HTX Hacker Returns Funds

Speaking at the World Economic Forum in Davos, Hong Kong Financial Secretary Paul Chan Mo-po said digital assets should support the real economy, but only within a framework of strong safeguards to protect financial stability, market integrity, and investors.Photo by Ruslan Bardash on UnsplashAccording to the South China Morning Post, Chan addressed a closed-door workshop on Jan. 20, where he highlighted the advantages of digital assets, including greater transparency, improved risk management, and more efficient capital movement. Reviewing milestones in the city’s crypto sector, Chan said that since 2023, Hong Kong has issued three tranches of tokenized green bonds worth a combined $2.1 billion. He also pointed to a Hong Kong Monetary Authority pilot launched last November that enables real-value transactions using tokenized deposits and digital assets. Chan added that the city’s stablecoin licensing regime is progressing, with the first licenses expected in the first quarter. Same risks, same regulationsWhile emphasizing the necessity of financial innovation, Chan highlighted Hong Kong’s regulatory philosophy, which dictates that identical activities posing identical risks must be subject to identical regulations. He explained that this approach is designed to promote healthy, responsible, and sustainable sector development, reiterating that protective measures against financial instability remain mandatory. As Hong Kong officials continue to promote the city’s digital asset push on the international stage, a local industry body has cautioned that proposed licensing frameworks for crypto trading, advisory, and management services may have unintended consequences if rolled out without transitional measures. Industry group calls for grace periodAccording to Cointelegraph, the Hong Kong Securities & Futures Professionals Association (HKSFPA) said in a submission to regulators that existing market participants could be compelled to halt operations under the new rules unless a grace period is provided. The association called for a transitional deeming arrangement of six to 12 months for firms that file licence applications before the regulations formally take effect. No definitive start date has been set for the planned virtual asset regulatory regimes, which remain under consultation. Two days before issuing those comments, the HKSFPA had cautioned that the planned introduction of the Organisation for Economic Co-operation and Development’s (OECD) Crypto Asset Reporting Framework (CARF) and related Common Reporting Standard (CRS) amendments could create new operational and legal risks for local firms. The group said it supported the policy direction in principle but warned that uncapped per-account penalties and open-ended director liability could raise compliance risks, urging regulators to introduce clear caps and legal safeguards. The association also called for lighter requirements for entities with no reportable activity, the development of data file preparation tools from both the industry and the Inland Revenue Department (IRD), and the ability to transfer record-keeping responsibilities to third parties upon dissolution. Elsewhere in the region, Japan implemented the CARF on Jan. 1, 2026. Users of Japanese exchanges must now declare tax residence, while operators are required to submit transaction data—including trading volumes and asset breakdowns—to tax authorities by April 30 of the following year. Data regarding non-resident users is expected to be shared with foreign authorities under international agreements. Other jurisdictions are following suit, with India planning to adopt the framework by 2027. 

CarrieVerse Token CVTX Listed on BingXBlockchain-based Web3 metaverse platform CarrieVerse has recently listed its native token CVTX on the cryptocurrency exchange BingX.Photo by m. on UnsplashMultipurpose tokenBuilt on Polygon, CVTX is integrated into the tokenomics ecosystem of CarrieVerse and its card strategy role-playing game (RPG) SuperKola Tactics. It is also the governance token for the CarrieVerse blockchain gaming platform Cling. It is currently tradable on other international exchanges in addition to BingX, such as Gate.io, MEXC Global, BitMart, and ProBit Global, as well as the Korean exchange GOPAX. CVTX can be traded for USDT on all of the above exchanges except for GOPAX, which offers a CVTX/KRW pair. KRW stands for Korean won.“CVTX has expanded its global presence one step further. We will continue to strive for market expansion through listings on leading exchanges, building on the excitement inspired by gaming and staking,” said David Yoon, CEO of CarrieVerse.About BingXFounded in 2018, BingX is a Singapore-based digital asset exchange that offers spot derivatives, copy trading, and grid trading services to over five million users across 100 countries worldwide. Its spot trading volume over the past 24 hours at the time of publication, according to recent data from CoinMarketCap, stands at $602 million. Notably, it allows for easy transfer of assets between Korean exchanges Bithumb and Coinone, having passed their Travel Rules requirements last year.

Socket, a cross-chain infrastructure protocol, and its interoperability bridging platform, Bungee, have restarted operations following a temporary pause prompted by an exploit that led to the apparent theft of $3.3 million.Photo by Anna Tarazevich on PexelsSecurity incidentTaking to the company’s Discord, Socket team hospitality lead Taylor Melvin clarified that it had “experienced a security incident which affected wallets with infinite approvals to Socket contracts.” The incident, which occurred on Tuesday, involved an unknown attacker draining millions worth of stablecoins and other tokens from the Bungee bridging aggregator. The attackers targeted wallets with infinite approvals to Socket contracts, exploiting authorizations for blockchain-based tools that allow applications to access tokens in a user's wallet. Security researcher "@speekaway" was the first to flag the exploit on Tuesday. The attacker's wallet, connected to the exploit, held nearly $3 million in ether (ETH) and $300,000 worth of other tokens. By 2:47 p.m. ET, the attack seemed to have ceased, with the researcher recommending users to revoke approvals for Socket to safeguard their assets. Pausing contractsIn response to the security breach, Socket announced the pause of affected contracts on Tuesday at 3:15 p.m. ET. The project's team promptly identified and addressed the issue, taking swift action to mitigate the exploit's impact. @speekaway chimed back in once contracts had been paused, writing:”Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax.” Normal service returnsAs Socket paused activity during the incident, preventing further propagation of the attack, developers worked to fix the issue. Early Wednesday, Socket developers announced that the problem had been resolved, and normal activities had resumed. The team also stated that plans for compensation were in progress. Cross-chain bridges, like Socket's Bungee, facilitate token transfers between different blockchains but remain susceptible to exploitation. Blockchain security and data analytics company PeckShield confirmed that at least $3.3 million had been lost, highlighting the need for enhanced security measures in the rapidly evolving blockchain ecosystem. The exploit involved the exploitation of a recently added route, which has since been disabled. The attacker targeted users who had over-approved Socket, draining funds up to the limit of their approval. This incident follows the $81 million hack of Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, earlier in January. Cross-chain tools' complexity contributes to the frequency of such attacks, emphasizing the importance of understanding the security measures in place when utilizing these bridges. In a message to CoinDesk, Sergey Nazarov, co-founder of Chainlink, emphasized the need for users to scrutinize the security of their chosen bridge, considering the various levels of cross-chain security. With the complexities involved, users are encouraged to be vigilant and informed about the security spectrum of the bridges they employ. Socket was founded by Indian duo Rishabh Khurana and Vaibhav Chellani. In September, the company raised $5 million, with funding coming from Framework Ventures and Coinbase Ventures.