Korean Crypto Exchange Alliance Launches Its Official Website

Several South Korean crypto-only exchanges have long been struggling to keep their business afloat due to their prolonged weak performances. The local news outlet Etoday reported that the persistent underperformance of these local crypto exchanges is mounting pressure on their corporate operation and management, resulting in them shutting down their businesses. The situation hinders them from meeting the requirements set by the Financial Intelligence Unit (FIU) of the Financial Services Commission (FSC).  Their inability to generate sufficient revenue, due to faltering token trading volumes, makes complying with the FIU guidelines a daunting task.Photo by Anne Nygård on UnsplashCascading closure of crypto exchanges According to crypto industry insiders, local crypto-only exchanges including Cashierest, Coinbit, Huobi Korea, Probit and Tennten have announced their service closure as early as the second half of last year. On Nov. 6, Cashierest announced it was shutting down its services, with Coinbit following suit in the same month. The cascading closure announcements from crypto exchanges raised concerns about their potential harm on investors.  In an effort to protect crypto investors, the FIU has released a statement that local crypto exchanges are obliged to meet the requirements of the FIU in compliance with the Virtual Asset User Protection Act, despite their closing of services. Furthermore, the regulator said finalizing business closure requires due assessment by the FIU.  "Virtual asset service providers (VASPs) must notify their users of the closure and explain how to reclaim their assets at least one month before the business closing date. They must also support users to withdraw their assets for at least three months before closing," the FIU stated.  Struggling to meet FIU requirements However, some point out that it would be challenging for near-bankrupt crypto exchanges to run a customer service center for more than three months. Some exchanges allow users to deposit and withdraw their assets until their closure, as they would under normal conditions, but charge additional fees afterward. "It is very demanding to operate customer services when we're seeing no actual gains," one exchange official said.  It has been found that some crypto exchanges failed to register a change in their business state with the FIU, which is mandatory in the event of business location or contact changes, under the Financial Transaction Reports Act.  When Etoday reporters visited the offices of some of these crypto exchanges, they were met with empty rooms. One person who is familiar with the matter said, "The exchange has moved its office to another location and is scheduled to resume service in March." 

Duncan Chiu, a member of Hong Kong's Legislative Council, has expressed concerns over the stringent regulations imposed on cryptocurrency exchanges by the Securities and Futures Commission (SFC). In an opinion piece for the Hong Kong Economic Journal, Chiu argued that these rigorous standards have deterred major global exchanges from entering the Hong Kong market, undermining confidence in the region's commitment to developing Web3 technologies. He highlighted the recent withdrawal of license applications by prominent exchanges such as OKX, Gate.io and HTX as indicative of the flaws in the current regulatory framework.Photo by Chapman Chow on UnsplashLicensing system and industry developmentChiu criticized the fragmented approach to policy development for Hong Kong’s virtual asset market, noting that various aspects like VATP (Virtual Asset Trading Platforms), stablecoin issuance and virtual asset over-the-counter trading are managed by different departments without strategic industry consideration. He also mentioned feedback from license applicants who feel that the authorities lack a forward-thinking vision for fintech and are applying traditional financial principles too rigidly to the dynamic and innovative sector of Web3. Furthermore, Chiu pointed out the disconnect between the industry and regulators, particularly in the experience required of management in licensed crypto operations versus the practical experience of regulators in Web3, complicating effective communication and progress. 

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.