Singapore Prime Minister issues warning on AI-generated crypto scam

Singaporean regulator, the Monetary Authority of Singapore (MAS), has awarded cryptocurrency exchange Bitstamp a Major Payment Institution (MPI) trading license.Photo by Julien de Salaberry on UnsplashExpanding into APACIn a blog post published on July 3, Bitstamp proclaimed that it is “globally trusted & now licensed in Singapore.” The company described the acquisition of the license as a milestone that “marks the start of [its] expansion into the APAC region.” It emerged in June 2024 that Bitstamp had been acquired by American trading platform Robinhood. The $200 million acquisition was finally completed last month. Bitstamp signaled last September that it planned to expand its institutional business across Australia and Asia. Earlier this year, parent company Robinhood outlined that it would use Bitstamp to crypto offerings in Singapore in 2025.Acquiring licensesAt that time, Johann Kerbrat, vice-president and general manager of Robinhood Crypto, said that “part of the reason why Bitstamp was attractive was because of their licenses with Singapore, in addition to its institutional business.” This latest license award strengthens the company’s efforts in gaining more traction in Asia. Licensing is all the more relevant given the recent actions of the Singaporean regulator. Last month, MAS set a June 30 deadline for unlicensed crypto firms operating out of the city-state and serving overseas customers to cease offering such services. Over recent years, Singapore has been striving towards establishing itself as a global hub for crypto startups. It has been successful in that endeavor insofar as a whole host of international crypto businesses have established a presence there.  However, its recent move to curb unlicensed firms working out of Singapore in providing services internationally has been interpreted as a much more cautious approach being taken by the Singaporean authorities. The regulator clarified its concerns recently:”MAS has set the bar high for licensing and will generally not issue a licence. The money laundering risks are higher in such business models and if their substantive regulated activity is outside of Singapore, MAS is unable to effectively supervise such persons. Without a licence, such DTSPs [Digital Token Service Providers] will have to cease their regulated activities.”Caution in Singapore to benefit Hong KongSingapore has been competing with cities like Hong Kong to develop and maintain that crypto hub status. Some commentators have expressed the view that Hong Kong will benefit from this latest move in Singapore.  Joshua Chu, a lawyer who co-chairs the Hong Kong Web3 Association, told the South China Morning Post (SCMP) recently that “this is likely to attract quality projects [to Hong Kong] looking for a compliant, liquid, and globally connected base.” In addition to licensing achieved in Asia, Bitstamp has acquired licensing in a number of European countries such as Italy, Spain, France and the Netherlands. Last month, Robinhood launched the trading of tokenized stocks and exchange-traded funds (ETFs) for users resident within the European Union (EU). It also revealed that it is in the process of building out a layer-2 network on top of the Arbitrum blockchain with a view towards using it to host tokenized real-world assets (RWAs).

Socket, a cross-chain infrastructure protocol, and its interoperability bridging platform, Bungee, have restarted operations following a temporary pause prompted by an exploit that led to the apparent theft of $3.3 million.Photo by Anna Tarazevich on PexelsSecurity incidentTaking to the company’s Discord, Socket team hospitality lead Taylor Melvin clarified that it had “experienced a security incident which affected wallets with infinite approvals to Socket contracts.” The incident, which occurred on Tuesday, involved an unknown attacker draining millions worth of stablecoins and other tokens from the Bungee bridging aggregator. The attackers targeted wallets with infinite approvals to Socket contracts, exploiting authorizations for blockchain-based tools that allow applications to access tokens in a user's wallet. Security researcher "@speekaway" was the first to flag the exploit on Tuesday. The attacker's wallet, connected to the exploit, held nearly $3 million in ether (ETH) and $300,000 worth of other tokens. By 2:47 p.m. ET, the attack seemed to have ceased, with the researcher recommending users to revoke approvals for Socket to safeguard their assets. Pausing contractsIn response to the security breach, Socket announced the pause of affected contracts on Tuesday at 3:15 p.m. ET. The project's team promptly identified and addressed the issue, taking swift action to mitigate the exploit's impact. @speekaway chimed back in once contracts had been paused, writing:”Think this pause fixed it, very likely no more attacks are possible. So if you are currently freaking out about revoking you can probably relax.” Normal service returnsAs Socket paused activity during the incident, preventing further propagation of the attack, developers worked to fix the issue. Early Wednesday, Socket developers announced that the problem had been resolved, and normal activities had resumed. The team also stated that plans for compensation were in progress. Cross-chain bridges, like Socket's Bungee, facilitate token transfers between different blockchains but remain susceptible to exploitation. Blockchain security and data analytics company PeckShield confirmed that at least $3.3 million had been lost, highlighting the need for enhanced security measures in the rapidly evolving blockchain ecosystem. The exploit involved the exploitation of a recently added route, which has since been disabled. The attacker targeted users who had over-approved Socket, draining funds up to the limit of their approval. This incident follows the $81 million hack of Orbit Chain, a cross-chain bridge connecting Ethereum to other networks, earlier in January. Cross-chain tools' complexity contributes to the frequency of such attacks, emphasizing the importance of understanding the security measures in place when utilizing these bridges. In a message to CoinDesk, Sergey Nazarov, co-founder of Chainlink, emphasized the need for users to scrutinize the security of their chosen bridge, considering the various levels of cross-chain security. With the complexities involved, users are encouraged to be vigilant and informed about the security spectrum of the bridges they employ. Socket was founded by Indian duo Rishabh Khurana and Vaibhav Chellani. In September, the company raised $5 million, with funding coming from Framework Ventures and Coinbase Ventures. 

Japan Tops Crypto Losses to North Korean HackersHackers affiliated with the North Korean regime have been responsible for the theft of $721 million in digital assets from Japan.That’s the finding of a recent report by UK-based crypto compliance analysis firm Elliptic. Elliptic had produced the report on behalf of Japanese news media group, Nikkei. It leaves Japan at the top of the table when considering the distribution of digital asset losses suffered due to North Korean hackers on a country by country basis.Photo by FLY:D on UnsplashIncreasing lossesElliptic has the wherewithal to track and identify blockchain-based transfers. As part of its analysis, it grouped by region and by country those businesses that it identified as having cryptocurrency holdings that later were transferred to digital wallets held by the Lazarus Group, the most notorious hacker group connected with the North Korean government. It’s the first such analysis to break down crypto-related hacking losses on a country by country basis.The study included a consideration of both hacking and ransomware attacks. The loss associated with Japanese-based entities represents in excess of 30% of the global recorded loss. This latest analysis follows a recent report submitted to the United Nations which found that North Korea stole more digital assets in 2022 than any other year. That report had been submitted to the 15 members of a North Korea sanctions committee, finding that between $630 million and $1 billion worth of digital assets had been stolen.Lax securityElliptic’s analysis and subsequent report point to lax security being employed within Vietnamese and Japanese cryptocurrency marketplaces. Nikkei referred to an unnamed source who asserts that at least three Japanese cryptocurrency exchanges had been compromised by hackers between 2018 and 2021.One of those instances involved Zaif, a company that lost $51.4 million in 2018 and subsequently shut down operations. Overall, Elliptic estimates a global loss of $2.3 billion to hackers between 2017 and 2022 in digital assets, as suffered by crypto firms. It also estimates such losses suffered in the United States at $497 million, while Hong Kong-based losses have been calculated at $281 million.International responseIn April, the Office of Foreign Assets Control (OFAC) within the Department of the Treasury in the United States stated that it had sanctioned two Chinese nationals and a Hong Kong British national for allegedly having aided the North Korean government in crypto money laundering activities.On Saturday, a joint statement was issued by the Group of Seven finance ministers and central bank governors, following a meeting in Japan, outlining the “growing threat from illicit activities by state actors.” It’s widely believed that the proceeds of these hacks are contributing towards the funding of North Korea’s missile program and other such activities that threaten stability within the region.The Japan External Trade Organization (JETO) has estimated that the estimated $721 million stolen from Japan amounts to 8.8 times the value of North Korea’s exports in 2021.