Crypto Products Launch, Gain Approvals; OFAC Sanctions Crypto Mixer; SEC Publishes ICO Consent Order; Report Cites Criminal Use of Cross-Chain Bridges

In this issue:

NY DFS Approves Crypto Platform, Prepaid Crypto Card to Launch in Argentina

By Kayley B. Sullivan

According to a press release this week, the New York State Department of Financial Services (NY DFS) has authorized two subsidiaries of Zero Hash Holdings to launch “their regulated B2B2C crypto infrastructure solution” in New York. The Zero Hash platform reportedly enables a “turnkey solution” that “allows any platform to integrate digital assets natively into their own customer experience quickly and easily” using application programming interface integrations.

In other news, another press release published this week announced that Binance, the world’s largest cryptocurrency exchange by volume, is working with a major U.S. financial services firm to launch the “Binance Card” in Argentina. According to the press release, the Binance Card “will allow all new and existing Binance users in Argentina with a valid national ID to make purchases and pay bills with cryptocurrencies, including Bitcoin and BNB, at over 90 million … merchants worldwide, both in-store and online.”

For more information, please refer to the following links:

US Department of the Treasury Sanctions Major Virtual Currency Mixer

By Keith R. Murphy

Earlier this week, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, a smart contract-based virtual currency mixer. According to a press release published by the U.S. Department of the Treasury, Tornado Cash “is a virtual currency mixer that operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination and counterparties, with no attempt to determine their origin.” The press release states that Tornado Cash has been used to launder more than $7 billion since 2019, including more than $450 million of cryptocurrency obtained through thefts by the Lazarus Group, a North Korean state-sponsored hacking organization. The press release also states that Tornado Cash received funds relating to recent thefts from cross-chain bridges, including the Harmony Bridge and the Nomad Bridge.

Tornado Cash, along with 38 unique cryptocurrency addresses, has been added to the Specially Designated Nationals List, a directory of sanctioned individuals and entities whose assets are blocked by the U.S. government and with whom U.S. persons are prohibited from transacting. As a result, all property and interests in property of Tornado Cash that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC. According to the press release, “Those in the virtual currency industry … should take a risk-based approach to assess the risk associated with different virtual currency services, implement measures to mitigate risks, and address the challenges anonymizing features can present to compliance with AML/CFT obligations … mixers should in general be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.”

For more information, please refer to the following links:

SEC Publishes ICO Consent Order, Crypto Exchange Discloses SEC Investigation

By Alex Karambelas

This week, the U.S. Securities and Exchange Commission (SEC) published a consent order settling charges against Bloom Protocol LLC (Bloom) related to Bloom’s 2017 initial coin offering (ICO). In the settlement, the SEC characterized Bloom’s BLT token as a security because ICO purchasers “would have had a reasonable expectation of obtaining a future profit based upon Bloom’s efforts in using the proceeds from the offering” and alleged that Bloom violated Sections 5(a) and 5(c) of the Securities Act by failing to register its token with the SEC. The settlement requires Bloom to register its token with the SEC and pay a $300,000 civil penalty. Among other things, the settlement also requires Bloom to publish a notice and a claim form “informing all persons and entities that purchased BLT … before and including January 2, 2018, of their potential claims under Section 12(a) of the Securities Act, including the right to sue ‘to recover the consideration paid for such security with interest thereon, less the amount of any income received thereon, upon the tender of such security, or for damages if [the purchaser] no longer owns the security.’” If Bloom fails to comply with the settlement, it faces a $30.9 million fine. According to the order, Bloom has started preparing for registration by retaining an auditor and hiring additional audit and compliance staff.

In related news, in its most recent quarterly filing, a major U.S. cryptocurrency exchange disclosed that it had received investigative subpoenas from the SEC seeking information related to “processes for listing assets, the classification of certain listed assets, its staking programs and its stablecoin and yield-generating products.” The company previously disclosed that it received similar investigative subpoenas related to the company’s stablecoin and yield-generating products in its last quarterly filing in May of this year. The recent disclosure comes weeks after the SEC filed insider trading charges against a former employee of the company.

For more information, please refer to the following links:

Report Cites Money Laundering Risks of Cryptocurrency Cross-Chain Bridges

By Lauren Bass

According to a recent post by blockchain analytics firm Elliptic, cross-chain bridges –  decentralized protocols that allow users to transfer assets between blockchains – have become a key facilitator of money laundering. Since 2020, one protocol, RenBridge, has reportedly facilitated the laundering of over $540 million in cryptoassets derived from theft, fraud, ransomware and other illicit endeavors. While much of the traffic on bridges is legitimate, according to Elliptic, the lack of regulation allows criminal activity to flourish. Without a central service provider to facilitate these cross-chain transactions, bridges are likely to continue to pose a challenge to regulators.  

For more information, please refer to the following links:

New NFT Initiatives Launch Across Industries; Banking Agencies Publish Crypto Guidance; Enforcement Agencies Bring Crypto Actions; Crypto Hacks Reported

In this issue:

New NFT Initiatives Announced in Jewelry, Automobile and Liquor Industries
US Banking Agencies Publish Notices on Crypto Firms and Deposit Insurance
Multiple Agencies Target Cryptocurrency Fraud and Regulatory Violations
Nomad Bridge Hacked, Stolen Crypto Valued at Approximately $200 Million
Multiple Hacks Reported Across Various Sectors of the Cryptocurrency Market

New NFT Initiatives Announced in Jewelry, Automobile and Liquor Industries

By Lauren Bass

A U.S. luxury jeweler has reportedly partnered with the popular NFT (non-fungible tokens) collection CryptoPunk to transform the digital collectibles into wearable works of art. According to reports, for 30 ETH (approximately $50,000), current CryptoPunk holders can purchase a unique “one-of-a-kind jewelry experience” NFT, which will allow their CryptoPunk digital avatar to be reimagined as a customized diamond-encrusted pendant necklace. Only 250 “experiences” will be available. Within 24 hours of the announcement of this exclusive collaboration, CryptoPunk sales reportedly increased 248 percent.

Following the debut of its premiere collection earlier this year, a South Korean motor company has reportedly launched a second NFT collection – a membership program for NFT holders that will provide access to exclusive “phygital (physical + digital) experiences that merge the real and the digital world.” According to reports, these experiences include access to digital metaverses, digital content giveaways and special physical consumptive items.

In similar news, a French cognac distillery has reportedly partnered with R&B superstar Usher to launch a hybrid NFT collection that uses artificial intelligence technology to transform the artist’s lyrics into digital works of art. Offered exclusively on BlockBar.com, each NFT will be priced at $500 (fiat or ETH). According to reports, NFT holders will be given the option to (i) keep the NFT; (ii) resell it; or (iii) redeem the NFT for a limited-edition cognac bottle.

With more brands offering NFTs, researchers have been tracking how and on what collections consumers spend their money. According to a recent report, in the first half of 2022, users spent approximately $2.7 billion minting NFTs, with a majority of the activity occurring on OpenSea and more than 1 million unique wallet addresses participating. This research suggests that the NFT market remains strong.

For more information, please refer to the following links:

US Banking Agencies Publish Notices on Crypto Firms and Deposit Insurance

By Robert A. Musiala Jr.

This week, the U.S. central bank and the federal agency that insures U.S. depository institutions issued a series of notices addressing the applicability of federal deposit insurance to the cryptocurrency industry. The agencies published a joint letter demanding that a certain “crypto brokerage firm … cease and desist from making false and misleading statements regarding its … deposit insurance status and take immediate action to correct any such prior statements.” According to a press release, the “crypto brokerage firm” made false and misleading statements suggesting that it was insured by federal deposit insurance and that customers of the crypto brokerage firm were insured against the firm’s failure.

In another press release, the same two federal agencies issued an advisory – “Advisory to … insured institutions Regarding Deposit Insurance and Dealings with Crypto Companies” – and published a related fact sheet. According to the press release, the federal deposit insurer “does not insure assets issued by non-bank entities, such as crypto companies.” The press release notes that the advisory “reminds insured banks that they need to be aware of how [federal deposit] insurance operates and need to assess, manage, and control risks arising from third-party relationships, including those with crypto companies.” The press release also advises U.S. banks that “[i]n dealings with crypto companies … banks should confirm and monitor that these companies do not misrepresent the availability of deposit insurance.” The advisory provides a list of risk management and governance considerations that banks should adhere to in their dealings with crypto companies. The advisory also makes clear that federal deposit insurance “does not protect a non-bank’s customers against the default, insolvency, or bankruptcy of any non-bank entity, including crypto custodians, exchanges, brokers, wallet providers, or other entities that appear to mimic banks but are not.” The advisory and fact sheet also provide lists of additional resources for banks and crypto industry firms to consult on the topic of federal deposit insurance.

For more information, please refer to the following links:

Multiple Agencies Target Cryptocurrency Fraud and Regulatory Violations

By Joanna F. Wasick

Early this week, the Securities and Exchange Commission (SEC) announced that it charged 11 individuals for their roles in creating and promoting Forsage, a purported fraudulent crypto pyramid and Ponzi scheme, which raised more than $300 million from millions of retail investors worldwide, including in the United States. Those charged include Forage’s four founders (last known to be living in Russia, the Republic of Georgia and Indonesia) as well as three U.S.-based promoters engaged by the founders to endorse Forsage, and several members of “Crypto Crusaders,” a promotional group. “As the complaint alleges, Forsage is a fraudulent pyramid scheme launched on a massive scale and aggressively marketed to investors,” said Carolyn Welshhans, acting chief of the SEC’s Crypto Assets and Cyber Unit. “Fraudsters cannot circumvent the federal securities laws by focusing their schemes on smart contracts and blockchains,” said Welshhans.

The U.S. Department of Justice (DOJ) also made an announcement this week, stating that two Californians were sentenced to more than a year in federal prison for conning more than 2,000 investors into purchasing DROPS, a cryptocurrency that purportedly provided exclusive access to a profitable trading program. According to a DOJ press release, most of the $1.9 million raised was used for the defendants’ personal gain. In sentencing memoranda, prosecutors argued that the defendants “caused significant financial harm to an extremely large number of victims and entailed efforts to derail law enforcement’s attempts to root out and address wrongdoing.”

On Monday, the New York State Department of Financial Services (DFS) issued a consent order imposing a $30 million fine on a major U.S. cryptocurrency exchange and trading platform for allegedly failing to comply with New York anti-money laundering and cybersecurity laws and regulations. The case marks the DFS’s first enforcement action in the cryptocurrency sector. On the same day, the New York attorney general issued an investor alert urging any New Yorker deceived or affected by the cryptocurrency crash to contact the Office of the Attorney General (OAG). The alert warns that many high-profile cryptocurrency businesses have frozen customer withdrawals, announced mass layoffs or filed for bankruptcy, while investors have been left in financial ruin. The alert also encourages workers in the cryptocurrency industry who may have witnessed misconduct or fraud to file a whistleblower complaint with the OAG.

For more information, please refer to the following links:

Nomad Bridge Hacked, Stolen Crypto Valued at Approximately $200 Million

By Jordan R. Silversmith

According to reports, on Monday, cryptocurrency valued at nearly $200 million was drained from Nomad Bridge, a major cross-chain token bridge. The attackers reportedly drained the protocol of most of its funds, drawing more scrutiny on the security of cross-chain bridges, which allow users to send and receive tokens between different blockchains. White-hat hackers and others reportedly returned $9 million of the lost funds to the bridge, mostly in the form of stablecoins, but most of the funds remain missing. Bridges usually work by locking tokens in a smart contract on one chain and then reissuing those tokens in wrapped form on another chain. But if the smart contract where tokens are deposited gets sabotaged – as happened in this attack – the wrapped tokens will no longer have backing, which can make them worthless. In a recent report, blockchain analytics firm Chainalysis estimated that around $2 billion in cryptocurrency has been stolen from cross-chain bridges in 13 separate hacks so far this year, with attacks on cross-chain bridges accounting for 69 percent of funds stolen this year.

For more information, please refer to the following links:

Multiple Hacks Reported Across Various Sectors of the Cryptocurrency Market

By Robert A. Musiala Jr.

Multiple hacks were reported in the crypto market this week. According to reports, more than 8,000 Solana Network wallets have been hacked, with approximately $8 million in cryptocurrency value stolen. The hackers reportedly obtained the private keys needed to initiate and approve transactions on behalf of the wallet users, which potentially indicates that a third-party service holding the private keys for multiple wallets may have been compromised. According to reports, Slope wallets and Slope-tied Phantom wallets may have been the target of the hackers.

In a separate incident, the ZB cryptocurrency exchange was reportedly hacked this week, with the hackers stealing approximately $5 million in crypto. According to reports, the stolen crypto was later sold on decentralized exchanges.

And in a third incident, a blockchain security firm reported a new phishing campaign targeting MetaMask wallets, which are among the most popular Ethereum Network wallets. The phishing campaign reportedly uses emails to trick MetaMask users into providing the attackers with their MetaMask wallet passphrase. Among other things, the phishing emails reportedly contain MetaMask logos, use a fake domain (metamaks.auction) and ask users to verify their wallets to comply with know-your-customer regulations.

For more information, please refer to the following links:

Applying the Bank Secrecy Act, FinCEN Regulations, and Sanctions to the Nascent NFT Market

Global business NFT

Non-fungible tokens (NFTs) often involve two areas with known money laundering and terrorist financing risks: cryptocurrencies and high-value assets, like art. As detailed below, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has provided guidance on the applicability of statutes related to anti-money laundering and terrorist financing (AML) to cryptocurrencies. Recent actions and statements from Congress also show an increased AML focus on the art world, suggesting that the industry may be subject to more AML regulation, as are other industries with high-value assets, like precious metals, stones, and jewels. While there is far less regulatory guidance on NFTs specifically, the rules and regulations for these related asset classes, together with recent statements on NFTs by regulators, can provide insight into the AML considerations that NFT market participants should bear in mind and what precautions they may wish to take currently.

Read more.

Bitcoin Mining Difficulty Decreases; Crypto Addressed by CFTC Chair; Congress Addresses Crypto Tax, Accounting; Crypto Enforcement and Crimes Continue

In this issue:

Bitcoin Network Mining Difficulty Continues Downward Trend Amid Heat Wave

By Jordan R. Silversmith

A recent analysis of Bitcoin mining activity has shown that Bitcoin Network mining difficulty dropped by 5 percent recently, continuing a three-month downward trend since reaching its all-time high in May 2022. This is the third consecutive downward adjustment of mining difficulty and the first time it has happened since last July, when China banned Bitcoin mining. According to reports, this time the drop in difficulty is a result of U.S. miners turning off their machines in the past two weeks due to soaring electricity prices, as record-breaking heatwaves have lingered. The rising costs of mining have reportedly had significant effects on miners in Texas, which is experiencing hotter-than-usual temperatures that have caused some miners to cease operations in order to accommodate the state’s energy grid load. Although extraordinary electricity costs have led some industrial-scale miners in Texas and beyond to curtail their mining activity, some miners may benefit. Analysts believe the lower difficulty is good news for small-scale Bitcoin miners, because reduced difficulty enables miners to confirm transactions using fewer resources, which allows small-scale miners to compete with larger miners for mining rewards.

For more information, please refer to the following links:

CFTC Chair Addresses Crypto; Proposed Bill Would Simplify Crypto Tax Rules

By Keith R. Murphy

The U.S. Commodity Futures Trading Commission (CFTC) recently published a keynote address by Chairman Rostin Behnam discussing the future of cryptocurrency regulation. Among other observations, Chairman Behnam noted that despite information suggesting that one in every five American adults has invested in or otherwise used cryptocurrency, the market has developed without clearly demarcated regulatory bounds, adding that the recent “crypto winter” has reinvigorated the call for a regulatory approach. Behnam stated that the U.S. digital asset industry does not fall within a single comprehensive regulatory scheme, and later suggested that “as with any trading market, the digital asset market would benefit from uniform imposition of requirements focused on ensuring certain core principles, including market integrity, customer protection, and market stability.” Among other statistics, he shared that the CFTC has pursued more than 50 enforcement actions since 2014, including for digital asset-related misconduct, retail fraud involving digital assets, the illegal offering of off-exchange trading in digital assets, and making untrue or misleading statements and omissions. According to Federal Trade Commission information Behnam shared, since 2021 more than 46,000 people have reportedly lost more than $1 billion in cryptocurrency to scams, and top cryptocurrencies used to pay scammers include bitcoin, tether and ether. Behnam pledged that the CFTC would continue using its enforcement authority to protect consumers in the digital asset commodity space from fraud and manipulation.

In another recent development, this week two senators proposed a bipartisan bill that would simplify the application of tax rules to transactions made with digital currencies. According to a press release, under the proposed Virtual Currency Tax Fairness Act, small personal cryptocurrency transactions under $50 would be exempted from capital gains taxation. Under current law, a taxable event occurs every time a digital asset is used. The proposed bill, which received positive reactions from the cryptocurrency industry, reportedly includes an aggregation rule that identifies related sales and exchanges as a single transaction in an effort to prevent potential tax evasion.  

For more information, please refer to the following links:

Congress Members Criticize SEC Bulletin on Crypto Accounting Treatment

By Christina O. Gotsis

In late July, four members of Congress sent a letter to the U.S. Securities and Exchange Commission (SEC) requesting it retract a bulletin that advises on the accounting treatment of crypto assets. The SEC bulletin advises that public companies, as well as private companies combining with special purpose acquisition companies, report crypto assets as liabilities and provide additional disclosures regarding the value of those assets. This represents a departure from the practice of holding custodied assets in separate accounts outside the balance sheet. The congressmen warned that the change would make the custody of such assets by banks “economically infeasible” and claimed that the SEC failed to follow “proper process,” such as providing a public comment period.

While SEC Commissioner Hester Peirce called the bulletin a “scattershot and inefficient” attempt to regulate crypto, SEC Chairman Gary Gensler argued that the measure will help protect investors amid a downturn in digital asset markets. Gensler defended the bulletin, SEC Staff Accounting Bulletin No. 121, advising that the bulletin follows the same process as the 120 bulletins before it in its mission to protect investors. Gensler reportedly characterized the bulletin as “advice” for companies seeking accounting guidance for crypto assets. The bulletin itself also notes that it is “interpretive guidance for entities to consider” and does not bear the agency’s “official approval.” Gensler reportedly noted that a bank’s bankruptcy puts customers’ digital assets at risk and that these assets “aren’t well enough developed” and are “sufficiently different” from traditional assets such as stocks or bonds.

For more information, please refer to the following links:

DOJ, SEC and OFAC Continue Cryptocurrency Enforcement Actions

By Robert A. Musiala Jr.

This week, the U.S. Department of Justice (DOJ) published a press release announcing that Michael Stollery, “[t]he CEO of Titanium Blockchain Infrastructure Services Inc. (TBIS)[,] pleaded guilty … for his role in a cryptocurrency fraud scheme involving TBIS’s initial coin offering (ICO) that raised approximately $21 million from investors in the United States and overseas.” According to the press release, Stollery admitted that he made a series of false and misleading statements to the purchasers of tokens in the TBIS ICO and commingled the ICO investors’ funds with his personal funds, using a portion of the proceeds for personal expenses. Stollery pleaded guilty to one count of securities fraud and faces up to 20 years in prison.

According to reports this week, two major U.S. cryptocurrency exchanges may be under investigation by government agencies. One report noted that, according to sources, a major U.S. exchange is under investigation by the U.S. Securities and Exchange Commission (SEC) related to certain cryptocurrency tokens listed on the exchange. Another report provides details on a reported investigation of another major U.S. cryptocurrency exchange by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). According to reports, the OFAC investigation relates to alleged sanctions violations involving exchange customers in Iran, Syria and Cuba.

In a final development, blockchain analytics firm Chainalysis has published The Chainalysis 2022 State of Cryptocurrency Investigations Survey. The survey polled a population of public sector employees on topics related to the successes and challenges of cryptocurrencies. Among other things, the survey respondents indicated the following sentiments: (1) cryptocurrency will advance the financial system in a positive way; (2) cryptocurrency is prevalent in a variety of crime types, including narcotics, fraud, theft and cybercrime; (3) accurate data, transaction visualization and training are critical for effective use of blockchain analytics tools; and (4) 74 percent indicated their government agency was currently not well-equipped to investigate cryptocurrency-related crime.

For more information, please refer to the following links:

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

By Lauren Bass

According to a recent report issued by cybersecurity firm SonicWall, global incidents of cryptojacking hit record highs earlier this year. Cryptojacking refers to a cyberattack in which hackers implant malware on a computer system and then surreptitiously commandeer that system to mine cryptocurrency for the benefit of the hackers. Overall incidents were up 30 percent, with the retail sector suffering from a 63 percent increase and the financial sector witnessing a 269 percent increase in attacks year-to-date. The report suggests that (1) the decline in ransomware attacks, (2) system vulnerability caused by Log4j and (3) the ability of cryptojackers to operate under the radar all contributed to the cybercrime’s rise in popularity.

In similar news, risk-management firm Crystal Blockchain recently released a report detailing the top cryptocurrency security breaches and fraudulent activities over the past decade. According to the report, decentralized finance (DeFi) exchanges have become an increasingly popular target for malicious actors, with over $2.5 billion lost to DeFi-related breaches, scams and hacks in 2022 alone.

For more information, please refer to the following links:

SEC and DOJ Bring Parallel Crypto Insider Trading Cases; SEC Alleges Nine Tokens Are Securities

Cryptocurrency, Financial technology

Significant parallel actions commenced this week by the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) bring crypto fraud enforcement into the spotlight, with the SEC alleging that multiple tokens listed on Coinbase are securities. In its first insider trading case of “crypto asset securities,” the SEC charged a former Coinbase product manager, his brother and his friend for perpetrating a scheme to trade crypto assets that the SEC alleges are securities on the basis of confidential nonpublic information. The DOJ brought its first cryptocurrency insider trading tipping scheme case by charging the same three individuals with conspiracy and wire fraud in connection with the alleged insider trading. This case comes on the heels of the DOJ’s first insider trading case regarding a non-fungible token (NFT).

Key Points

  • Of the at least 25 crypto assets that were allegedly traded on the basis of material nonpublic information, the SEC alleges nine are securities, of which seven are listed on Coinbase.
  • The SEC’s Complaint offers numerous specific examples of the type of activities the SEC will interpret as indicative that a crypto asset is a security.
  • The DOJ Indictment and SEC’s Complaint indicate that U.S. enforcement agencies continue to leverage enhanced investigation techniques and information gained from both U.S. and foreign companies servicing the crypto markets to assist in bringing crypto enforcement actions.

Read full alert.

Crypto Platforms Achieve Foreign Approvals; DOJ Seizes Crypto Ransomware Funds; CFTC Adds Crypto Firms to RED List; Crypto Fraud and Threats Continue

In this issue:

Foreign Regulators Approve Crypto Platforms; Ethereum Approaching PoS
DOJ Seizes $500K in Ransomware Crypto; CFTC Adds Crypto Firms to RED List
Fraud, Mixers, Ransomware and the Darkweb: Cryptocurrency Threats Continue

Foreign Regulators Approve Crypto Platforms; Ethereum Approaching PoS

By Keith R. Murphy

According to recent reports, several major cryptocurrency platforms have obtained regulatory approval from Italy’s Organismo Agenti e Mediatori (OAM) to offer their products and services to Italian customers in compliance with local regulations. The OAM had established set criteria to be met by companies offering cryptocurrency trading, custody or other services in the country. In related news, another major cryptocurrency exchange announced in a press release that it became the first company to be registered as a Virtual Asset Service Provider by the Central Bank of Ireland. 

According to recent reports, the Ethereum Network is approaching the merger phase of its planned transition from proof-of-work mining consensus to a proof-of-stake (PoS) network. The “Merge” could potentially occur on Sept. 19, although that is reportedly a “soft” deadline. The shift to a PoS network reportedly could result in a 99 percent reduction in Ethereum Network energy consumption.

For more information, please refer to the following links:

DOJ Seizes $500K in Ransomware Crypto; CFTC Adds Crypto Firms to RED List

By Michael A. Rivera

Earlier this week, the U.S. Department of Justice (DOJ) announced a complaint filing in the District of Kansas to forfeit approximately $500,000 in cryptocurrency to victims of a new ransomware scam. According to court documents, an FBI investigation into the ransomware strain, known as “Maui,” began last year after hackers used the ransomware to encrypt the files and servers of a Kansas hospital for over a week. After the hospital paid $100,000 in Bitcoin to the hackers to remove the ransomware from its system, it contacted the FBI about the attack. At this week’s International Conference on Cyber Security, Deputy Attorney General Lisa O. Monaco explained that the FBI was able to trace the ransom payment through the blockchain to money launderers based in China. According to the DOJ press release, after seizing one of the cryptocurrency accounts identified thanks to the Kansas hospital’s tip, the FBI was able to identify other victims of the Maui attack, including a healthcare provider based in Colorado. According to the DOJ press release, the funds are expected to be returned to victims of the ransomware attack.

In other recent developments, late last week the Commodity Futures Trading Commission (CFTC) announced that it added 34 unregistered foreign entities to its Registration Deficient List (RED List). Reportedly, the additions included multiple cryptocurrency industry firms. According to the CFTC, a firm is added to the RED List when the CFTC determines, from investigative leads and public inquiries, that the firm is not registered with the CFTC and appears to be acting in a capacity that requires registration, such as trading binary options, foreign currency or other products. In a statement, CFTC Commissioner Kristin Johnson said that U.S.-based customers transacting with unregistered entities, particularly those operating without oversight and beyond U.S. borders, may not receive the benefit of customer protections, safeguards and guardrails embedded in the CFTC’s oversight of the markets. The CFTC circulates the RED List, which was launched in 2015, to financial industry partners, including other regulators, consumer groups, industry participants, self-regulatory organizations, exchanges and industry associations.

For more information, please refer to the following links:

Fraud, Mixers, Ransomware and the Darknet: Cryptocurrency Threats Continue

By Lauren Bass

The FBI recently released a bulletin warning financial institutions and investors about a new cryptocurrency fraud scheme. According to the statement, cybercriminals have been using the names, logos and identifying information of legitimate investment firms to create fake mobile apps and websites in an effort to lure and defraud potential investors. The FBI cautions institutions and investors alike to be vigilant and verify any application before downloading it and providing sensitive information.

According to a recent Chainalysis blog post, use by illicit entities of cryptocurrency mixers – applications that obscure the flow of funds and complicate the tracing of cryptocurrency transactions – is at an all-time high. While mixers operating in the U.S. are required to register with FinCEN as money transmitters, few do, according to Chainalysis, and their lack of KYC processes makes them attractive to criminals looking to launder money.

While use of mixers may be up, use of darknet exchanges and ransomware sites may be down. According to reports, the recent decline in the value of BTC and other cryptocurrencies has led to a run on fiat reserves, which has caused some illicit exchange sites to shutter and others to scale back activities. 

For more information, please refer to the following links:

Taxation of Non-Fungible Tokens

Technology, Data, Computer Network, Big Data

Part Four in our series discusses U.S. federal income tax issues relating to Non-Fungible Tokens (NFTs) and provides an overview of how NFTs may be treated for U.S. federal income tax purposes.

IRS Guidance

1. Notice 2014-21
At the time of this publication, the U.S. government has only passed legislation
addressing tax reporting requirements for “brokers” of “digital assets.” There is
therefore no legislative guidance regarding the taxation of NFTs. Likewise, the IRS has
not addressed NFTs in any of its limited cryptocurrency guidance. Notwithstanding,
Notice 2014-21, which is the IRS’ first attempt to address the taxation of convertible
cryptocurrencies, serves as a point of reference.

Read more.

USPTO to Address NFTs; Treasury Dept. Publishes Digital Asset Fact Sheet; Financial Regulators Address Digital Assets; Crypto Enforcement Continues

In this issue:

CryptoPunk Sold for $2.6M, USPTO to Address NFTs, Court Approves NFT Service
Treasury Dept. Publishes Digital Asset Policy Fact Sheet, Seeks Public Comment
Multiple Financial Regulatory Bodies Publish Reports on Digital Assets
Crypto Enforcement Targets Interest Products, Unlicensed Money Transmission

Continue Reading

Financial and Crypto Firms Explore Integration; NFT Market Expands; FATF/Basel Publish Crypto Guidance; DOJ/CFTC Bring Crypto Actions; DeFi Hacks Continue

In this issue:

Financial Firm Launches Crypto Group, MakerDAO Votes to Integrate with Bank

By Robert A. Musiala Jr.

A major multinational financial institution recently “announced the formation of its Digital Assets and Financial Markets group.” According to a press release, “[t]he new group combines the teams responsible for supporting the fast-growing digital asset markets and those dedicated to providing market access and insights across the traditional securities services markets.”

In another recent development, MakerDAO, the decentralized autonomous organization (DAO) that governs the Maker Protocol, is reportedly voting on a proposal that would bring a traditional bank into the MakerDAO ecosystem. The Maker Protocol governs the DAI stablecoin, which is an algorithmic stablecoin pegged to the U.S. dollar and issued in exchange for user deposits of ether and other cryptocurrencies. According to reports, the proposal would involve allocating 100 million Dai (DAI) for the bank as part of a new collateral type in the Maker Protocol with the goal of allowing the Maker Protocol to begin issuing real-world loans to borrowers through the bank. MakerDAO will reportedly establish a Multi-Bank Participation Trust to facilitate integration with the bank.

A recently published survey commissioned by two cryptocurrency payment processors provides new data on merchants’ willingness to accept cryptocurrencies as payment.. The survey found, among other things, that (1) among businesses with an annual income of $1 billion, 85 percent are adopting crypto payments; (2) 82 percent of survey participants cited elimination of middlemen as the reason for accepting cryptocurrencies; (3) 77 percent of surveyed merchants that accept cryptocurrency cite lower transaction fees as a reason; and (4) 68 percent of merchants surveyed do not accept crypto due to challenges implementing technology.

For more information, please refer to the following links:

NFT Market Continues to Expand with Brand Activations and Infringement Suit

By Keith R. Murphy and Lauren Bass

Major American retailers celebrated the founding of the nation by forging new worlds of their own in the metaverse. One Mission Bay-based franchise reportedly sold non-fungible tokens (NFTs) that paired a digital collectible with a physical consumptive item in the form of a free T-shirt. Another New York-based clothier reportedly incentivized shoppers to engage with the brand on social media by offering its first 10,000 Discord channel users a free NFT.

In related news, an American lifestyle, clothing and accessories retailer recently launched an NFT store, offering limited edition T-shirts and sweatshirts created by several NFT designers, according to a report. Separately, a well-known global fashion brand recently announced that it is joining its first decentralized autonomous organization through a partnership with an NFT marketplace. The partnership is reportedly part of a larger “Vault Art Space,” a virtual space anticipated to showcase and sell artwork from NFT artists.  

According to recent reports, an auto-racing team backed by a major automobile manufacturer announced a partnership with an NFT platform for purposes of certifying parts for the team’s racing cars. The program is reportedly intended to allow the team to monitor and ensure the quality of car parts, and the certification program may eventually be expanded to include official merchandise and other products.

In a final development, the creators of a popular NFT collection have reportedly filed suit against a copycat digital artist for false advertising, trademark infringement, unfair competition and unjust enrichment, among other claims, for the artist’s design and sale of “confusingly similar” NFTs. The plaintiffs have requested injunctive relief and monetary damages.

For more information, please refer to the following links:

FATF and Basel Committee Publish New Guidance on Cryptocurrencies

By Joanna F. Wasick

The Financial Action Task Force (FATF), a cross-border, intergovernmental anti-money laundering organization, recently released a report and update on the implementation of FATF’s standards on virtual assets (VAs) and virtual asset service providers (VASPs), which were originally announced three years ago. The report emphasizes that over the last year, jurisdictions have made only “limited progress” in introducing FATF’s Travel Rule, which requires VASPs to communicate the information of the originators and beneficiaries of crypto transactions that exceed a certain threshold. Specifically, FATF reports that as of March 2022, only 29 out of 98 jurisdictions have represented that they have passed Travel Rule legislation, and only 11 have started enforcement and supervisory measures. The report also finds that threats of ransomware actors misusing VAs to facilitate payments continue to grow, and ransomware cybercriminals are still relying on a small group of noncompliant VASPs and privacy coins to illegally move funds.

Last week, the Basel Committee on Banking Supervision (Committee), an international committee formed to develop standards for banking regulation, published its second consultation on the prudential treatment of cryptoasset exposures. The Committee classifies crypto assets into two groups: Group 1 includes assets that meet the Committee’s classification conditions, including tokenized traditional assets and regulated stablecoins; Group 2 comprises those assets that do not meet the enumerated conditions, including bitcoin and most other cryptocurrencies. The Committee then makes recommendations for the exposure levels for banks based on that asset classification. According to the Committee, banks would subject Group 1 assets to at least equivalent risk-based capital requirements as the corresponding traditional capital assets. The Committee recommends that banks commit only 1 percent of their total equity or net asset value in either long or short positions to Group 2 assets.

For more information, please refer to the following links:

DOJ, CFTC Bring Multiple Enforcement Actions Against Crypto Fraud Schemes

By Christina O. Gotsis

In late June, the U.S. Department of Justice (DOJ) announced criminal charges against six defendants in four separate cases for their involvement in schemes to entice investors into various cryptocurrency and NFT fraud schemes. One defendant allegedly orchestrated an NFT “rug pull” scheme, abruptly ending a purported NFT investment project, deleting its website and absconding with investors’ money. The defendant and his coconspirators allegedly then laundered $2.6 million of investors’ funds through “chain-hopping,” a form of money laundering in which one type of coin is converted to another and funds are moved across multiple cryptocurrency blockchains. The defendant also used decentralized cryptocurrency swap services to obscure the trail of stolen funds.

Another three defendants were charged for their role in a global cryptocurrency Ponzi scheme that generated $100 million from defrauded investors. A fifth defendant was charged for his role in an initial coin offering that raised $21 million by using falsified white papers about the project and blockchain technology, planting fake testimonials on its website, and fabricating purported business relationships with the U.S. Federal Reserve Board and prominent companies to create the appearance of legitimacy. A sixth defendant allegedly solicited $12 million from investors to participate in an unregistered commodity pool, purporting to use a trading bot that could transact high-volume trades to generate 500-600 percent returns on cryptocurrency exchanges. The DOJ has encouraged all victims of the schemes to visit its resource page to identify themselves as potential victims.

Also, in late June, the Commodity Futures Trading Commission (CFTC) filed its largest-ever fraud scheme case involving bitcoin in a civil enforcement action against a foreign currency commodity pool and its operator. The complaint alleges that between 2018 and 2021, the operator engaged in an international, fraudulent, multilevel marketing scheme using websites and social media to solicit bitcoin from investors. The defendant allegedly misappropriated over $1.7 billion in funds from pool participants. The CFTC is seeking full restitution to defrauded investors, disgorgement of ill-gotten gains, civil monetary penalties, permanent registration and trading bans, and a permanent injunction against future violations of the Commodity Exchange Act and CFTC Regulations.

Finally, Rija Ignatova, the so-called CryptoQueen, was added to the FBI’s Ten Most Wanted Fugitives list for her alleged leadership of a massive global cryptocurrency fraud scheme. According to reports, Ignatova founded OneCoin, a Bulgarian-based virtual currency, targeting victims around the world and urging investors to sell multilevel packages to friends and family. A federal warrant was issued for Ignatova’s arrest in 2017, but she has not been seen since.

For more information, please refer to the following links:

North Korean Lazarus Group Suspected in Recent DeFi Hack

By Alexandra Karambelas

The North Korean cybercrime syndicate known as the Lazarus Group is suspected to be behind the recent Horizon Bridge hack, according to recent reports. The Horizon Bridge hackers reportedly stole over $100 million in ether and other cryptocurrencies late last month. According to reports, investigators say that the methods used in the attack and subsequent transfer of funds are consistent with other hacks attributed to the Lazarus Group. This is the latest in a series of high-profile cyberattacks on decentralized finance (DeFi) services, including the $540 million Ronin Bridge hack in March, which is also suspected to be the work of the Lazarus Group.  

For more information, please refer to the following link:

Navigating Contractual Relationships in the NFT Market

Participants in the fast-moving – but legally uncertain – non-fungible token (NFT) marketplace can maximize their business opportunities and mitigate risk by delineating their specific role early and clearly defining where their obligations begin and where their responsibilities end. Understanding and defining your role, and the role of your counterparties, is critical. Here are some of the key contractual relationships that NFT market participants can expect to encounter.

Read more.

LexBlog