Security

73.3% of Q1 rug pulls happened on BNB Chain: Immunefi

Rug pulls and other frauds made up a small percentage of losses compared to hacks and exploits, the report stated.

BNB Chain was the king of rug pulls in the first quarter of 2023, with over 73.3% of such scams in the entire crypto ecosystem happening on the network, according to an April 4 report from blockchain security firm Immunefi.

The report, titled “Crypto Losses in Q1 2023,” investigated a variety of crypto hacks and scams in the first quarter of the year. It found that Ethereum and BNB Chain were the two largest targets for hackers and scammers, with 68.8% of total losses from these networks combined. BNB Chain, in particular, made up 41.3% of total losses from hacks and scams.

One type of scam, in particular, reigned supreme on BNB Chain: rug pulls, a type of scam where developers raise funds and then close up shop without delivering a product or service. Immunefi stated that 73.3% of all rug pulls in the crypto ecosystem happened on BNB Chain in the first quarter.

Immunefi tech Lead Adrian Hetman speculated that the large number of rug pulls on the chain may be due to a culture that promotes forking open-source code:

“BNB Chain still has a serious issue with developers using forked code. Its community lacks a security-first approach and attracts many users looking for a quick way to earn money. That’s why we continue to see the biggest number of exploits and rug pulls in this ecosystem.”

Despite the prevalence of these scams on BNB Chain, Immunefi also stated that rug pulls and other frauds are a much smaller problem in the crypto community than hacks or exploits. Hacks were the “predominant cause” of losses in Q1 2023, the report said, whereas all frauds combined (including rug pulls and other scams) made up only 4.3% of total losses.

The first quarter of 2023 has seen spectacular hacks and exploits, draining millions of dollars from decentralized finance (DeFi) protocols. On Feb. 1, the DeFi lending app BonqDAO was the victim of an oracle hack, losing $120 million in crypto. On Feb. 17, decentralized exchange aggregator Dexible was hacked for over $2 million. And on March 13, Euler lost over $195 million of crypto in the largest DeFi attack of the quarter.

INX security token platform gets its first token from a public company, Greenbriar

INX security tokens exist on Ethereum and use the ERC-1404 standard.

INX has launched its first securities token issued by a public company, according to an Apr. 3 announcement from the tokenization platform.

Public company shares on the blockchain?
Witness the future in action!
Proud to team up with @Greenbriarcorp to tokenize its GEBRF traditional shares in an industry-first!https://t.co/sS4p5MIwa3

— INX (@INX_Group) April 3, 2023

The new token represents shares of Greenbriar Capital, which is traded in non-token form on the U.S. over-the-counter (OTC) market under the ticker symbol GEBRF and on the Toronto Stock Exchange as GRB.

Greenbriar is a developer of entry-level housing and green energy products. This is the first time its shares have been available to trade on a public blockchain network.

According to the platform’s help files, INX security tokens exist on the Ethereum network and conform to the ERC-1404 simple restricted token standard. When a user purchases security tokens through INX, they must whitelist their Ethereum address by signing a message through Metamask. The smart contract keeps track of which addresses have been whitelisted, and if a user tries to transfer tokens to an address that is not whitelisted, the transfer fails.

INX claims that it does not custody any security tokens on behalf of users, as these tokens are only held in the user’s wallet.

To handle Ethereum gas fees, the platform currently charges a $25 commission for each security token purchased, according to the app’s user interface.

INX has previously listed two other security tokens on its platform: INX, which represents shares of the platform’s own company and MSCO, which represents shares of the MS Token fine art studio. However, these previous tokens have represented privately held companies, whereas GEBRF is the first public company with full financial disclosures to join the INX platform, the announcement said.

INX also offers traditional cryptocurrencies such as Bitcoin (BTC), Ether (ETH), Zcash (ZEC), and others.

Cryptocurrency developers have often tried to avoid having their tokens classified as securities, since this designation requires developers to provide extensive disclosures to the Securities and Exchange Commission and other government bodies. However, some experts argue that tokenization of securities will bring benefits to the traditional financial industry.

In September, KKR’s Health Care Strategic Growth Fund II (HCSG II) was tokenized on the Avalanche (AVAX) network with the help of Securitize Capital. And in October, the Tel Aviv Stock Exchange announced it was testing a tokenized bond trading program. Ralf Kubli of the Casper Association has argued that tokenized mortgage-backed securities will be essential in preventing future financial crises.

Italian regulator draws criticism for blocking AI chatbot ChatGPT

ChatGPT’s temporary ban in Italy over privacy concerns draws criticism from figures in the tech industry and the country, including expert Ron Moscona and Deputy PM Matteo Salvini.

Italy’s ban on conversational artificial intelligence (AI), ChatGPT, sparked significant controversy among the tech industry and the country. The Italian deputy prime minister also criticized the ban as excessive.

On Friday, March 31, following concerns raised by the national data agency about possible privacy violations and failure to verify the age of users, Microsoft-backed OpenAI took ChatGPT offline in Italy. This action by the independent agency marked the first instance of a Western country taking measures against the AI chatbot.

The Italian Deputy Prime Minister Matteo Salvini took to Instagram to share his thoughts: “I find the decision of the Privacy Watchdog that forced #ChatGPT to prevent access from Italy disproportionate,” says a translated version of his post.

Salvini said that the regulator’s move was hypocritical, as there are dozens of services based on artificial intelligence , naming examples like Bing’s chat. Salvini said common sense was needed as “privacy issues concern practically all online services.”

The ChatGPT ban could harm national business and innovation, Salvini said, adding that he hoped for a rapid solution to be found, and for the chatbot’s access to Italy to be restored.

“Every technological revolution brings great changes, risks, and opportunities. It is right to control and regulate through international cooperation between regulators and legislators, but it cannot be blocked,” he said.

Another objection to the ban was heard from Ron Moscona, a partner at the international law firm Dorsey & Whitney, and an expert in technology and data privacy. He said the ban by the Italian regulators comes as a surprise, as it is unusual to completely ban a service due to a data breach incident.

Following the request from the authorities, OpenAI has blocked ChatGPT for users in Italy. However, the company stated that it adheres to privacy regulations in Europe, and is willing to cooperate with Italy’s privacy regulatory body. OpenAI claimed that it takes measures to minimize personal data when training its AI systems, including ChatGPT, as its goal is for the AI to acquire knowledge about the world, not to obtain information about specific individuals.

The AI chatbot is also under scrutiny in other regions worldwide. The Center for Artificial Intelligence and Digital Policy (CAIDP) lodged a complaint against ChatGPT on March 31, intending to prevent the deployment of potent AI systems to the general public. The CAIDP characterized the chatbot as a “biased” and “deceptive” platform that jeopardizes public safety and confidentiality.

Magazine: All rise for the robot judge: AI and blockchain could transform the courtroom

CZ, Binance, influencers face $1B lawsuit for unregistered securities promo

While three American citizens brought the case, the lawsuit alleges that “millions” of people could be eligible for damages.

Five days after Binance and its CEO Changpeng “CZ” Zhao were sued by the United States Commodity Futures Trading Commission (CFTC) for alleged trading violations, a new $1 billion lawsuit was filed against the crypto exchange, CZ and three crypto influencers for promoting unregistered securities.

On March 31, the Moscowitz Law Firm and Boies Schiller Flexner filed the $1 billion lawsuit in the Southern District of Florida, claiming Binance’s involvement in trading unregistered securities and paying influencers for the unlawful promotion of such services, according to Fortune. While explaining the charges, the filing read:

“This is a classic example of a centralized exchange, which is promoting the sale of an unregistered security.”

In a previous lawsuit against Voyager, the law firm alleged that influencers promoting “unregistered securities” are liable for customer losses. Based on similar claims, Binance and the influencers — NBA Miami Heat star Jimmy Butler, and YouTubers Graham Stephan and Ben Armstrong (BitBoy Crypto) — are challenged with paying $1 billion for the damages caused to investors.

“We’ve been investigating these same unregistered security issues against Binance for over a year,” added the lawsuit. Promoters and the exchanges facilitating trades of such assets “would be liable” for the customer losses. In addition, the suit claims that investors have no obligation to prove they were influenced by the advertisements.

While three American citizens brought the case, the lawsuit alleges that “millions” of people could be eligible for damages. The law firm also plans to rope in more Binance influencers to the suit in future filings.

Meanwhile, CZ and other top Binance executives have been concealing the crypto exchange’s ties to China, claims a Financial Times report.

“We no longer publish our office addresses … people in China can directly say that our office is not in China,” Zhao had reportedly said in a company message group in November 2017.

However, speaking to Cointelegraph, Binance confirmed that the company “does not operate in China nor do we have any technology, including servers or data, based in China,” adding:

“While we did have a customer service call center based in China to service global Mandarin speakers, those employees who wished to remain with the company were offered relocation assistance starting in 2021.”

According to Binance, its 8,000 full-time employees live across Europe, the Americas, the Middle East, Africa and the Asia-Pacific.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Gnosis launches Hashi bridge aggregator to help prevent hacks

Bridge protocols LayerZero, Celer, Wormhole, LiFi, and others have already committed to implementing the new protocol.

Gnosis, the team behind Gnosis Safe multi-sig and Gnosis Chain, has launched a hash oracle aggregator for blockchain bridges, according to an announcement from the company. In a conversation with Cointelegraph, Gnosis CEO Martin Köppelmann stated that the new aggregator should make bridges more secure by requiring more than one bridge to validate a withdrawal before it can be confirmed.

Multiple bridge protocols have already committed to integrating with Hashi, including Succinct Labs, DendrETH, ZK Collective, Connext, Celer, LayerZero, Axiom, Wormhole and LI.FI, according to the announcement.

Over $2 billion was stolen from bridges in 2021 and 2022, according to a report by Token Terminal. Bugs in the code have caused some bridge hacks, whereas others have been caused by the attacker taking over a multi-sig governance wallet.

According to Köppelmann, Hashi can provide the first step towards making these cross-chain transactions more secure throughout the blockchain ecosystem, by requiring withdrawals to be validated by multiple bridges instead of just one:

“Hashi is about essentially creating this aggregator that can use different bridges and basically say they all need to agree to the same message […] If they do, great, then we can be really, really certain that this message is actually real and if they disagree […] Then we know we need to escalate to governance, we need to halt the bridge.”

Köppelmann also emphasized that Hashi helps to prevent multi-sig governance attacks because it allows a protocol to prevent governance from intervening if there is no disagreement between individual bridges.

“Here you can have this nice tradeoff where you say ‘the governance is not allowed to do anything,’ so it cannot interfere with the system unless there is explicitly a conflict or a bug,” he explained. “So as soon as those bridges that are supposed to report on the same thing […] Disagree, well then governance is allowed to interfere, otherwise governance has no role. That’s Hashi.”

Hashi is open source and available on GitHub.

The idea of a multi-bridge aggregator rose to prominence during the Uniswap bridge debate in December and January. Although Wormhole was ultimately chosen as Uniswap’s bridge provider, representatives from Celer, LiFi, and deBridge, as well as other participants concluded that a multi-bridge aggregation solution needed to be implemented going forward.

Kraken aims for restricted dealer registration in Canada to comply with new rules

In February, Canadian Securities Administrators announced enhanced investor protection requirements for crypto asset traders.

Crypto exchange Kraken has filed a preregistration undertaking with the Ontario Securities Commission in Canada seeking restricted dealer status. United States-based Kraken is already active in Canada and is acting to comply with the new guidance.

Kraken is registered in Canada as a money services business and has been operating there for over 10 years. The Canadian Securities Administrators (CSA) implemented new guidance for crypto asset trading platforms on Feb. 22, requiring Kraken to file a preregistration undertaking legally committing it to observe new investor protections.

The new requirements for crypto trading platforms will be subject to include new custody standards, restrictions on the use of leverage and a ban on trading stablecoins without prior written consent from the CSA. Kraken managing director for Canada Mark Greenberg said:

“We want both existing and prospective clients to know Kraken remains committed to Canada.”

Restricted dealer registration is “a special kind of dealing registration used for firms that do not quite fit under any other category” under CSA definitions. Regulators tailor requirements for firms with this status individually.

CRYPTO changes for Canada are coming! #crypto #Bitcoin #canada pic.twitter.com/40qLdQLLru

— megbzk (@megbzk) March 26, 2023

Cryptocurrency exchange OKX announced on March 20 that it would stop providing service to Canadian customers within three months due to “new regulations.” OKX added that its withdrawal from the country was temporary and it was working with regulators.

The CSA is the umbrella organization for Canada’s 13 regional securities regulators. There is no federal Canadian regulator. Registration by one CSA member provides a so-called “passport” for firms doing business in other provinces or territories.

In February, Kraken paid $30 million in penalties and disgorgement in the United States after the Securities and Exchange Commission charged it with failing to register its staking-as-a-service program as a security. Kraken said at the time that it would continue to offer its staking program to non-U.S. customers.

Magazine: Best and worst countries for crypto taxes — Plus crypto tax tips

Beaxy exchange shutters after SEC presses multiple charges against founder, execs

The regulator is throwing the book at Beaxy and people associated with it on charges of unregistered securities offering and failing to register in a number of capacities.

Beaxy suspended operations on March 28 “due to the uncertain regulatory environment surrounding our business,” according to the cryptocurrency exchange’s blog. The suspension came a day before the United States Securities and Exchange Commission announced it was charging Beaxy and its executives with failing to register as a national securities exchange, broker and clearing agency.

The SEC also said it was charging Beaxy founder Artak Hamazaspyan and Beaxy Digital, a company he controls, with raising $8 million through an unregistered offering of the Beaxy token (BXY) and the misappropriation by Hamazaspyan of $900,000 of investor funds for personal uses.

In addition to those charges, the agency is charging market makers operating on the Beaxy platform as unregistered dealers. SEC chair Gary Gensler said in a statement:

“We allege that Beaxy and its affiliates performed the functions of an exchange, broker, clearing agency, and dealer without registering with the Commission and complying with clear, time-tested rules governing those activities.”

The SEC said is litigating its charges against Hamazaspyan for securities fraud and against Hamazaspyan and Beaxy Digital for the unregistered BXY offering. According to his LinkedIn profile, Hamazaspyan left Beaxy in September 2019 and is located in Yerevan, Armenia.

SEC is incrementally building a body of legal theories to target crypto asset intermediaries. It’s not only focused exchanges. Beaxy complaint shows SEC is scrutinizing market making arrangements as broker-dealer activity and certain custody arrangements as clearing activity.

— Mike Selig (@MikeSeligEsq) March 29, 2023

The SEC has also alleged that Windy Inc., which operated the exchange after the departure of Hamazaspyan, and exchange co-presidents Nicholas Murphy and Randolph Bay Abbott committed securities violations. Beaxy chairman Brian Peterson and companies associated with him allegedly acted as unregistered dealers.

The SEC complaint, filed in the U.S. District Court of the Northern District of Illinois in Chicago, contains eight counts against Hamazaspyan, Murphy, Abbott and Peterson, as well as companies Windy Inc., Beaxy Digital, Braverock Investments, Future Digital Markets, Windy Financial and Future Financial.

The SEC said in its statement that it had obtained consent decrees from Windy Inc., Murphy, Abbott and Peterson that obligate them to cease all exchange activities, close down the Beaxy platform, provide accounting records, return customer assets and funds and destroy any BXY in Windy Inc.’s possession. They also agreed to pay penalties and disgorgements.

Beaxy referred inquiries to the Ice Miller law firm. Partners Yankun Guo and Timothy Belevetz told Cointelegraph:

“Our clients are pleased to have put this matter behind them and are looking forward to the continuing development of cryptocurrency and blockchain, and its integration into globally regulated markets.”

Magazine: Crypto Wendy on trashing the SEC, sexism, and how underdogs can win: Hall of Flame

Here’s why CFTC suing Binance is a bigger deal than an SEC enforcement

Market observers pointed out that the CFTC goes after bigger fish, and its regulatory action often proves fatal for crypto companies.

The United States Commodity Futures Trading Commission (CFTC) has sued crypto exchange Binance for trading and derivatives laws violations. The lawsuit, filed on March 27, alleged that the global crypto exchange offered its derivatives trading services to U.S. customers without applying for a derivatives license.

The lawsuit from the commodities watchdog in the U.S. took many by surprise, with market observers and reporters claiming it to be a political move. Eleanor Terrett, a Fox news reporter, tweeted that sources close to the CFTC suggest the commodities regulator decided to go for a lawsuit to show the Securities and Exchange Commission (SEC) that this is a commodities issue rather than a securities one.

than a securities one. They also say “Vegas odds” have the @SECGov rushing out a similar lawsuit against @binance as a counter.

— Eleanor Terrett (@EleanorTerrett) March 27, 2023

The lawsuit accuses Binance of prioritizing commercial success over regulatory compliance. It said Binance disregarded applicable federal laws while boosting its U.S. customer base. The U.S. regulator has accused Binance and its CEO, Changpeng “CZ” Zhao, of seven violations of the commodities exchange act and controlled foreign company rules.

Besides the regulatory violations, the suit specifically targets Binance’s U.S. trading arms, Merit Peak and Binance.US. The CFTC alleged that Binance and its affiliated entities are a common enterprise with an ultimate beneficial owner and are under the direct control of CZ.

*An excerpt from the CFTC lawsuit. Source: CFTC*

In the suit, the CFTC has demanded that Binance and CZ should be banned from engaging in any of the conduct described in this case, such as trading on registered entities, holding any commodity interest or directing any trading of digital assets. The CFTC also wants Binance to pay back the trading profits, revenues, salaries, commissions, loans and fees derived from U.S. persons, and pay civil penalties for the violations.

The CFTC lawsuit against Binance is a big deal for the crypto industry, given its general belief that the CFTC doesn’t pursue small crypto players without merit. This was evident in the Bitfinex case back in 2018, in which the crypto exchange settled with a hefty fine in 2021.

Adam Cochran, a crypto observer, reiterated a similar stance, saying the CFTC “doesn’t go after small frequent cases like the SEC,” adding that “It’s a different beast and its cases are often fatal.”

In his Twitter thread, Cochran commented that the early evidence gathered by the CFTC could prove fatal for Binance. He added that Binance could either fight the case in the U.S. or settle it outside the court, but in all likelihood, it would be forced to cease operations in the United States.

Magazine: Best and worst countries for crypto taxes — plus crypto tax tips

CFTC calls ETH a commodity in Binance suit, highlighting the complexity of classification

The suit claims Binance used Ether as a commodity in its financial products, experts explained, which says little about the basic nature of the coin.

The United States Commodity Futures Trading Commission filed suit against Binance on March 27 for violations of the Commodities Exchange Act and CFTC regulations. Those violations included transactions with Ether (ETH), according to the suit. This claim, at first glance, touched on a notable point of contention between the CFTC and Securities and Exchange Commission.

The CFTC claimed in its suit that Binance engaged in transactions with “digital assets that are commodities including bitcoin (BTC), ether (ETH), and litecoin (LTC) for persons in the United States.” That was not a new position for the agency. The CFTC claimed ETH was a commodity in its suit against FTX in December, and Chair Rostin Behnam stated his opinion that ETH and stablecoins were commodities as recently as March 8 in a Senate hearing.

The CFTC position on ETH was fairly uncontroversial before the Ethereum Merge. After Ethereum moved to a proof-of-stake consensus mechanism, SEC Chair Gary Gensler commented on staking coins, saying that “from the coin’s perspective, […] that’s another indicia that under the Howey test, the investing public is anticipating profits based on the efforts of others.”

Gensler’s comment brought on a slow wave of reactions. In February, for example, Ethereum co-founder and crypto entrepreneur Joseph Lubin told Cointelegraph , “Staking is not a security,” and it would be a “terrible path for the U.S.” to make it so. He added that he thought the U.S. courts would agree with him and that “there would be a tremendous outcry from not just the crypto community but different politicians and certain regulators” if ETH were classified as a security.

The CFTC case against Binance does not rest on the nature of ETH as much as the nature of Binance products, however, limiting its applicability to the larger argument.

“In this particular case, ETH is being treated as a ‘commodity’ rather than a ‘security,’” Timothy Cradle, director of regulatory affairs at Blockchain Intelligence Group, told Cointelegraph. “The complaint references securities as they relate to swaps.” Cradle added:

“The economics of an offering including ETH could still change the definition applied to the token. For example, ETH staking could still be construed as an investment contract, and as such a security.”

Some transactions, such as mixed swaps involving ETH, could be subject to regulation by both the SEC and CFTC, Cradle said, but that “would not necessarily define ETH itself as a security as mixed swaps also include commodities and currencies.”

This more complex approach to regulation would not necessarily imply cooperation between the two agencies. Yankun Guo, a partner at law firm Ice Miller, said of the situation in a statement to Cointelegraph:

“It shows that both the multifaceted nature of how tokens function and how they are used can cause them to fall under multiple agencies’ jurisdictions. […] I wouldn’t be surprised to see a similar lawsuit by the SEC naming all the same tokens except BTC as securities.”

Silver lining

The CFTC suit against Binance states that ETH is a commodity

Task failed successfully pic.twitter.com/8HiF8LUOoi

— sassal.eth (@sassal0x) March 27, 2023

Magazine: Can you trust crypto exchanges after the collapse of FTX?

Binance launches internal investigation following KYC bypass rumors

Following allegations that Binance employees and volunteers have helped users bypass KYC protocols, the crypto exchange says it is launching an internal investigation.

A recent CNBC investigation claimed that Binance employees and volunteers were assisting Chinese users in bypassing Know Your Customer (KYC) and other security protocols.

Speaking to Cointelegraph, a spokesperson from Binance stated that employees are “explicitly forbidden” from supporting users in circumventing any laws or policies. The spokesperson also said the company is taking action following the recent allegations.

“We have launched an investigation into employees who may have violated our internal policies including wrongly soliciting or making recommendations that are not allowed or in line with our standards.”

They went on to say that Binance has implemented “advanced detection tools” that allow the exchange to crack down on users in restricted jurisdictions, along with actively blocking VPNs from said areas.

According to the exchange, it is “extraordinarily rare” for workarounds to be possible. Binance claims to have “multiple manual and AI-driven processes” that help prevent users from bypassing critical security procedures.

“Furthermore, users who are found to have used any sort of workaround to avoid local law are restricted immediately.”

Changpeng Zhao, the founder and CEO of Binance, has made no comment on the situation at the time of writing, despite his regular commentary on social media. Previously, Zhao took to Twitter to address rumors that had spread via the Chinese messaging platform WeChat.

Prior to this incident, Binance had announced in February that it would delist low-trade-volume nonfungible tokens that were listed before the implementation of its new KYC rules.

In October 2022, the exchange was hit with allegations that it had “swerved scrutiny” from regulators in the United States and the United Kingdom.

Previously, Binance has been open about its employee policies. In January, the exchange confirmed that its employees must adhere to a 90-day period prior to trading any digital assets to prohibit insider trading.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime