Crypto Travel Rule solutions provider CODE obtains ISO/IEC 27001 certification

HK Regulators Facilitate Dialogue between Banks and Crypto EnterprisesIn a recent column, Arthur Yuen, Deputy CEO at the Hong Kong Monetary Authority (HKMA), stated that the HKMA and the Securities and Futures Commission (SFC) will jointly convene a meeting on Friday to share opinions on providing banking services to virtual asset service providers (VASPs).Proportionate CDD measuresYuen said that banks should “differentiate the risk levels of customers and apply proportionate CDD [customer due diligence] measures,” and “refrain from adopting a ‘one-size-fits-all’ approach to reject account opening applications.” To address misconceptions about CDD, the HKMA issued a circular on Thursday, offering further clarification and sharing notable cases and best practices.The HKMA called on banks to enhance employee training on account opening procedures and create task forces to help companies seize new business opportunities. The HKMA plans to actively take part in developing and introducing international standards, and provide guidance and support for banks to adopt appropriate anti-money laundering measures.SFC’s guidelines in MayMeanwhile, SFC CEO Julia Leung said in a discussion with Bloomberg that the SFC will issue virtual asset guidelines in May.Reactions on TwitterIn his tweet, Justin Sun, the founder of blockchain DAO ecosystem Tron, hinted at the potential development of a Tron-based stablecoin in Hong Kong. The Hong Kong Innovation Encryption Fund (HKIEF), an investor in blockchain projects, also took to Twitter to predict the details of a regulatory framework for cryptocurrencies in the city.According to HKIEF, USDT and USDC will be classified as security tokens, while BTC and ETH won’t be deemed securities. Exchanges trading non-security tokens will need both a VASP license and a trust license. Hong Kong-based virtual asset exchanges will be required to obtain a full license by May 31, 2024.

Nomura-Backed Digital Exchange Acquires Trading License in DubaiKomainu, a digital exchange backed by Japanese financial services conglomerate Nomura, has achieved the milestone of acquiring an operational license in Dubai.The occasion marks a significant moment for Komainu’s expansion efforts in the Middle East, highlighting the progress the company has made in terms of regulatory approval. It follows Komainu’s previous success in obtaining its MVP license in November 2022, establishing the company as one of the first entities to receive such authorization from the local regulator.The operational license was granted by Dubai’s Virtual Asset Regulatory Authority (VARA) on Friday, with the firm being added to the regulator’s virtual asset service provider register.Photo by Emma Harrisova on UnsplashEnabling a broader service offeringWith this operational license in hand, Komainu is now equipped to introduce extended institutional staking and collateral management services to clients within Dubai. These services will be facilitated through Komainu Connect, a purpose-built platform tailored to cater to the precise needs of institutional clients.While Komainu is a Jersey-based entity, the company has an active presence in the Dubai market as it has established subsidiary firm Komainu MEA FZE, which is based within the city. This local presence indicates Komainu’s intention to play an active role in the institutional digital asset business in the region.Dubai growth potentialSebastian Widmann, Head of Strategy at Komainu, emphasized the exciting growth prospects that Dubai’s flourishing digital asset ecosystem offers. He noted that the region is currently experiencing an influx of assets driven by the launch of new exchanges.Widmann stated: “Dubai has a vibrant digital asset ecosystem and impressive talent pool, and we are proud to contribute to the growth of this innovative financial hub.” He further emphasized that Komainu’s presence and its favorable regulatory status position the company uniquely as it embarks on the next phase of its business journey.It’s been a good month for Nomura-backed digital asset businesses in Dubai. A few weeks ago, another Nomura-funded company, Laser Digital Middle East FZE, was also successful in acquiring an operating license from VARA.VARA’s approach to crafting regulations has been instrumental in fostering a framework that supports permissible activities and services for customers and investors in Dubai. These regulations are designed to enhance clarity, establish certainty, and mitigate potential market risks. VARA’s overarching objective is to create a model framework that promotes both global economic sustainability and innovation.Bridging market gapFounded in 2018, Komainu’s inception was driven by the need to bridge a gap in the market by delivering secure and compliant custody services for institutional players venturing into digital asset investments.Komainu’s foundation is built upon a strategic joint venture involving prominent entities such as Nomura, CoinShares, and Ledger. It acquired its first client for Komainu Connect, the firm’s regulated settlement and custody system for institutions, in June when it signed up Seychelles-based crypto exchange OKX to the service.Headquartered in Jersey, the Jersey Financial Services Commission (JFSC) and Dubai’s Virtual Asset Regulatory Authority (VARA) now provide regulatory governance where Komainu’s activities are concerned.

Socket, a cross-chain infrastructure protocol, and its interoperability bridging platform, Bungee, have restarted operations following a temporary pause prompted by an exploit that led to the apparent theft of $3.3 million.Photo by Anna Tarazevich on PexelsSecurity incidentTaking to the company’s Discord, Socket team hospitality lead Taylor Melvin clarified that it had “experienced a security incident which affected wallets with infinite approvals to Socket contracts.” The incident, which occurred on Tuesday, involved an unknown attacker draining millions worth of stablecoins and other tokens from the Bungee bridging aggregator. The attackers targeted wallets with infinite approvals to Socket contracts, exploiting authorizations for blockchain-based tools that allow applications to access tokens in a user's wallet. Security researcher "@speekaway" was the first to flag the exploit on Tuesday. The attacker's wallet, connected to the exploit, held nearly $3 million in ether (ETH) and $300,000 worth of other tokens. By 2:47 p.m. ET, the attack seemed to have ceased, with the researcher recommending users to revoke approvals for Socket to safeguard their assets. Pausing contractsIn response to the security breach, Socket announced the pause of affected contracts on Tuesday at 3:15 p.m. ET. The project's team promptly identified and addressed the issue, taking swift action to mitigate the exploit's impact. @speekaway chimed back in once contracts had been paused, writing:”Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax.” Normal service returnsAs Socket paused activity during the incident, preventing further propagation of the attack, developers worked to fix the issue. Early Wednesday, Socket developers announced that the problem had been resolved, and normal activities had resumed. The team also stated that plans for compensation were in progress. Cross-chain bridges, like Socket's Bungee, facilitate token transfers between different blockchains but remain susceptible to exploitation. Blockchain security and data analytics company PeckShield confirmed that at least $3.3 million had been lost, highlighting the need for enhanced security measures in the rapidly evolving blockchain ecosystem. The exploit involved the exploitation of a recently added route, which has since been disabled. The attacker targeted users who had over-approved Socket, draining funds up to the limit of their approval. This incident follows the $81 million hack of Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, earlier in January. Cross-chain tools' complexity contributes to the frequency of such attacks, emphasizing the importance of understanding the security measures in place when utilizing these bridges. In a message to CoinDesk, Sergey Nazarov, co-founder of Chainlink, emphasized the need for users to scrutinize the security of their chosen bridge, considering the various levels of cross-chain security. With the complexities involved, users are encouraged to be vigilant and informed about the security spectrum of the bridges they employ. Socket was founded by Indian duo Rishabh Khurana and Vaibhav Chellani. In September, the company raised $5 million, with funding coming from Framework Ventures and Coinbase Ventures.