Philippines to move forward with CBDC without blockchain

UAE strengthens regulatory oversight of virtual asset service providersThe Central Bank of the United Arab Emirates (CBUAE) and other relevant authorities in the Middle Eastern country have issued new joint guidance for virtual asset service providers (VASPs) operating within the UAE.Photo by Thomas Drouault on UnsplashPushing back against unlicensed VASPsThese guidelines aim to prevent VASPs from operating without proper licenses in the jurisdiction, demonstrative of the country’s efforts in fighting financial crimes and maintaining the integrity of its financial system.The document outlines the penalties for VASPs operating in the UAE without a valid license. They will face civil and criminal sanctions, including financial penalties against the entity, its owners and senior managers. Moreover, the guidance cautions that licensed financial institutions (LFIs), designated non-financial businesses and professions (DNFBPs) and licensed VASPs that engage with unlicensed VASPs will be subject to law enforcement actions.The National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC) is the specific entity responsible for having issued the guidance in conjunction with the central bank.VASP ‘red flags’As part of those guidelines, a list of “red flags” for VASPs has been included. Through reliance on these indicators, it’s hoped that bad acting VASPs can be identified by consumers and other industry stakeholders. The document refers to red flags such as the lack of regulatory licensing, no physical presence in the UAE, pressure being applied by a platform to invest quickly and a lack of regulatory disclosure as items to look out for.Otherwise, the guidance encourages stakeholders to be suspicious of unsolicited contact being employed as a means of operation by a platform, the lack of a record of compliance, poor website and communications and the offer of unrealistic promises.Lastly, the document suggests that people should be observant of any illicit use of virtual currency, the use of fake wallets, engagement in terrorist financing and a lack of consumer protection as red flag items.The new guidance instructs all LFIs, DNFBPs and licensed VASPs to report transactions involving suspicious parties. The guidance also emphasizes that information related to unlicensed virtual asset activities can be reported through whistleblowing mechanisms.Exiting FATF ‘grey list’The release of these guidelines is part of an effort by the UAE to be removed from the Financial Action Task Force’s (FATF) “grey list.” The grey list indicates deficiencies in a country’s anti-money laundering (AML) and counter-terrorist financing (CTF) regimes.Improving control mechanisms relative to crypto has been a theme for several countries who are similarly looking to exit the FATF grey list. Last week, it emerged that Turkey is crafting new regulations governing crypto in an effort towards “grey list” removal. Earlier this year, Pakistan announced a renewed ban on cryptocurrency, as part of its efforts to remain off the grey list it had been listed on over an extended period.The UAE was placed on the FATF’s grey list in March 2022 due to AML and CTF deficiencies. However, the country made a commitment to work with the global watchdog to improve its regulatory frameworks in these areas.

Mixin Network Suspends Services Amid $200 Million HackOn Monday, Mixin Network, a decentralized peer-to-peer network whose project team is based in Hong Kong, officially confirmed a substantial security breach that resulted in the loss of approximately $200 million in crypto assets from its mainnet.Photo by GuerrillaBuzz on UnsplashSeptember 23 hackThis incident, disclosed via an X (formerly Twitter) post, prompted the immediate suspension of all deposit and withdrawal services on Mixin Network until further notice.The project team outlined that the hack occurred on September 23, exposing vulnerabilities that allowed malicious actors to compromise the database of a third-party cloud service provider. Mixin Network has taken action to address the situation, enlisting the expertise of Singapore-headquartered blockchain security investigator SlowMist and the support of Google to conduct a thorough investigation and formulate a recovery plan.At the time of the breach, Mixin Network’s holdings included $94.48 million in Ether, $23.55 million in Dai, and $23.3 million in Bitcoin, as reported in an independent investigation by PeckShield. The total value of assets affected amounted to $141.32 million.Cyvers, an Israeli Web3 security firm, has also been looking into the matter on Monday. In a social media post, the firm stated:”Our internal investigation has uncovered suspicious funding transactions involving @MixinKernel hacker addresses. Two of hacker addresses received 51 $ETH from 0x1795F0eBDa5A836aE63F28CE546E72de069A8bd2 who was interacted with @HuobiGlobal and @binance.”The firm goes on to call on Binance and its CEO Changpeng Zhao (CZ) and Huobi to help identify the wallet address in question.Halting withdrawalsIn response to the security breach, Mixin Network has temporarily halted all deposits and withdrawals on its platform. These services will only resume once the vulnerabilities have been identified and fully resolved. On X, the project stated:”Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected.”Details regarding the plans to recover the lost assets for affected users have yet to be announced.Despite initial promises that Mixin Network’s Founder, Feng Xiaodong, would address the incident in a public Mandarin live stream on September 25, links to the live stream were not provided on the official social media channels or the website mixin.network.The incident has garnered criticism on the basis of a lack of decentralization. One commentator stated:”Some of those blockchain protocols are so decentralized that when their cloud database is hacked, coins are also gone.”Ongoing hacksThis security breach on Mixin Network is the latest in a series of high-profile crypto-related incidents. Ethereum Co-Founder Vitalik Buterin recently fell victim to a SIM swap attack, which resulted in the compromise of his X (formerly Twitter) account.In a statement, Buterin revealed that the hackers had successfully executed a SIM swap, a type of attack that targets the victim’s mobile phone number to gain unauthorized access to various online accounts, including social media, banking, and cryptocurrency platforms.The repercussions of the Mixin Network hack underscore the ongoing challenges faced by the crypto industry in ensuring the security and protection of digital assets. As investigations continue, affected users await further developments and the eventual resumption of deposit and withdrawal services.

Korea’s Virtual Asset User Protection Act to Take Effect in July Next YearThe Virtual Asset User Protection Bill was passed during the South Korean National Assembly’s plenary session last Friday, according to a report by news agency Newsis. The legislation aims to safeguard customer assets, establish regulations against unfair trading practices, and enforce penalties. The act is scheduled to take effect one year after its passage.Photo by KS KYUNG on UnsplashDefinition of virtual assetsUnder the act, a virtual asset is defined as a digital representation of economic value that can be digitally traded or transferred. It’s important to note that central bank digital currencies (CBDCs) are not considered virtual assets. Virtual assets with characteristics of securities will initially fall under the jurisdiction of the Capital Market Act.Roles of Korea’s central bankThe act grants the Bank of Korea (BOK) the authority to request data and information from virtual asset service providers (VASPs). This provision is deemed necessary for the Korean central bank to formulate monetary and financial policies, despite virtual assets not being equivalent to traditional currencies.Responsibilities of VASPsMoreover, VASPs are obligated to segregate users’ virtual assets from their own holdings. VASPs are also required to reserve the same type and quantity of virtual assets entrusted by users and maintain a certain proportion of these assets in a cold wallet, which is an offline storage solution.Unfair trading practices will be regulated in a similar manner as outlined in the Capital Market Act. The act specifically prohibits the use of undisclosed information, price manipulation, fraudulent transactions, and trading of self-issued virtual assets. VASPs are barred from suspending deposits and withdrawals without legitimate reasons. They are also mandated to monitor suspicious transactions and take appropriate measures to safeguard users. Any suspected unfair trading practices must be promptly reported to financial authorities. Violators of these rules may face criminal penalties, liability for damages, and potential class action lawsuits.Powers of financial authoritiesThe act also clarifies the powers of financial authorities in supervising, inspecting, and taking action against virtual asset operators. Unfair trade practices can result in imprisonment for more than one year (up to 10 years for violations related to self-issued virtual assets) or fines ranging from three to five times the illicit gains. Assets acquired through unfair trade practices will be confiscated, or an equivalent value will be charged if confiscation is not feasible.Impact on crypto investigationsThe absence of legislation directly addressing unfair trading practices in the virtual asset market has posed challenges for prosecutors. They had to rely on existing statutes related to fraud, the capital market, and financial investments. Once the new act takes effect, prosecutors will no longer need to determine whether a virtual asset qualifies as a security or not.Regarding this development, a prosecutor told local legal news outlet Law Times that the implementation of the new act will escalate prosecutorial investigations into cryptocurrency incidents.Meanwhile, the individuals behind the crash of Terraform Labs’ stablecoin TerraUSD and its sister coin Luna will not be subject to this act due to the legal principle of nulla poena sine lege, which prevents the retrospective enforcement of criminal laws. Do Kwon, co-founder of Terraform Labs, was recently sentenced to four months in prison by a Montenegrin court for passport forgery after being arrested in March. The other co-founder, Daniel Shin, has been indicted by prosecutors in Korea.