Weekly Crypto Roundup: titans clash, hacks continue, and sanctions hit home

The week came to a close with Bitcoin just under  $24,000, while Ether jumped over 14% to rest at under $1,900

The week came to a close with Bitcoin just under  $24,000, while Ether jumped over 14% to rest at under $1,900 | Photo Credit: Reuters

Binance-WazirX clash

India’s Enforcement Directorate (ED) froze ₹64.67 crore worth bank deposits belonging to crypto exchange WazirX. The ED was also investigating money laundering allegations and “mystery” crypto transactions between WazirX and Binance which were not accessible on the blockchain.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

WazirX clarified that such transfers were users sending crypto funds between their personal WazirX and Binance accounts.

During this time, however, there was a public clash as WazirX CEO Nischal Shetty claimed that WazirX was owned by Binance, the world’s largest crypto exchange. Binance’s CEO, billionaire Changpeng Zhao, denied these ownership claims in the strongest terms and urged WazirX users to move their funds to Binance. Following a heated exchange of tweets between the two CEOs, WazirX and Binance announced an end to the “off-chain” transfers between the two exchanges. WazirX further warned Indian users that moving their funds to Binance could put them at risk of violating India’s crypto tax regulation, where 1% or 5% must be deducted at source for certain amounts.

As the ED continues its probe, an Indian government source warned that the WazirX episode revealed the “dark side” of cryptocurrency and urged users to be cautious with such transactions.

The ED’s future discoveries regarding WazirX and its financial activities could harden the Indian government’s stance on crypto innovation for years to come.

No end to hack jobs

Three days into August, thousands of wallets linked to the Solana blockchain were being drained of crypto assets, as members of the ecosystem tried to stem the leak and identify what vulnerability the hacker exploited. Days later, evidence seemed to point at the Slope wallet which provides services for Solana users. 

Slope on Thursday published a statement confirming that 9,232 addresses were hacked overall. An independent audit discovered that there was a vulnerability in the mobile version of the wallets from July 28th to August 3rd.

“Although there is no conclusive evidence from the auditors to link the Slope vulnerability to the exploit, its very existence put a lot of assets in danger,” stated the release.

A detail audit will shed more light on the actual cause(s) of the hack, even as the company continues to look for the hacker and come up with ways to compensate the impacted users.

However, the next hack wasn’t far off as Curve Finance, an exchange liquidity pool, was exploited on Tuesday. This attack affected Curve Finance’s website and over $500,000 was reported stolen through a malicious contract on the homepage, according to Binance’s CEO. This time, though, the saga appeared to end on a lighter note as the hackers tried to send the stolen funds to Binance.

“Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it,” tweeted Mr. Zhao on Friday.

Mr. Zhao also advised that Web3 projects should not use GoDaddy as a Domain Name System (DNS) for security reasons. 

The incident goes to show how not just crypto protocols but also their accompanying channels - websites, social media accounts, messaging systems, vendor services, etc. - are all at risk of being targeted by hackers. On the other hand, it also highlights the role centralised crypto exchanges can play in thwarting such incidents well ahead of the legal authorities.

A tornado of chaos

Hackers fleeing with millions of dollars in crypto funds often throw off the authorities by running their ill-gotten gains through a virtual currency mixer. Such ‘mixers’ conceal the source of the funds by shuffling them with funds from other sources - including legal ones - so that the illegal transactions become more or less impossible to trace.

One common virtual currency mixer is Tornado Cash, a decentralised protocol based on the Ethereum blockchain. Tornado Cash has been linked to the Harmony and Nomad crypto bridge hacks which took place this summer. On Monday, the Treasury’s Office of Foreign Assets Control (OFAC) announced it was imposing sanctions on Tornado Cash for not doing more to prevent money laundering.

However, the following days revealed that the sanctions would not just affect hackers, but also legitimate crypto traders. In particular, a number of accounts on dYdX - a decentralised crypto exchange based on the Ethereum blockchain - were also blocked as a result of the sanctions. 

dYdX issued a statement, clarifying that the blocks were a result of some users’ funds being associated with the sanctioned crypto mixer, even if the users themselves had no interactions with Tornado Cash.

“Many accounts were blocked because a certain portion of the wallet’s funds (in many cases, even immaterial amounts) were associated at some time with Tornado Cash, which was recently added to the sanctions list by the U.S. Treasury’s OFAC,” stated dYdX’s release.

dYdX is continuing to un-ban accounts, but the incident goes to show how one country’s sanctions can have far reaching effects that reach deep into decentralised ecosystems as well.

[The rise in Ether’s price mentioned in the lead has been corrected.]

Our code of editorial values

  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

Printable version | Aug 16, 2022 1:27:05 pm |