Topic: First Criminal Case Involving Attack on a Smart Contract Operated by DeX (Read 279 times)

Where did I say that I am a supporter of KYC? I have not traded on centralized exchanges for a long time for this reason.
Decentralized services will not ask their users about this and they will still implement one of the KYC options in order to comply with the law.

I think he meant to say that regulators don't need to introduce any new rules since they can just force DEX or any other platform to implement KYC or whitelisting. If they are popular and the owner is known, for example, I guess some threats could work and potentially force them to do what the government wanted. I believe DEX and self-custody wallet is not the same in this regard, I doubt they can force people to KYC to use Electrum for example. CMIIW.

I shake my head if you of all the people in the forum support the whitelisting and the imposing of KYC on self custodied wallets. What are we supporting decentrlzation for if we accept this? This is where I begin to appreciate the bitcoin maximalists' argument on anonymity and the fight against censorship. We should be very cautious on this issue, I reckon. We might be tricked into accepting something that might make the cryptospace function like a duplicate of traditional finance.

DeX is more transparent in terms of transaction control, and there is no need to come up with new legislation for these exchanges. Only whitelists and KYC for each wallet are enough.
DeX provides no privacy when used across many ecosystems, and most trading takes place within the Ethereum ecosystem and its L2 layers.

All anti-money laundering laws contain loose sentences that enable governments to prosecute individuals with them, even if new technology appears, such as saying that trading any asset that is not supported by the Central Bank is considered an aid in money laundering.
[/quote]

I think we need a set of new rules for the crypto industry.

If not I think there will be more and more lawsuits in the coming future and not gonna end in Binance.US or Coinbase. maybe cases like XRP will showed up again.

---

On the other hand, DeX is highly unregulated so yeah it offers us more privacy and control but in some cases US dont like it at all

You can call them anything but they really are not contracts. They are computer code programmed to do whatever they are instructed to do.

In any case, I disagree that smart contracts are only hype. Many of these projects might presently be existing only because of hype, however, I reckon Nick Szabo had a different vision when he invented the term. We might witness a good development team create something we can consider a good smart contract platform in the future.

Also, on AI, I am not quite certain. I was shocked to see that it can generate code. I am only speculating that it can be used to audit code.

The audit of smart contracts does not provide any guarantees. In my collection there are projects that have passed several audits of large firms and then were hacked.
https://bitcointalksearch.org/topic/defi-hacks-history-5267124
You need to learn how to work with smart contracts and try not to block coins in them. I use them for trading.

On top of various hacks happening because of the poor smart contract programming, some of them have been relatively centralized with the keys of bridges being held by one single entity where in a such a case when the entity dies or disappears under mysterious circumstances the whole chain or the bridge comes down taking with them the millions being locked onto the chains and bridges. One such incident happened where more than $100m were transferred out of the Multichain Bridge in FTM chain and funnily the CEO held the keys and he was probably running a rug pull all the time since the beginning scamming the users of the bridge  .

The incident unfolded back in May when the CEO was arrested under some some circumstances by Chinese officials and his servers were locked out. Eventually till July, the Multichain team was hiding this information and they were running the bridge as usual and on July, user assets (primarily native stablecoins) which were bridged were transferred to unknown anonymous addresses thereby making the USDC & DAI to depeg on the FTM chain. As majority of us know that, Circle issues USDC only on a handful of L1 chains natively and in the rest of the chains such as BSC or FTM in this particular case are bridged with equivalent amounts. Shockingly, Multichain bridge was a major issuer of Bridged_USDC on the FTM chain and their rug pull has squeezed the volume on FTM altogether to new lows.

Hence, in such a case even if the code of the smart contract is good and un-hackable the company or entity behind the contract should be trusted which brings down the whole vision of cryptocurrencies. Additionally, we can never be sure of BSC bridged assets as well since Binance being a centralized company can go down anytime taking down the BSC assets along with them. Instant settlement features such as Swaps can always be a good option rather than holding money onto third party bridges in my opinion.

P.S : Full scam announcement from Multichain can be viewed in this Twitter Thread

It would be better to just call them "dumb contracts".

So there's an unknown problem and a future black box might be a solution? That makes no sense. Let's face it: smart contracts were nothing more than a hype used to earn money from gullible people. I've seen that countless times in crypto, and it will keep happening hype after hype.

In reality smart contracts is nothing similar to legal contracts. It was only a storyline created by the developers and cryptonews media irresponsibly spread the wrong idea among the naive people in the cryptospace which much of us were on 2015.

Presently the smart contracts that were hacked have vulnerabilities because of lack audit, the lack of skill by the auditor and also lack of skill by the developers. However, there might be a fix. I reckon users can be given the ability to audit the code by themselves through AI. If AI can generate code, it can be made to audit code. The next step might also be to audit these audtitors and investigate who might be scammers hehehe.

"The future of finance". And people keep falling for it.

https://twitter.com/PeckShieldAlert/status/1680897837947813894/photo/1

https://twitter.com/PeckShieldAlert/status/1680897837947813894
"#PeckShieldAlert In H1 2023, there are 395+ major hacks (386 DeFi related) in Web3 space, leading to ~$479.4m loss."

The number of scams and hacks in the DeFi ecosystem is decreasing and we are seeing a decrease of almost 5 times compared to the same period in 2022.
https://forklog.com/news/analitiki-podschitali-chislo-hakerskih-atak-na-kriptoproekty-za-polgoda

I am also afraid of smart contracts, and therefore I do not store coins on addresses that I use for exchanges through smart contracts.

It gladdens my heart to know that government investigators are now more skillful in tracking stolen hackers. This is a sign of hope that people who lose funds in these exchanges can get their funds back. This could also serve as a deterrent to others because they have nowhere to hide. To avoid being a victim, it is better not to patronize CEX.

I have seen several cases where investigators derive substantial evidence from the web search conducted by the suspect. Scammers and hackers will have to stay clear from search engines.

This has been the problem with "smart" contracts ever since Ethereum's DAO "hack": the contract isn't as smart as they want you to believe, and the users don't even understand how it works.

With normal contracts, you have to be a lawyer to fully understand what's in there. With smart contracts, you need to be a security engineer to understand it.
That's ironic: the sole purpose of a smart contract was be to make it trustless. If it's trustless, fraud wouldn't be possible.

As a user, I stay away from "smart" contracts. Don't send your money into something you don't fully understand!

However, if the hacker is not a real criminal or a member of the Lazarus Group, it would be better and less risky to take the bounty instead of having your wallet constantly followed and scanned by blockchain analytics. It would be a very similar situation as this Argentinian hacker where he had no choice but to return the most of the stolen coins because he cannot send them anywhere without exposing himself.



Jaime confirmed he gave most of the money back, but said on March 17 that he unwittingly sent $200,000 in Ether to Lazarus Group — a state-sponsored North Korean crime syndicate sanctioned by the US Treasury.

Source https://www.dlnews.com/articles/defi/argentinian-euler-hacker-explains-exploit-from-a-paris-jail/

When it comes to a single case, existing legislation and precedents can often help, but when it comes to a significant number of the same type of violations, it will be necessary to more clearly and directly prescribe the relevant concepts in the laws so as not to complicate the proceedings of each specific case.

Of course, most crimes can be described one way or another in the laws of past centuries, but it is still necessary to keep the system of laws up to date.

No matter how generous the rewards are, in the end the amount that can be hacked is very large. We are talking about millions of dollars. The good side is that these bridges are not easy to find loopholes in, so it is likely that most of bugs are discovered by the developer team, cooperation with the security authorities or making the code open. The source is the solution. In the end, a hacker will not risk his life for millions of dollars and will prefer a reward.


According to the cases open on the judge. If it was money laundering, it will be confiscated, and if it is related to hackers or money stolen, then it will be returned.

I wonder in such an incident will the money stolen by the hacker be returned to the "Crypto Exchange" or will it be confiscated by the US government?

I do not know if this hacked exchange is licensed in the United States or not, so if the stolen money is returned, will it be returned to the exchange, or will the affected users be compensated?

But most likely I think the US government will confiscate this money due to money laundering charges and no one will be compensated.

We cannot be quite certain if there should be. If someone stole assets that belong to the people who use the DEX and provide liquidity for the DEX, this is still called theft hehe.

This case also sets a good precedent because this might discourage flash loan attacks. However, developement teams should also encourage whitehat hacking and give security engineers generous bounties to find security vulnerabilities.

While I do not condone illegal activities, I believe the criminal's actions are driven by excessive greed. They seem to believe their vast knowledge in the field makes them invincible, as they plan to steal and hoard the money solely for themselves. However, their plans may be foiled when they encounter a team of highly organized government technologists.