December 23, 2020

CipherTrace

US National Defense Authorization Act Seeks to Expand Definition of Currency
Ledger Wallet Underestimates Extent of Data Hack, Losing Consumer Trust
BitGrail Chief Arrested for Involvement in $150 Million Fraud
The Bahamas Launches Retail Use of its CBDC, the Sand Dollar
Quick Read: SEC Alleges Ripple Conducted Sale of Unregistered Securities

H.R.6395 – National Defense Authorization Act for Fiscal Year 2021

On December 11, the United States Congress presented the National Defense Authorization Act (NDAA) for Fiscal Year 2021 to the President for final authorization. President Trump vetoed the bill on December 23.

Most notable to the crypto community, this year’s NDAA contains language that broadens the legal definition of “value that substitutes for currency” to include emerging payment methods such as virtual currencies.

The NDAA also clarifies the definition of money transmitting businesses and services by replacing the generalized term “funds” with “currency, funds, or value that substitutes for currency.”

In an effort to strengthen Treasury’s financial intelligence, anti-money laundering, and countering the financing of terrorism programs, the bill also establishes national exam and supervision priorities, increases technical assistance for international cooperation, and seeks to tackles financial crime issues related to beneficial ownership and a lack of corporate transparency.

Why it matters: If passed, the NDAA could be a game changer for AML professionals. While President Trump vetoed the 1,480 page bill, it passed both houses of Congress by veto-proof margins earlier this month, meaning President Trump’s veto will likely be overridden. Congress must now vote on whether or not to override the president’s veto. Congress has adjourned for the holidays but is slated to return on Monday, December 28.

Read the full bill here: https://www.congress.gov/bill/116th-congress/house-bill/6395

Ledger Reveals They Underestimated Extent of Data Hack that Exposed a Million Customer Emails

Back in July 2020, cryptocurrency hardware wallet Ledger announced they were victimized in a data breach that led to the exposure of customer emails and other information. At the time, the company said that only 9,500 customers were impacted. However, it was recently revealed that the hack was much larger in scope, leaking more than a million customer emails and exposing the phone numbers and home addresses of more than 270,000 customers. Since the breach, many of Ledger’s customers have been victims of phishing and ransomware attacks that included threats of violence.

Alon Gal, co-founder and CTO of security firm Hudson Rock, said, “Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before.” Although Ledger claimed that this hack did not threaten any customer funds, their reputation within the industry has been compromised.

Why it Matters:

Though Ledger acted quickly to fix the issue that led to the hack, the damage was already done, as their customers’ information had already been exposed. Their second, and perhaps greater error, was to misconstrue the extent of the data breach. By underestimating the scale and impact, Ledger lost consumer trust.