Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.
Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight incidents pertaining to security, regulations, and compliance that have happened in the past month and how one can follow better Security practices to safeguard their digital assets.
We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.
Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.
Unlock the potential of digital assets for your institution
Web3 Security Compromises in April
Hedgey Finance Hacked for Almost $45 Million
Hedgey Finance, a platform for managing token claims, lockups, and vesting, was hit with a flash loan attack that drained $44.7 million of customer funds from the platform.
Most assets were stolen from Hedgey on the Arbitrum layer-2 network, although around $2.1 million were stolen from the version deployed on the Ethereum mainnet.
Hedgey Finance confirmed the exploit and sent an optimistic and congratulatory message on-chain: “Well done for finding it! We’re assuming you executed this exploit as a white hat, so we’d like to get in touch with you to discuss the next steps.” There has been no on-chain response thus far.
Secure and manage your digital assets with Liminal
Australian DCA Fund Collapses with up to $65 Million Owed to Creditors
Liquidators have been appointed for three cryptocurrency companies owned by Ash Balanian. DCA Capital, Digital Commodity Assets, and the Digital Commodity Assets Fund have all entered liquidation after investors raised red flags about the fund’s management and licensure.
So far, losses are estimated to affect around 100 investors, with up to AU$100 million (US$65 million) in claims.
Balanian had boasted of his career experience as a former NASA mission planner and targeted his fund to wealthy investors with a minimum initial deposit of AU$50,000 (~US$33,000).
MuskSwap and Related Projects Exit Scam for over $5 Million
A person or group has raised funds for various crypto projects only to abandon them, empty the project wallets, and launder them through Tornado Cash. The largest of the projects was called “MuskSwap,” which proclaimed: “$MUSK & MuskSwap was born to show admiration for Elon Musk’s super projects like SolarCity, Tesla, and Space X and his constant influence on the world finance and the crypto market.”
The project described itself as a DEX with a native $MUSK token and launched in July 2021. However, the token tanked on December 25, 2021. Although the project team tried to blame the crash on “liquidity issues” and promised paths forward, they locked the project Telegram chat on March 11, 2022. On April 5, 2022, the team withdrew the remaining funds and deleted the website.
Crypto analysis firm CertiK linked the MuskSwap project to several other scam tokens and projects: RocketDoge, InfinityGame, SpaceX, MUFC (themed after Manchester United), and Elona Musk. Altogether, the rug pulls have drawn in $5.1 million.
Web3 Regulatory Practices for April
Brazil Harnessing New Affection for Crypto
On Brazil’s part, it was never really considered among the top five crypto-friendly countries. Yet, it has initiated several measures that challenge crypto enthusiasts’ notions about the country.
It is also among the major global economies (G20 Member Countries) that have rolled out crypto regulations.
Continuing with its crypto-friendly measures, President Jair Bolsonaro recently green-lit a bill that recognizes cryptocurrency as a valid payment method. Although this law, set to take effect in six months, does not declare cryptocurrencies as legal tender, it does incorporate them into the legal framework.
“With regulation, cryptocurrency will become even more popular.” – Sen. Iraja Abreu
Under this new law, crypto assets classified as securities will fall under the Brazilian Securities and Exchange Commission’s watch, while a designated government body will oversee other digital assets.
Singapore Tightening Up Its Crypto Regulations
Until a series of failures rocked the crypto industry in 2022, most rankings identified Singapore as the most crypto-friendly country.
Even founders who moved to Singapore, drawn by its crypto-friendly measures initiated pre-2022, found themselves questioning their decisions.
Recently, Singapore’s Central Bank, the Monetary Authority of Singapore (MAS), is rolling out new updates to the Payment Services Act to tighten its grip on the crypto landscape.
These updates extend to crypto custody, token payments or transfers, and cross-border payments, even if transactions don’t physically touch Singapore’s financial system.
Key among these regulations is the requirement for service providers to keep customer assets separate from their own, with a hefty 90% of these assets to be stored in cold wallets to enhance security.
Additionally, the MAS is keen on preventing any single person from having too much control over these assets, favoring multi-party computation (MPC) wallets, which require a collaborative effort for transactions.
Moreover, the MAS is stepping in to protect retail customers by banning them from certain activities, such as crypto staking or lending, which are gaining attention from regulators worldwide.
Stay #LiminalSecure
These events highlight the constant evolution of Web3 security and regulation. By staying informed and prioritizing security best practices, you can confidently navigate this dynamic landscape.
At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our institutional custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.
by Liminal
