Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Cryptohack Roundup: Sam Bankman-Fried Gets 25-Year Sentence
Also: US Sanctions for Russia-Linked DeFi, Coinbase Can't Escape SEC LawsuitEvery week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, Sam Bankman-Fried got 25 years, the U.S sanctioned a Russian fintech, Coinbase can't get out of an SEC lawsuit, Munchables lost millions and had it returned, Curio and ParaSwap had smart contract problems, Hong Kong warned about crypto entities, and TRM Labs reported 2023 crypto trends.
See Also: Building Future-Proof Banks
Sam Bankman-Fried Gets 25-Year Prison Sentence
Former crypto wunderkind Sam Bankman-Fried received a quarter-century prison sentence Thursday following his criminal conviction for fraudulently running now-defunct cryptocurrency platform FTX into the ground.
The sentence is several times greater than the six and a half years the former high-flying CEO asked for, but it's below the maximum half-century stint behind bars that prosecutors wanted. Bankman-Fried must also pay more than $11 billion in restitution.
Bankman Fried, 32, apologized to Judge Lewis Kaplan before sentencing in the U.S District Court for the District of Southern New York. "I’m sorry about what happened at every stage," he said, reported CBS. The Washington Post reported Kaplan said Bankman-Fried failed to take responsibility for the 2022 collapse of FTX and sister investment fund Alameda Research. "Never a word of remorse for the commission of terrible crimes," Kaplan said.
FTX, once the world's second-largest crypto trading platform, collapsed in November 2022 and filed for bankruptcy due to what caretaker CEO John Ray III said was "just old-fashioned embezzlement." Ray days ago urged Kaplan not to go lightly on Bankman-Fried, telling the judge that the CEO acted with "hubris, arrogance, and a complete lack of respect for the basic norms of the law" (see: Cryptohack Roundup: Ray Eviscerates Bankman-Fried).
Bankman Fried has been in federal custody since August after Kaplan revoked bail following antics including leaking the diary of ex-lover and fellow crypto executive Caroline Ellison to The New York Times, contacting former FTX witnesses and using a VPN to connect to the internet despite the imposition of computer use monitoring. A defense attorney complained in September that jailers weren't very accommodating of Bankman-Fried's veganism, telling the court that he subsisted on bread, water and peanut butter.
Sheila Warren, head of industry association the Crypto Council for Innovation called Bankman-Fried's sentence "crucial" in an interview with The Washington Post. “What we don’t want to do is incentivize people to say, 'Oh, you just pay a big fine and do whatever you want.' No, you go to jail if you lie, if you steal," she said.
The sentence "is an important message to others who might be tempted to engage in financial crimes that justice will be swift and the consequences will be severe," said U.S. Attorney Damian Williams for the Southern District of New York.
US Sanctions Russian Fintech That Helped Bypass Earlier Sanctions
The U.S. Department of the Treasury on Monday imposed sanctions on 13 Russia-linked fintech companies and two individuals for offering cryptocurrency services that facilitated evasion of economic restrictions imposed on Russia after its February 2022 invasion of Ukraine.
Sanctioned entities such as B-Crypto and Masterchain collaborated with previously sanctioned Russian banks while Netexchange and Netex24, owned by Timur Bukanov, were sanctioned for running a virtual currency exchange that enabled digital payments in Russian rubles and virtual currencies to sanctioned entities. Bitpapa LLC was also sanctioned for facilitating transactions for Hydra Market and cryptocurrency exchange Garantex, which were both previously sanctioned.
The sanctions are pursuant to Executive Order 14024, which calls for freezing property and interests of designated entities within U.S. jurisdiction.
Russian use of crypto since February 2022 has mostly occurred on the margins of the country's economy, said Ari Redbord, global head of policy at blockchain intelligence company TRM Labs.
"There's not enough liquidity in the entire crypto market to allow Russia to evade the magnitude" of previously imposed economic sanctions, Redbord told Information Security Media Group. Still, Russian banks - like their Western counterparts - have been experimenting with cryptocurrency. This latest round of sanctions is "essentially the U.S. government and partners around the world wanting to cut off Russia from getting any technology it needs to rebuild its financial system," he said.
SEC to Proceed With Lawsuit Against Coinbase
A federal judge rejected Coinbase's motion to dismiss a Securities and Exchange Commission's lawsuit, allowing regulators to proceed with allegations that Coinbase functions as an unregistered exchange, broker and clearing agency.
The SEC lawsuit from June 2023 alleges that Coinbase violated federal securities law since 2019 through its "staking-as-a-service program," which allowed customers to profit from "proof of stake" mechanisms of certain cryptocurrencies.
Judge Katherine Failla of the U.S. District Court for the Southern District of New York said the SEC adequately demonstrated that participants in the staking program invest money with a risk of financial loss and that they reasonably expect a profit based on Coinbase managerial efforts.
Coinbase shares fell around 2.5% on Wednesday. The court instructed parties to submit a proposed case management plan by April 19.
Munchables Drama: $63M Siphoned and Then Returned
Ethereum-based non-fungible token game Munchables, hosted on the Blast layer-2 blockchain, on Tuesday reported a compromise that by Wednesday appeared resolved, when the hacker returned 17,413 ETH worth $62.5 million.
"The Munchables developer has shared all private keys involved to assist in recovering the user funds. Specifically, the key which holds $62,535,441.24 USD, the key which holds 73 WETH, and the owner key which contains the rest of the funds," Munchables tweeted.
The creator of Ethereum layer-2 blockchain Blast, Pacman, assisted in recovering the funds and urged victims to rely on official communications to avoid refund scams.
$16M Curio Smart Contract Exploit
Real-world asset liquidity provider Curio suffered a smart contract exploit resulting in a $16 million loss. The breach stemmed from a MakerDAO-based smart contract that affects Ethereum assets while ensuring the security of Polkadot and Curio Chain contracts.
Web3 security firm Cyvers identified a permission access logic vulnerability. Curio disclosed the exploit on Monday and attributed it to a flaw in voting power privilege access. The attacker obtained Curio Governance tokens to manipulate the project's smart contract, which led to the unauthorized minting of 1 billion CGT.
Curio pledged to return all affected funds and introduce CGT 2.0 to fully restore CGT holders' funds. Curio also announced rewards for white hat hackers who aided in recovering the funds and offered 10% of recovered funds in the initial phase.
ParaSwap Returning Crypto After Critical Smart Contract Bug
Decentralized finance aggregator ParaSwap rectified a critical vulnerability in its Augustus v6 smart contract and initiated asset returns to users. White hat hackers aided in the recovery process, and 213 addresses have not yet revoked permissions. The platform submitted a report to authorities and collaborated with Chainalysis and TRM Labs to trace stolen funds. ParaSwap notified hackers to return funds by March 27 or face legal actions. The company released the list of identified hacker addresses.
The vulnerability, discovered shortly after the contract's launch on March 18, resulted in minimal losses of $24,000 before white hat hackers intervened.
Hong Kong Warns of Fake Crypto Exchanges and Platforms
The Securities and Futures Commission of Hong Kong warned against entities operating under the name "HKCEXP," saying the name falsely poses as an SFC-registered entity. The agency accused HKCEXP of providing a fake Hong Kong address and imposing high withdrawal fees.
The SFC also warned about a potential virtual asset fraud by "EDY." Victims of the fraud told the agency they can't withdraw deposited funds.
Illicit Crypto Economy's Key Trends of 2023
Blockchain intelligence and financial crime monitoring company TRM Labs in a Wednesday report said total illicit cryptocurrency volumes decreased by nearly one-third from 2022 to 2023, dropping from $49.6 billion to $34.9 billion. The share of illicit funds as a proportion of total crypto value also fell to 0.63% in 2023 from 0.70% in 2022.
Sanctioned volumes decreased significantly to $16.1 billion, down from $25.4 billion in 2022 despite a threefold increase in sanctions designations. Hack proceeds halved to $1.8 billion, and scams and fraud dropped to $12.5 billion.
Illicit drug sales on darknet markets increased to $1.6 billion, and sales on individual vendor shops outside darknet markets rose to $310 million.
TRM Labs also observed that the Tron blockchain hosted almost half of illicit transactions by volume, and Tether dominated illicit transactions, particularly in terrorist financing campaigns.
With reporting from Information Security Media Group's David Perera in Washington, D.C.