Weekly Crypto Roundup: Titans Clash, Hacks
Continue, and Sanctions Hit Home
India’s Enforcement
Directorate (ED) froze ₹ 64.67 crore worth bank deposits belonging to
crypto exchange WazirX. The ED was also investigating
money laundering allegations and “mystery” crypto transactions between WazirX
and Binance which
were not accessible on the blockchain.
WazirX
clarified that such transfers were users sending crypto funds between their
personal WazirX and Binance
accounts.
During this time, however,
there was a public clash as WazirX CEO Nischal Shetty claimed that WazirX
was owned by Binance, the
world’s largest crypto exchange. Binance’s
CEO, billionaire Changpeng Zhao, denied these
ownership claims in the strongest terms and urged WazirX
users to move their funds to Binance. Following a
heated exchange of tweets between the two CEOs, WazirX
and Binance announced an end to the “off-chain”
transfers between the two exchanges. WazirX further
warned Indian users that moving their funds to Binance
could put them at risk of violating India’s crypto tax regulation, where 1% or
5% must be deducted at source for certain amounts.
As the ED continues its
probe, an Indian government source warned that the WazirX
episode revealed the “dark side” of cryptocurrency and urged users to be
cautious with such transactions.
The ED’s future discoveries
regarding WazirX and its financial activities could
harden the Indian government’s stance on crypto innovation for years to come.
Three days into August,
thousands of wallets linked to the Solana blockchain were being drained of crypto assets, as members of the
ecosystem tried to stem the leak and identify what vulnerability the hacker
exploited. Days later, evidence seemed to point at the Slope wallet
which provides services for Solana users.
Slope on Thursday published
a statement confirming that 9,232 addresses were hacked overall. An independent
audit discovered that there was a vulnerability in the mobile version of the
wallets from July 28th to August 3rd.
“Although there is no
conclusive evidence from the auditors to link the Slope vulnerability to the
exploit, its very existence put a lot of assets in danger,” stated the release.
A detail audit will shed
more light on the actual cause(s) of the hack, even as the company continues to
look for the hacker and come up with ways to compensate the impacted users.
However, the next hack wasn’t far off as Curve Finance, an exchange liquidity pool,
was exploited on Tuesday. This attack affected Curve Finance’s website and over
$500,000 was reported stolen through a malicious contract
on the homepage, according to Binance’s CEO. This
time, though, the saga appeared to end on a lighter note as the hackers tried
to send the stolen funds to Binance.
“Binance
froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack.
We are working with LE to return the funds to the users. The hacker kept on
sending the funds to Binance in different ways,
thinking we can’t catch it,” tweeted Mr. Zhao on Friday.
Mr. Zhao also advised that
Web3 projects should not use GoDaddy as a Domain Name
System (DNS) for security reasons.
The incident goes to show
how not just crypto protocols but also their accompanying channels - websites,
social media accounts, messaging systems, vendor services, etc. - are all at
risk of being targeted by hackers. On the other hand, it also highlights the role centralised crypto exchanges
can play in thwarting such incidents well ahead of the legal authorities.
Hackers fleeing with
millions of dollars in crypto funds often throw off the authorities by running
their ill-gotten gains through a virtual currency mixer. Such ‘mixers’ conceal
the source of the funds by shuffling them with funds from other sources -
including legal ones - so that the illegal transactions become more or less
impossible to trace.
One common virtual currency
mixer is Tornado Cash, a decentralised protocol based
on the Ethereum blockchain.
Tornado Cash has been linked to the Harmony and Nomad crypto bridge hacks which took place this summer. On Monday, the
Treasury’s Office of Foreign Assets Control (OFAC) announced it was imposing
sanctions on Tornado Cash for not doing more to prevent money laundering.
However, the following days
revealed that the sanctions would not just affect hackers, but also legitimate
crypto traders. In particular, a number of accounts on dYdX
- a decentralised crypto exchange based on the Ethereum blockchain - were also
blocked as a result of the sanctions.
dYdX
issued a statement, clarifying that the blocks were a result of some users’
funds being associated with the sanctioned crypto mixer, even if the users
themselves had no interactions with Tornado Cash.
“Many accounts were blocked
because a certain portion of the wallet’s funds (in many cases, even immaterial
amounts) were associated at some time with Tornado Cash, which was recently
added to the sanctions list by the U.S. Treasury’s OFAC,” stated dYdX’s release.
dYdX is
continuing to un-ban accounts, but the incident goes to show how one country’s
sanctions can have far reaching effects that reach deep into decentralised ecosystems as well.