SEC Lawsuit Stalls Binance’s Gopax Acquisition Deal in South Korea

Remitano Struck by $2.7M Alleged HackHacks have been an unfortunate constant in the crypto and DeFi space with that reality having been compounded by news that Seychelles-based crypto exchange Remitano is believed to have been the victim of a $2.7 million heist.Photo by Growtika on UnsplashSuspicious transactionsIt’s understood that the firm encountered highly suspicious transactions, with the $2.7 million having seemingly vanished from its wallet, all at the hands of a single account. The incident unfolded on Thursday and has left blockchain analysts speculating about a potential security breach.The Remitano hot wallet initiated transfers to an address devoid of any prior transaction history. These transfers amounted to approximately $1.4 million in Tether (USDT), $208,000 in USD Coin (USDC), and 104,000 ANKR tokens (valued at $2,000 at the time). Those transfers raised concerns about the security of the platform.Israeli blockchain analytics platform Cyvers promptly sounded the alarm, notifying the crypto community about these suspicious transactions that had drained significant sums from Remitano’s coffers. This sudden event raised concern within the crypto space and naturally among Remitano customers.Tether freezes wallet addressAmid the growing apprehension, Tether, the issuer of USD stablecoin USDT, took decisive action by freezing the address associated with the alleged attacker. This swift intervention effectively halted any further movement of $1.4 million worth of drained cryptocurrency. Tether’s proactive response could potentially have prevented additional loss, preserving customers’ assets from further depletion.Remitano had remained notably silent initially in the wake of this incident, declining to issue any formal statement regarding the breach. It has since acted, as on Friday, it published a statement relative to the issue on its website. The absence of communication from the exchange had only fueled greater speculation surrounding the incident. However, the statement outlined:”On September 14, 2023, our Security Management team discovered a data breach from a third-party source that had compromised some of our sensitive information. As a result, a small amount of funds from the exchange’s hot wallets were transferred to suspicious wallet addresses through unauthorized withdrawal transactions.”Remitano, recognized as a peer-to-peer cryptocurrency exchange and payment processor, primarily caters to users in emerging markets across several countries, including Pakistan, Ghana, Venezuela, Cambodia, Kenya, Malaysia, India, South Africa, Vietnam, and Nigeria.The firm sought to reassure its customers:”As of now, Remitano ensures that users’ assets have NOT been and will NOT be affected by this incident. We are working tirelessly to uphold our commitment to ensuring the security and protection of your crypto assets.”Remitano was established in 2015; it is operated by Babylon Solutions Limited, which is headquartered in the Seychelles.Unfortunately, this episode adds to the troubling trend of cryptocurrency exchange hacks witnessed in 2023. Authorities in the United States have attributed these attacks to the Lazarus Group, a notorious cyber-crime organization allegedly linked to the North Korean government which has wreaked havoc globally although disproportionately so within the Asian region.

Taiwanese authorities have unveiled plans to criminalize cryptocurrency firms failing to comply with anti-money laundering (AML) regulations. The Ministry of Justice has proposed amendments to existing laws, mandating both domestic and overseas crypto entities operating in Taiwan to register for AML compliance. Non-compliance could result in imprisonment for up to two years, according to Deputy Minister of Justice Huang Mou-hsin.Photo by Jack Brind on UnsplashStricter enforcement measuresCurrently, authorities can only impose administrative penalties on non-compliant crypto firms. However, with the proposed amendments, such violations would be deemed criminal offenses, potentially leading to prison sentences. Overseas crypto platforms would be required to establish local entities and apply for AML registration to avoid criminal penalties. Regulatory landscape and industry responseSince July 2021, Taiwan has mandated cryptocurrency service providers to adhere to AML laws introduced by the Financial Supervisory Commission. However, the crypto industry largely remains unregulated. Proposed amendments also aim to incorporate cryptocurrencies into existing AML laws, stipulating penalties of six months to five years in prison and fines of up to NT$50 million ($1.5 million) for money laundering using cryptocurrency. The amendments are set to undergo review by Taiwan's national parliament, the Legislative Yuan. Concurrently, Taiwan's crypto sector is in the process of forming an industry association, with the Ministry of the Interior approving the application in March. By establishing this association, crypto firms aim to develop self-supervisory rules aligned with FSC guidelines, with a deadline set for the end of June to finalize preparations and officially establish the association. 

Singapore’s UniPass Plays Role in ERC-4337 Vulnerability FixSmart contract wallet provider UniPass and crypto infrastructure firm Fireblocks have successfully addressed a significant vulnerability in the Ethereum ecosystem.Photo by Nenad Novaković on UnsplashAccount abstraction vulnerabilityThis vulnerability, identified as the ERC-4337 account abstraction vulnerability, posed a critical security risk to hundreds of mainnet wallets. The joint effort between Fireblocks and UniPass was detailed in a blog post published to the Fireblocks website on Thursday.This vulnerability, if exploited, could have enabled a malicious actor to execute a complete takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. The vulnerability represented a substantial threat to the security of smart contract wallets, as it could lead to unauthorized access and fund drainage.Improving user experienceAccount abstraction, as dealt with via ERC-4337, is a mechanism that introduces a novel way of processing transactions and interacting with smart contracts on the Ethereum blockchain. It allows for a more flexible and efficient handling of transactions, transcending the traditional distinction between externally owned accounts (EOAs) and contract accounts.EOAs are controlled by private keys and can initiate transactions, while contract accounts are governed by the code of a smart contract. When an EOA initiates a transaction with a contract account, it triggers the execution of the contract’s code. Account abstraction introduces the notion of abstracted accounts, which are not tied to a specific private key and can initiate transactions and interact with smart contracts, similar to EOAs.In the context of ERC-4337, an account executing an action relies on the EntryPoint contract to ensure that only signed transactions are executed. Typically, these accounts trust a single audited EntryPoint contract to validate user operations before executing commands. However, the vulnerability resided in the fact that a malicious or buggy EntryPoint contract could potentially skip the validation step and directly call the execution function, bypassing essential security measures.This vulnerability, identified by the two firms, had allowed attackers to seize control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once this takeover was completed, the attacker could access the wallet and drain its funds.It’s worth noting that the vulnerability posed a threat to several hundred users who had activated the ERC-4337 module in their wallets, making them susceptible to exploitation by any actor on the blockchain. Fortunately, the wallets affected by this vulnerability contained only small amounts of funds, and swift mitigation efforts were successful in preventing further harm.Company mergerEarlier this year, Singapore’s UniPass merged with Chinese wallet provider Keystone to form Account Labs, a company which has been incorporated in Singapore. At the time, Keystone founder Liu Lixin outlined that further developing account abstraction-derived products was the objective of the creation of Account Labs. He stated:“We are on the cusp of a Web3 Account Abstraction revolution. Together, we’ll drive rapid transformation, making the transition from Web2 to Web3 effortless for users. Our goal is to ensure everyone can securely and smoothly manage a decentralized account. We welcome partners to join us in advancing the Web3 account domain.”In furthering that objective, Account Labs announced on Thursday that it had raised $7.7 million in a funding round led by Amber Group, MixMarvel DAO Ventures, and Qiming Ventures.