To print this article, all you need is to be registered or login on Mondaq.com.
Michael Bacina, Steven Pettigrove and Jake Huang of
the Piper Alderman Blockchain Group bring you the latest legal,
regulatory and project updates in Blockchain and Digital
Law.
Binance suspends BNB Chain after USD$570M
exploit
Binance, one of the world’s leading crypto-asset exchanges,
paused their BNB chain after the largest exploit of the BNB chain
to date, with between USD$100M and 110M of value extracted but no
user tokens impacted (other than a suspension of withdrawing tokens
from the ecosystem) after attackers created USD$570M in new BNB
Tokens.
BNB chain is managed
by Binance and offered as an ecosystem for launching decentralised
applications (DApps) and has been highly active in
crypto, with average daily transactions of
2.78M.
The exploit did not impact user tokens, but rather involved the
attackers fabricating a long
ago block in the chain with two requests resulting in 1M BNB
Tokens being created under
each request.
Binance moved swiftly and managed to free USD$7M of the tokens
before they could be used. Stablecoin Tether also
reportedly blacklisted the attacker’s address, preventing
the created BNB from entering the Tether ecosystem. and when the
chain was paused only USD$100M – USD$110M of BNB Tokens had
been moved off-chain. Founder of Binance, CZ said:
An exploit on a cross-chain
bridge, BSC Token Hub, resulted in extra BNB. We have asked all
validators to temporarily suspend BSC. The issue is contained now.
Your funds are safe.
The attackers had already borrowed stablecoins against the
newly-created BNB and transferred those stablecoin into other
tokens. Twitter user @Samczsun gave a good
breakdown of how the exploit may have occurred and
summarised:
… there was a bug in the way
that the Binance Bridge verified proofs which could have allowed
attackers to forge arbitrary messages. Fortunately, the attacker
here only forged two messages, but the damage could have been far
worse
The BNB Chain restored service on
Saturday and Binance thanked the community for their patience
and support. The ability to suspend / pause a blockchain like BNB
Chain of course raises issues around just how decentralised and
unstoppable a blockchain is, if it can be paused, but when an
exploit like this occurs, the benefits of some kind of
centralisation / emergency override are highlighted.
EU extends Russian sanctions on crypto wallets and
custody
Last week, the
European Union issued a new wave of sanctions against Russia
extending its prohibition on providing crypto wallet, account or
custody services to Russians. The sanctions are a response to
Russia’s continuing military campaign against Ukraine and the
Government’s annexation of four Ukrainian regions.
Previously, the EU imposed a prohibition on providing
crypto-asset wallet, account or custody services to Russian
nationals or natural persons residing in Russia, or legal persons,
entities or bodies established in Russia, if the total value of
crypto-assets exceeds €10,000. The enhanced prohibition
abandons the €10,000 threshold and expands the ban to all
crypto-asset wallet, account and custody services.
The new restrictions do not distinguish between custodial and
non-custodial wallet facilities and amount to an outright ban on
providing crypto wallet and custody facilities in Russia and to
Russian persons or entities. It is likely that wallet providers who
are subject to EU sanctions will be required to geo-block Russia
entirely as a consequence of the ban.
The sanctions package extends the geographical scope of the
EU’s trade sanctions with the occupied Ukrainian regions to
Kherson and Zaporizhzhia. The package also includes additional
restrictions on imports and exports of certain goods and
technologies.
The United Kingdom has
announced that it will also introduce further sanctions on
Russia. The new UK restrictions include similar measures to the EU
package but have not been published in full yet.
The United States has also
announced new sanctions in response to Russia’s annexation
of the four Ukrainian regions. The latest package includes the
designation of a large number of additional Russian entities and
individuals as sanctioned persons and stepped up sanctions
enforcement against those who provide material support to
sanctioned Russian entities or individuals or sanctionable activity
relating to Russia’s military campaign and occupation of
Ukraine.
Coinbase wins Singapore licence approval
Coinbase, the largest crypto exchange in the United States, announced
on Monday that it has received in-principal approval for a
Major Payments Institution licence from the Monetary Authority of
Singapore (MAS). This approval will enable
Coinbase to offer regulated Digital Payment Token
(DPT) products and services in the city-state,
subject to ongoing discussion and ratification by MAS.
About
180 crypto firms have applied to MAS for a licence to conduct
DPT services. Coinbase joins a list of only 18 entities that have
received in-principal approval, including
Crypto.com. So far, the MAS has only formally granted
7 licenses, including to the Singaporean arm of Australian
exchange, Independent Reserve, which together with an affiliate of
the Singaporean bank, DBS, was among the first two recipients.
Some commentators have complained that Singapore’s licensing
process is too time consuming and burdensome and criticized the
MAS’s
apparent mixed messages on digital assets. Last year,
Binance pulled out of Singapore after withdrawing its
application for a DPT licence and subsequently shut down its local
.SG trading portal.
It appears that Singapore intends to take a measured approach to
regulation which supports tokenisation and the growth of the
digital assets industry, while addressing potential consumer harms.
In August,
the managing director of MAS said that the agency was
considering “further measures to reduce consumer harm”,
including introducing suitability tests for customers, restrictions
on the use of leverage and lending facilities, and addressing
market manipulation.
The MAS’s attempt to curb crypto speculation has not
deterred exchanges like Coinbase which continue to view Singapore
as a regional or even global hub. Coinbase said in its announcement
that:
Singapore plays a critical
regulatory and commercial role in APAC and beyond, and serves as
our global talent hub; we are excited to continue investing and
building for the crypto economy here.
Coinbase currently has around 100 employees in Singapore.
Yesterday, Blockchain.com
announced that it had become the 18th firm to win in-principle
approval from the MAS for a DPT licence.
We anticipate that the global race by cryptocurrency firms to
seek and win licence approvals in a wide range of jurisdictions
will continue in the months and years ahead as more jurisdictions
consider implementing bespoke licensing regimes regulating
cryptocurrency exchanges.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.