All eyes are on Ethereum - we are now less than four days out from the merge. We’ll talk about some possible scenarios the merge might bring and what you can do to stay safe during the merge. We’ll also look into recent updates on the Tornado Cash sanctions, a new report on fraudulent crypto trading volume, and other crypto security-related news.
SudoRare, an NFTplatform that forked from SudoSwap and LooksRare, is just the latest crypto project to run off with users’ funds. The project also deleted all of its social media accounts Tuesday morning. -
The U.S. Commodity Futures Trading Commission defines wash trading as “entering into, or purporting to enter into, transactions to give the appearance that purchases and sales have been made, without incurring market risk or changing the trader’s market position.” The reason why some traders engage in wash trading is to inflate the trading volume of an asset to give the appearance of rising popularity. In some cases trading bots execute these wash trades in tokens, increasing volume, while at the same time insiders reinforce the activity with bullish remarks, driving up the price in what is effectively a pump and dump scheme. Wash trading also benefits exchanges because it allows them to appear to have more volume than they actually do, potentially encouraging more legitimate trading.
The biggest problem areas regarding fake volume are firms that tout big volume but operate with little or no regulatory oversight that would make their figures more credible, notably Binance, MEXC Global and Bybit. Altogether, the lesser regulated exchanges in our study account for approximately $89 billion of the true volume (they claim $217 billion).
We apply volume discounts based on a proprietary methodology that relies on 10 factors such as an exchange’s home regulator if any and volume metrics based on an exchange’s web traffic and estimated workforce size.
Launched in August, the unit will help combat crypto criminals by targeting their assets and providing investigative tracing capability and insight to other AFP authoritiesThe new crypto unit will operate as part of its Criminal Assets Confiscation Taskforce (CACT), which has been seizing illicit crypto funds since 2018, but without a dedicated standalone teamThe Australian Federal Police have confiscated over AU$600 million (US$408 million) in illicit funds and property since 2020, and though the amount of crypto funds seized were small compared to “traditional” criminal assets, the additional focus helps provide intelligence insights
Poolin, one of the world’s biggest crypto mining pools, is suspending bitcoin and ether withdrawals from its wallet service due to “liquidity problems.”
This is significant because 1) Poolin is a China-based mining pool service, operating in China after the mining ban, and 2) the pool was estimated to have roughly 10% of the hash rate before withdrawals were suspended.
At approximately 10:30PM UTC on September 6th, the Nereus team notified the community of an incident through the community discord; this was later picked up by CertiK and other on-chain analysis groups and reported broadly as a flash-loan exploit resulting in a $371k gain.An exploiter was able to deploy a custom smart contract and that leveraged a $51M flash loan to manipulate the AVAX/USDC Trader Joe LP pool price for a single block resulting in the ability for the exploiter to mint 998,000NXUSD against ~$508k worth of collateral.In the hours that followed, Nereus quickly consulted security experts, developed a mitigation plan, and notified law enforcement to support efforts. In response, the Nereus team has mitigated the exploit by liquidating and pausing the exploited JLP market.The team has also paid off the bad debt using NXUSD from the Team’s treasury. No users funds are at risk, and NXUSD continues to be over collateralised.In addition, no part of the lending and borrowing protocol was ever at risk.
On August 8, 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) added certain Ethereum addresses associated with Tornado Cash, an open-source privacy protocol on Ethereum, to the Specially Designated Nationals and Blocked Persons List (SDN List).2 Since the announcement, many participants in crypto’s base layer have expressed concern that they could be required to monitor or censor blocks involving SDN List addresses to comply with sanctions, jeopardizing the neutrality of the base layer and compromising its integrity and core functionality. However, we believe that under current OFAC guidance, base layer participants are not required to monitor or censor these addresses as part of a risk-based sanctions compliance program.
Specifically, while the application of sanctions law to decentralized blockchain systems and smart contracts presents novel legal issues, we believe the Tornado Cash sanctions and blockchain address sanctions imposed to date should not require blockchain technology infrastructure providers including builders, pool operators, relays, searchers, sequencers, and validators to monitor or censor transactions that involve blocked addresses.
Digital Security was designated pursuant to E.O. 13694, as amended, for providing material and technological support to the FSB. As of 2015, Digital Security worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, to include the FSB.
95% of the inaccessible crypto funds were held by a member of the team.
Welcome! I, Degen is a podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we cut through the misinformation and hype in search of a signal in the noise. Our weekly round-up will keep you updated on the latest in crypto hacks and security. With our open-source audio audits, we interview founders and hackers to surface relevant info about how to stay safe in crypto land.