CertiK Skyfall research team inducted into Samsung Mobile Security Rewards Program Hall of Fame

Suspected Malicious Activity Drains AnySwap Tokens via Multichain ExecutorAccording to an on-chain sleuth known as Spreek, a person is using the Multichain Executor to drain tokens associated with the AnySwap bridging protocol.Multichain is a cross-chain routing network, established and maintained by a Chinese developer team. It supports in excess of 25 blockchains and more than 1,100 tokens.Photo by Marek Piwnicki on Unsplash$100 million outflowThis revelation comes after abnormal outflows of over $100 million from Multichain bridges on July 7, which were flagged by the Multichain team. Spreek’s report via Twitter on July 10 states that the Multichain Executor address has been draining anyToken addresses across multiple chains and transferring them to a new externally owned account (EOA).Evidence provided in the report includes an Ethereum transaction, 0x53ede4462d90978b992b0a88727de19afe4e96f0374aa1a221b8ff65fda5a6fe, which called the “anySwapFeeTo” method on the Multichain Router: V4 contract. This transaction resulted in approximately $15,275.90 worth of anyDAI being minted on Ethereum, sent to the Multichain Executor, burned, and exchanged for the underlying DAI backing the asset.The funds from these transactions were sent to the following address:0x1eed63efba5f81d95bfe37d82c8e736b974f477b. Similarly, on the BNB Smart Chain (BSC), the Multichain Executor used the anySwapFeeTo function to convert $208,997 worth of anyUSDC into Binance-pegged USDC and sent them to the same address. Additionally, 50.80 anyBTC, equivalent to $39,251.43 at the time, was converted into Binance-pegged Bitcoin and sent to the address.In total, approximately $263,524.33 worth of tokens were sent to this address through the anySwapFeeTo method. Spreek suggests that this behavior could be part of the protocol’s normal functioning. However, a different account engaged in similar activity the day before and ultimately sold the drained tokens, indicating malicious intent.Potential exploitSpreek theorizes that the attacker may be exploiting the anySwapFeeTo function by setting fees to an arbitrarily large amount, allowing them to drain users’ funds. The function apparently permits setting any value, enabling the address to choose the total value of the token held in that anyToken.The Multichain incident has puzzled blockchain analysts, as it remains unclear whether it resulted from an exploit or if it was simply large token-holders moving their funds between networks. The mystery began on July 7 when over $100 million worth of tokens were withdrawn from the Ethereum side of Multichain’s bridges and transferred to wallet addresses with no prior transactions. This represented the majority of funds held on each bridge.Hack or rug pullThe Multichain team labeled these withdrawals as “abnormal” and advised users to stop using the protocol. However, they have not disclosed the source or nature of the anomaly. In response to the incident, stablecoin issuers Circle and Tether froze some of the addresses involved in the suspicious transactions. Chainanalysis, a blockchain analytics firm, has commented that the incident appears more like a hack or rug pull rather than a migration.Adding to the complexity, the Multichain team has reported that their CEO is missing, and they have shut down certain bridges due to losing access to some of the network’s multi-party computation network servers. There have been various concerns relative to Multichain since May. The situation continues to evolve, with ongoing investigations and efforts to mitigate any potential damage caused by the suspected malicious activity.

Binance Introduces Dedicated Trading Platform in JapanGlobal cryptocurrency exchange Binance made an announcement on Friday regarding its plans to establish a new trading platform exclusively for residents of Japan.The move is in compliance with Japanese laws and regulations, and a demonstration of the company coming into line with Japan’s legal and regulatory framework relative to crypto assets and crypto asset trading. While specific details such as the platform’s launch date are yet to be disclosed, Binance has assured its Japanese customers that this information will be provided in the near future.Photo by Bagus Pangestu on PexelsPlatform transitionIn terms of scheduling, we do know that a new know your customer (KYC) verification process will be available after August 1, to migrate to the new local platform for existing Japanese users on the global platform. As part of the transition process, Binance will be sending out information to Japanese residents who currently utilize their global trading platform. This communication will include instructions on procedures including further information on identity verification.To facilitate a smooth transition, Binance’s global trading platform will cease providing services to Japanese residents on November 30, 2023. Additionally, there are plans to change the company name from Sakura Exchange Bitcoin to “Binance Japan Co., Ltd.”This development marks Binance’s initial foray into the Japanese market firmly under its own brand. In November 2022, the company entered the country by acquiring Sakura Exchange Bitcoin (SEBC). The forthcoming trading platform, dedicated exclusively to domestic residents, represents the first step in Binance’s strategic approach to the Japanese market.The new services on the platform are set to launch during the summer, with future expansion plans to broaden that offering further. Binance also intends to introduce initiatives in Japan that leverage its ecosystem, including the provision of free educational resources through “Binance Academy” to promote Web3 education.Service offeringThe newly created entity will offer crypto spot trading with fiat deposit and withdrawal facility to its Japanese customers. Crypto lending products will be provided through a digital asset earn program. For those who like to dollar cost average (DCA), an automated recurring purchase feature will be provided.In 2021, Binance introduced an NFT marketplace and that will be a service that it will also extend to its Japanese customers. Upon launch of the dedicated service, crypto derivative trading will not be offered although it is understood that it may be offered at a later stage. Derivatives are likely to be under much closer scrutiny by the Japanese regulator than Binance’s other products.It is worth noting that Binance had previously received a warning from the Financial Services Agency (FSA) for offering cryptocurrency trading services to Japanese residents without proper registration. With its full-fledged entry into the Japanese market, it remains to be seen what impact this move will have. Will it accelerate the regulatory landscape and the adoption of Web3 technology in Japan from a global perspective?Additionally, how smoothly will Binance be able to acquire new accounts while competing with domestic business operators? These developments warrant close attention as they unfold.

Taiwan to review crypto ETFs amid developments overseasThe Financial Supervisory Commission (FSC) in Taiwan has disclosed its close examination of foreign cryptocurrency futures products and exchange-traded funds (ETFs), signaling a potential shift in its regulatory approach.According to a report in Chinese-language financial newspaper, Taiwan’s Commercial Times, the FSC aims to gradually ease restrictions, aligning its stance with global market conditions.Photo by bordercollie 1712 on UnsplashResponding to crypto ETF activity internationallyThe Taiwanese regulator is carrying out this exploration against the backdrop of significant global developments. The possibility of the Federal Reserve cutting interest rates and the upcoming review by the U.S. Securities and Exchange Commission (SEC) of the spot bitcoin ETF in January next year are key factors influencing the FSC’s considerations.The anticipation surrounding the Bitcoin halving in April, combined with speculation that a spot bitcoin ETF approval is imminent in the U.S., have contributed to a 145% surge this year in Bitcoin’s unit price, adding momentum to that regulatory contemplation in Taiwan. There has been speculation that BlackRock, the world’s largest fund manager, is already preparing for the approval of its iShares Bitcoin Trust ETF.Recognizing the potential impact of a Bitcoin index stock fund, contingent on SEC approval and subsequent public investment permission, the FSC is closely monitoring global trends.Closer to home, it emerged last month that Hong Kong’s Securities and Futures Commission (SFC) is actively exploring the possibility of permitting retail participation in a spot crypto ETF. Domestic investment banks in Taiwan, attuned to these developments, have expressed longstanding interest in introducing similar crypto products.The FSC draws parallels with global counterparts, citing the proliferation of cryptocurrency futures products and ETFs in various markets.Cautious regulatory reviewAdopting a phased approach, the FSC emphasizes self-discipline and standards in relaxing regulations around crypto ETFs. This cautious strategy aligns with Taiwan’s historical prudence, previously observed in the delayed approval of cryptocurrency ETFs and blockchain ETFs due to concerns over volatility and speculative nature.As Taiwan contemplates a significant move into the cryptocurrency ETF domain, industry players remain cautiously optimistic. While some had considered private placements for overseas cryptocurrency ETFs, challenges such as tightened regulatory supervision and concerns over errors and price lags prompted a reevaluation.Earlier this month, ETF issuer ProShares launched its short Ether-linked ETF product on the New York Stock Exchange’s Arca, using the ticker symbol SETH. Spot bitcoin ETFs have been launched in Canada, Germany, Australia and Brazil. The products have also been made available via tax havens such as the Cayman Islands, Jersey, Liechtenstein and Guernsey.The regulator in Taiwan hints at a potential strategy involving “cryptocurrency concept ETFs.” These funds could invest in cryptocurrency-related software and hardware vendors, offering investors exposure to the industry without direct linkage to cryptocurrency price fluctuations.