November 13, 2020
DeFi Hacks Redux | BTC Tax Fraud | Senate Hears Crypto Testimony | KuCoin Recovery | Travel Rule Threshold Impact | Privacy Coins Banned
- DeFi Hacker Steals $2M from Akropolis Protocol
- Ex-Microsoft Engineer Sentenced to Nine Years in First US Case of Bitcoin Tax Fraud
- OCC’s Brian Brooks Testifies to the Importance of Crypto Before US Senate
- KuCoin Recovers Most of Stolen Funds from September Hack
- On the Blog: FinCEN’s Proposed “Travel Rule” Threshold Change Would More Than Double Compliance Triggers at US VASPs
- Privacy Coins Face New Challenges Among Exchanges and Governments
Akropolis DeFi Protocol Hacked for $2M in DAI
On November 12, Gibraltar-based decentralized finance (DeFi) protocol Akropolis was hacked for more than $2 million in the crypto-backed stablecoin DAI. The same day, the DeFi protocol announced on Twitter that the hackers exploited a body of smart contracts in the yCurve and sUSD savings pools. An independent audit of the pools did not identify the attack vectors used in the exploit, according to Akropolis’ official response. As a result of the hack, the protocol has paused all stablecoin pools.
Why it matters: While DeFi hacks were virtually negligible in 2019, over half of the crypto hacks in 2020 have originated from DeFi protocols and exchanges, accounting for 20% of crypto losses. According to Cointelegraph, the security firm that audited Akropolis’ smart contracts was the same firm that “conducted audits on lending protocol bZx, which has been attacked three times this year.”
Read more about how DeFi hacks make up more than half of 2020 crypto thefts: https://ciphertrace.com/half-of-2020-crypto-hacks-are-from-defi-protocols-and-exchanges/
IRS Calls Sentencing of Ukrainian National the First Case of Bitcoin Tax Fraud in US
A 26-year old Ukrainian national residing in Washington has been sentenced to nine years in prison in what the IRS calls the United States’ “first Bitcoin case [with] a tax component.”
Volodymr Kvashuk is a former Microsoft employee who allegedly stole more than $10 million from the company in currency stored value (CSV) such as digital gift cards. According to Cointelegraph, Kvashuk “used the accounts and identities of his fellow employees to steal and then sell the CSV — making it appear as though his co-workers were responsible for the fraud.”
Kvashuk attempted to hide the source of the stolen value by using a Bitcoin mixing service and then communicating to the IRS that $2.8 million in crypto assets flagged as passing through his accounts had been a gift from a relative. He filed a fake tax form to back up the false claim.
Why It Matters: As IRS special agent Ryan Korner said, “Simply put, today’s sentencing proves you cannot steal money via the Internet and think that Bitcoin is going to hide your criminal behaviors.” Agencies and law enforcement have refined their investigatory techniques and are increasingly able to act in identifying illicit cryptocurrency transactions.
Cryptocurrency Earns Validation from OCC’s Brian Brooks
On November 10, the OCC’s Acting Comptroller of the Currency, Brian Brooks, testified before the US Senate’s Committee on Banking, Housing and Urban Affairs. Brooks’s statement on cryptocurrency emphasized the increasing importance of digital assets to the American people.
In the written testimony Brooks shared that about 60 million Americans own cryptocurrency, and that the market cap of crypto is now roughly $430 billion. “These figures clearly illustrate that this payment mechanism is now firmly entrenched in the financial mainstream,” Brooks stated. He went on to explain that digital assets are used to pay for goods and services for reasons of security and convenience. He also described how the rise of stablecoins “demonstrates consumers’ comfort with its use.”
The OCC has sought to clarify regulatory requirements of banks pertaining to cryptocurrency transactions through two letters, conveying that banks have the authority to provide custody services for digital assets as well as hold reserves for customers issuing certain stablecoins.
Why It Matters: Brooks’s statement to the US senate further confirms recognition from regulators and banks that cryptocurrency is already integrated into our financial systems. In order for the OCC to ensure that financial institutions are operating in a “safe, sound, and fair manner,” regulatory clarity is essential. The OCC’s letters confirming banks’ authority to custody crypto assets and stablecoin reserves will further adoption of digital assets by mainstream financial players.
Read the written testimony here:
KuCoin Recovers 84% of Stolen $281 million in Crypto Assets from September Hack
Cryptocurrency exchange KuCoin, which suffered a $281-million hack in September, has now reportedly recovered 84% of the stolen funds, or about $236 million.
KuCoin founder and CEO Johnny Lyu explained in a tweet, “So far, 84% of the affected assets have been recovered via approaches like on-chain tracking, contract upgrade, and judicial recovery.”
The hacker swapped tokens to different accounts, making the funds harder to recover, but KuCoin is working with law enforcement to trace the movements. Trading on KuCoin is open for 176 of its 230 tokens, with the remaining tokens expected to resume trading on or before November 22.
Why It Matters: Though the number of exchange hacks continues to decline year over year, instances like the KuCoin hack serve as ongoing reminders of the importance of security as well as blockchain tracing so that offending parties can be identified and stolen funds can be recovered.
Read more in Bitcoin Exchange Guide here:
BLOG: FinCEN’s Proposed “Travel Rule” Threshold Change Would More Than Double Compliance Triggers at US VASPs
On November 13, CipherTrace released an excerpt from the upcoming Cryptocurrency Crime and Anti-Money Laundering Report. Our analysis shows FinCEN’s proposed rule change to “Travel Rule” thresholds would more than double the current number of compliance triggers for US VASPs.
- In October 2020 FinCEN released a proposed rule change, lowering the threshold for travel rule information sharing and retention from $3,000 to $250 for all cross-border payments involving US financial institutions.
- The proposed new rule will definitely apply to Convertible Virtual Currencies (CVCs).
- This rule change would multiply by at least 2.5 the number of qualified travel rule triggers.
- Over one million Travel Rule events could be triggered for US VASPs under proposed rule changes.
- Increased volume and complexity will significantly increase VASP compliance costs.
Quick Read: South Korea Plans to Ban Privacy Coins / ShapeShift Delists
South Korea will ban privacy coins in the new year while enforcing stricter KYC requirements on crypto users. The new regulations, filed as updates to the country’s Special Payment Act, will outlaw so-called “dark coins” that are considered hard to trace. Exchanges will have six months to show compliance with the KYC elements of the law.
The Singapore branch of OKEx, and the Singaporean exchange Upbit, delisted privacy coins based on their interpretation of FATF guidelines in September 2019. This month, Colorado-based ShapeShift delisted privacy coins Zcash, Dash, and Monero.
Dash has recently published a paper that draws a distinction between its practices and those of the coins with which it is often grouped. Dash CMO Fernando Gutierrez told Cointelegraph that “Dash is a payments cryptocurrency, with a strong focus on usability, which includes speed, cost, ease of use, and user protection through optional privacy.”
Read more on the new South Korean regulatory moves:
Read about the changes to ShapeShift policies:
On Dash’s stance on privacy coin status: