In this issue:
• CBDC Initiatives Advance in Colombia and Hong Kong
• DOJ Charges Defendants Re: Mt. Gox, BTC-e; CFTC Highlights Ooki DAO Order
• Hackers Attack Decentralized Wallet, Centralized Trading Desk, DeFi Protocol
• Reports Provide Insights Into Cryptocurrency Illicit Finance Typologies
CBDC Initiatives Advance in Colombia and Hong Kong
According to a recent press release, a major U.S. fintech company and “leader in enterprise blockchain and crypto solutions” has announced a collaboration with Colombia’s Central Bank to explore blockchain technology use cases that leverage the fintech company’s Central Bank Digital Currency (CBDC) platform and its open-source blockchain, XRP Ledger. The Central Bank will “pilot use cases that enhance Colombia’s high-value payment system using … an energy-efficient and open-source blockchain.” The goal is to “educate national and territorial public entities through interactive and collaborative real-world application experiments on how blockchain technology[] … can revolutionize payment systems and data management.”
A white paper recently published by the Hong Kong Monetary Authority (HKMA) provides findings from an HKMA study on the prospect of issuing a retail CBDC (rCBDC) in Hong Kong, referred to as e-HKD. Among other things, the study found that respondents from a market consultation “are supportive of the e-HKD initiative and believe that rCBDC has the potential to make payments more efficient while supporting the digital economy.” The study found significant agreement that an rCBDC should take a holistic approach, seek to protect user privacy while supporting legal and regulatory compliance, achieve the highest level of cybersecurity, support interoperability with a wide range of payment and transaction systems, and be open and inclusive to support a diverse set of participants and rCBDC wallet providers. Based on the study findings, “the HKMA considers it necessary to at least start paving the way for possible future implementation of e-HKD.” Future initiatives cited by the study include laying the technology and legal foundations for implementing e-HKD, researching use cases and design issues, and conducting pilots with various stakeholders.
For more information, please refer to the following links:
- Ripple and Peersyst Partner with Colombia’s Banco de la República in Advancing the Implementation and Utilization of Blockchain Technology
- Hong Kong Monetary Authority to Prepare for Retail CBDC
- e-HKD – Charting the Next Steps
DOJ Charges Defendants Re: Mt. Gox, BTC-e; CFTC Highlights Ooki DAO Order
The U.S. Department of Justice (DOJ) recently published a press release announcing unsealed charges related to the 2011 hack of the cryptocurrency exchange Mt. Gox and the operation of the illicit cryptocurrency exchange BTC-e. According to the press release, two Russian nationals are charged with conspiring to launder approximately 647,000 bitcoins from their hack of Mt. Gox. One of the defendants is also charged with conspiring to operate BTC-e. According to the press release, the defendants laundered more than 300,000 bitcoins stolen from Mt. Gox by transferring the bitcoin to a cryptocurrency exchange account held by a “Bitcoin Broker” based in New York. In exchange for the bitcoin, the Bitcoin Broker transferred U.S. dollars to offshore bank accounts, including accounts in the names of shell corporations, controlled by the defendants. The press release notes that from 2011 to 2017, BTC-e “was one of the world’s largest cryptocurrency exchanges and was one of the primary ways by which cyber criminals around the world transferred, laundered, and stored the criminal proceeds of their illegal activities.” The defendants are charged with conspiracy to commit money laundering and operating an unlicensed money services business.
A press release by the U.S. Commodity Futures Trading Commission (CFTC) highlighted the recently entered default judgment order by the U.S. District Court for the Norther District of California against Ooki DAO. According to the press release, the order “requires the defendant Ooki DAO, a decentralized autonomous organization that the CFTC charged with operating an illegal trading platform and unlawfully acting as a futures commission merchant (FCM), to pay a civil monetary penalty of $643,542; orders permanent trading and registration bans; and orders the Ooki DAO, as well as any third party providing web-hosting or domain-name registration services to shut down the Ooki DAO’s website and remove its content from the Internet.” Among other things, the press release states that “in a precedent-setting decision, the court held that the Ooki DAO is a ‘person’ under the Commodity Exchange Act and thus can be held liable for violations of the law.”
For more information, please refer to the following links:
- Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another
- Statement of CFTC Division of Enforcement Director Ian McGinley on the Ooki DAO Litigation Victory
Hackers Attack Decentralized Wallet, Centralized Trading Desk, DeFi Protocol
According to a recent report, losses to Atomic Wallet, a decentralized cryptocurrency wallet, relating to an alleged hack attributed to North Korea’s Lazarus Group have reached $100 million. The report notes that in response to the freezing of certain assets, the thief has now modified its behavior and is allegedly utilizing a Russia-based exchange to launder the stolen assets.
In related news, an institutional trading desk with a focus on cryptocurrencies reportedly suffered a cyberattack earlier this week. According to a recent report, the company halted trading, deposits and withdrawals following the cyberattack, which resulted in a $15-$20 million loss of cryptocurrency. The company had previously undergone cybersecurity audits and penetration testing in an effort to ensure it was safe, and had achieved a SOC-2 rating, according to the report.
And finally, a hack of a decentralized finance protocol has resulted in the loss of 442 Ether, worth approximately $800,000, by exploiting a security vulnerability, according to a recent report. The hack was accomplished through a reentrancy attack, and the stolen funds were sent to crypto-mixer Tornado Cash, based on the report. The root cause of the hack was noted as being a faulty price oracle.
For more information, please refer to the following links:
- North Korea-Linked Atomic Wallet Heist Tops $100 Million
- Crypto Prime Broker FPG Loses Up to $20M in Cyber Attack
- Attacker drains $800K from DeFi protocol Sturdy Finance
Reports Provide Insights into Cryptocurrency Illicit Finance Typologies
Blockchain analytics provider Elliptic recently released its 2023 Elliptic Typologies Report, which analyzes “the evolving nature of illicit behaviors and financial crime typologies in the crypto space.” Among other things, the report finds that in 2022, (1) large-scale ransomware attacks persisted, with attackers devising increasingly sophisticated laundering methods; (2) pig-butchering scams proliferated to become a massive illicit business, with criminals increasingly looking to Bitcoin ATMs as a conduit for receiving funds from victims; (3) North Korea’s Lazarus Group continued its large-scale hacking activity, increasingly targeting vulnerable points in the decentralized finance (DeFi) ecosystem; (4) the Russian invasion of Ukraine focused attention on the use of cryptoassets by nation-state actors to evade financial and economic sanctions; and (5) illicit actors have increasingly begun to launder funds by swapping cryptoassets through the DeFi ecosystem. The report provides insights into these and other cryptocurrency illicit finance typologies, including through case studies and illustrations.
Another blockchain analytics firm, Chainalysis, recently published a blog post analyzing the use of cryptocurrency mining pools for money laundering. Among other things, the blog post discusses the use of mining pools to launder cryptocurrency funds by the North Korean hacking syndicate Lazarus Group, ransomware gangs and crypto scammers. The blog post includes two case studies demonstrating how threat actors use mining pools to create the illusion that illicit funds are proceeds from mining rather than criminal activity.
For more information, please refer to the following links: