December 23, 2020
What Is Money, Anyway? | | Ledger’s Data Breach Impact | Bitgrail Arrest | Spending Those Sand Dollars | SEC Files Suit Against Ripple
- US National Defense Authorization Act Seeks to Expand Definition of Currency
- Ledger Wallet Underestimates Extent of Data Hack, Losing Consumer Trust
- BitGrail Chief Arrested for Involvement in $150 Million Fraud
- The Bahamas Launches Retail Use of its CBDC, the Sand Dollar
- Quick Read: SEC Alleges Ripple Conducted Sale of Unregistered Securities
H.R.6395 – National Defense Authorization Act for Fiscal Year 2021
On December 11, the United States Congress presented the National Defense Authorization Act (NDAA) for Fiscal Year 2021 to the President for final authorization. President Trump vetoed the bill on December 23.
Most notable to the crypto community, this year’s NDAA contains language that broadens the legal definition of “value that substitutes for currency” to include emerging payment methods such as virtual currencies.
The NDAA also clarifies the definition of money transmitting businesses and services by replacing the generalized term “funds” with “currency, funds, or value that substitutes for currency.”
In an effort to strengthen Treasury’s financial intelligence, anti-money laundering, and countering the financing of terrorism programs, the bill also establishes national exam and supervision priorities, increases technical assistance for international cooperation, and seeks to tackles financial crime issues related to beneficial ownership and a lack of corporate transparency.
Why it matters: If passed, the NDAA could be a game changer for AML professionals. While President Trump vetoed the 1,480 page bill, it passed both houses of Congress by veto-proof margins earlier this month, meaning President Trump’s veto will likely be overridden. Congress must now vote on whether or not to override the president’s veto. Congress has adjourned for the holidays but is slated to return on Monday, December 28.
Read the full bill here: https://www.congress.gov/bill/116th-congress/house-bill/6395
Ledger Reveals They Underestimated Extent of Data Hack that Exposed a Million Customer Emails
Back in July 2020, cryptocurrency hardware wallet Ledger announced they were victimized in a data breach that led to the exposure of customer emails and other information. At the time, the company said that only 9,500 customers were impacted. However, it was recently revealed that the hack was much larger in scope, leaking more than a million customer emails and exposing the phone numbers and home addresses of more than 270,000 customers. Since the breach, many of Ledger’s customers have been victims of phishing and ransomware attacks that included threats of violence.
Alon Gal, co-founder and CTO of security firm Hudson Rock, said, “Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before.” Although Ledger claimed that this hack did not threaten any customer funds, their reputation within the industry has been compromised.
Why it Matters:
Though Ledger acted quickly to fix the issue that led to the hack, the damage was already done, as their customers’ information had already been exposed. Their second, and perhaps greater error, was to misconstrue the extent of the data breach. By underestimating the scale and impact, Ledger lost consumer trust.
Read more in CryptoBriefing here:
Police Arrest BitGrail Boss for His Role in Largest Cyber-Financial Attack in Italy
The man who ran Italian-based cryptocurrency exchange BitGrail has been arrested for allegedly defrauding more than 230,000 people of €120 million ($146 million) collectively. In what has been deemed “the biggest cyber-financial attack in Italy and one of the biggest in the world,” the BitGrail boss faces charges of computer fraud, fraudulent bankruptcy, and money laundering.
In 2018, the same man alerted police of a Nano Coin hack, communicating the loss of “a huge sum.” Ivano Gabrielli, who is the head of the National Centre for Cyber Crimes in Italy, said that when their team started investigating, it became clear that the man was actually the head of BitGrail “[and] it…[was]…not yet clear whether he participated actively in the theft or if he simply decided not to increase security measures after discovering it.”
The police further allege that the man, a 34-year-old known as “F.F.,” interfered to prevent them from halting the continuing theft.
Why it Matters: It is important for all countries and exchanges to take note of how to identify suspicious behavior early. If law enforcement had acted on the red flags present in 2018, there could have potentially been a much faster arrest of this bad actor.
Read more in Reuters:
The Bahamian Sand Dollar Sees Retail Use
The Bahamian Sand Dollar, made available nationwide in October of this year, is now in retail use—a world’s-first for a Central Bank Digital Currency (CBDC) outside of pilot programs. A health-foods cafe was one of the first establishments to accept payments in the Sand Dollar; $130,000 of the currency is currently in circulation.
What was that first transaction? A green smoothie and a snapper fish burger, according to a report in Reuters.
Why it Matters:
As CBDCs transition from pilot stages to retail use, prioritizing compliance with AML and CFT regulations will be of paramount importance. Just as fiat currencies are frequently transferred across borders, we should expect the same will be true for CBDCs, and so Travel Rule regulations should be taken into account.
Read more in PYMNTS:
Quick Read: Ripple, Execs Face SEC Lawsuit
The U.S. Securities and Exchange Commission filed a lawsuit on December 22nd against Ripple, CEO Brad Garlinghouse, and Chris Larsen, a co-founder of the company, alleging that the firm’s sale of XRP constitutes an offering of unregistered securities. Ripple began the sale of XRP in 2013. Garlinghouse responded on Twitter, accusing SEC Chairman Jay Calyton of “picking winners.”
Read more on The Block: https://www.theblockcrypto.com/linked/88912/sec-ripple-labs-lawsuit-filed-2