US Disbands Cryptocurrency Legal Team

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Trump administration disbanded a Justice Department crypto unit, the U.S. Securities and Exchange Commission will review crypto guidance, Usual pledged up to $16M in bug bounties, a PoisonSeed phishing campaign, FTX repayment plan troubles and a Coinbase 2FA error.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

The U.S. Department of Justice is shutting down its National Cryptocurrency Enforcement Team and narrowed crypto-related investigations on crimes linked to terrorism, drug cartels and organized crime.

A memo from Deputy Attorney General Todd Blanche accused its predecessor administration led by Joe Biden of a “reckless strategy of regulation by prosecution” of digital assets, reported Reuters. Launched in 2022, the unit handled major cases, including the prosecution of Binance and its founder Changpeng Zhao for money laundering. Under President Donald Trump, enforcement is taking a more crypto-friendly stance. Blanche based the directive on a Trump executive order supporting open blockchain access for individuals and businesses.

Acting U.S. Securities and Exchange Commission Chair Mark T. Uyeda instructed agency staff to review several past staff statements related to cryptocurrency and securities regulation, aiming to align them with Trump administration priorities. The directive follows an executive order titled “Unleashing Prosperity Through Deregulation” and recommendations from the Department of Government Efficiency.

Key documents under review include 2019 guidance on applying the Howey test to digital assets, an ongoing legal debate that helps determine if an asset qualifies as a security. Uyeda’s move comes as the SEC signals a shift, recently stating that most meme coins likely fall outside securities laws. Also up for reconsideration is a 2021 statement warning investors about mutual funds exposed to Bitcoin futures. At the time, the SEC raised concerns about volatility and market manipulation, though the landscape has since changed, with spot Bitcoin and Ethereum ETFs gaining significant traction. Guidance on crypto-related disclosures after industry bankruptcies will come under review as well.

Decentralized stablecoin protocol Usual launched what it claims is the largest bug bounty in tech history, offering $16 million for uncovering a critical vulnerability in it’s codebase. Partnering with blockchain security firm Sherlock, Usual aims to incentivize ethical hackers to identify serious flaws before they can be exploited. The record-setting bounty surpasses previous crypto industry rewards from Uniswap at $15.5 million, LayerZero Labs at $15 million and Wormhole at $10 million, and even Google’s $12 million annual program. To qualify for the top payout, vulnerabilities must result in a clear and significant loss or freezing of funds, without requiring external conditions.

A phishing campaign dubbed “PoisonSeed” is hijacking corporate email marketing accounts to steal cryptocurrency, said SilentPush. The campaign compromises accounts from platforms like Mailchimp, SendGrid, HubSpot, Mailgun and Zoho, and primarily targets users of Coinbase and Ledger. Attackers identify high-value employees with access to these platforms, phish their credentials using spoofed login pages and then send crypto-themed phishing emails from the compromised accounts. Once inside, attackers extract mailing lists and create new API keys to retain control. Victims receive emails urging them to “migrate” to a new wallet by entering a pre-filled seed phrase, which is actually controlled by the attackers. When victims follow through, their assets are transferred into the attacker wallets and drained.

Nearly 400,000 creditors of the bankrupt cryptocurrency exchange FTX risk losing a combined $2.5 billion in repayments after failing to begin the required KYC process, showed a filing in the U.S. Bankruptcy Court for the District of Delaware. The original deadline to start KYC was March 3, but has now been extended to June 1. The court is set to permanently disqualify unverified claims after that date.

Claims under $50,000 account for about $655 million of the total at-risk funds, while larger claims could exceed $1.9 billion. The next round of repayments, scheduled for May 30, is expected to distribute over $11 billion to creditors with valid claims exceeding $50,000. FTX’s recovery plan aims to repay 98% of creditors at least 118% of their original claim value in cash.

Coinbase is reportedly updating a misleading error message in its account activity logs that has caused confusion among users, many of whom feared their accounts were compromised. Over the past few weeks, users reported seeing “second_factor_failure” or “2-step verification failed” messages after receiving phishing emails or texts, leading them to believe someone had their password but failed to bypass two-factor authentication. This prompted widespread anxiety, password resets and malware scans. But these messages also appear when an incorrect password is entered, not just after a failed 2FA attempt, making the warning misleading. Coinbase acknowledged the issue and said it plans to revise the message, though it has not provided a timeline.