Report Cites Escalating Crypto Use by Pro-ISIS Groups

Crypto Travel Rule solutions provider CODE obtains ISO 37301 certificationCODE, a Travel Rule solutions provider and joint venture co-founded by Korean cryptocurrency exchanges Bithumb, Coinone and Korbit, announced on Wednesday (local time) that it has obtained the ISO 37301 certification for compliance management systems (CMS) from the Korea Compliance Initiative (KCI).Photo by Héctor J. Rivas on UnsplashBoosting complianceISO 37301 is an international standard that outlines the requirements and guidelines for an organization in establishing, developing, implementing, evaluating, maintaining and improving a CMS. It provides a framework for organizations to ensure that they are following all relevant and applicable laws, regulations, codes of conduct and more to exercise good governance, transparency and accountability.CODE has taken the initiative to bolster its CMS to provide more secure and reliable Travel Rule solutions by analyzing and managing compliance risks. The firm’s CEO Lee Sung-mi is responsible for overseeing these efforts as the recently appointed head of compliance. Through these measures, the company explained that it has been capable of building a system to comply with strict international standards.The Travel Rule under the Financial Action Task Force’s (FATF) Recommendation #16 outlines that virtual asset service providers (VASPs) must share certain personal information about customers — including names and account numbers — when facilitating crypto transactions that exceed a certain amount.CODE is also running mandatory training sessions and various programs for all employees to ensure adherence to compliance requirements. In particular, the firm operates a system to monitor Travel Rule compliance risks that may arise during cryptocurrency deposits and withdrawals.“Beyond establishing a robust compliance management culture as a Travel Rule solution provider, we will continue to work with our corporate members to ensure that this culture can be more widely adopted across the crypto industry,” said Lee Sung-mi.Contributing to anti-money launderingCODE has also recently teamed up with global blockchain analytics and crypto compliance solutions provider Elliptic to help Korean VASPs adapt to the evolving international regulatory landscape for anti-money laundering (AML) and the crypto Travel Rule.

North Korean Hackers Take Off With $100M Atomic Wallet HoneypotHaving reported last week on a $35 million hack of Atomic Wallet users’ funds, an update on the matter reveals that the situation is much worse than originally thought, with losses now exceeding $100 million.Photo by Kenny Eliason on Unsplash5,500 wallets compromisedThe attack has sent shockwaves throughout the crypto community, raising concerns about the security of decentralized wallets. Atomic Wallet, an Estonia-based project known for its non-custodial approach where users take full responsibility for storing their assets securely, has been hit hard by this unforeseen breach.Elliptic, a crypto compliance analysis company, published an update on the situation on Tuesday. According to that blog article, it estimates that approximately 5,500 crypto wallets have been compromised, meaning that losses have risen to more than $100 million, highlighting the severity of the attack.Despite the significant impact on users, Atomic Wallet has yet to provide an explanation regarding the root cause of these substantial losses. Users have taken to social media in frustration, demanding clarification from the company. Surprisingly, the company’s last direct update on Twitter dates back to June 7, leaving users feeling even more anxious.User frustrationOne user, Ezra Carlson, expressed frustration, questioning why Atomic Wallet didn’t warn users when they were aware of the ongoing hack. Carlson tweeted: “@AtomicWallet why won’t AM give me a straight answer about why they didn’t warn me, knowing full well that they were being hacked, that it was not safe to use AM last week before I made a transfer to my wallet that was then hacked.”Another user, “Real Deal Crypto,” criticized Atomic Wallet’s lack of updates, stating: “Your last update was five days ago — SERIOUSLY?!?!”Although Atomic Wallet acknowledged reports of compromised wallets on June 3, downplaying the impact by claiming that less than 1% of users were affected, the staggering sum of losses indicates a significant breach. Its last communication on the matter came on June 11 when, in responding to a user, the firm said that it continued to investigate and to await Twitter updates on the matter.Hack tied to North Korea’s Lazarus GroupElliptic has connected this heist to the notorious Lazarus Group, a cyber-criminal organization with ties to the North Korean regime, responsible for stealing over $2 billion in crypto assets through various thefts. This attribution marks the first time a significant crypto heist has been openly linked to the Lazarus Group since their $100 million exploit of Horizon Bridge in June 2022.In response to the heist, Elliptic has been collaborating with international investigators and exchanges, mobilizing resources to recover the stolen assets. Their efforts have reportedly led to the freezing of over $1 million worth of funds. However, the thief has adapted its behavior in response to the freezing of assets, turning to the Russia-based Garantex exchange to launder the stolen assets, as noted by Elliptic.This recent attack adds to a series of notable breaches in the crypto industry. Jimbos Protocol experienced an exploit resulting in a loss of $7.5 million, and Tornado Cash faced a malicious proposal that seized control of its governance in May. According to a report by Chainalysis, crypto hackers made off with an estimated $3.8 billion in 2022, with North Korea being responsible for a significant portion of the attacks.

The Securities Commission Malaysia (SC), the statutory body tasked with regulating and developing capital markets within the Southeast Asian nation, has published a consultation paper in an effort to garner public feedback on potential enhancements to its crypto regulatory framework. In a press release published to its website on June 30, the SC claimed that its proposals seek “to enhance competitiveness of Malaysia’s regulated digital asset market, improve investor protection and strengthen the resilience and integrity of [Digital Asset Exchange] operators.”Photo by Vlad Shapochnikov on UnsplashEasing listing requirementsIn the event that the proposals are adopted, one key change would see a liberalization of the listing requirements for digital assets. Where certain key eligibility criteria have been met, the regulator would allow the listing of digital assets on digital asset exchanges without prior SC approval. The regulator stated that it wants to make this change in order to speed up the time taken to get digital assets to market as they emerge. By setting out additional criteria, there will be greater exchange operator accountability. Exchange operators would bear responsibility for listing tokens in compliance with the requirements set out by the regulator.  Assets could only be listed once those assets and the underlying protocol and network had undergone security audits which had been carried out by an independent and qualified blockchain security auditor, with the audit results made public.  For the purposes of the “Liberalised Listing Framework,” the asset must have been trading on a Financial Action Task Force (FATF)-compliant virtual asset service provider (VASP) platform for a minimum of one year. The regulator believes that easing the listing requirements will result in a broader digital asset product offering being made available in Malaysia. Last month, Thailand’s Securities and Exchange Commission (SEC) started a public consultation process aimed at revising token listing rules. Coin listing processes have also come under scrutiny from the authorities in South Korea recently. Segregating client assetsAmong the proposals is a plan to oblige exchange platforms to properly segregate client assets from operational funds and assets held by the exchange business. In recent years, many failed crypto exchange platforms, most notably FTX, got into difficulty by co-mingling customer funds with operational funds. Furthermore, the regulator doesn’t want any cross-over of assets between the local exchange operator and any overseas affiliate companies it may have.The SC stated that it is cognizant of recent global exchange failures, which has led it towards further enhancing crypto exchange operational governance and controls. It suggests that only 10% of client assets should be held by a Malaysian exchange in hot wallets, with the remaining 90% held in cold or offline wallets. The SC said that it welcomes feedback from members of the various stakeholder groups on the proposals outlined. The public consultation period runs from June 30 through Aug. 11.  Malaysia is expected to have 4.74 million crypto users by 2026. That would equate to 13% of Malaysians using crypto by then.