 percent interest on their loans (this is partially offset by 15.88 percent rewards paid in BendDAO’s own BEND token). 

Lenders are being offered a whopping annual rate of 66.9 percent on their ETH and a further 4.99 percent reward paid in BEND. Due to these high interest rates, borrowers’ levels of debt grow ever larger as the value of their collateral continues to fall.

What Next For BendDAO?

NFTStatistics.eth points out that most of the NFTs on BendDAO that have defaulted and gone to auction currently have no bids, citing two key factors: 

  1. BendDAO requires bids to be greater than the level of debt owed by the borrower and greater than 95 percent of the NFT’s OpenSea floor price; and
  2. Bidders are required to lockup their ETH for 48 hours.

NFTStatistics.eth also notes that as borrowers accrue more debt and NFT floor prices continue to fall, we’ll see many more NFTs default: 

Further according to NFTStatistics.eth, since none of the NFTs is selling, they’re not affecting the broader NFT market – but eventually they will need to sell, perhaps at a large discount, so that BendDAO can start to acquire ETH with which to pay back its lenders. If the NFTs are sold heavily discounted, we could see the prices of many NFT collections fall much further.

Decentralised Autonomous Organisations (DAOs), such as BendDAO, have been seen by crypto enthusiasts as a way to decentralise power and flatten organisational hierarchies, however recent research by Chainalysis has found that across 10 major DAO projects, one percent of token holders control 90 percent of voting rights.

Categories
Banking Celsius Crypto News DeFi

Celsius Has a $2 Billion Hole, on Track to be Out of Cash by October

Crippled crypto lending platform Celsius, which filed for bankruptcy in July, appears to be in an even worse financial position than previously thought, with papers filed this week revealing it may run out of money completely by October:

The papers filed in the US Bankruptcy Court for the Southern District of New York also showed that the lender holds US$2.8 billion less in crypto assets than it owes to depositors, leaving many users of the platform worried they may lose their deposits.

Celsius’ Books Don’t Make For Pleasant Reading

Celsius’ latest financial disclosure showed it had an opening cash balance of just under US$130 million in early August. The filing forecasts operating expenses and other costs to run to US$137 million over the next three months, meaning the lender will be in the red by the end of October.

The filing also showed that Celsius’ crypto liabilities to depositors exceed US$6.6 billion, while it only actually holds US$3.3 billion in crypto assets. 

The US$2.8 billion shortfall is largely due to deficits in the lender’s holdings of BTC, ETH and USDC. According to its financial disclosure, Celsius is more than US$2 billion short of BTC, over US$1 billion short of ETH and US$666 million short of USDC. These deficits are partially offset by its holdings of stETH, WBTC and its governance token, CEL:

Details of Celsius’ budget including its liabilities, deployment and assets, sourced from documents filed as part of US bankruptcy proceedings.

Could Celsius Sell CEL to Help Itself?

Celsius’ financial disclosure shows the lender holds 658 million of its CEL token of which 279 million are owed to customers, which leaves the lender with 379 million tokens. 

In the document CEL is valued at US$1 but the token has recently been the target of a social media-driven short squeeze, resulting in its price increasing significantly. According to CoinGecko, CEL was changing hands at US$2.45 at the time of writing – meaning Celsius’ CEL assets are notionally worth a lot more than the filing suggested.

So, what’s stopping Celsius selling its CEL tokens to help raise funds to pay its liabilities? Well, almost all circulating CEL is locked on Celsius itself. If the lender were to sell large quantities, the token’s value would likely collapse, leaving Celsius’ books in an even more dismal state.

In a cynical twist, crypto security firm Arkham Intelligence has evidence that it believes shows Celsius CEO Alex Mashinsky sold sizeable quantities of CEL via multiple transactions throughout May and August of this year. If true, this would mean the Celsius chief executive was actively dumping against the community-driven short squeeze to serve his own interests.

Categories
DeFi Hackers Stablecoins

aUSD Depegs by 99% Amid Hacker Issuing 1 Billion Tokens

Another stablecoin has shown itself to be anything but stable after the Polkadot-based DeFi hub Acala Network was hacked on August 14, causing its stablecoin aUSD to suddenly lose around 99 percent of its value:

According to a Twitter thread posted by the Acala Network account, the rapid plunge in value of aUSD was caused by a “misconfiguration” of its iBTC/aUSD liquidity pool that resulted in the minting of over 1.2 billion of new aUSD.

Network Paused in Aftermath

In the aftermath of the breach, an urgent governance vote was taken to pause network activity while Acala Network developers tried to trace exactly what happened and come up with a strategy to resolve the situation:

Acala Network developers also called on any recipients of the erroneously minted aUSD to transfer them to addresses under their control so they could be burned and taken out of circulation, in the hope this might restore aUSD’s peg.

Erroneously Minted aUSD Returned and Burned

Following a hastily arranged community governance referendum on August 16, nearly 1.3 billion erroneously minted aUSD were returned to Acala Network’s Honzon protocol and burned:

While this step has taken many of the newly minted aUSD tokens out of circulation, it hasn’t yet had any impact on the stablecoin’s price – at the time of writing CoinMarketCap was reporting its value as US$0.01, still down 99 percent from its intended peg of US$1.

This depegging event follows on from the June collapse of the Terra-based stablecoin, UST, which triggered further failures of Terra-exposed DeFi projects including the comically named Magic Internet Money.

In the midst of the chaos sparked by Terra’s collapse, Tron founder Justin Sun decided to launch his own algorithmic stablecoin, USDD, which he subsequently had to prop up to the tune of US$2 billion just months after its launch when it too lost its dollar peg.

Categories
Crypto News DeFi Hackers

DeFi Protocol Curve ‘Finance’ Exploited in DNS Spoofing Attack

Curve Finance’s front end this week became the victim of an exploit that ended with a loss of more than US$573,000. Curve took to Twitter to warn its users of the issue with its site, though luckily the spoofing exploit did not affect the Curve exchange:

Exploiting the Curve

On August 9, Twitter user @samczsun alerted the public to the exploit with a tweet that read: “@CurveFinance frontend is compromised, do not use it until further notice!” Despite the Curve team’s quick response to the issue, they were unable to prevent the loss.

The hacker(s) responsible seemingly changed the protocol’s domain name system (DNS), which then allowed them to approve a malicious contract by directing users to a fake clone. In a stroke of luck for Curve, the program’s exchange remained uncompromised, as it utilises a separate DNS provider.

An hour after the initial warning of the exploit, Curve tweeted:

While a significant sum was lost, the quick circulation of information on Twitter regarding the attack on the nameserver and front end may have prevented greater losses.

The Curve decentralised finance (DeFi) protocol is an integral part of the DeFi ecosystem, and exploits such as this prevent other protocols from accessing income sources.

Protocol Exploits Elsewhere

DeFi protocol exploits have proliferated in 2022, with two notable examples occurring in May and June. The first victim was the Fortress protocol, with the crypto borrowing and lending platform losing approximately US$3 million in stolen funds. The Binance Smart Chain (BSC)-based platform had suffered an oracle attack only days prior.

More recently, Terra-based DeFi app Mirror Protocol was the subject of a US$2 million exploit related to Terra blockchain’s recent rebrand to Terra Classic. The exploit almost completely drained the mBTC, mGLXY, mETH, and mDOT pools. Luckily the developers were able to patch the damage before all pools could be drained.

Categories
CeFi Crypto News DeFi NFTs

Despite Downturn, Crypto Fundraising Outpaces All of 2021

The cryptocurrency sector has generated over US$30 billion in fundraising in the first half of the 2022 fiscal year – more than the entire year of 2021, according to a report from crypto firm Messari.

The report says US$30.3 billion was raised through 1199 funding rounds across centralised finance (CeFi), decentralised finance (DeFi), Web3 and NFTs (non-fungible tokens ). At least US$25.9 billion came from crypto funds and US$10 billion from traditional funds.

Centralised Exchanges Attract Wide Capital Influx

Moreover, centralised exchanges have attracted a wide influx of capital despite some brokers filing for bankruptcy: US$4.6 billion in the first quarter of H1 and US$5.6 billion in the second quarter of H1. This represents 108 percent more than H1 2021 and more than a third of total fundraising:

DeFi Sector Falls Behind

Web3-related startups have also attracted considerable capital. However, it seems the DeFi sector fell behind with barely US$1.8 billion raised. Astar Network was one of the stellar protocols in terms of fundraising. On April 5, the protocol announced it had secured over US$22 million in a fundraising round led by several crypto companies and angel investors.

Moreover, blockchain game GOALS netted US$15 million in seed funding led by Northzone, a venture capital firm, and the CEO of Sorare.

Bear Market Out to Two Years?

After the fall of several cryptocurrency companies following the collapse of Terraform Labs, combined with global inflation and other macro economic factors, selling pressure has been widening across the crypto market. Some crypto analysts even predict a two-year-long bear market. But institutions and big investors are still betting on blockchain technology and crypto assets, the report notes.

Categories
Crime DeFi Regulation Tornado Cash

US Treasury Sanctions Crypto Mixer ‘Tornado’, Freezing USDC and ETH Addresses  

Tornado Cash, a mixing service that obscures crypto transaction information, has been sanctioned by the US Treasury, which claims the DeFi protocol is regularly used for money laundering to cover up cybercrime.

Treasury added Tornado Cash and 44 of its Ethereum and USDC wallet addresses to its Specially Designated Nationals list of embargoed entities typically used to prohibit people in the US from dealing with terrorists and authoritarian regimes.  

According to Treasury, more than US$7 billion had been laundered via Tornado Cash, including some US$455 million of the US$625 million stolen by North Korean hacking group Lazarus in an exploit of the Ronin Network in March this year. Tornado Cash was also used to conceal the source of more than US$96 million in dirty money from June’s Harmony Bridge heist, Treasury said. 

Protocol Fails to Balance Privacy and Compliance 

Tornado Cash ‘mixes’ crypto transaction details to break the links in on-chain activity, in the interests of preserving users’ privacy. Deposits are made via one address and withdrawn by a different address, meaning transactions are harder to trace – and therefore appealing to criminals.

In April 2022, Tornado Cash moved to block access by addresses sanctioned by Treasury’s Office of Foreign Assets Control (OFAC) in an attempt to demonstrate compliance. More recently, the protocol transitioned to a fully open-source user interface to increase transparency by enabling contributors to suggest code improvements.

However, it’s clear Treasury did not feel the protocol was meeting its anti-money-laundering obligations, making it a threat to US national security.

Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks. Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.

Brian E. Nelson, Treasury Under Secretary for Terrorism and Financial Intelligence

Treasury Issues Broader Warning

Treasury also had a warning for the broader crypto ecosystem: “As today’s action demonstrates, mixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.”