NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of digital assets. This week includes a New York Ponzi scammer obliged to pay $228 million, clarifications from Google regarding Play Store regulations on non-custodial wallets, a security lapse at Coinbase involving smart contracts, preliminary repayment plans from GMX, BtcTurk halting transfers, letters from U.S. banking groups urging legislative action on stablecoin regulations, and funds seizure connected to a ransomware operator by federal prosecutors.

For further insights: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

A federal judge in Manhattan has mandated that Eddy Alexandre and his company, EminiFX, reimburse over $228 million after the Commodity Futures Trading Commission (CFTC) charged them with orchestrating a Ponzi scheme involving forex and cryptocurrency trading. The ruling confirmed that Alexandre misappropriated substantial investor funds, with court documents indicating that victims collectively invested over $262 million within just eight months. During this period, EminiFX incurred losses exceeding $49 million, largely due to Alexandre’s diversion of investor funds into personal accounts. The judgment entails more than $228.6 million in restitution and an additional $15 million payment from Alexandre for improper gains, who is now serving a nine-year sentence for related offenses.

Recent updates to Google’s policy suggested that non-custodial crypto wallets could be barred from the Play Store, a notion that triggered considerable backlash from users concerned about the implications for widely-utilized self-custody solutions. In response, Google clarified that its policy specifically targets custodial wallets, ensuring that non-custodial options remain permissible. This clarification outlines that developers in the U.S. must register as a money services business or operate under state-chartered banks to comply with local laws.

Coinbase has reported a loss of approximately $300,000 owing to misconfigured token approval processes through the 0x Project’s “swapper” contract, which is intended for token swaps but not approval transactions. The flaw was highlighted by security researcher “deeberiroz” from Venn Network, indicating that malicious actors exploited this oversight, targeting tokens such as Amp and DEXTools. The incident, attributed to a recent change in corporate wallet setup, has since led Coinbase to revoke token allowances to mitigate further risks.

In response to a July exploit that impacted its funds pool on Arbitrum, decentralized exchange GMX is initiating a $44 million compensation distribution to affected users. The recovery stems from a negotiation with the attacker, and combines retrieved funds with an injection from GMX’s treasury. This exploit exploited a reentrancy vulnerability permitting excessive fund withdrawals. As part of the reparative measures, eligible users will be rewarded with GLV tokens along with incentives for retaining them over a set duration.

Turkey’s BtcTurk has temporarily suspended all crypto deposits and withdrawals after a blockchain firm flagged roughly $48 million in suspicious transactions. The exchange attributed the suspension to a “technical issue” but clarified that services related to the Turkish lira remain unaffected. As funds were observed moving rapidly through multiple networks before consolidation, this incident highlights ongoing concerns regarding transaction monitoring within the crypto space.

In a concerted effort, major U.S. banking associations are urging lawmakers to amend the recently enacted Guiding and Establishing National Innovation for U.S. Stablecoins Act, citing potential loopholes that may destabilize financial integrity. Their primary apprehension centers around the current prohibition on stablecoin issuers providing interest not applying to exchanges and brokers, warning that such gaps could encourage deposit migration towards yield-generating stablecoins.

The U.S. Department of Justice has unsealed warrants for the seizure of $2.8 million in cryptocurrency from an alleged ransomware operator linked to multiple attacks on various entities worldwide. The warrants, filed across several federal courts, indicate that the accused leveraged ransomware to extort payments for data decryption, showcasing a sophisticated methodology for laundering proceeds through various channels.

The Federal Reserve Board is dissolving its year-long program overseeing banks involved in cryptocurrency and fintech operations, citing sufficient understanding attained during this initiative. This marks a strategic shift, as oversight will revert to standard supervisory practices to manage potential risks inherent in digital asset activities undertaken by traditional financial institutions.

Hong Kong’s Securities and Futures Commission has published new guidelines compelling licensed virtual asset trading platforms to adopt enhanced custodial standards for client assets. Instituted in light of recent international crypto failures, the regulations focus on aspects such as senior management accountability and real-time monitoring to fortify local cybersecurity frameworks.