Thai, for First?

Headline:  What is Thailand doing to encourage cryptocurrency firms

Body: 

Headline:  What is Thailand doing to encourage cryptocurrency firms

Body:  Say the word Thailand and so many images come to mind.   Some are images of verdant jungle, some lazy rivers, some are images of fishing.  Recently, this pastoral picture of Thailand has been transforming substantially.   One avenue of change is the opinion of Thailand’s government concerning  cryptocurrency.   To be frank, they have been doing quite a bit to attract cryptocurrency firms to their fair shores.

How is crypto used in Thailand?

Ok.  There are important nuances here I want to point out.   In El Salvador, bitcoin is accepted as legal tender, status shared with USD in that country.  On one hand, it is possible to purchase cryptocurrency here.  On the other hand, it would appear that the menu of cryptocurrency options a person has is rather limited.  Despite this reality, the NFT market within Thailand is very very strong.

What is the government’s attitude/approach?

We have to talk about a really boring… I mean…. Fascinating thing.    Value Added Taxation (VAT) is something we don’t have in the US.     Very basically, say  that peanuts are brought into Thailand.   These are then processed into peanut butter.  This processing represents extra value, and the seller is taxed on this extra value.  This is the basis of the VAT.     Even though Thailand only allows a limited number of currencies to be traded, the  government deemed that VAT would not be applied to the trading of digital assets.  This move has been very attractive to all people even thinking of investing in cryptocurrency.  Even more attractive, Thailand has exempted some token income from all personal income taxes too.  In fact, on March 13, a local media outlet, the Bangkok Post, reported that Thailand’s cabinet had approved the tax breaks for investment tokenholders. In the report, the Director-General of Thailand’s Revenue Department, Kulaya Tantitemit, said that individuals who made a profit from holding investment tokens and had a 15% withholding tax deducted could exclude this income when calculating their personal income tax. 

In other news, the crypto company Binance has been granted a charter by Thai government to do business within the country.  Just recently  Binance opened BinanceTH with a partner.  This will grant Thai citizens full rights to a cryptocurrency exchange.  Binance and others will be required to disclose all risks to potential investors.  When they don’t follow thru on their responsibilities, the Thai SEC will act aggressively and could shut them down.  Despite this harsh administration, Bitkub, a public cryptocurrency exchange plans to have an IPO soon.

The Verdict

Thailand seems to have a very similar dilemma as the U.S.   On one hand, they want to entice cryptocurrency firms to their country, to do business.     This will lead to more people visiting their country, more restaurants supported, more hotel occupancy, etc.  On the other hand, they also want the country to benefit optimally from these new businesses.  In general, this translates to taxing these firms in such a way that they are not scared into the arms of a neighboring country.   It might take some trial and error, but they are trying.

REFERENCES

Three Reasons Why Crypto Is Growing in Thailand (cryptoforinnovation.org)

Thailand’s biggest crypto exchange goes on hiring spree ahead of IPO (cointelegraph.com)

Thailand approves personal income tax exemption for token earnings (cointelegraph.com)

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor

For Sale, At Scale

Headline:  Ethereum scalability issues

Body:  Bitcoin was the original cryptocurrency, but it had a very serious weakness.   One could not write into it, or use it to enforce contract attributes.  So, the second cryptocurrency was Ethereum, and with Ethereum, one could write smart contracts directly into the code, and these are called smart contracts.  So, Ethereum would appear to be a perfect, flexible cryptocurrency, right?  Well, maybe, maybe not.  As we shall see, even after some pretty fundamental re-design, Ethereum still suffers from some scaling issues.

Scaling issues?  I mean, I’ve cleaned a fish before, but…

Nope, the scaling issues have nothing to do with how sharp your knives are.  In terms of a restaurant, you might have an award-winning recipe for lasagna, but the amounts were for a family of 4.  Now, you’re serving lasagna to 80 people per night, and you now have a scaling issue.   When Ethereum started, it was woefully slow.  In an effort to speed things along, people would use side-chains that grouped together similar transactions, and then aggregate them before adding them to the main string.   These are often referred to as “rollups.”  (In a past entry, I suggested that these are like the scratch paper you might use when doing math homework.)  The problem is that each rollup is not written in the Ethereum language.   Said another way, it is like turning in one’s English homework, and one half of it is in Arabic or Greek.  Just like in the real world, there are interpreters, but not too many, and the ones that do exist are quite pricey.

So, the clear solution is to make (somehow) the Ethereum model interoperable with many other blockchains, and this is done to a limited extent, with bridges.   But, this extent has to be limited because each bridge makes the system more and more susceptible to hackers.  So, given this dilemma, we have 2 ways of scaling up

We could do on-chain scaling

In this sort of scaling, we are looking into doing something directly to the Ethereum information.   This is called sharding and fundamentally, the chain is broken up into segments and each segment is verified.

Or, we could do off-chain scaling.

This is also, often, called Layer 2 and sits atop Layer 1.    (OK, a word from our sponsor, pretend that the Ethereum blockchain is a lasagna.   The lasagna noodle is the Ethernet chain.  Trips along it can be sped up by moving one part of a noodle toward another.   This can be seen on the edge of the lasagna pan.  But, the cheese on top is the  standout here.   These create delicious shortcuts from noodle to noodle, and these top-mounted shortcuts are akin to the Level 2 network.)

Now that we have our culinary interlude, we can get back to Layer 2.    There are several methods of Layer 2 scaling but, essentially, most center around a server or cluster of servers.   The transactions are pre-sorted into related groups before being fed into Layer 1.  This is the crux of Layer 2 scaling.

This seems unnecessarily complicated.

Layer 2 is necessary because the quantity of transactions.  Without it, the congestion gets very bad, and by pre-sorting your transactions, gas fees can be minimized.  These rollups come in two major flavors. The first variety are called optimistic rollups, and assume that transactions are valid.   The second variety are Zero-knowledge rollups require a validity proof.  And, before you think you understand things, they are throwing us another curve.    The Merge has taken place where the Ethereum blockchain moved from Proof of Work to a Proof of Stake consensus model. 

The Verdict

Interestingly, this is all in the rearview now.  The Beacon Chain (with the Proof of stake consensus model) has successfully combined with the main-net (with the Proof of Work consensus model) and  all is well.  Even still, the literature still makes frequent mention of Layer 1 and Layer 2, so the distinction is still important to understand, to understand the progress that has been made.

REFERENCES

Ethereum Scaling Fragmentation Could Compromise the Network’s Lead (coindesk.com)

Scaling | ethereum.org

Reminder: The Merge Won’t Solve Ethereum’s Scaling Woes by Itself (coindesk.com)

Ethereum Developers Roll Up Their Sleeves in Hunt for Scalability Cure (cointelegraph.com)

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

SEAL Team KICKS?

Headline: What is SEAL 911?

Body:  As a teenager and then adult male who likes to read, I have read a lot of fiction works about small groups of soldiers who go on extremely dangerous missions.   One of the favorite tropes is the use of the SEALs or Sea, Air & Land warriors   These operators are the most elite of the elite and they fight fearlessly and ferociously for the red, white and blue.  Whenever there is a mission that cannot fail, this is the unit that is usually called.

When it comes to many kinetic situations, the SEALs are arguably the best in the world.    But, many of the situations today are digital and require somebody with a hacker mindset (and skill set) and the desire to be helpful to society, rather than to enrich themselves to the detriment of others.    Enter the white hat hackers, and the most well-known of these comprise the team SEAL 911.   I kept reading about these white-hats and I wanted to know more.  What motivates them?  How might they be compensated?   How might they be signaled (ostensibly, the bat signal won’t work.)   So many questions, so, let’s get some answers.

Is there really a problem to solve?

Yes, there is.  More than $7.7 billion has been stolen in crypto hacks since 2016 — the majority pilfered from major exploits in 2021 and 2022, according to DefiLlama.   In response, a team of similarly trained white hat hackers claims to have helped recover $50 Million.

What is SEAL 911?

The group was promoted financially by Vitalik Buterin, who donated 250 ETH to start the group as a 501©(3).  There are other corporate sponsors, too.  Operationally, the first leader is Mr. Samczsun.   Samczsun is the poster boy for crypto in many ways. He is a firm believer in decentralization and is pseudo-anonymous. When he assists the FBI or other law enforcement agencies, it is always behind his anime avatar using a voice modifier. When I ask to record our interview, we have to pause for him to set up the voice modifier.  

How does the Team work?

The way it is described, there is a “hot desk” on Telegram.   (Think of this as a virtual firehouse.) Reports come in on the hotline and in realtime, these programmers respond to the present exploits quickly.  To join the team, there seems to be qualification course.  To help them build skills, they have Wargames (simulations of hacks) and there is a Safe Harbor Legal Agreement to protect the white hat hackers as they try to help (This is like the Good Samaritan Laws setup to help people who render First Aid to other civilians.)  The organization is supported by many well-known organizations like Chainalysis and others.

The Verdict

In the early days of this nation, there were many destructive fires, and for this reason, kitchen facilities were located as far as possible away from the living quarters of a home.  Then, a conversation took place and the outfall is that people were willing to pay a little bit to ensure that any fires that did start were put out immediately.  Thus started the first professional firehouses.  In a similar manner, it seems that the cryptocurrency community is having a similar conversation.  Perhaps cryptocurrency really is coming of age having had its trials by fire.

REFERENCES

https://cointelegraph.com/magazine/seal-911-team-white-hat-forms-fight-crypto-hacks-real-time/

https://cointelegraph.com/news/crypto-white-hats-launch-threat-info-sharing-center

https://www.binance.com/sl/square/post/6897655884809

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

 

Seize This Day?

Headline:  How does an asset seizure work when dealing with cryptocurrency?

Body:  I work for a government agency, and we often have to do Collections work for the government.   When we do, if we go to a citizen’s business place, and we see a brand new boat, we surreptitiously take a picture of that boat and that image becomes part of the file, suggesting  that the business has at least one asset that they can easily sell to get cash to settle their government debts.  Through a legal process, if that citizen does not pay their legally due amount, the government can force a sale of that boat, and take all of the proceeds from the sale to satisfy the debt.   Anything left over is given back to the taxpayer.  This is long and drawn out, but it is a well-known process.  So, this made me wonder; If the person’s most major asset is cryptocurrency, can the government seize it?   What can we learn about this process?

Generally what happens when the government seizes, let’s say, a company?

One of two things happens here.   First, if easier, the government could manage the company with the interest to gain more revenue to pay off the debt.   The much more likely thing is that the government will hire a private  company, who already knows the space, to manage the company.   Eventually, the government will sell the entity to a private party and proceeds go to either public works or restitution.   So, contrary to what I imagined before, seizing   cryptocurrency might be a simple thing.

The traditional concept of confiscation whereby the seizure of assets (proceeds of crime) follows a conviction for a particular crime has recently been substituted by a new concept of confiscation that provides a vastly loosened link between the proceeds of crime and the criminal act itself. The relatively novel concept of extended confiscation gives law enforcement authorities “the ability to confiscate assets that go beyond the direct proceeds of a crime so that there is no need to establish a connection between suspected criminal assets and a specific criminal conduct.”

But recently, cryptocurrency has become an issue?

Yes.  In 2013, there was an internet site called Silk Road where many illicit items were sold for payment in cryptocurrency.   The government seized 175,000 Bitcoin, and held a sort of auction to get cash from this seizure.  Previously, all of this cryptocurrency was held in cold storage (not attached to the Internet.) And now, it seems that some jurisdictions are trying to figure out the seizure of NFTs. Through investigating these crimes and prosecuting the perpetrators, federal law enforcement has acquired a sizable cache of cryptocurrency. In June, the DOJ seized about $2.3 million worth of bitcoin the FBI had obtained after tracking the movement of a ransom payment associated with the Colonial Pipeline cyberattack earlier this summer. This was after the agency seized about $1 billion in cryptocurrency that once belonged to Ross Ulbricht, creator of the online black market Silk Road, which federal officials shut down in 2013. Ulbricht was arrested that year and convicted in 2015 of distributing narcotics and money laundering.   The U.S. government has to become more involved because if they don’t, we risk a new reality that crime really DOES in fact, pay.

According to numbers generated by the federal government, only 1% of illicit money flows are detected and this is based upon decade old data.   Likely, the amount of transactions detected is much lower.  It is likely much lower because, according to cryptocurrency experts, local law enforcement units don’t even recognize a cold wallet (hardware)  when they see one.  Education of local officials is certainly called for, but, additionally, the federal government needs to develop a platform from which they can sell and trade the seized cryptocurrency to pre-vetted buyers.  This might be done in the future, but right now, Anchorage Digital is under contract with the Department of Justice to act as custodian for digital assets seized, and the one responsible to dispose of these assets.  In point of fact, they are the first federally chartered bank for crypto.

The Verdict 

Seizures are usually bad.   Whether they happen in a hospital, or if they result from a crime (something like fraud) it is… bad.  But, good people can do something about it.  They can refuse to purchase these (increasingly) stupid meme coins.   When you get right down to  it, there are many more good actors than bad, and it seems axiomatic that if there aren’t a lot of good people transacting in a currency, there is very little transactional camouflage for bad actors to hide in.  So, how can you tell if some coinage is thought out or not?   Ask some basic questions.   Do they have a whitepaper explaining their project?  Do they identify their management team?   If these and other questions are not answered “yes” then, if your transact in this currency, you might be making these camouflaging transactions, even inadvertently.   So, measure twice, and cut a check once.

REFERENCES

The World of Seized Digital Assets w/ Joanna Summers – Ep. 96 (chainalysis.com)

Cryptocurrency Field Guide for Law Enforcement (chainalysis.com)

Bitcoin-based scams mean the federal government now needs a crypto bank – Vox

Who Snatched My Bitcoin Bag? Asset Seizure And Cryptocurrency – Crypto Briefing

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

Insurance is a Crime?

Headline:  What is Crime Insurance?

Body:  Crime insurance?   Did I read that right?   Yes, dear reader, you did.  I bet it sounds to you, almost as stupid as “pet health insurance” did to me at one point.  But, then our friends’ golden retriever developed cancer, and we saw the bill for just one visit to the doggie oncologist.   It all snapped into focus then.  In a similar way, business crime insurance can mitigate damage done or perhaps save your entire enterprise.

OK, so what IS Business Crime Insurance

Business Crime Insurance (BCI) helps protect your enterprise from people physically damaging your business or taking of physical inventory.  So, why am I writing about this?  BCI can also cover you for damages related to ransomware attacks and other virtual threats.  I can see it now, even a TV show, like CSI Miami

Lab Guy: Ransomware really bytes.

Horatio: (dramatically whipping off sunglasses)  Just a bit.

Theme song and intro.

What do you think?

Is this really a big deal?

Well, yeah, it is.   Per a study by the Association of Certified Fraud Examiners (ACFE), businesses worldwide lose about 5% of their revenue to fraud.  This picture gets even worse when you consider that small businesses suffer the most: Each case costs these small businesses $150,000.  This can severely damage some companies and  sink other small businesses entirely.  A different study, executed by a surety company said that the average victim company took more than 2 years to discover the theft.  This is a substantial period of time, and the company could have executed a good investment in the meantime, earning dividends and income. 

When it comes to crime, is there a difference between computer crime and cyber crime?

Yes, at least in the view of insurance companies, computer crime differs from cybercrime. Cybercrime always has something to do with a virtual intrusion completely executed by a party on the outside.  An example would be a third party using a worm to get into a competitor’s system.  Computer crime is often due to a lack of due care by employees.    An example is an employee opening  an unknown e-mail and launching an attachment, thinking it’s something benign.

Are there different flavors of BCI, or are they all vanilla?

There is one very important distinction to make: The insurance can be on a discovery or loss sustained basis.    Discovery-type insurance is effective when a loss is discovered and reported within the insured term, regardless of when the loss happened.   Loss Sustained insurance requires the loss and discovery to BOTH occur within the insured period.

Beyond BCI, there are fidelity bonds, and they come in 3 varietals.  There are Employee dishonesty bonds, ERISA bonds and Business service Bonds.  Employee dishonesty bonds cover a business for theft, fraud and forgery.  ERISA bonds are required to protect an employer’s retirement program from fraud.  Business service bonds cover an employer if the employee engages in theft on a client’s premises. 

So, besides paying for insurance, what can be done?

A consultancy, Media Post, opines that cyber crime, in particular, is increasing.  Often, training is your most effective insurance policy, and most of this training is considered “cyber common sense.”  One thing is to remind employees to NOT open any e-mail that they don’t  recognize the sender.  Further, never open executable files that come along with e-mails.  Commonsense can go a long way to keeping your corporate assets safe.

The Verdict

This can be tricky, figuring out what policies cover what activities.     I guess the boilout is to take some commonsense steps.

  1. Take a really good look at your enterprise and determine where you are likely to be weak
  2. Take out appropriate insurance policies to address these weaknesses.
  3. Provide a robust training program to all employees, emphasizing the safe use of corporate IT assets.

This will go a long way to keeping your enterprise safe, and should impress your insurance company, who might lower your rates? No, not likely, but it’s worth a shot.

REFERENCES

Business Crime Insurance: What it is, How it Works, Impact (investopedia.com)

What Is Business Crime Insurance? | U.S. News (usnews.com)

5 Types of Crime Insurance Policies Businesses Should Consid (insuranceopedia.com)

Computer Crime Insurance: What It is, How it Works (investopedia.com) Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the

Action Star Faced Legal Action (He Fought the Law and the Law Won?)

Body:  A bit of a confession here too.   I love Steven Seagal movies.   They were a  staple of my younger adulthood.   The voice, the swagger, the action, to watch these movies is a guilty  pleasure, for sure.   He was (and continues to be) a very popular actor.  But, all is not well in Seagal town.  Mr. Seagal has been charged with “unlawfully touting” a digital asset. I am still not quite sure what this means.   Given that this could happen to nearly any famous actor/celebrity, I would like to better understand where the lines are in this arena.    So, with the caveat that this infraction could easily have happened to many different celebrities, let’s dive a bit into the story of Mr. Seagal, and use it as a cautionary tale. 

So what happened anyway?

Mr. Seagal has not admitted any guilt, but he did settle with the SEC, so, I will be causing my High School English teachers hearburn by now changing to past tense.  Mr. Seagal entered into an agreement with Bitcoiin2Gen (B2G) to help them promote their initial coin offering.  In this agreement, he agreed to a press release and to promote the offering on his social media  platform.  All of this would’ve been OK, but he also forgot to disclose his compensation of $250,000 cash and $750,000 in tokens, and this failure to disclose his compensation for touting the securities was the nub of the rub.  In an agreement with the SEC, he did pay just over $300,000 in disgorgement and penalty.  In full disclosure, Mr. Seagal did actively participate with the SEC to aid their investigation and was keen to get it behind him, per his attorney.  (Did you know that he is a “musician?”   I didn’t.  He plays the guitar and has 2 studio albums.)

Alright, so, a celebrity FAFO’d.  Why does this matter to me?

Frankly, I can’t believe that you’re cynical enough to ask me this.   JK, the take-home point here is that Mr. Seagal is not the only celebrity loudly touting digital assets.  So, when you do see an actor speaking about a digital asset, please note that they should not be taken at face value.  At the least, do a  Google search and look to see if that celebrity has a material compensation plan from that cryptocurrency or digital asset.  And, many of them do.

One that seems to typify the arena is Floyd Mayweather.   He touted 3 separate ICOs and was penalized $600,000 by the SEC.  DJ Khaled did something similar and ended up paying the SEC more than $150,000.

The Verdict

OK, I have to admit that with the subject matter, this one was a fun article for me to write.   I love Steven Seagal movies  and will continue to be entertained by them, even if the actor himself appears to have some moral failings.  But ,it’s the moral failings of our legal system I wanted to point out.  One thing that I read many many times in preparing this article is that he couldn’t promote any securities for 3 years.

Three years seems to be a very specific amount of time, and it seems to be in the middle of really serious (e.g. never being allowed to tout securities again) and something very light (e.g. community service.)    Perhaps the SEC assumed that 3 years from the time of the settlement, cryptocurrency might be a dead issue.  But this seems unlikely.  Perhaps 3 years was just significant enough to get other celebrities to think before they touted a cryptocurrency.  Frankly, I’m not sure if I would’ve come to a similar solution.  Would you?

REFERENCES

SEC.gov | Actor Steven Seagal Charged With Unlawfully Touting Digital Asset Offering

Steven Seagal fined by SEC in crypto case – The Washington Post

Steven Seagal Settles Token-Touting Charges With SEC Over 2018 ICO – CoinDesk

Steven Seagal settles SEC cryptocurrency bitcoin touting case (cnbc.com)

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

The Verdict

REFERENCES

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

 

The Winter of our Disconnect?

Body:  When I think of winter, I think of beautiful drifts of white snow covering everything except my driveway and roads.   When people in my parents’ generation heard “winter” they might have these thoughts, or, they might think of a “nuclear winter.”     With a lot of hand-waving, a nuclear winter happens when there is so much dust, ash and crap(sorry for the technical jargon) in the air, that sunlight cannot effectively penetrate it.   As a consequence, weather on the planet gets appreciably colder, in the short run.  Certainly, it is not the same, but crypto winter seems to be similar.   Said another way, after a life-changing event, when the rate of change begins to slog down, I think this is the crux of what is meant by crypto-winter.

How dark did things get?

Things were very bright and then went very dark.   As of November 2022, FTX had collapsed, and in December, the leader, SBF, had been put on trial.  Now, Bitcoin’s valuation seems to be coming back, leaving many to wonder if the crypto winter is over.

What is a crypto winter?

OK, let’s start at the portion people agree upon (mostly).   A crypto winter is a period of depressed valuations and trading volumes, akin to a bear market on the stock market.    (Some  Market swings can be of various time periods, and so can a crypto winter.  The first use of the term came in 2018.   Over that past year, cryptocurrency experienced an epic 2,122% gain in price, and quickly decreased a nearly equal amount.

OK, smart guy, in that case, what are the signs of a crypto winter?

Fair enough, there are a few red flags

  1. Institutional investors begin to shy away from digital assets.
  2.  As institutional investors go away, smaller investors get nervous and  prices for digital assets decrease substantially.
  3. Given the falling prices, most activity within the cryptocurrency sphere stops.

So, how do you tell that a crypto winter is over?

No, there are no certain flowers that bloom only when the crypto winter ends.  But, the valuation of Bitcoin is improving, and there has been some regulation allowing for ETFs.   So, it would appear that winter is nearly over.  Said one cryptocurrency expert, “It is true that the interest pick-up has been tentative in some quarters, and the regulatory landscape in the U.S. does not look warm and sunny, but for the crypto ecosystem as a whole, the ‘green shoots’ of spring have been evident for months.”

The Verdict

Winters can be hard to bear, dozens of snow storms force us  to shovel, darkness seems to dominate the day,it can be disruptive.  But, winter does serve some important functions.    First, it reminds some people that they really should move.  Second, it can feel so good hunkered at home with a fire in the fireplace, reading a book.  Lessons can really be  drawn from both of these observations.  Plus, the  conditions for a productive spring are made much better by the water left behind from the melted snow.  So, get some cocoa, America.    And I will quietly buy some cocoa futures.

REFERENCES

Is the Crypto Winter Over? | Kiplinger

Crypto Winter: What It is, Concerns, FAQs (investopedia.com)

What Is a Crypto Winter? | The Motley Fool

Crypto Winter Is Over | Nasdaq

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

 

The Lazarus Group Rises?

Headline:  What is the Lazarus Group in North Korea?

Body:  In the stories, Lazarus had passed, and after an intervention, he  did arise again.  In North Korea, there is a hacker group that always seems to die, and rise again, and they are known as the Lazarus Group.  I think the naming of a North Korean hacker group after a Bible story is pretty incongruous.  That, and the fact that within an authoritarian system, hackers can be so creative in the destruction they cause, this made them a bit of a puzzle that I wanted to understand better.

In one exploit, the hackers obtain LinkedIn employee credentials and then went looking for “employees.”   These employees would have to solve “coding challenges” and in doing so, would inadvertently install a Trojan horse within their own network, most likely at work.   This gave hackers from the Lazarus Group access into many different corporate networks.

This is bad, yes, but what does it have to do with crypto?

The Lazarus Group has stolen more than $3 Billion in cryptocurrencies.  Once stolen, the Group uses a variety of mixers to launder the proceeds back to North Korea.  Some are fighting back, but the frozen assets pale in comparison to what has been stolen.  Worse yet, many of the largest heists are not reported at all due to embarrassment or fear of being sued.

In 2023 alone, there were 5 major hacks that seemed to have Lazarus fingerprints on them.  June 3rd, hackers attacked Atomic Wallet (DEX) and stole over $100 Million.   A well known consultancy attributed this to Lazarus 3 days later, and the FBI confirmed.  On July 22nd CoinsPaid was attacked in a Social Engineering exploit (think an e-mail with an attachment that seems to be from your uncle.)  $37.3 Million was stolen here.  On the same day, Alphapo was attacked for $60 Million, and the FBI confirmed that Lazarus was involved.  On Sep. 4th, Stake.com was hit for $41 Million in virtual currency, when private keys were made available.  Finally, on September 12th, CoinEx (centralized exchange) was hit for $54 Million.  Apparently, North Korean hackers were too busy during the remainder of the academic year.

Why are they so much more dangerous than other hackers?

In a word, they are dangerous because they are so well-funded.   With that much money going into the exploits, the absolute best can be hired and used.  More to the point though, many of these hacks require a “long game” format of social engineering, and this well-funded attribute makes it possible for the Lazarus Group to commit to long-term cons and  obtain any kind of training that they might need to pull off the next exploit.

They are especially dangerous to some, particularly, the new projects based upon cryptocurrency.  In the early days of a cryptocurrency, admin users often have admin pass codes.   In the good circumstance, they allow coders to fix bugs and return accounts to normalcy quickly.   But, if these admin keys are obtained by groups like the Lazarus Group, they can quickly drain all of the accounts associated with the currency.  Even in more established cryptocurrency sites and projects, if these hackers gain an admin key, they can begin to arbitrage with the entirety of the currency, and this will lead to large scale price drops, nearly everywhere.  This is what is known as a flash loan attack.

Are they evolving?

Yes, it appears that their methods are evolving.   In the past, Lazarus Group largely went after de-centralized exchanges (DEX) but they are changing to attack centralized exchanges.  The logic is quite simple.  First, per many bank robbers before them, “that’s where the money is.”   But, these centralized exchanges tend to have many more employees representing many more possibilities for a single mistake to lead to an opportunity for an exploit.

What can be done about these hackers?

Well, first, use complex passwords that are difficult to guess or figure out.     There is also an idea that AI might come to the rescue, as only AI can learn quickly enough to really react to current trends.  So, in the near future, prepare to have an AI-fueled guard dog providing security against malware and attacks.

The Verdict

The Lazarus Group seems to be a fantastically well-resourced  hacker group with a mission to serve as a terrorist cell online.  I suppose that the logic is that if people stop trusting the computers with their money, more and more chaos can be engineered.  But, I don’t think it’s working because if that were the mission, then there would be an unmistakable signature on each case (to attribute it correctly and be so incredibly scared of the North Koreans.)  I think we are lucky here, as it seems that the leaders who seem to have the tactical knowledge, lack the strategic vision, and vice versa.  I think this might serve as a wonderful exercise to practice  working together with the financial law enforcement from many different countries.

REFERENCES

https://cointelegraph.com/news/north-korean-lazarus-linkedin-target-steal-assets

https://cointelegraph.com/magazine/north-korean-hackers-private-keys-flash-loan-attacks/

https://www.elliptic.co/blog/how-the-lazarus-group-is-stepping-up-crypto-hacks-and-changing-its-tactics

https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

 

Just Under the Wire!!

Headline:  What is wire fraud and why is this statute so often used to prosecute cryptocurrency users?

Body:    Anybody out there ever seen Law & Order, the original series?    There are a few times that people are charged with murder, a few who are charged with rape AND murder, but, there are a phalanx of bad guys charged with conspiracy, as it seems that if you parked the bad guy’s car, you were a “participant” and now, part of the conspiracy.    So, the charge of “conspiracy” is seen almost all over the place.   Wire fraud seems to be the equivalent with respect to fraud and fraud-like crimes.  So, how is it possible (or advisable) to have such an infraction on the books?  So, Let’s take a look.  Federal judges are not known for going into lyrical mode, but Wire Fraud was Judge Jed Rakoff’s muse, when he said, “to prosecutors the mail and wire fraud statutes are “our Stradivarius, our Colt 45, our Louisville Slugger, our Cuisinart — and our true love.”

What is wire fraud?

The U.S. Department of Justice Criminal Resource Manual Section 941.18 U.S.C. 1343 cites these as the key elements of wire fraud:

  1. That the defendant voluntarily and intentionally devised or participated in a scheme to defraud another out of money
  2. That the defendant did so with the intent to defraud
  3. That it was reasonably foreseeable that interstate wire communications would be used
  4. That interstate wire communications were in fact used”1

So, with respect to cryptocurrency, let’s take a look.  #1 seems to be definitely true and #2 seems to follow.   Cryptocurrency is often international in scope so #3 and #4 also are very likely to be true.  But, it doesn’t stop there because, the penalty for this easy-to-prove crime can be severe.  Each individual involved can be fined up to $250,000 and be put in prison for 20 years per incident, so the sentence can really rack up the years quickly.  For these reasons, wire fraud is very frequently a crime charged in cryptocurrency cases.

Doesn’t Fraud mean depriving people of property?

Yes, it does.   And there was a case in the 2nd Circuit Court of Appeals that broadened the definition of “property” to include digital assets.

What can I do?

  1. Be alert.   Be especially alert if the headlines are in poor English.
  2. Adopt the mindset that if it seems too good to be true, it probably is.

The Verdict

So, why did I spend time running down a very technical area?  Life has a way of instantly turning something from arcane and esoteric to something very much of-the-moment.  It would seem likely that wire fraud would come up in the following of what happens to SBF.

REFERENCES

https://www.reuters.com/legal/legalindustry/wire-fraud-most-powerful-law-crypto-right-now-2022-08-23/#:~:text=Market%20manipulation%20cases,including%20wash%20trading%2C%20and%20spoofing.

https://www.coindesk.com/consensus-magazine/2023/11/02/the-other-ftx-case/

https://fedsoc.org/commentary/fedsoc-blog/crypto-king-cites-recent-scotus-ruling-in-effort-to-dismiss-charges

https://www.justice.gov/opa/pr/leader-70m-cryptocurrency-and-binary-options-fraud-schemes-extradited-us

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.

 

Cowboys and Indians, Take Two?

Headline:  Indian Supreme Court rejects cryptocurrency petition.

Body:  I remember that when I was a kid, I would sometimes turn to a random page in our set of encyclopedias (anybody under 30, before Google, our reference information came from a limited set of books called an encyclopedia.   Really, look it up.)  Anyway, one of the pictures that completely fascinated me was a picture of the Indian Supreme Court.  Military guards in parade-type uniforms, the building itself was seemingly a tacit reminder of the solemnity of the tone within.  Add this type of impression to the fact that India will soon be the most populous nation on the planet, and you might say that I find this topic of interest.

Making India even more interesting is how they are changing.  As they change, how they execute their democracy is changing too.  But it should be noted that they take their democracy VERY seriously, sending teams of voting officials 3-4 days into the forest to obtain 1-2 votes.  Another attribute that is changing is their adoption of technology.  For centuries, India has been a poor nation and “made due” with the tools passed down by their fathers.  Now, things are changing markedly within India, as technology in all forms, is being adopted and locally adapted.   In view of these changes being made, it might be very interesting to gauge their interest in and attitude toward cryptocurrency. 

So, what happened?

The Indian Supreme Court was petitioned to come up with a regulatory framework for trading cryptocurrency.  The Court declined to do this because it sounded like “legislation” to them.

2 Sentences?  Why does this deserve an entry?

No, this one is kind of interesting.   A Mr. Wig was arrested in 2020 pursuant to a cryptocurrency charge.  He noted that there is no organized framework for a professional to follow, and thus proffered one, (ostensibly one which would make his actions legal.)  Currently, other leaders are working on one with the International Monetary Fund and has sent some regulators to various countries within Europe, to examine how they regulate cryptocurrencies.    This, however, is a slow process, as the Central Bank issued a regulation in 2018 to disallow cryptocurrency trading, and inertia is strong within finance.

The Verdict

So, why did I do this one?    Is it because I was fascinated by one image from Middle School?  Or, is there a different reason?  To be brief, I believe that what happens in India concerning cryptocurrency, has effects even in the U.S.  The sheer numbers of people in India makes it likely to be where cryptocurrency ideas are started.  So, if they are able to beat the U.S. to the punch, setting up a regulatory framework, they  are well-situated make use of cryptocurrency  Perhaps we can learn a bit from their example.  It will be interesting to watch.

REFERENCES

Indian Supreme court rejects crypto petition, highlights legislative nature (cointelegraph.com)

India’s Supreme Court Turns Away Petition Asking Government to Frame Crypto Guidelines (coindesk.com)

Indian Supreme Court Rejects Petition Seeking Cryptocurrency Regulation Guidelines | Binance News on Binance Square

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.