New York Bans CoinEx While Seizing Crypto Assets

Safeheron, a Singapore-based provider of digital asset self-custody solutions for institutions, has released the world’s first open-sourced trusted execution environment (TEE) related to Intel Software Guard Extensions (SGX).  The Intel SGX is a hardware-based security technology integrated within some Intel processors. It enables application developers to run application code within a secure isolated environment, while preventing access to that code or modification of it by other applications or by the operating system running on that hardware.Photo by Shubham Dhage on UnsplashAddressing Web3 security & scalability challengesThe Intel SGX enables a TEE, creating a black box for computation. In a blog post published by Safeheron on May 6, the company claimed that its open-source framework “addresses fundamental security and scalability challenges within blockchain and Web3 ecosystems, offering broad potential for deployment across critical scenarios.” The company asserted that the enabling of off-chain TEEs as achieved by its framework, provides for robust blockchain layer-2 scaling, together with privacy-preserving computation. In this way, layer-1 blockchain load can be minimized while enhancing network throughput and verifiability. Safeheron further claimed that this all paves the way for the evolution of a trusted “second execution layer” for decentralized applications. Overcoming Intel SGX complexitySafeheron developed the TEE framework using C++, a high-level object-oriented programming language. The firm open-sourced the SGX framework due to the significant challenges that developing with Intel SGX poses, arising from its complexity and its engineering overhead. On X, the company claimed that the new framework reduces SGX TEE development complexity, enabling developers to build applications securely for blockchain, cloud security and privacy computing. The framework optimizes advanced cryptographic support, enhanced testing capabilities, high-level API design and secure and encrypted file input and output. Moving beyond closed and opaque systemsSafeheron added that it open-sourced the framework as it had seen concern expressed within the Web3 sector regarding the development of closed and opaque systems, with that concern elevated in relation to ongoing security failures related to Web3 platforms. Safeheron CEO Wade Wang told Cointelegraph that in open-sourcing the framework, the firm is “not threatened by competitors,” but that it is concerned about “slow innovation due to closed systems.” The Singaporean firm was established in 2021. It counts HashKey Capital, Bixin Ventures, Antalpha Ventures, M77 Ventures and Kryptos among its investors. Back in 2022, it raised $7 million in a pre-Series A funding round. At the time, the project’s mission was to make private keys, which individuals use to control and self-custody their digital assets, safer. In terms of products offered, the company markets its MPC Node Suite, a white-label solution that allows clients to build out multi-party computation (MPC) wallet-based applications. It also offers Keyless Wallets that facilitate the development of wallets that don’t require traditional keys.  In February crypto exchange platform BYDFi partnered with Safeheron, leveraging its MPC technology and TEE to build out a key management system.

On Wednesday, the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong launched investigations at six premises controlled by Worldcoin, the biometric cryptocurrency project established by Sam Altman, the CEO of OpenAI. Potential personal data privacy risksIn a statement, the Privacy Commissioner expressed serious concerns about potential risks to personal data privacy. The PCPD executed warrants as part of the inquiry into Worldcoin's identity verification project, particularly focusing on the use of iris-scanning orbs for identity verification. The PCPD urged Hong Kong residents to consider the implications of Worldcoin's biometric data collection and emphasized the importance of evaluating the legitimacy of such data collection. The Commission also advised individuals to inquire about the purpose of data collection, the intended use of the data, the classes of entities with access to the data, the retention period of biometric data and the safety measures implemented to protect sensitive information. "The PCPD is concerned that the operation of Worldcoin in Hong Kong involves serious risks to personal data privacy, and believes that the collection and processing of sensitive personal data by the relevant organization may be in contravention of the requirements of the Personal Data (Privacy) Ordinance," stated the privacy watchdog. The Commission highlighted that any personal data controlled by Worldcoin must be collected for a lawful purpose related to the project's function or activity, with the information collected from users' irises deemed sensitive according to regulatory guidelines.Photo by Harpreet Singh on UnsplashGlobal scrutinyWorldcoin, which commenced operations in 2021 and officially launched in July 2023, has faced regulatory scrutiny in various countries due to privacy concerns. As of December 2023, Worldcoin reported that over 5 million people had created accounts using their identities. However, the project's approach to identity verification through iris scanning has triggered investigations and actions by regulators. Notably, the project suspended services in Kenya and halted iris scans in India in response to regulatory challenges.  The company’s activities in the French and Brazilian markets have been suspended. Last year the UK’s Information Commissioner’s Office said that it would make further enquiries into the company’s activities. Meanwhile, the German data watchdog has been investigating Worldcoin since 2022. In an effort to clarify the efforts the company is making to achieve compliance across international jurisdictions where data privacy is concerned, Worldcoin recently published a blog post on the subject. Within it, the company states that it “is designed to be fully compliant with all laws and regulations governing data collection and data transfer." Despite its ongoing regulatory challenges, Worldcoin CEO Alex Blania remains steadfast in advancing the project's mission, stating recently:"We race toward billions of users as fast as we possibly can."  The project closed out 2023 by expanding into Singapore. The privacy concerns surrounding Worldcoin underscore the growing importance of balancing technological innovation with robust data privacy regulations to ensure the protection of individuals' sensitive information.

Japan Tops Crypto Losses to North Korean HackersHackers affiliated with the North Korean regime have been responsible for the theft of $721 million in digital assets from Japan.That’s the finding of a recent report by UK-based crypto compliance analysis firm Elliptic. Elliptic had produced the report on behalf of Japanese news media group, Nikkei. It leaves Japan at the top of the table when considering the distribution of digital asset losses suffered due to North Korean hackers on a country by country basis.Photo by FLY:D on UnsplashIncreasing lossesElliptic has the wherewithal to track and identify blockchain-based transfers. As part of its analysis, it grouped by region and by country those businesses that it identified as having cryptocurrency holdings that later were transferred to digital wallets held by the Lazarus Group, the most notorious hacker group connected with the North Korean government. It’s the first such analysis to break down crypto-related hacking losses on a country by country basis.The study included a consideration of both hacking and ransomware attacks. The loss associated with Japanese-based entities represents in excess of 30% of the global recorded loss. This latest analysis follows a recent report submitted to the United Nations which found that North Korea stole more digital assets in 2022 than any other year. That report had been submitted to the 15 members of a North Korea sanctions committee, finding that between $630 million and $1 billion worth of digital assets had been stolen.Lax securityElliptic’s analysis and subsequent report point to lax security being employed within Vietnamese and Japanese cryptocurrency marketplaces. Nikkei referred to an unnamed source who asserts that at least three Japanese cryptocurrency exchanges had been compromised by hackers between 2018 and 2021.One of those instances involved Zaif, a company that lost $51.4 million in 2018 and subsequently shut down operations. Overall, Elliptic estimates a global loss of $2.3 billion to hackers between 2017 and 2022 in digital assets, as suffered by crypto firms. It also estimates such losses suffered in the United States at $497 million, while Hong Kong-based losses have been calculated at $281 million.International responseIn April, the Office of Foreign Assets Control (OFAC) within the Department of the Treasury in the United States stated that it had sanctioned two Chinese nationals and a Hong Kong British national for allegedly having aided the North Korean government in crypto money laundering activities.On Saturday, a joint statement was issued by the Group of Seven finance ministers and central bank governors, following a meeting in Japan, outlining the “growing threat from illicit activities by state actors.” It’s widely believed that the proceeds of these hacks are contributing towards the funding of North Korea’s missile program and other such activities that threaten stability within the region.The Japan External Trade Organization (JETO) has estimated that the estimated $721 million stolen from Japan amounts to 8.8 times the value of North Korea’s exports in 2021.