Cryptohack Roundup: SEC Still Probing X Account HackAlso: $3.3M Socket Hack; Do Kwon and Alex Mashinsky Trials
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. Securities and Exchange Commission said it is still assessing the impact of the X hack that occurred weeks ago, attackers stole $3.3 million from Socket, a judge pushed Do Kwon's trial to March 25, Alex Mashinsky's lawyers sought dismissal of two charges, Google Play Store removed crypto apps for Indian users, IRS clarified reporting crypto assets and South Korea said it was mulling legislation to nix crypto mixer use.
See Also: What is next-generation AML?
SEC Says Full Impact of X Account Hack Still Unclear
The U.S. Securities and Exchange Commission on Friday said it is still assessing the impact of a Jan. 9 incident in which a hacker took control of its X, formerly Twitter, social media account to spread fake news about the commission's approval of spot bitcoin exchange-traded fund.
There is "no evidence" that the hacker gained access to SEC systems, data, devices or other social media accounts, it said. The agency has called in the SEC's Office of Inspector General, the FBI and the Cybersecurity and Infrastructure Security Agency to investigate.
House Financial Services Committee Chair Patrick McHenry, Rep. Bill Huizenga of Michigan, Rep. French Hill of Arkansas and Rep. Ann Wagner of Missouri requested a briefing from the agency about the incident by Jan. 17. Calling the lack of two-factor authentication "unacceptable," the lawmakers said they "expect the SEC to hold itself to the same requirements that are imposed on companies throughout the country." The SEC's cybersecurity risk management rule requires companies to disclose "material" cybersecurity incidents within four days.
$3.3M Socket Hack
Blockchain protocol Socket paused some operations after a hacker stole $3.3 million. "Socket has experienced a security incident which affected wallets with infinite approvals to Socket contracts," the company said on Tuesday. Spotted by an anonymous researcher who goes by Spreek on X, the hacker appears to have stolen the funds in just a few minutes. PeckShield pegged the value of the stolen funds at $3.3 million and said that the exploit had been the result of an incomplete validation of user input, which the hacker exploited to steal funds from those that approved the vulnerable SocketGateway contract.
Judge Pushes Do Kwon Trial
A federal judge changed the date for the trial against Terraform Labs and its co-founder Do Kwon - an alleged $40 billion cryptocurrency fraud case - to allow the United States to extradite Kwon and have him attend the trial. U.S District Judge Jed Rakoff postponed the date from Jan. 29 to March 25 and said that he would not allow more delays irrespective of whether Kwon was extradited or not. The SEC's civil case against Terraform and Kwon is focused on the collapse of its cryptocurrency tokens TerraUSD and Luna.
Former Celsius CEO Seeks to Dismiss Charges Against Him
Former Celsius CEO Alex Mashinsky's legal team filed a motion to dismiss two felony counts related to commodities fraud and market manipulation against him, reported Cointelegraph. Machinsky's lawyers called the second count of commodities fraud "repugnant" and "inconsistent" with the first count of securities fraud, based on the government’s treatment of crypto. "It is inconsistent and illogical to view the Earn Program as a security for purposes of Count One, and a commodity for purposes of Count Two," the report said, citing the filing. U.S. law enforcement agencies arrested Mashinsky six months ago over his alleged involvement in the collapse of Celsius Network. He pleaded not guilty to all seven counts of charges against him, including securities fraud, commodities fraud, wire fraud, misleading investors and conspiracy to manipulate the value of Celsius Network's native token CEL. Released on a $40 million bail, Mashinsky is likely to face trial in September.
Google Play Store Removes Crypto Apps
Google's Play Store in India removed apps of crypto exchanges Binance and OKX after the country's government issued a noncompliance notice against them, reported Cointelegraph. Apple India's App Store carried out a similar move earlier this month after the Indian Ministry of Finance's Financial Intelligence Unit issued notices to Binance, Huobi, Kraken, Gate.io, KuCoin, Bitstamp, MEXC Global, Bittrex and Bitfinex for not complying with tax regulations. Existing Android users can still access the Binance application and website.
IRS Clarifies Rule on Reporting Crypto Assets
Businesses in the United States don't have to report digital assets the way they do cash - until the Internal Revenue Service issues new regulations, the agency said. The Infrastructure Investment and Jobs Act, enacted on in November 2021, requires businesses to report crypto transactions worth more than $10,000. The IRS response stems from a CoinCenter lawsuit that says the rule would "impose a mass surveillance regime on ordinary Americans."
South Korea Mulls Legislation to Limit Mixer Use
South Korea is reportedly working on a legislation similar to that of the United States to limit the use of crypto-mixing services to prevent money laundering. The country's financial regulator, the Financial Intelligence Unit, began discussions around the need for regulations, adding that the U.S. is part of the discussion, reported local news platform Decenter.