Cartesi Launches Inaugural dApp on Ethereum Mainnet

Suspected Malicious Activity Drains AnySwap Tokens via Multichain ExecutorAccording to an on-chain sleuth known as Spreek, a person is using the Multichain Executor to drain tokens associated with the AnySwap bridging protocol.Multichain is a cross-chain routing network, established and maintained by a Chinese developer team. It supports in excess of 25 blockchains and more than 1,100 tokens.Photo by Marek Piwnicki on Unsplash$100 million outflowThis revelation comes after abnormal outflows of over $100 million from Multichain bridges on July 7, which were flagged by the Multichain team. Spreek’s report via Twitter on July 10 states that the Multichain Executor address has been draining anyToken addresses across multiple chains and transferring them to a new externally owned account (EOA).Evidence provided in the report includes an Ethereum transaction, 0x53ede4462d90978b992b0a88727de19afe4e96f0374aa1a221b8ff65fda5a6fe, which called the “anySwapFeeTo” method on the Multichain Router: V4 contract. This transaction resulted in approximately $15,275.90 worth of anyDAI being minted on Ethereum, sent to the Multichain Executor, burned, and exchanged for the underlying DAI backing the asset.The funds from these transactions were sent to the following address:0x1eed63efba5f81d95bfe37d82c8e736b974f477b. Similarly, on the BNB Smart Chain (BSC), the Multichain Executor used the anySwapFeeTo function to convert $208,997 worth of anyUSDC into Binance-pegged USDC and sent them to the same address. Additionally, 50.80 anyBTC, equivalent to $39,251.43 at the time, was converted into Binance-pegged Bitcoin and sent to the address.In total, approximately $263,524.33 worth of tokens were sent to this address through the anySwapFeeTo method. Spreek suggests that this behavior could be part of the protocol’s normal functioning. However, a different account engaged in similar activity the day before and ultimately sold the drained tokens, indicating malicious intent.Potential exploitSpreek theorizes that the attacker may be exploiting the anySwapFeeTo function by setting fees to an arbitrarily large amount, allowing them to drain users’ funds. The function apparently permits setting any value, enabling the address to choose the total value of the token held in that anyToken.The Multichain incident has puzzled blockchain analysts, as it remains unclear whether it resulted from an exploit or if it was simply large token-holders moving their funds between networks. The mystery began on July 7 when over $100 million worth of tokens were withdrawn from the Ethereum side of Multichain’s bridges and transferred to wallet addresses with no prior transactions. This represented the majority of funds held on each bridge.Hack or rug pullThe Multichain team labeled these withdrawals as “abnormal” and advised users to stop using the protocol. However, they have not disclosed the source or nature of the anomaly. In response to the incident, stablecoin issuers Circle and Tether froze some of the addresses involved in the suspicious transactions. Chainanalysis, a blockchain analytics firm, has commented that the incident appears more like a hack or rug pull rather than a migration.Adding to the complexity, the Multichain team has reported that their CEO is missing, and they have shut down certain bridges due to losing access to some of the network’s multi-party computation network servers. There have been various concerns relative to Multichain since May. The situation continues to evolve, with ongoing investigations and efforts to mitigate any potential damage caused by the suspected malicious activity.

2023 has been a year of significant growth for Com2uS Holdings subsidiary Com2uS Platform, which has gained recognition for leveraging blockchain technology to bring content-focused services to users around the world. "This year, Com2uS Platform has achieved high growth in all fields," said CEO Choi Seok-won, according to an article by Korean news outlet Kuki News. "In the coming year, we will not only serve as the technology hub of the Com2uS Group but also actively engage in other projects to become the center of the global Web3 ecosystem."Photo by Pawel Chu on UnsplashExpanding horizonsIndeed, the firm’s subsidiaries, including the blockchain-based game development service Hive and NFT marketplace X-PLANET, have been leading various business ventures. The former has signed contracts with 40 games from 27 gaming companies this year alone. In terms of newly signed game titles, this marks a 307% year-on-year growth. The latter, on the other hand, ranked first in sales among domestic competitors last month, arguably driven by its collaboration with Toei Animation and Korean publishing company Daewon Media on a special NFT drop celebrating the 35th anniversary of Choushinsei Flashman’s Korean release. Choushinsei Flashman is a popular Japanese live-action superhero series that aired in the 1980s, earning fans all over South Korea. In line with these efforts to pursue projects with trendy topics, the company also teamed up with South Korean game developer ArumGames to create a game utilizing Com2uS’ Bungopang IP, which will be launched next year.  Strategic alliancesCom2uS Platform's global expansion has also seen tangible results, such as a recent business partnership with Bangkok-based marketing and game service company SHIN-A, which will play a role in its foothold in Thailand, a key emerging market. Under the agreement, SHIN-A has committed to establishing a Hive team in Thailand and serving as an official global reseller. The platform has also been active in the public sector, signing contracts with various public organizations such as the Seoul Business Agency, Gwangju Information and Content Agency and Korea Creative Content Agency to train practitioners in a wide range of fields across IT and entertainment, such as the internet, AI, big data, fintech, metaverse and gaming. These projects are expected to lead to the discovery of young talent and facilitate more opportunities for collaboration with gaming companies. 

Japan’s Financial Services Agency (FSA), a government agency and financial regulator responsible for overseeing banking, securities and exchange, has ordered both Apple and Google to remove specified unregistered crypto exchange apps from the Japanese versions of their app stores.Photo by Louie Martinez on UnsplashFive exchange apps specifiedIt is understood that the request was made at the beginning of this month, with the regulator specifically calling for the removal of the ability of Japanese consumers to download apps related to Bybit, MEXC Global, LBank Exchange, KuCoin and Bitget. In response to a query from The Block, Bitget Chief Legal Officer (CLO) Hon Ng said that the company is “aware of the issue and sincerely apologize for any inconvenience caused by the temporary removal of the Bitget app from the iOS App Store in Japan." The Bitget CLO went on to state that the company is working with Apple and regulators to resolve the matter. News of the regulator’s request emerged via a report published by Japanese financial media platform Nikkei on Feb. 7.  Apple had removed the apps from its App Store on Feb. 6. Reclassification of digital assets as securitiesA subsequent report by Nikkei on Feb. 10 suggests that the FSA is considering classifying digital assets as financial products akin to securities. The objective of the move is to protect Japanese investors as it would mean increased disclosure requirements from those that offer crypto-related investment products. Last August, FSA Commissioner Hideki Ito told Bloomberg that any decision to approve crypto-linked exchange-traded funds (ETFs) requires “careful consideration.” At the time Ito said that many people believe that digital assets “do not necessarily contribute to the wealth creation of the Japanese people in a stable and long-term manner.” The Japanese have been far more cautious in their approach to virtual assets by comparison with other Asian centers such as Hong Kong, which had approved spot Bitcoin and Ether ETFs some time ago. It appears that Japan’s FSA is wary of the volatility of cryptocurrencies and risks associated with the nascent assets. It’s understood that the FSA will announce crypto policy reforms by June 2025. Legislative amendments would then follow in the following parliamentary session in 2026. The change would mean a lifting of the current prohibition related to crypto ETFs. Another aspect likely to be reformed is taxation as it relates to crypto. It’s thought that a reduction from the existing 55% tax rate on crypto to 20% is on the cards. This is not the first occasion when a regulator has leaned on Apple and Google to cut off access to crypto exchange apps. In January 2024 Apple India blocked access to eight exchanges which had been subject of a show-cause notice from India’s Financial Intelligence Unit (FIU). Following a seven month ban, access to the Binance app was subsequently restored once it had come back into compliance in India. In April 2024 the Securities and Exchange Commission (SEC) in the Philippines had ordered both Google and Apple to remove the Binance app from their app stores on the basis that it posed a risk to Filipino investors at the time.