The SEC Cyber Unit has filed charges in its first case, claiming that PlexCorps defrauded ICO investors:
The Securities and Exchange Commission’s new Cyber Unit has filed its first charges since being formed in September. The unit’s case is being brought against a company called PlexCorps, its founder Dominic Lacroix and his partner Sabrina Paradis-Royer and the SEC claims that Lacroix and Paradis-Royer were actively defrauding investors. PlexCorps was engaged in an initial coin offering (ICO) — which was selling securities called PlexCoin — that had already raised around $15 million since August and it was fraudulently promising that investors would see a 13-fold profit in just under one month. The SEC obtained an emergency asset freeze to halt the ICO.
Interestingly, this is a straight fraud case, not a claim that PlexCorps is offering securities without a license. No Howey test, no debate over whether this is a security or a utility token. Just a straight claim that PlexCorps lied and made money from it. The Complaint is here: https://www.sec.gov/litigation/complaints/2017/comp-pr2017-219.pdf
One gets the sense that the SEC is ramping up. First warnings and guidance, now fraud cases, and soon unregistered securities offerings.
Amy Wan discusses the Parity Wallet failure here and describes a new SDK that she is rolling out that will offer insurance against similar failures by future smart contracts. One important point is her list of potential failure points for smart contracts, a set of points I agree with:
- smart contracts may contain coding errors (and many developers write code using a fail fast and iterate mentality)
- smart contracts may contain vulnerabilities easily exploited by hackers
- smart contracts may not accurately reflect the intent of parties
- contracting parties may change their mind and wish to amend, modify, or terminate the contract due to misrepresentation, mistake, duress, impossibility, or a change in circumstance
- external data sources, such as other contracts or oracles may provide incorrect data
There are many ways to minimize exposure here. Code audits are a must, particularly for significant, multi-use libraries. Building in failsafes – like Amy’s SDK or other tools – is also prudent. And linking to multiple external oracles with sanity checking for the inputs is likewise necessary.
Earlier this week, popular Ethereum wallet Parity was either hacked or unintentionally damaged, leading to the loss of approximately $300M in Ether. (While the actions that led to the loss are clear, the responsible party’s intent has not been firmly established.)
This article provides a good summary: https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether
Essentially, a bug in the Parity multi-signature wallets allowed a coder to take ownership of the entire multi-signature wallet structure at its root. When the coder the deleted that code – ostensibly in an effort to undo his actions in taking ownership and return the wallets to their true owners – he actually deleted the code that allowed the multi-signature wallets to operate at all.
Core Ethereum developers have reviewed the issue and concluded that only a hard fork will fix the problem. But Ethereum’s DAO hard fork led to the permanent creation of the ETH / ETC split. And the Parity wallets at issue compose a much smaller part of the Ethereum market cap than DAO did. A hard fork seems unlikely.
One of the biggest advantages of cryptocurrency is its ability to be held by anyone and accessed anywhere at anytime. Parity, a widely Ethereum wallet, has just lost its users hundreds of millions of dollars. Individuals holding cryptocurrency should seriously consider moving their assets to hardware wallets like Trezor or Ledger. Companies holding cryptocurrency should seriously consider developing their own, in-house, thoroughly audited solution. (Thanks to QE partner and former SEC Chief of Staff Michael Liftik for pointing out this important aspect of the article.)
Just a few months after it was the darling of the ICO world, Tezos is facing internal squabbles, an external lawsuit, and rumors of SEC interest in the ICO:
It will be very interesting to see how this plays out. With a fundraise of roughly $232M (not to mention some interesting technology), it is unlikely that Tezos will simply disappear.
Interesting article on CNBC regarding criminal uses of cryptocurrency. They make two significant points. First, the percentage of criminal transaction volume on the Bitcoin blockchain has dropped as legitimate transactions have moved in:
Although hard numbers on criminal activity in digital currencies are difficult to pin down, Shone Anstey, co-founder and president of Blockchain Intelligence Group, estimates that illegal transactions in bitcoin have fallen from about half of total volume to about 20 percent last year.
“Now it’s significantly less than that,” he told CNBC earlier this month, noting that overall transaction volume has grown globally.
An anonymous DHS official suggested that criminals are moving into currencies like Monero and Ether:
A U.S. Homeland Security official confirmed to CNBC in a phone interview on Thursday that criminals are “looking more closely at other currencies like monero and ethereum.”
I am skeptical of the latter, though, since the Ethereum blockchain is just as open as the Bitcoin blockchain.
Some ominous rumblings regarding the extent of planned Chinese regulation of the crypto market:
Chinese media is reporting executives of crypto exchanges have been ordered to not leave the country with a very rough translation stating:
“A number of informed sources say the executives of special currency trading platforms are not allowed to leave Beijing to cooperate with the investigation. In accordance with regulatory requirements, trading platform shareholders, the actual controller, executives and financial executives need to fully cooperate with the relevant work in the clean-up period in Beijing.”
. . . .
China, therefore, appears to have isolated themselves, while the rest of the world seemingly moves on, but questions are being raised regarding miners, with some 80% of their operations centralized in the country.
An investor in Chinese bitcoin mines told AFP: “All of us didn’t believe they would shut down the exchanges so we are preparing for the worst.”
China’s decision to shut down exchanges took many by surprise and was very unexpected with the authoritarian government giving no hint they plan to take such draconian measures.
Questions therefore are being raised on whether they might do so for miners, a $2 billion importing industry which may find it difficult to operate without the ability to sell their bitcoins on the market.
That is especially so because WSJ is suggesting the ban is a total ban, with apparent plans to declare even Off the Counter (OTC) trading as illegal.
In which case, it would be as good as impossible for Chinese miners to operate as they would be unable to cover their considerable expenses without the ability to exchange their coins for fiat currencies.
Which is why many expected OTC trading to be allowed, with Chinese media so reporting initially, but it’s not clear whether they have changed their mind.
As such, miners are seemingly preparing for the worst, with some thinking of relocating to neighboring countries or to very cold areas, such as Iceland.
The quality of sourcing here is unclear, but this suggests a much more widespread crackdown than originally reported.
Monero and ZCash are two of the most well-known cryptocurrencies supporting strong features for private transactions. Some interesting posts on ZCash and Monero recently:
Better Faster Zksnarks
Monero: Private and Difficult to Use
Before reading the posts above, I did not realize that neither Monero nor ZCash had mobile or hardware wallet support. (Monero does seem to have a workaround through a mobile wallet that can be used on Chrome.) Obviously, that will hamper their adoption in the long term. On Monero’s end, the reason for this is unclear. On ZCash’s end, it seems that the heavy math involved in using Zksnarks for private transactions was preventing mobile and hardware wallet support. Hopefully the development discussed in the first post will make it more likely to emerge in the near future.