South Korea sanctions North Korean tech workers for cybercrimes and crypto theft

Hong Kong and Israel Collaborate to Expand CBDC Access Beyond BanksIn a collaborative effort, the Hong Kong Monetary Authority (HKMA), the Bank of Israel (BoI), and the Bank of International Settlements (BIS) Innovation Hub have jointly released a comprehensive report on Project Sela, a central bank digital currency (CBDC) initiative.Photo by POURIA 🦋 on UnsplashBroadening the role of intermediariesThe report was published to the BIS website on Tuesday. In keeping with the trend of many CBDC projects, Project Sela is characterized by a robust public-private partnership. However, its particular focus lies in broadening the spectrum of intermediaries, aiming to offer retail CBDC services through a more diverse array of service providers, thereby reducing dependency on traditional banks and major payment providers.Andrew Abir, Deputy Governor of the Bank of Israel, emphasized the importance of fostering a dynamic and open ecosystem with a wide variety of service providers. He stated:“Competition and innovation require a flourishing and open ecosystem with many different types of service providers. This was our initial goal in Project Sela as a proof-of-concept, and the project proved the feasibility of the model we had in mind.”Involving retail banksIn a previous model explored through Hong Kong’s Project Aurum, retail banks were entrusted with customer-facing tasks while maintaining the central bank’s operation of the wholesale ledger for the eHKD. In contrast, Project Sela introduces a novel approach where the central bank operates the retail ledger — a model akin to Israel’s digital shekel.The primary actors in Project Sela, known as Access Enablers (AEs), notably do not have control over CBDC balances, distinguishing them from conventional payment providers. Moreover, AEs are not required to maintain liquidity to support CBDC services. Their role encompasses facilitating user onboarding and CBDC access, fulfilling know-your-customer (KYC) and compliance obligations, and routing payments. The role of banks and other “funding institutions” primarily revolves around enabling the conversion of cash and deposits into CBDC.The rationale behind this approach is rooted in the emergence of technological advancements in open banking and DeFi, which have demonstrated the potential to disentangle financial services by granting users greater access to their financial data and control over their own funds.Enabling participation among the unbankedProject Sela envisions the unbanked population utilizing ATMs to convert cash into CBDC. A similar approach has recently been taken by the Chinese authorities. In the resort city of Sanya, authorities have introduced e-CNY ATMs in order to enable e-CNY access for foreign tourists.However, it is noteworthy that in many countries, the primary function of ATMs is to dispense cash rather than accept it. Consequently, the inclusion of AEs could pose challenges to traditional banking institutions, as CBDC adoption could potentially impact bank deposits.Privacy and cybersecurity considerations are implicated within Project Sela. As the central bank operates the retail ledger, ensuring the confidentiality of personal information becomes imperative. To safeguard privacy, AEs employ a hashing mechanism to obfuscate personal identifiers, although the report does not delve into the subject in detail.While Bank of Israel Governor Amir Yaron admitted that a CBDC can never be anonymous, he claimed that “if we choose to issue a digital cash shekel, it will provide at least as much privacy as other digital means of payment.”

Japan Set to Tighten Crypto AML RulesJapan is working on tightening anti-money laundering (AML) rules relative to digital assets shortly. That’s according to a report by local media outlet Kyodo News.The stricter enforcement measures will take effect from June 1. The objective is to include the tracing of cryptocurrency asset transactions into the legal framework relative to AML, and in that way, bringing the application of AML in Japan into line with global standards.Photo by Louie Nicolo Nimor on UnsplashTravel ruleIn December of last year, the Financial Action Task Force (FATF), a global money laundering and terrorist financing watchdog based in Paris, France, deemed that the approach taken to crypto-related AML in Japan fell short of international requirements and best practice.Specifically, it’s the FATF’s “travel rule” that the Japanese are about to implement. Otherwise known as FATF Recommendation 16, the travel rule is a set of guidelines devised to prevent both terrorist financing and money laundering.The measure puts an onus on all crypto companies to screen all crypto transactions that exceed the value of $1,000 or a variance of this amount based on implementation by each FATF member state. As an example, in the United States, the FATF travel rule is being implemented with transaction monitoring being applied on transactions to the value of $3,000 and above.Once identified, the crypto firm must record details of the transaction and communicate that information, including both sender and recipient data, to the authorities. That would involve the sender and receiver’s legal names, their account numbers, and addresses. Relevant transaction activity includes exchanges between one or more forms of digital currency and the transfer of virtual assets.G7 alignmentThe move follows a decision taken at a Japanese cabinet meeting on Tuesday, as a direct response to FATFs recommendations. Following discussions earlier this month, the intergovernmental political forum of the G7 group of countries indicated its support for the FATF’s call for the establishment of the travel rule as a global standard. Japan is currently leading the group through its G7 presidency and likely wants to align with the views of its international peers.The country had been moving towards travel rule implementation in the past but in a less decisive way. Two years ago, Japan’s Financial Services Agency (FSA) requested virtual asset service providers (VASPs) to implement the travel rule. In a self-regulatory approach in 2022, the country’s Virtual Currency Exchange Association issued a recommendation for members to apply the rule.Those approaches lacked teeth, leading to a cabinet decision to amend existing legislation late last year and this more recent move to apply and enforce the rule.Regulatory frameworkWhile Japan may not be top of the class in terms of AML regulation relative to crypto, it is a forerunner in terms of crypto regulation generally. It was the first country in the world to suffer a serious crypto-related failure when the Mt.Gox cryptocurrency exchange collapsed in 2014.The fall-out from that collapse led to the Japanese introducing more stringent regulations although it took until 2017 to get them implemented. As a consequence, when the next major collapse occurred, the fall of FTX in November 2022, the Japanese have fared much better than investors located elsewhere. Regulation meant that a separate Japanese entity, FTX Japan, was established. It had to adhere to stricter conditions, meaning that FTX Japan customers have been allowed to withdraw their funds since February while their international counterparts must undergo a much longer process to recover their funds.

Phemex, a Singapore-headquartered crypto derivatives trading platform, has halted withdrawals following a multi-million dollar hack.Photo by GuerrillaBuzz on UnsplashHot wallet compromisedIn a message to platform users published to social media, the project stated: “To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon.” In further commentary, the project apologized for the disruption, assuring service users that its mission remains to provide a trusted trading environment, while outlining that it is working on putting together a compensation plan. It added that “Our ongoing business operations are fine,” and that “trading services continue as usual.” The digital assets were removed from the platform over multiple blockchains including Polygon, Arbitrum, the Base network and BNB. Blockchain analytics firm Lookonchain itemized some of the assets that are believed to have been stolen. They include 3.48 million USDC stablecoin, 3.42 million USDT stablecoin, 841 ETH valued at $2.7 million, 110,701 LINK valued at $2.69 million, 142 billion PEPE tokens valued at $2.12 million, 1.19 million FET tokens valued at $1.45 million and 29,509 AVAX tokens valued at $1.04 million. Initial reports put the loss at $31 million. However, Web3 security firm Cyvers later claimed that $37  million covers the full extent of the loss. Following deeper analysis, it found that both Bitcoin and TRON blockchains had also been impacted, resulting in the overall loss being increased by a further $6 million. Cold wallet assets are safeThe company’s CEO Federico Variola, published a post on X advising service users that all of the assets held within the company’s cold wallets remain safe. He included a link to the Phemex proof of reserves, encouraging customers to check it. In a follow-up post, he wrote: “We are currently carefully testing our system to reprise withdrawals as soon as possible. Due to the sophistication of the threat actor we cannot rush this stage. The estimated timeline to reprise full operations is within 24h, thank you for your support.” The XNET Foundation, a non-profit entity that develops decentralized wireless networks, said that it is actively working with the Phemex team on the production of an exploit report following the incident. It added that “It has been confirmed that tokens sent to the exchange for a launchpad pool were compromised as part of this exploit.” Ongoing problemCrypto hacking remains a major concern within the digital assets sector. Blockchain security firm PackShield reported recently that $1.3 billion had been laundered from crypto hacks in 2024. That statistic demonstrates that the problem is worsening as it accounts for a $342 million or 280% increase when compared with 2023. In December a Chainalysis report found that 61% of the hacking losses suffered in 2024 implicated the involvement of North Korean hackers. It estimated crypto hacking losses of $2.2 billion for 2024, based on losses associated with 303 hacking incidents.