And the third-largest exchange hack in crypto history

This hectic news week in crypto began with the third-largest hack ever of a crypto exchange. The hacker or hackers who attacked Kucoin made out with $280 million, with around $130 million of that so far frozen in new contracts and hard forks. Then, YFI founder Andre Cronje teased a new project on Twitter, and $15 million poured into his experiment — all of which was then promptly drained by a hacker. Finally, criminal charges were brought against the owners BitMEX, one of the largest and most established exchanges yet to be accused of criminal activity. 

Plus, this week, an anonymous denunciation of the corruption inherent in the DeFi space made the rounds. Also, The Verge published an in-depth expose of TRON’s Justin Sun. 

On the podcasts, Andreas Antonopolous and Dan Held continue the Why Bitcoin Now series by discussing Bitcoin’s monetary policy on Unchained. And on Unconfirmed, Frank Chaparro of The Block talks about what not only the crypto community but the wider tech and business communities were discussing this week — Coinbase CEO Brian Armstrong’s blog post making clear the company would pursue an apolitical stance in these tumultuous times. We’ll see if that sticks …

This Week’s Crypto News…

US Regulators File Criminal Charges Against BitMEX Owners

On Thursday, the Department of Justice charged BitMEX, one of the biggest crypto derivatives exchanges, with two Bank Secrecy Act violations — each of which can carry a maximum penalty of five years in prison. The Commodity Futures Trading Commission also filed charges against BitMEX for allegedly illegally operating a cryptocurrency derivatives exchange and violating anti-money laundering regulations. Cofounder and CTO Samuel Reed has been arrested in Massachusetts, while the other two cofounders, CEO Arthur Hayes cofounder and former chief strategy officer Benjamin Delo as well as former head of business development Gregory Dwyer, are all at large. 

The DOJ indictment said Hayes, “bragged in or about July 2019 that the Seychelles was a more friendly jurisdiction for BitMEX because it cost less to bribe Seychellois authorities — just ‘a coconut’ — than it would cost to bribe regulators in the United States and elsewhere.” The indictment claims that BitMEX did not monitor its transactions for money laundering or sanctions violations and did not file any suspicious activity reports from its launch in November 2014 until September 2020. It also alleges that until August 2020, customers could register to trade anonymously, providing only a verified email address, and that the exchange encouraged or allowed US customers to access the site and trade on it. It also claims that BitMEX allowed customers located in Iran to trade on the platform, in violation of US sanctions. It also alleges that In May 2018, Hayes was notified that BitMEX was being used to launder coins obtained via a cryptocurrency hack but that Hayes and BitMEX did not implement an anti-money laundering policy in response. 

HDR Global, the parent company of BitMEX and one of the defendants in the CFTC civil lawsuit, released a statement, saying, “We strongly disagree with the U.S. government’s heavy-handed decision to bring these charges, and intend to defend the allegations vigorously. From our early days as a start-up, we have always sought to comply with applicable U.S. laws, as those laws were understood at the time and based on available guidance.”

Third-Largest Exchange Hack: $280 Million Stolen From KuCoin

In the third-largest hack in crypto history, $280 million worth of crypto assets were stolen from the hot wallets of Singapore-based exchange KuCoin. The assets stolen include Bitcoin, Bitcoin Satoshi’s Vision, Ether, Litecoin, Ripple, Stellar Lumens, Tron, Tether, Chainlink, Ocean and others. The exchange maintains that its insurance fund will cover all losses, and so far, $130 million of the hacker’s loot has been frozen by various crypto projects. Many of the stolen coins are ERC-20 tokens, and project admins have paused contracts, deployed new ones or blocked the hacker’s address, to help recover coins such as Velo, Tether, Orion, KardiaChain, Ampleforth and others. However, their actions have raised questions about decentralization.  

Meanwhile, the KuCoin hack has highlighted the use of dexes for money laundering, with the hacker liquidating tokens such as OCEAN, SNX, COMP, LINK and DIA on Uniswap and Kyber to convert them to ETH. In CoinDesk, CipherTrace CEO Dave Jevans said, “these platforms can be used as effectively the next generation of money-laundering mixing services. If I can put my stuff into a DeFi contract, it gets mixed up with other people’s money when it comes back out. Because there’s no tracing and there’s no KYC, it effectively is operating as an old-school crypto money-laundering service.” (Disclosure: CipherTrace has been a sponsor of my shows.)

$15 Million Emptied From YFI Creator’s Latest Experiment

On Monday, ambiguous retweets by Yearn creator Andre Cronje of the Twitter account caused investors to pour $15 million into the Eminence card gaming protocol to farm the EMN token. Never mind that there was little information on it. 

The entire $15 million in Eminence was soon drained by a hacker, who, according to Cronje, used a “very simple” method, which was to “mint a lot of EMN at the tight curve, burn the EMN for one of the other currencies, sell the currency for EMN.” However, the hacker then returned $8 million. The incident appears to be “the first significant cryptoeconomic hack,” as said by Kleros CTO Clément Lesaege, who explained, “Contrary to most of the hacks, the smart contracts were not broken, they worked exactly as intended. But the economics were.”

Cronje was criticized for teasing an unfinished protocol, but he defended himself, saying that he intends to continue deploying test contracts. He warned potential investors not to use random contracts he has deployed unless he’s made an official announcement via his Medium account. He said, “The contracts I deployed yesterday were purely for myself to engage with.”

Inside the Entitled, Lawless World of Tron’s Justin Sun

A meticulously reported Verge article on events at BitTorrent after Tron’s $140 million purchase of the peer-to-peer software gives us a close look at the controversial crypto figure, Justin Sun. Soon after the acquisition, it reports, the company’s business strategy became, “copy Ethereum” and “get the pump on the coin,” which meant to make Tron look good and get people to purchase the token. But that was just the beginning. 

Sun often acted like a spoiled brat, for instance demanding to know who hired a driver who accidentally locked him in a car with the child safety lock or castigating the executive assistant who scheduled a doctor’s appointment with him at the doctor’s office rather than having the doctor come to him. At a company Q&A, when an employee submitted a question asking what would happen if TRX went to zero, Sun said, “Whoever asked this question, we’re going to track them down” and then he threatened to “kill their entire family.” Additionally, an employee witnessed an altercation in which it appeared Sun hit another staff member. 

On top of all that, Sun did little to control the app store on the Tron network, leaving it open to all manner of scammers, and was similarly laidback about pirated movies on a BitTorrent product as well as about harassment on the company’s live-streaming platform. It’s a riveting read. I urge you all to check it out.

Is DeFi Corrupt? A Look at the $FEW Token Scandal 

Last Thursday, pseudonymous writer crypto_angel posted a lengthy screed, detailing the events of the $FEW token, a yield farming coin that was accused of being an insiders’ pump-and-dump scheme, to highlight what they view as the “unspoken agreement between defi insiders and the bad actors they protect.” 

The $FEW token began with a gathering of 50 crypto influencers who then hyped the project, so that within minutes of the token launching, hundreds of people had already flooded its Telegram group, asking for an airdrop. Crypto_angel says, “this was obviously a pump and dump campaign.” The post includes screenshots of people commenting that the project “should really build a product not just buy a domain and mint a token.” 

The article is a damning examination of a space in which, they say, “the way to win these token games was to make friends with the right people.” 

SEC Roundup

The SEC has continued to enforce securities regulations with the same interpretation it’s been following, or getting judges to back its stance.

A judge for the Southern District of New York agreed that Kik’s offering of KIN was an unregistered securities offering. Kik said it may appeal.

The SEC and Salt Lending, which held an ICO in 2017, have settled, and Salt will have 14 days to announce its intention to refund investors. It will also register the SALT tokens as a security and pay a $250,000 penalty.

The SEC said it will not take action against exchanges that trade tokenized securities.

In a First, Ethereum Fees Eclipse Block Rewards

Larry Cermak of The Block tweeted that or the first time in Ethereum’s history, transaction fees have surpassed the amount miners make from block rewards. 

The second graph, in particular, shows an astounding trajectory for transaction fees over the past five months, in a trend that Cermak posits is far from sustainable: