Check out our latest blogs

Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter.

Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight incidents pertaining to security, regulations, and compliance that have happened in the past month and how one can follow better Security practices to safeguard their digital assets.

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in March

Prisma Finance hacked for $12 million; attacker makes detailed demands

The defi protocol Prisma Finance was hacked for 3,257 ETH ($11.5 million). An attacker was able to take advantage of a flaw in the project’s smart contracts, allowing them to manipulate users’ positions and steal some of their collateral. Two other watchful attackers observed the attack strategy and replicated it, stealing a combined additional 173 ETH (~$610,000).

Plasma paused the protocol after detecting the attack.

The first attacker, who stole the bulk of the assets, sent an on-chain message to Prisma claiming that they had performed a “whitehat rescue” and inquired about returning the funds. In later messages, however, they asked the project to answer questions about their security practices and the project’s responsibilities to users to prevent attacks. The attacker then transferred the stolen funds to Tornado Cash — indicating their return is unlikely.

In another message, the attacker was angry that Prisma had not expressed gratitude to them or remorse to their users and was angry they had used terms like “exploit” and “attack” in their description of the incident. They demanded that the team reveal their identities, apologize, and thank the attacker in an online press conference.

“Munchables” crypto game exploited for $62.5 million

Things went awry in the land of the schnibbles and snuggeries when an attacker siphoned around 17,400 ETH ($62.5 million). Various descriptions of the attack circulated, with blockchain sleuth Zachxbt attributing it to a recently hired developer and crypto developer 0xQuit, claiming the theft appeared to have been “planned since deploy.”

Some began discussing the possibility that the Blast layer-2 blockchain might forcibly roll back the chain to “undo” the hack. Some have argued this is contra to the crypto ethos or would set a bad precedent, while others have argued that as a blockchain-focused more on gaming and experimentation and less on decentralization and other facets of crypto ideology, it would be a reasonable step.

Curio RWA project suffers $16 million exploit

A blue outline of a circle, cropped into a C shape, with a portion in the middle resembling a pie chart with multicolored pastel sections(attribution)

Curio, a crypto project that creates tokens based on “real-world assets” (RWAs) like cars, watches, wine, and other goods, suffered an attack that drained around $16 million from its funds.

A bug in the project’s Ethereum smart contract enabled an attacker to mint 1 billion of the project’s CGT governance token. Although the tokens were notionally priced at around $40 million, the project’s loss was estimated at closer to $16 million.

Curio DAO announced that they intended to compensate users affected by the theft over a year-long period.

Web3 Regulatory Practices for March

EU Advances Crypto Regulation with New EBA Stablecoin Draft

The European Union is making significant progress in clarifying crypto regulations as the European Banking Authority (EBA) unveils draft requirements for stablecoins under the Markets in Crypto Assets (MiCA) framework.

This move, aimed at asset reference tokens (ARTs) capable of referencing a variety of currencies and assets, signifies a crucial step towards comprehensive crypto market regulation.

The potential impact on the crypto ecosystem is twofold. Positively, clearer regulations could enhance market confidence, attract more institutional investment, and foster a safer trading environment. Conversely, the stringent requirements might impose significant compliance costs, particularly affecting smaller entities and potentially stifling innovation within the sector.

As the EU navigates the complex balance between innovation and regulation, the global crypto community watches closely, anticipating the ripple effects of these regulatory advancements.

UK Treasury Proposes Regulatory Refinement for Crypto Assets

The UK treasury’s latest consultation paper seeks to refine money laundering regulations, which will impact the crypto asset sector’s regulatory framework. The proposed changes, which build on the review of 2017’s Money Laundering Regulations (MLRs), indicate a shift towards integrating crypto assets more comprehensively within the UK’s financial regulatory system.

One of the pivotal changes includes bringing crypto asset service providers under the broader umbrella of the Financial Conduct Authority’s (FCA) supervision, eliminating the need for separate MLRs authorization. This move is set to extend the FCA’s oversight to new crypto-related activities, aligning MLRs requirements more closely with the Financial Services and Markets Act (FSMA) standards.

The impact on the crypto ecosystem could be profound. Although these revisions promise to streamline the regulatory process, potentially making the UK a more attractive hub for crypto businesses by clarifying compliance pathways, there is a downside to them as well. After all, the increased FCA oversight could introduce more stringent control and operational challenges for crypto firms, especially smaller ones struggling with the nuances of expanded regulatory requirements.

Key Takeaways:

1. There have been continuous hacks on DeFi protocols, totaling over $79 million. This emphasizes the ongoing vulnerability of DeFi protocols and the need for robust security measures.
2. The debates on reversing hacks intensified with the Blast hack discussion showcasing the controversy surrounding potential rollbacks in blockchain technology. This raises questions about the balance between security and core blockchain principles like immutability.
3. The EU and UK’s regulatory advancements indicate a growing focus on regulating crypto. While this promotes stability and attracts investment, it also increases compliance costs and stifles innovation for smaller players.

Stay #LiminalSecure

These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices.

At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our institutional custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.