Courtesy of Jesse Coghlan, CoinTelegraph.com
The United States commodities regulator is set to take a close look at the decentralized finance space at an upcoming meeting of its tech committee, where it has also invited crypto industry executives to present.
The Commodities Futures Trading Commission (CFTC) announced on March 1 that the agenda for the March 22 meeting of its Technology Advisory Committee will include a panel on “exploring issues in decentralized finance.”
Other panels will explore responsible Artificial Intelligence (AI) development and possible threats arising from AI along with cybersecurity threats to financial markets.
CFTC commissioner Christy Goldsmith Romero said in a statement the panel has an opportunity “to look past labels and examine the issues presented by DeFi thoughtfully and holistically,” adding:
“A discussion about DeFi, including cyber vulnerabilities, indicators of ‘decentralization,’ digital identity and unhosted wallets, will contribute to ongoing policy discussions in Washington, D.C. and beyond the beltway.”
The panel will include presentations that provide an overview of the DeFi ecosystem and will discuss decentralization issues, digital identity, noncustodial crypto wallets and exploits.
Executives from crypto companies including crypto custody platform Fireblocks, security company Trail Of Bits, venture capital firm Terranet Ventures and blockchain intelligence firms TRM Labs and Metrika are slated to present during the meeting.
The meeting agenda will also include a session that considers a subcommittee on crypto and blockchain technology in another move to help cement its bid to win regulatory jurisdiction over crypto.
Last month, the CFTC’s Global Markets Advisory Committee discussed digital asset markets at its inaugural meeting.
Related: Rep. Maxine Waters says all US regulators ‘better get together on crypto’
Commissioner Caroline Pham, who oversaw the Feb. 13 meeting, said that crypto markets are “truly borderless” and urged policymakers to “understand what is happening” so the policy approach by the U.S. “does not leave Americans behind and playing catch-up.”
The CFTC has been edging for regulatory control of the burgeoning crypto sector from the Securities and Exchange Commission, with CFTC commissioners urging Congress to give the regulator oversight overcrypto.
CFTC chairman Rostin Behnam has similarly attempted to justify why the regulator should have authority over the space, saying the commission was “well positioned” to address regulatory shortfalls.
Governor Bowman presented identical remarks to the Florida Bankers Association Leadership Luncheon Events, Tampa, Florida, on January 11, 2023.
Thank you, Bill, and I’d also like to thank Alex Sanchez and the Florida Bankers Association for the invitation to be with you today. It is a pleasure to be here in person to discuss issues that are top of mind for all of us as we begin the new year. I will start with some thoughts about the Federal Reserve’s ongoing effort to lower inflation, which continues to be much too high. I will then touch on other issues in the Fed’s purview, including bank supervision and regulation.1
While the Fed has access to a staff of expert economists and a seemingly infinite flow of economic data to inform our decision-making, I often find that the most valuable data comes directly from the experiences and perspectives of those who are engaged in and supporting the economy through the financial system. In my more than four years as a member of the Board of Governors and the Federal Open Market Committee (FOMC), I have learned that there are few who understand the economy more directly than bankers, business owners and the customers you serve.
Monetary Policy
Let me begin by discussing the Fed’s efforts to lower inflation. Inflation is much too high, and I am focused on bringing it down toward our 2 percent goal. Inflation affects everyone, but it is especially harmful to lower- and middle-income Americans, who spend a greater share of their income on necessities like food and housing. Stable prices are the bedrock of a healthy economy and are necessary to support a labor market that works for all Americans.
Over the past year, I have supported the FOMC’s policy actions to address high inflation, and I am committed to taking further actions to bring inflation back down to our goal. Since last March, the FOMC has been tightening monetary policy through a combination of increasing the federal funds rate by 4-1/4 percentage points and reducing our balance sheet holdings.
In recent months, we’ve seen a decline in some measures of inflation but we have a lot more work to do, so I expect the FOMC will continue raising interest rates to tighten monetary policy, as we stated after our December meeting.2 My views on the appropriate size of future rate increases and on the ultimate level of the federal funds rate will continue to be guided by the incoming data and its implications for the outlook for inflation and economic activity.
I will be looking for compelling signs that inflation has peaked and for more consistent indications that inflation is on a downward path, in determining both the appropriate size of future rate increases and the level at which the federal funds rate is sufficiently restrictive. I expect that once we achieve a sufficiently restrictive federal funds rate, it will need to remain at that level for some time in order to restore price stability, which will in turn help to create conditions that support a sustainably strong labor market. Maintaining a steadfast commitment to restoring price stability is essential to support a sustainably strong labor market.
To this point, unemployment has remained low as we have tightened monetary policy and made progress in lowering inflation. I take this as a hopeful sign that we can succeed in lowering inflation without a significant economic downturn. It is likely that as a part of this process, labor markets will soften somewhat before we bring inflation back to our 2 percent goal. While the effects of monetary policy tightening on the job market have generally been limited so far, slowing the economy will likely mean that job creation also slows. And if there are unforeseen shocks to the economy, growth may slow further. It’s important to keep in mind that there are costs and risks to tightening policy to lower inflation, but I see the costs and risks of allowing inflation to persist as far greater. These dynamics make the difficult decisions facing the FOMC even more challenging, but it is absolutely necessary that the Committee achieves our goal of price stability.
From the late 1960s through the mid-1980s, the U.S. economy experienced high inflation, high unemployment, and declining living standards. During that time, policymakers prematurely eased monetary policy when the economy weakened, and inflation remained high. The FOMC was forced to return to tightening monetary policy, causing a deep recession in 1981 and 1982. This is an important lesson that guides my thinking about monetary policy and my continued support for policy actions that will continue to lower inflation.
It is also important to remember that today’s inflation is a global concern. This is because some of the factors driving inflation in the United States are global, including the disruption to goods production and trade during the pandemic, the shutdown and reopening of large economies, and the more recent disruption of food and energy supplies due to conflicts abroad. Monetary policy can do very little to improve supply disruptions, but it can help bring supply and demand into better alignment.
While the path ahead looks uncertain, I am encouraged by three specific developments. The first is the ongoing strength of the labor market, which was further supported with last Friday’s jobs report. So far, the job market has remained resilient despite higher interest rates and slower growth. The second development is that the balance sheets of households have remained strong, with low debt levels. Low debt and strong balance sheets together with the strong labor market mean that consumers and businesses can continue to spend even as economic growth slows. The third point is the strength of the U.S. banking system, with high levels of capital and liquidity, due in large part to the reforms adopted after the last financial crisis.
I will turn now to the banking and payments issues on the Fed’s agenda, which include crypto and digital assets, innovation in payments, climate change and banking supervision, and likely changes to the rules implementing the Community Reinvestment Act (CRA).
Cryptocurrency
The dysfunction in cryptocurrency markets has been well-documented, with some crypto firms misrepresenting that they have deposit insurance, the collapse of certain stablecoins, and, most recently, the bankruptcy of the FTX cryptocurrency exchange. These events have made it clear that cryptocurrency activities can pose significant risks to consumers, businesses, and potentially the larger financial system.
While the traditional financial system has limited exposure to cryptocurrencies, I expect that some banks will continue to explore how to engage in crypto-related activities. The Fed and other banking agencies will continue to focus in this area, in light of the significant risks these activities may pose. But the bottom line is that we do not want to hinder innovation. As regulators, we should support innovation and recognize that the banking industry must evolve to meet consumer demand. By inhibiting innovation, we could be pushing growth in this space into the non-bank sector, leading to much less transparency and potential financial stability risk. We are thinking through some of these issues and what a regulatory approach could look like.
Payments
The Fed plays an important role in fostering the safety and efficiency of the U.S. payments, clearing, and settlement systems. There have been a number of interesting developments on payments that continue to be top of mind for policymakers. One of these is the push for real-time payments. Since 2019, the Fed has been working to launch FedNow, a new faster payments system that will be available in the first half of 2023. FedNow will help transform the way payments are made through new direct services that enable consumers and businesses to make payments conveniently, in real time, on any day, and with immediate availability of funds for receivers. FedNow will enable depository institutions of every size, and in every community across America, to provide safe and efficient instant payment services.
We have also been studying the concept of a central bank digital currency (CBDC). Several foreign governments and central banks are exploring digital currency, and there are many competing proposals suggesting a need to create a digital currency. The common theme underlying the need in these proposals is the desire to increase the speed and reduce the cost of financial transactions. Last January, the Fed published a paper soliciting comment on possible forms and uses of a CBDC in the United States. The Fed continues to study the idea, although much of what supporters hope to achieve with a central bank digital currency may be provided through FedNow and existing private payment services. In any case, initiatives to make payments faster and more efficient will continue to be an area of focus.
Climate Supervision
Climate has also been a recent focus for Fed supervision, but our narrow interest in this area it is limited to the largest banks. Last fall, the Fed announced an exploratory pilot study with six of the GSIBs that is narrowly focused on the goal of enhancing the ability of supervisors and firms to measure and manage climate-related financial risks, not credit allocation. The Fed has also published a climate guidance proposal for banks over $100 billion in assets. These climate efforts do not apply to smaller and community banks. Smaller and community banks already integrate and comply with robust risk management expectations. The Fed views its role on climate as a narrow focus on supervisory responsibilities and limited to our role in promoting a safe, sound and stable financial system. While this climate supervision effort is a new area of focus, it has been a longstanding supervisory requirement that banks manage their risks related to extreme weather events and other natural disasters that could disrupt operations or impact business lines.
Community Reinvestment Act
The last item on our regulatory agenda that I will note in my remarks today is the proposal to update the Community Reinvestment Act. The CRA requires the Fed and other banking agencies to encourage banks to help meet the credit needs of their communities, including low- and moderate-income communities. This rule was last updated 25 years ago, and the banking industry has changed dramatically since the 1990s. The proposal reflects these industry changes, including recognizing internet and mobile banking services, it also attempts to provide clarity and consistency, and it could enhance access to credit for these low- and moderate-income communities. I am fully supportive of these efforts, but I also share the concern noted in public comments that have suggested that some of the elements included in this overhaul of the CRA framework result in significant new regulatory burden, particularly for the smallest and community banks. As we continue this important rulemaking process, it will be critical for the Fed to carefully weigh the costs and benefits of any changes before finalizing a proposal.
I will stop there so we can move on to our conversation. Thank you again, for the opportunity to be with you today. I look forward to the discussion.
1. These views are my own and do not necessarily reflect those of my colleagues on the Federal Reserve Board or the Federal Open Market Committee. Return to text
2. See Board of Governors of the Federal Reserve System (2022), “Federal Reserve Issues FOMC Statement,” press release, December 14. Return to text
Reimbursing cyber scams
As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack.
Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly.
To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks’ responsibility to establish security models that will give them and their clients the greatest level of safety.
Maintain compliance with strict privacy regulations
The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle.
Banks must decide how to manage sensitive personal data like biometrics as GDPR and other privacy regulations are being established throughout the world. As a result, many institutions believe that finding a partner that can protect this sensitive personal information is more practical than modernizing internal systems and processes.
Finally, the public is becoming more concerned about how technology corporations utilize personal data. More difficult questions will be raised as a result, and any responses must pass a strict ethical standard. The application of AI to compliance and fraud will need to be explained by banks. Ascertaining whether their partners and vendors have complete control over the technology they provide will also have an impact on vendor onboarding. Every bank will need to be able to justify decisions made to regulators and the broader public.
Leveraging AI to combat cyber fraud
Instead of being a subset of financial crime, banking fraud now coexists with ransomware, phishing, and other types of cybercrime. Fraudsters are functioning methodically, getting more skilled at spotting loopholes in the automated systems that financial institutions are putting in place, and getting better at learning through repetition.
For example, banks and mortgage lenders have started to link more of their fraud charges to the fact that their clients are doing more transactions using mobile banking apps. According to a LexisNexis survey, more than half of the respondents who worked for US banks and credit lenders say that mobile channel fraud has increased by 10% or more this year.
Today’s fraudsters collaborate with criminal gangs that provide crime as a service. As a result, frauds and forgeries become increasingly sophisticated, making them impossible for humans to detect without artificial intelligence (AI) to support their decision-making.
Decentralized currencies are at the center of attacks
Meanwhile, cryptocurrency has become a primary target of cyberattacks. Huge sums of money are frequently present on cryptocurrency exchanges and wallets, making them a powerful attraction for attackers trying to make money from their attacks.
These are sometimes straightforward social engineering attacks, and other times they are far more sophisticated technically. We expect to see more cyberattacks on decentralized currencies given the amount of money that can be stolen in a single successful attack (possibly reaching millions of dollars). For example, in December 2021 criminals stole nearly $200 million from the crypto trading platform Bitmart.
However, we should anticipate law enforcement and governments to become more actively involved in both the investigation of cryptocurrency assaults and the use of cryptocurrency vulnerabilities. For example, government agencies like the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) may try to regulate cryptocurrencies more strictly as they regulate traditional currencies.
Attacks bypassing MFA
Although multi-factor authentication is a prerequisite for enabling strong customer authentication, the latest attacks against Cisco and Uber have profoundly demonstrated that fraudsters can bypass MFA. Using sophisticated tactics and tools like auto-diallers, criminals have managed to intercept one-time passwords (OTP) and compromise banking accounts. Automating the process and creating what is known as MFA fatigue they force customers to give up OTPs to malicious bots.
OTP interception is now trivial compared to what it has been historically, and that innovation fundamentally shifts the economics in the favor of the attackers. The LexisNexis report highlighted this concern saying that balancing fraud detection with customer friction is a top challenge for banks. Banks need to embrace phishing-resistant MFA methods that eliminate the risk of being defrauded while offering a superb customer experience for all possible use cases and authentication journeys.
A bigger attack surface and higher attack sophistication levels are a result of the rising use of complicated technologies and interaction with third-party systems. Today, maintaining a strong cybersecurity posture entails more than merely defending sensitive systems and data from damaging external attacks. Additionally, it entails better data privacy, identity protection, and vulnerability management. Banks and financial institutions can outsource part of the burden of staying compliant with regulations and securing customer financial data by partnering with a trusted managed services provider. These companies aggregate experience and expertise to help banking institutions stay one step ahead of their adversaries.
Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money
SUMMARY
The FBI is warning investors cybercriminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cybercriminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cybercriminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.
THREAT
Cybercriminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money. A smart contract is a self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Cybercriminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.
Between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis. This is an increase from 72 percent in 2021 and 30 percent in 2020, respectively. Separately, the FBI has observed cybercriminals defraud DeFi platforms by:
- Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
- Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
- Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,(a) and then conducting leveraged trades that bypassed slippage checks (b) and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.
RECOMMENDATIONS
Investment involves risk. Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser. In addition, the FBI recommends investors take the following precautions:
- Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
- Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
- Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
- Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.
The FBI recommends DeFi platforms take the following precautions:
- Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
- Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.
a Price oracles are tools that query, retrieve, and verify price information about a given asset used by the DeFi platform’s smart contracts.
b Slippage refers to price difference between when a transaction is submitted and when the transaction is confirmed (validated) on the blockchain. Slippage checks are designed to minimize or eliminate slippage.
Cryptocurrency insider-trading case could have broad ramifications for industry.
Federal authorities brought the first-ever cryptocurrency insider-trading case Thursday, accusing a former Coinbase Global Inc. COIN 5.43%▲ manager of tipping off his brother and a friend with confidential information, and signaling in a companion case an aggressive new push to police digital tokens.
Prosecutors in Manhattan filed wire-fraud charges against the three men, and, at the same time, the Securities and Exchange Commission brought a civil case against them in which it alleged that nine cryptocurrencies, including seven that are currently available on Coinbase, are unregistered securities.
The SEC’s classification of the digital tokens as unregistered securities could have wide-ranging effects on the cryptocurrency industry and expose Coinbase and other platforms to new legal liabilities and regulatory requirements.
An indictment unsealed in federal court in Manhattan alleged that Ishan Wahi, a former product manager at Coinbase, his brother Nikhil Wahi and his friend Sameer Ramani netted about $1.5 million in illegal profits.
The Wahi brothers were arrested Thursday morning in Seattle. Mr. Ramani remained at large, prosecutors said.
“Our message with these charges is clear: fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street,” said Damian Williams, the U.S. attorney for the Southern District of New York.
Lawyers for Ishan Wahi said the charges were meritless. “Ishan Wahi is innocent of all wrongdoing and intends to defend himself vigorously against these charges and in the SEC action,” said lawyers Andrew St. Laurent and Marc Axelbaum.
Priya Chaudhry, a lawyer for Nikhil Wahi, said prosecutors were trying to criminalize innocent behavior “because they are looking for a scapegoat because so many people have lost money in cryptocurrency recently.”
A lawyer for Mr. Ramani couldn’t be identified.
Coinbase said in a statement on its blog that it had conducted an investigation on the three men and had provided information about the individuals to the Justice Department. The platform also said it fired Ishan Wahi.
“Coinbase takes this type of illicit behavior super seriously,” said Paul Grewal, the company’s chief legal officer. “We have zero tolerance for it.”
Mr. Grewal said Coinbase invests heavily in systems and policies to prevent employees from taking advantage of confidential information, such as asset-listing plans.
Ishan Wahi, who worked on Coinbase’s asset-listing team, had advance knowledge of the timing and public announcements of assets the exchange planned to list, prosecutors alleged. He was one of a small number of employees who belonged to a private messaging channel used to discuss launch dates and timelines, according to the indictment.
Starting in June 2021, the three defendants used the confidential information to make trades in advance of at least 14 public-listing announcements by Coinbase, the indictment alleged. The men concealed the trades through a web of crypto accounts and anonymous digital wallets, prosecutors alleged.
Some of the trades drew public scrutiny. In April, a Twitter account well known in the crypto community flagged the purchase of hundreds of thousands of tokens about 24 hours before they were named in a public-listing announcement, prosecutors alleged. Later in the month, Coinbase said it was investigating whether someone inside the company had leaked confidential company information.
On May 11, the exchange’s security-operations director emailed Ishan Wahi, telling him to attend an in-person meeting, prosecutors said. The day before the meeting, Mr. Wahi bought a one-way flight to India scheduled to depart the next day, according to prosecutors. They said that before the flight departed, Mr. Wahi called and texted his brother and Mr. Ramani about Coinbase’s investigation.
Law-enforcement agents stopped Mr. Wahi and prevented him from leaving the country, according to prosecutors.
The case is the latest signal that federal prosecutors in Manhattan are making an enforcement push on alleged insider-trading schemes of digital assets. Prosecutors last month charged a former employee of an NFT marketplace with using inside information to profit on NFTs, or nonfungible tokens.
The SEC charges are likely to turn up the pressure on Coinbase, which had previously disclosed it was under investigation by the agency. SEC Chair Gary Gensler has said he plans to pursue enforcement actions against crypto-trading platforms that facilitate trading in unregistered securities.
Thursday’s civil complaint marked the first time the SEC under Mr. Gensler has formally identified cryptocurrencies it believes to be securities that are offered on a major trading platform. It raises the possibility that Coinbase could face penalties for violating federal laws that require securities exchanges to register with the SEC.
Coinbase disputed the SEC’s assessment and criticized the agency’s decision to get involved in the case.
Mr. Grewal, Coinbase’s chief legal officer, said the firm has no plans to remove the cryptocurrencies from its trading platform.
“We have reviewed these assets carefully in advance of our listing,” he said, though he declined to share the firm’s legal analysis.
For each of the cryptocurrencies it alleged to be securities, the SEC applied a legal test developed by the Supreme Court in the 1940s. The commission said the tokens were all offered and sold to investors by issuers hoping to raise money. The issuers and promoters of the offerings touted the potential profits that investors might earn from the assets based on the efforts of others, the SEC said in its complaint.
“Those realities affirm that a number of the crypto assets at issue were securities, and, as alleged, the defendants engaged in typical insider trading,” SEC enforcement chief Gurbir Grewal said.
Courtesy of Corinne Ramey, James Fanelli, and Paul Kiernan, Wall Street Journal
It says users in the United States can expect digital asset services to come in the future.
A subsidiary of the Huobi cryptocurrency exchange called HBIT Inc has received its Money Services Business (MSB) license from the United States Financial Crimes Enforcement Network (FinCEN).
The Seychelles based Huobi said on Tuesday that the license creates a foundation for it to carry out crypto-related business in the U.S. in the future, as part of its strategic goals of “globalization and compliance.” The exchange is a major player, with more than $1 billion in volume in the past 24 hours, according to CoinGecko.
Before the great crypto crackdown by Chinese authorities, most Huobi users came from China, but according to the latest figures from Statista, most users in February 2022 originated from Russia and Ukraine.
The MSB license allows Huobi’s subsidiary to transmit money and operate as a fiat currency exchange, a required step by U.S. regulators to ensure FinCEN can monitor financial crimes such as money laundering.
However, it does not allow it to provide crypto-exchange services — which would require a money transmitter license. It says in the future, it expects to provide U.S. users with a compliant digital asset service.
Huobi said its subsidiaries in Hong Kong have also received asset management and securities advising licenses from the country’s Securities and Futures Commission.
The subsidiaries are also in the process of applying for a license to provide automated trading services and securities trading to become a fully compliant crypto-exchange in Hong Kong.
Huobi has been on a streak of licensing wins.
On June 21, the exchange won licenses in New Zealand and the United Arab Emirates. The latter was an Innovation License which, while not a trading license, allows it to access the local tech industry and get special tax treatment.
At the time, Huobi Group chief financial officer Lily Zhang told Cointelegraph it plans to receive its license to offer its full suite of crypto exchange services under Dubai’s Virtual Assets Regulatory Authority (VARA).
It hasn’t been all good news though, with the exchange’s Thai license revoked on June 16 after it reportedly failed to comply with local regulations. There are also rumors of significant staff layoffs and that its founder might be looking to exit the business.
Hong Kong-based crypto reporter Colin Wu reported on June 28 that Huboi intended to lay off up to 30% of its staff, with a later update on Saturday reporting rumors that Huboi founder Li Lin is looking to sell his 50% stake.
Courtesy of Jessee Coghlan, CoinTelegraph
Can non-fungible tokens (NFTs) disrupt the lending market? And should credit unions, which are showing heightened interest in cryptocurrency, be entering this space as well?
Article courtesy of Ray Birch, CUToday.info
Lou Grilli, senior innovation strategist at PSCU, believes many credit unions will eventually answer “yes” to both questions, noting NFTs are already playing a part in the lending marketplace.
An NFT is a non-interchangeable unit of data stored on a blockchain, a form of digital ledger, which can be sold and traded, representing ownership of digital files such as photos, videos, and audio.
“So, an NFT could show you are the owner of a collectible, digital art, a song, a book, a video, or something more tangible, like tickets to a real-life event, or the title to a boat or to real-estate,” noted Grilli. “To understand how it works, think about owning a piece of a cryptocurrency coin, such as Ethereum. Your ownership of some amount of Ethereum is represented by a token on a blockchain. NFTs are likewise tokens on a blockchain, also representing ownership of something. Today, the most common use-case is ownership of artwork, like CrypotKitties, and characters in video games, such as Axie Infinity.”
The Coming Disruptor
But Grilli predicts NFTs will see more practical applications, such as real estate transactions, auto and boat titles, and other real-life uses.
“We already saw the first NFT-based real-estate transaction in the U.S. happen right here in Florida,” said Grilli. “And the person involved in this transaction has plans for several more.”
Where credit unions will first be forced to address NFTs is in mortgage lending, said Grilli.
“NFTs will be disrupters to mortgage lending,” he predicted. “Neobanks and crypto exchanges are entering the lending market by allowing clients to collateralize their digital asset holdings, meaning their holdings are locked up and can’t be sold or traded, in exchange for a loan.”
Recently, Genesis, a cryptocurrency exchange, offered a new client a six-month $1.25-million loan with a 7.5% interest rate—the equivalent of a 15% annual rate—collateralized by 10 NFTs by well-known digital artists Pak and Fewocious, valued at $5 million, Grilli pointed out.
Lou Grilli
“While this is an outsized example, there are firms like Arcade that in their first four months issued $10 million in similarly structured loans,” he said.
The New Card Perk
Grilli noted NFTs have already entered the credit card space as perks, suggesting they could disrupt those offerings, as well.
“AMEX is offering its cardholders a chance to purchase one of 14 unique digital images from a recent performance by R&B singer SZA as part of its rewards program,” Grilli said. “Amex is anticipating that NFTs will become more mainstream and will become an increasingly desirable perk for prospective customers. For credit unions, when it comes to crypto-savvy members, there will be a clear delineation of credit unions participating in the digital asset evolution—large and small—and those that are not.”
But when it comes to NFTs and payments cards, chargebacks may be a big issue, cautioned Grilli.
“Like gambling and other high-risk merchant category codes, chargebacks for NFT purchases pose a headache to issuers,” he said. “Due to the completely virtual nature of digital assets, it is even more attractive for a fraudster to use a stolen credit card number to purchase an NFT than it is to purchase a TV. Chargeback attempts due to friendly fraud, buyer’s remorse, kids using a parent’s card, occur with a much higher frequency in the digital world than in the physical world.”
Recognizing the potential for abuse in this area, Grilli noted that PayPal announced it would cap fraudulent claims about the sale of NFTs containing art, media or collectables at $10,000.
What to do Now?
What should credit unions be doing?
Grilli recommended monitoring member activity, “Ideally, using data analytics to track funds flowing. Every credit union should be tracking ACH and debit transactions to and from the major exchanges, such as Coinbase, crypto.com, Gemini, FTX, Binance, and BitFinex. Many credit unions would be surprised to see how much activity their members are already conducting in the world of digital assets. Likewise, credit unions should be looking at purchases made at the largest NFT exchanges, such as OpenSea, NFT Launchpad, crypto.com, and Rarible.”
Grilli pointed out that last summer Visa bought one of the NFT CryptoPunks for $150,000.
“Visa doesn’t consider this an investment, and the asset is not on their balance sheet,” Grilli said. “Visa believes that NFTs will play an important role in the future of retail, social media and entertainment. If this is an area of interest, start small, and have a team of enthusiasts go through the effort of buying an NFT, within a reasonable budget,” Grilli suggested.
Making it Count
Grilli believes credit unions will eventually have to make NFTs, and cryptocurrency, “count.”
“Digital assets as collateral,” he said. “Consider cryptocurrency balances, including NFT investments as part of a member’s ability to repay. Some members are starting to accrue significant balances in cryptocurrency and NFTs. When members start searching for a mortgage, they’d like their investment to be considered, I believe.”
What members don’t want to do is sell their cryptocurrency holdings, incurring a tax liability, and more importantly, abandoning the opportunity for additional gains on their investments.
“Likewise, they don’t want to sell their NFTs, given the limited market of buyers and the slower appreciation cycle,” he said.
Grilli pointed out neobanks are already working to attract new clients by recognizing crypto and NFT investments.
“They are using reasonable valuations, and then taking into account risks of loss, using these investments as part of the overall equation when underwriting a loan,” Grilli said.
As CUToday.info has reported, UNIFY Financial, Torrance, Calif., already plans to recognize cryptocurrency as collateral for a loan.
“While this may be something that not all credit unions are ready for just yet, loan officers should be following news related to the topic, discussing this with their chief compliance officer and NCUA examiner, and preparing for a future where digital assets, cryptocurrency, and NFTs comprise a growing portion of a household’s net worth,” Grilli said. “And this future looks like it might happen sooner than anyone expects.”
- Thieves rely on profiles that appear legitimate to dupe users
- Americans reported $1.6 billion in stolen crypto last year
Internet scammers are using hijacked accounts on Twitter Inc. to promote dubious cryptocurrency platforms that, once installed, enable them to compromise victims’ sensitive data, according to new findings provided exclusively to Bloomberg News.
Since March, fraudsters have impersonated journalists, crypto apps and a variety of nonfungible token (NFT) projects on Twitter in order to steal users’ virtual currency, usernames and password credentials, according to research from Satnam Narang, a staff research engineer at the cybersecurity firm Tenable Inc. Many of the targeted accounts are verified, an indication to investigators that scammers are either hacking specific pages, paying for illicit access, or both.
As part of the alleged scam, thieves have masqueraded as members of the Bored Ape Yacht Club, a popular collection of NFTs, as well as the Azuki collection, the MoonBirds project and the Okay Bears NFT community, which has more than 150,000 Twitter followers, Narang found.
In one instance, scammers posed as a legal affairs reporter from the Age, an Australia-based news service, asking users to visit a suspicious link in order to claim a small amount of the virtual currency Ethereum, according to the research. Intruders also appear to have temporarily taken over the Twitter page of a freelance journalist who covers the gaming industry and created profiles that appear similar to real ones, according to the findings.
The imposter Twitter accounts have typically encouraged followers to visit specific links, or download new apps, Narang said. Those apps often persuade users to provide access to their mobile cryptocurrency wallets, from which the attackers can quickly extract funds. Each of the fraudsters’ pages, whether an app or a phishing link, are carefully designed to look like legitimate, trustworthy websites, according to the findings.
The tactic represents an upgrade from a more traditional fraud technique of mass-spamming social media users, or impersonating famous people, such as Tesla Inc. Chief Executive Officer Elon Musk, an outdated tactic that’s relatively simple to detect, Narang said in an interview. The use of verified Twitter accounts adds a layer of legitimacy, and the chance to seize on a money-making opportunity in cryptocurrency adds some urgency to the scheme, said Narang.
“They look indistinguishable from real sites, and people just aren’t looking closely at the links,” he said.
When a Bloomberg News reporter analyzed an app that purported to be for Azuki, an anime-themed NFT project with more than 300,000 followers, it was flagged as malware.
In May, scammers used a fraudulent Twitter page @OlthersideMeta, that tricked users into believing it was @OthersideMeta, a legitimate site that blends video games with the metaverse, according to the research.
Losses incurred from the scams are difficult to quantify, however the activity is the latest example of attackers leveraging cryptocurrency — and the hype surrounding popular projects — to generate funds. Americans reported more than $1.6 billion in cryptocurrency-related fraud in 2021, a massive uptick from the $246 million the year before, according to the FBI’s internet crime complaint center report. The true figure is likely to be much higher, as many would-be investors flock to speculation-style schemes and don’t report instances of fraud, Narang said.
“Scammers are so adept at pivoting into what people are interested in,” he added. “This is a small sampling of what’s happening across this space.”
Courtesy of Jeff Stone, Bloomberg
Two senators are raising concerns following an announcement by Fidelity that it will allow customers to allocate bitcoin to their 401(k) retirement accounts.
Sen. Elizabeth Warren (D-MA) and Sen. Tina Smith (D-MN) have sent a letter to Fidelity that cites the volatile nature of bitcoin and that asks the company how it plans to deal with “significant risks such as fraud, theft, and loss” posed by the leading cryptocurrency. Investing in cryptocurrencies is a risky and speculative gamble, and we are concerned that Fidelity would take these risks with millions of Americans’ retirement savings,” the letter states.
The letter goes on to state that “bitcoin’s volatility is compounded by its susceptibility to the whims of just a handful of influencers,” and it specifically cites Elon Musk. In addition the letter asks why Fidelity disregarded the Department of Labor’s (DOL) concerns.
Available in 2023
Boston-based Fidelity Investments had earlier announced it will begin to offer bitcoin as an investment option in its 401(k) plans by the middle of 2023.
Fidelity is the largest 401(k) plan provider in the United States, acting as custodian for 23,000 plans, which have 20.4 million participants. In total, those plans represent $2.7 trillion in assets under management, according to the company.
It is also the first major 401(k) provider to offer cryptocurrency as an investment for retirement savers.
“The bitcoin option, however, will only be on offer to participants whose employers have elected to include it in their plan,” CNN reported, adding Fidelity did not specify how many employers have already signed on.
“But we have a number of clients that have committed and a number of others in the evaluation process,” said Dave Gray, Fidelity’s head of workplace platforms and products.
He expects to hear from more clients now that Fidelity has publicly announced the news, according to CNN.
“As with any other investment in a 401(k) plan, participants can elect to direct a portion of their regular savings contributions into what will be known as their digital asset account (DAA) where their bitcoin will be held,” CNN reported. “They also can elect to transfer money to their DAA from another investment they have within the plan. And they can take distributions from that account.”
Limits to be Set
“But limits will be set on how much they can contribute. Fidelity won’t allow any employer to set that limit higher than 20%,” Gray told CNN. “But employers may set the limit much lower, for example 5%. And that limit will also apply to how much money an employee can transfer into their DAA as a percentage of the 401(k)’s total assets.
There will also be a limit set on how frequently one can make “round-trip trades” into or out of the account. “We designed this from the point of view of investors that look at bitcoin as a long-term retirement savings opportunity. It’s not for intraday trading or someone looking to trade on market swings,” Gray told the news outlet.
The report notes there will be a trading fee, which has yet to be announced. And the annual fee for the administration will be between 75 and 90 basis points of the assets in the account. That’s for custody, accounting and administration of the DAA, Gray added.
Fidelity is also providing plan sponsors with materials and tools to educate participants about the risks and volatility inherent in investing in bitcoin.
Labor Department Warning
The Labor Department has issued a warning that retirement accounts must meet the minimum standards of protection for participants set by the Employee Retirement Income Security Act. The Labor Department said it is very concerned about the prospect of 401(k) participants being exposed to the extreme volatility of crypto trading.
Bitcoin, currently trading just under $40,000, is down nearly 27% in the past 12 months, and is down about 15% this year alone.
Late last month, the Filene Research Institute published a report on “The Path Forward for Crypto: What Credit Unions Need to Know“.
Cryptocurrencies offer innovative possibilities but also pose many risks.
Credit unions are anticipating greater clarity on crypto regulation while actively seeking opportunities for enhanced staff and leadership training, issuing new financial products, and establishing fintech partnerships in the fast moving landscape of today.
EXECUTIVE SUMMARY
Cryptocurrencies and blockchain technology (“crypto”) have proven more resilient than expected over the past decade and industry leaders are now exploring the opportunities they present for credit unions and their consumers. However, according to credit union leaders, lack of regulatory clarity and support is the greatest roadblock to offering crypto products to members. Additionally, credit unions require specialized knowledge and training to select the most appropriate crypto products and partners to meet the needs of their membership.
Despite encouraging signs and perceived need to offer crypto products, risks are still present. Even with these risks and challenges, credit unions cannot ignore the strong consumer demand for crypto products especially from Millennial and Gen Z members. In order for credit unions to build momentum in the crypto industry, fintech partnerships will be essential given the lack of expertise in these early stages.
CREDIT UNION IMPLICATIONS
In recent years, credit unions have begun exploring how to offer cryptocurrencies and crypto-based financial products to their members. While some credit unions expressed interest in offering their own custodial wallets, lending or investment products, and digital identities for account opening, most seemed to accept partnership as a low-risk, low-investment way to be an industry fast follower.
Crypto has the potential to create innovative products that attract and retain members and reduce back-office inefficiencies. However, despite encouraging signs and a perceived need to offer crypto products, risks still abound. Download this preliminary report for recommendations on how to move forward with crypto.