Preliminary reporting from WazirX indicates that a breach in Liminal's multi-party computation wallet infrastructure might have caused the $235 million exploit on July 18. According to the report dated July 25, no evidence could be found that WazirX signers' machines were compromised, challenging Liminal's earlier assertion that compromised WazirX devices were to blame. Forensic analysis by WazirX revealed that the attack involved transactions through Liminal's infrastructure using both WazirX and Liminal signatures.
The hack took advantage of the multisig wallet contract, upgrading it to transfer control to the attacker; this is supposedly prevented by Liminal's interface. The report highlighted security concerns over "blind signing" of token transactions, where users are dependent on the interfaces provided by the custody providers for the details of transactions. Contrary to the safe infrastructure claimed by Liminal, WazirX has furnished enough proof to point out a breach at Liminal's end. The investigation is still ongoing as WazirX awaits conclusive forensic results.
Coinbase's UK Arm Fined $4.5 Million By FCA For User Onboarding Breach
The UK division of the American exchange company Coinbase, CB Payments Limited, has been fined £3.5 million, or roughly $4.5 million, by the Financial Conduct Authority for violating a voluntary agreement regarding user onboarding. In 2020, the FCA, an oversight body asked CBPL to agree not to onboard those customers it considered "high risk." Contrary to this, it went on to onboard 13,416 of these high-risk customers and provided cryptocurrency services to them.
Joint executive director of the FCA, Therese Chambers emphasized that the substantial lack of control increased the likelihood of money laundering within CBPL. The FCA's fine—the first it has imposed under the Electronic Money Regulations 2011—may presage a crackdown on providers of cryptocurrency services in the UK.
According to Coinbase, only 0.34% of onboarded customers were high-risk, and these were onboarded unintentionally between October 30, 2020, to October 1, 2023. Coinbase explained that the FCA investigation regards e-money transmitter services, not crypto transactions. CBPL was registered as an e-money institution with the FCA since 2017, operating e-money and payment services in specific jurisdictions, but was not authorized for cryptoasset business activities.
Hong Kong Crypto Influencers 'Wanted' By Interpol In JPEX Fraud Case
The International Criminal Police Organization has issued an international manhunt against crypto influencers from Hong Kong, Wong Ching Kit, alias "Coin Young Master," and Mok Tsun Ting, who face charges of theft, fraud, and laundering. In line with a report by the South China Morning Post on 25 July, Interpol followed red notices issued at the request of the Hong Kong police. Wong is charged with fraud and theft, while Mok is wanted for laundering cash.
Wong is a key promoter of the failed Dubai-based crypto exchange JPEX. He is infamous for past run-ins with the law, one of which was a 2018 publicity stunt in which he threw cash from a building. In 2019, Wong and Mok were detained due to fraud involving the sale of "mining rigs" for the cryptocurrency Filecoin (FIL).
JPEX, a crypto platform that had been heavily promoted in Hong Kong back in 2020, collapsed amid allegations of a Ponzi scheme. More than 70 people were arrested, with client losses amounting to $206 million. Wong had been ordered by the court last September to pull all videos related to JPEX from his social media, while Mok was arrested before being released on bail. The Hong Kong Security and Futures Commission stated that JPEX is an unregulated virtual asset trading platform and that this is what started the current investigation.