Cryptospace Spotlight 2022 #26 (26 Jun 2022)
Harmony’s Horizon Bridge has been hacked for $100 million, Ethereum mining hashrate has declined over 10% and Time magazine and The Sandbox to rebuild NYC in metaverse!
Technology and Industry
Ethereum mining hashrate has declined over 10% in the last month as miner profitability has dropped. [more]
Solana Labs revealed that the Solana Mobile Stack will enable more mobile Web3 apps and launch its own smartphone in early 2023. [more]
Time magazine and The Sandbox to rebuild NYC in metaverse. [more]
Binance signs soccer star Cristiano Ronaldo for NFTs. [more]
Singapore based malls operator CapitaLand's first-ever experiential party on Decentraland took place on 19th June, with virtual hunts and NFTs drop. [more]
Sky Mavis is reopening Ronin Bridge with enhanced security on 28th June with more validators. [more]
Visa has announced the launch of a series of crypto-enabled cards in partnership with several fintech startups in Latam [more]
Goldman Sachs is reaching out to institutional investors seeking $2 billion in commitments to buy up distressed assets from Celsius. [more]
Celsius Network is also hiring advisers ahead of potential bankruptcy. [more]
Bank of International Settlements - BIS said that the monetary system should be built on the division of roles between the central bank and private sector entities. [more]
A future monetary system should contain both the “retail CBDC level” — which is predominantly used by individuals to pay each other or businesses — and “the wholesale CBDC level” — which is used by financial institutions to settle trades in markets.
United States -
US Securities and Exchange Commission (SEC) Chair Gary Gensler, is seeking unanimity between SEC and the Commodity Futures Trading Commission’s (CFTC) to regulate crypto assets adequately by creating a rule book for all things crypto. [more]
Gensler opined that the single rule book is required so that bad actors don’t exploit the current regulatory gaps and perpetrate frauds and manipulations. Frauds and manipulations are quite prevalent in the crypto space and some have pinned this on lack of regulation.
Congress subcommittee on commodity exchanges, energy and credit met to discuss the future of crypto regulation. [more]
Chainalysis co-founder and chief strategy officer, Jonathan Levin, indicated that the transparency of blockchains enhances the ability of policymakers and government agencies to detect, disrupt and, ultimately, deter illicit activity in cryptocurrency markets.
Georgetown University Law Center Professor, Christopher Brummer, said that blockchains may be transparent by nature, but they are also inherently hard to comprehend. Brummer added that investor protection should be a top priority, and making disclosures easier to understand is a key part of advancing that agenda.
Canada - The Ontario Securities Commission fines Bybit, KuCoin for securities law violations and said foreign cryptoasset trading platforms must play by the rules, or face enforcement action. [more]
Bybit and KuCoin both operate unregistered cryptoasset trading platforms and allowed Ontario investors to trade securities without a prospectus or any exemption from the prospectus requirements
KuCoin has been banned from operating in the Ontario province, while Bybit agreed to pay a fine as it works with the authority to register appropriately.
Singapore - Monetary Authority of Singapore (MAS) gave three in-principle approvals for digital payment token service licenses. A digital payment token is the MAS term for cryptocurrencies. [more]
Security and Risk
Horizon enables cross-chain transfers of digital assets between Ethereum and Harmony, as well as BSC, via a set of smart contracts deployed across those three chains. Users holding assets including stablecoins, ERC-20 tokens or Binance’s BEP-20 tokens can exchange them for corresponding assets on Harmony for a 1:1 ratio.
It has identified that there were twelve attack transactions and three attack addresses. Across these transactions the attacker netted various tokens on the bridge including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX. The transactions vary in value but range from $49,178 to upwards of $41,200,000.
While the Harmony team has yet to provide an official post-mortem, security experts have offered some insights into the hack.
The bridge was essentially a 2 of 5 multi-sig. The attacker accomplished this by somehow controlling the 2 addresses of the MultiSigWallet to call the confirmTransaction() directly to transfer large amounts of tokens from the bridge on Harmony.
Developers said they are working with national authorities and forensic specialists to identify the culprit.
Five wallets were flagged by Convex to have been affected by the exploit.
Wallet “0xcdc0f019f0ec0a903ca689e2bced3996efc53939” – flagged as “Convex Phisher Deposits” on blockchain analytics service Etherscan – seemed to have obtained small amounts of cryptocurrencies from affected users, blockchain data shows.
That wallet transferred just under $1,000 worth of USD coin and CRV via decentralized exchange Uniswap.
Crypto wallets work on token approvals, or permissions granted to decentralized apps (dapps) by users to access tokens in their crypto wallets.
Attackers may spoof the front end of a protocol’s website and mislead users to approve the wrong action – granting the attacker access to the exploited wallet and allowing them to drain tokens from that wallet.
Around 23 banks have made at least one investment in blockchain/crypto-linked entities in the cycle from August 2021 to May 2022. [more]