Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: A OneCoin Sentencing, Tornado Cash Update, FTX Repayment Plans
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, hackers stole from Prisma Finance and demanded praise, a OneCoin head was sentenced to prison, a Tornado Cash co-founder asked for dismissal of charges, FTX said it will repay customers, Singapore has new digital payment token rules, and the BoE and FCA launched Digital Security Sandbox.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Prisma Finance
Hackers who stole about $11 million from Prisma Finance in a flash loan attack on March 28 have transferred ETH equivalent to $6.5 million across two transactions to sanctioned cryptomixer Tornado Cash, PeckShield said.
One of the hackers, who claims to be a “white hat,” said they would consider returning “most” of the stolen funds if the Prisma Finance team holds an online press conference where they identify themselves and apologize to users and investors for not identifying the flaw. The hacker sought praise from the team for discovering the bug and for showing their intention to work with the company to fix it. “I hope this would help ppl be more careful participating in defi, the teams would be more responsible, and everyone would change their minds about things like this,” the hacker said in an on-chain message. The company offered the hacker a $1.1 million bounty instead.
Prisma Finance halted its protocol to prevent further theft and said Wednesday in a postmortem report that it is focusing on retrieving stolen user funds and will resume operations after securing the platform.
OneCoin
A judge from the U.S. District for the Southern District of New York sentenced Bulgarian national Irina Dilkinska to four years in prison for her role in the OneCoin cryptocurrency scheme. Dilkinska served as the project’s head of legal and compliance. She was found guilty of facilitating money laundering and other financial crimes. Dilkinska was also involved in transferring $110 million in illicit proceeds to a Cayman Island entity. She has been ordered to forfeit $111,440,000.
The OneCoin scheme, led by international fugitive Ruja Ignatova and Karl Sebastian Greenwood, recruited more than 3 million participants and generated nearly $4.4 billion in sales revenue between 2014 and 2016. Victims invested over $4 billion in total.
Dilkinska pleaded guilty to charges of wire fraud and money laundering in November. The Department of Justice said OneCoin was a global pyramid scheme and sentenced Greenwood to 20 years in prison and fined him $300 million. Ignatova, known as “the Cryptoqueen,” has been on the FBI’s Ten Most Wanted Fugitives list since May 2022.
Tornado Cash
The legal team of Tornado Cash developer and co-founder Roman Storm submitted a motion to dismiss the U.S. federal criminal charges. Attorney said that Storm relinquished control of the sanctioned cryptomixer before any illicit activity took place. They also challenged the characterization of Tornado Cash as a money-transmitting business, stating that it never levied fees. Storm’s lawyers argued that Storm’s activities as Tornado’s developer qualify as protected speech under the First Amendment. The motion argues that Storm cannot be held accountable for the actions of users who misused the software, since there is no evidence of his direct involvement or collaboration with illicit actors.
Storm faces one count each of conspiracy to commit money laundering, conspiracy to violate the International Economic Emergency Powers Act and conspiracy to operate an unlicensed money-transmitting business, carrying a total maximum sentence of 45 years in prison. The case has prompted substantial support for Storm’s legal defense in the decentralized finance community, raising approximately $1.5 million so far.
FTX
Notes from a meeting of FTX Digital’s Joint Official Liquidators in the Bahamas show that the FTX bankruptcy estate aims to initiate customer repayments by the end of this year through two concurrent processes: the Chapter 11 bankruptcy proceeding in a Delaware court, and the official liquidation of FTX Digital, based in the Bahamas. Both segments of the estate will collaborate to allow creditors to file claims with either entity.
Creditors have been using FTX’s claims portal since March 1, and the deadline to submit a claim was initially set for May 15. The deadline will likely be extended to at least June 2024. Claims in the Bahamian proceedings and the Chapter 11 claims will be assessed based on their value on Nov. 11, 2022, the original date of the bankruptcy claim.
A federal judge on March 28 sentenced on former FTX CEO Sam Bankman-Fried to 25 years in prison. Federal records show that as of Thursday, he is still located in the federal Metropolitan Detention Center in Brooklyn (see: Cryptohack Roundup: Sam Bankman-Fried Gets 25-Year Sentence).
Singapore Digital Payment Token Services
Singapore is tightening regulations for firms involved in digital payment token services such as cryptocurrency, and the Monetary Authority of Singapore announced amendments to the Payment Services Act and related legislation. Under the new rules, whose staggered implementation begins today, custodial services for DPTs, facilitation of DPT transmission, and cross-border money transfers will be regulated, even if funds are not handled in Singapore. The MAS will enforce requirements regarding anti-money laundering, counterterrorism financing, user protection and financial stability on DPT service providers. To facilitate the transition, the MAS will offer “transitional arrangements,” which require affected entities to notify the regulator within 30 days and submit a license application within six months from April 4.
Digital Securities Sandbox
The Bank of England and the United Kingdom’s Financial Conduct Authority are set to launch the Digital Securities Sandbox in autumn this year to support the integration of innovative technologies in digital assets. The initiative seeks to enable eligible U.K. firms to leverage blockchain and distributed ledger networks for trading and settling digital securities such as shares and bonds. While the DSS focuses on facilitating regulatory adaptation for digital securities, it excludes derivative contracts and “unbacked crypto assets” such as bitcoin and ether. FCA Executive Director Sheldon Mills said the sandbox’s role is to reshape regulation by allowing firms to test changes in real-world scenarios before permanently implementing them.