Hong Kong Adapts Crypto Regulations to Broaden Market Access

Socket, a cross-chain infrastructure protocol, and its interoperability bridging platform, Bungee, have restarted operations following a temporary pause prompted by an exploit that led to the apparent theft of $3.3 million.Photo by Anna Tarazevich on PexelsSecurity incidentTaking to the company’s Discord, Socket team hospitality lead Taylor Melvin clarified that it had “experienced a security incident which affected wallets with infinite approvals to Socket contracts.” The incident, which occurred on Tuesday, involved an unknown attacker draining millions worth of stablecoins and other tokens from the Bungee bridging aggregator. The attackers targeted wallets with infinite approvals to Socket contracts, exploiting authorizations for blockchain-based tools that allow applications to access tokens in a user's wallet. Security researcher "@speekaway" was the first to flag the exploit on Tuesday. The attacker's wallet, connected to the exploit, held nearly $3 million in ether (ETH) and $300,000 worth of other tokens. By 2:47 p.m. ET, the attack seemed to have ceased, with the researcher recommending users to revoke approvals for Socket to safeguard their assets. Pausing contractsIn response to the security breach, Socket announced the pause of affected contracts on Tuesday at 3:15 p.m. ET. The project's team promptly identified and addressed the issue, taking swift action to mitigate the exploit's impact. @speekaway chimed back in once contracts had been paused, writing:”Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax.” Normal service returnsAs Socket paused activity during the incident, preventing further propagation of the attack, developers worked to fix the issue. Early Wednesday, Socket developers announced that the problem had been resolved, and normal activities had resumed. The team also stated that plans for compensation were in progress. Cross-chain bridges, like Socket's Bungee, facilitate token transfers between different blockchains but remain susceptible to exploitation. Blockchain security and data analytics company PeckShield confirmed that at least $3.3 million had been lost, highlighting the need for enhanced security measures in the rapidly evolving blockchain ecosystem. The exploit involved the exploitation of a recently added route, which has since been disabled. The attacker targeted users who had over-approved Socket, draining funds up to the limit of their approval. This incident follows the $81 million hack of Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, earlier in January. Cross-chain tools' complexity contributes to the frequency of such attacks, emphasizing the importance of understanding the security measures in place when utilizing these bridges. In a message to CoinDesk, Sergey Nazarov, co-founder of Chainlink, emphasized the need for users to scrutinize the security of their chosen bridge, considering the various levels of cross-chain security. With the complexities involved, users are encouraged to be vigilant and informed about the security spectrum of the bridges they employ. Socket was founded by Indian duo Rishabh Khurana and Vaibhav Chellani. In September, the company raised $5 million, with funding coming from Framework Ventures and Coinbase Ventures. 

Zettai Pte Ltd., the Singapore-based holding company that controls Indian crypto exchange WazirX through its subsidiary Zanmai India, has filed an application for a moratorium with the Singaporean High Court, under section 64 of the Insolvency, Restructuring and Dissolution Act 2018. Six months requestedIn the filing (HC/OA 861/2024), the company has pleaded with the court to be granted a six-month moratorium, which would give the firm the space and time needed to restructure its liabilities. The company laid out details of its moratorium application in a blog post published to its website on August 28. The firm outlined that a moratorium represents “ the most efficient way to address users’ cryptocurrency balances on the Platform and facilitate recovery for users.” An automatic moratorium of 30 days has effectively been granted as a consequence of the application itself, and it is up to the court if it approves the six-month moratorium that is being sought. A date for the hearing of that matter has yet to be scheduled.Photo by Palu Malerba on Pexels$234 million hack falloutWazirX has been dealing with the fallout from a $234 million hack which occurred in July. One key entity that is owed funds is Indian crypto app CoinSwitch. In an effort to get its funds back, the company has sued WazirX. Taking to the X social media platform, CoinSwitch outlined why it felt the need to take legal action. It stated: "From the day of the incident, we have tried to be in constant touch with the WazirX team, seeking recovery of the funds that are stuck on their exchange. However, our efforts have not come to fruition." In a follow-up tweet, CoinSwitch assured its own users that its exposure to WazirX has no impact on user balances. The company has WazirX exposure that amounts to 2% of its overall user funds. That exposure is reduced further if WazirX’ claim that only ERC-20 tokens were affected is taken on board, accounting for 1% of CoinSwitch user deposits. White KnightWazirX co-founder Nischal Shetty spoke to the notion of a “white knight” in an affidavit submitted under the Zettai name to support the application. He outlined that WazirX is in talks with 11 crypto exchanges and has signed three non-disclosure agreements (NDAs). The company has also received offers for financing and for partnering with Zettai, the WazirX parent company. WazirX has outlined that it has set aside $12 million in digital assets to cover legal and associated costs that the company anticipates incurring as part of its restructuring efforts. Matters are further compounded by the fact that a cloud hangs over the ownership of the company. Shetty has claimed that he is no longer an owner of the exchange. In 2022, he wrote that Binance had acquired WazirX. Around the same time frame, Binance’s Changpeng Zhao (CZ) outlined that Binance didn’t control WazirX systems.  India’s economic intelligence agency, the Enforcement Directorate, has claimed in the past that Shetty has gone out of his way to obscure the ownership structure by way of a complex chain of companies in Singapore.

Seoul police arrest 24 in $11.6M crypto investment scamForty-nine individuals involved with six investment fraud rings, which ran fraudulent cryptocurrency investment websites promising returns of 500% on the day of the investment, have been referred to South Korean prosecutors, according to a report by local news outlet Edaily. Korean police have arrested and detained 24 members of these syndicates and issued Interpol red notices for nine individuals, including two leaders based abroad.The Cyber Investigation Unit of the Seoul Metropolitan Police Agency (SMPA) announced on Tuesday (local time) that they have handed over a total of 49 individuals involved in the fraudulent scheme to the prosecution. These individuals collectively defrauded 253 victims out of KRW 15.1 billion ($11.6 million) by masquerading as investment advisors and luring the victims into chat rooms designed to offer fake investment opportunities. The police have charged them with fraud and violating the law against hiding illegal earnings, confiscating KRW 1.6 billion of the illicit funds.Photo by Bermix Studio on UnsplashOverseas leadershipTwo South Korean leaders are alleged to have orchestrated a crypto scam from the Philippines and other locations. Between September 2020 and April of last year, they recruited teams to work through Telegram, a messaging app, to execute various tasks, including withdrawing and laundering victims’ funds, managing bank accounts, running websites and enticing and defrauding victims. They imitated a legitimate investment firm to create a bogus cryptocurrency investment website and also operated chat rooms on Korean mobile messaging platforms to facilitate their scam.The fraudsters involved in this cryptocurrency scam operated by employing a database containing 1.62 million pieces of personal information illegally obtained through Telegram. Using this information, they randomly invited potential victims into chat rooms.Luring victims with promises of 500% returnsParticipants in the scheme took on multiple roles to share fabricated success stories about investments to lure individuals to their fraudulent site. They enticed victims with promises of a 500% return on the day of investment.Once lured to the site, victims were presented with manipulated images that showed fictitious investment returns, persuading them to invest money. The scammers would then entice victims to pay even more, citing taxes and extra fees. Eventually, the fraudsters would cut off the victims’ access to their accounts. The stolen funds, ranging from KRW 2 million to KRW 430 million per victim, were laundered through currency exchanges or by buying gift certificates.After 253 similar complaints were filed nationwide, police consolidated these reports and initiated an investigation in January of last year. During the investigation, they uncovered the participation of several local teams in the fraudulent operation. From March 2022 to last month, all Korean members involved were apprehended, except for nine individuals now on Interpol’s wanted list. Police are working on extraditing one of the two masterminds orchestrating the scheme from abroad after the person voluntarily surrendered. The other ringleader remains at large, flagged as a fugitive by Interpol, and authorities are pursuing their extradition.Oh Kyu-sik, who leads Cybercrime Investigation Unit 2 at the SMPA, has warned that chat rooms promising high returns on investments in virtual assets, stocks and futures should be approached with caution due to the high risk of fraud. He recommends that investors should verify the legitimacy of cryptocurrency investment sites by checking for any fraud reports listed on the Financial Intelligence Unit (FIU) website. Additionally, he suggests confirming the authenticity of investment companies through the FINE portal, which is operated by the Financial Supervisory Service (FSS).