Kiffmeister’s #Fintech Daily Digest (20230227)

February 27, 2023February 27, 2023 ~ kiffmeister

Companies have sprung up that say they can recover stolen crypto. That rarely happens.

Forbes published an article about a new industry that has cropped up that promise victims of crypto scams to spend more money in order to recover their already-lost sums, with scant evidence that they regularly work as advertised. Multiple U.S. financial and law enforcement agencies generally tell scam victims to treat these services with a healthy dose of skepticism. That’s because even if one of these companies is involved, law enforcement still has to do its own independent investigation — for which victims aren’t charged. Plus, no private company has the authority to compel the freezing, much less the seizure, of crypto assets held at an exchange. [Read more at Forbes]

Over 13 Million ALGO Now Suspected Stolen, Algorand Foundation CTO Responds To The Situation

Over 13 million ($3.5 million) ALGO has reportedly been stolen between 19th to 21th of February, over 12 accounts have been affected. Most of the stolen ALGO was transferred to the ChangeNow, a non-custodial crypto exchange that operates without extending know-your-customer (KYC) to all its users. However, the ChangeNOW team has implemented anti-money laundering (AML) mechanisms designed to detect fraud and filter suspicious transactions, and had halted $1.5 million of suspicious ALGO and USDC transactions on the Algorand blockchain and stopped the malicious actors from accessing the stolen funds any further. [Read more at AlgoDaddy]

There may be a connection with MyAlgo web-based non-custodial wallets, which recently reported a targeted attack carried out against a group of high-profile MyAlgo accounts. MyAlgo wallets keep users’ encrypted private keys on their local devices, accessed using passwords and mnemonic phrases. However, being a web-based wallet, it is vulnerable to phishing attacks. According to MyAlgo, it appears that the attacked users all had significant funds in their accounts and were using mnemonic wallets with the key stored in the browser. None were using hardware wallets. The firm is strongly advising all users to withdraw any funds from mnemonic wallets that were stored in MyAlgo.

Upcoming conferences, webinars and speaking engagements:

I’ll be providing a (probably virtual) update on global central bank digital currency (CBDC) developments at the Digital Euro Association Digital Euro Conference on March 31 in Frankfurt. [Register here]
I’ll be moderating a panel on “what happens when the lights go out…different schemes for offline functionality” at the in-person Digital Currency Conference (DCC) in Mexico City on May 18. [Register here]

Kiffmeister’s global central bank digital currency monthly monitor

Just a reminder that I produce a monthly digest of central bank digital currency (CBDC) developments exclusively for the official sector. So for any of you out there who work for a central bank, ministry of finance or international financial institution who would like to receive it by email on the first business day of every month, please DM me on LinkedIn or email me at chronicles@kiffmeister.com.

The Sovereign Official Digital Association (SODA) is a technology-agnostic firm offering advisory services at the intersection of central banking, digital finance and the web3 industry, aiming to make public digital money a reality. SODA believes institutions in the existing financial ecosystem should have access to the tools and resources they need to move from discussion to action. SODA offers ‘real life’ use cases to help test digital money and drive adoption as central banks and other public institutions explore the future of a more financially inclusive world powered by interoperable blockchain-based networks. SODA would love you to join us on this journey – please get in touch (chris@sodapublicmoney.org).

Satoshi Capital Advisors is a New York-based, global advisory firm that works with central banks, governments, and the private sector to architect, implement, and operate varying initiatives. Satoshi Capital Advisors’ central bank work revolves around CBDC architecture and implementation, providing advisory services from research phase through to growth phase. Utilizing a product-market fit and technology agnostic approach to CBDC architecture and implementation enables Satoshi Capital Advisors to build tailored solutions, bespoke to local financial system nuances. Satoshi Capital Advisors welcomes requests from central bank officials for virtual and in-person CBDC workshops. [Click here for more information]

WhisperCash offers the first fully offline digital currency platform that has the same properties as physical cash. It can perform secure consecutive offline payments without compromising on security, privacy or accessibility. WhisperCash allows direct person to person offline payments without any server infrastructure or internet connectivity. It comes in various form factors including the self-contained credit card-sized “Pro” that sports an eInk screen and capacitive keyboard, and lasts for two weeks between recharges assuming a few transactions per day. [Click here for more information]

Kiffmeister’s #Fintech Daily Digest (20221009)

October 9, 2022October 9, 2022 ~ kiffmeister

Understanding Stablecoin Technology and Related Security Considerations

The US National Institute of Standards and Technology (NIST) published a technical paper on the ways in which stablecoins are architected and implemented. This includes a descriptive definition, commonly found properties, and distinguishing characteristics, as well as an exploration of stablecoin taxonomies, descriptions of the most common types, and examples from a list of top stablecoins by market capitalization. This document also explores related security, safety, and trust issues with an analysis conducted from a computer science and information technology security perspective as opposed to the financial analysis and economics focus of much of the stablecoin literature. [Read more at NIST]

Hackers Feast on Crypto Weak Link and Even Binance Isn’t Spared

“There’s a gaping hole in the crypto industry’s security architecture, and even the most deep-pocked players haven’t figured out how to plug it. The weakness in question is what’s known in industry parlance as cross-chain bridges — software that allows crypto tokens to move between different blockchains. On October 6, 2022, a hacker made off with about $100 million via a bridge used by Binance… Chainalysis estimates that $2 billion worth of tokens have been looted from 13 separate attacks, the majority of which was stolen this year.” [Read more at Bloomberg]

Global VC Pullback Is Dramatic In Q3 2022

“Venture and growth investors in private companies scaled back their investment pace significantly as the slump in the public markets stretched into the third quarter. Venture funding for the third quarter of 2022 totaled $81 billion, down by $90 billion (53%) year over year and by $40 billion (33%) quarter over quarter, according to a Crunchbase News analysis. While funding for the most recent quarter will increase a little in the coming months as stealth fundings are announced, this is a huge drop in funding compared to prior quarters.” [Read more at Crunchbase]

Kiffmeister’s Global Central Bank Digital Currency Monthly Monitor

Just a reminder that I produce a monthly digest of central bank digital currency (CBDC) developments exclusively for the official sector. So for any of you out there who work for a central bank, ministry of finance or international financial institution who would like to receive it by email on the first business day of every month, please DM me on LinkedIn or email me at chronicles@kiffmeister.com.

Kiffmeister’s #Fintech Daily Digest (20220805)

August 5, 2022August 5, 2022 ~ kiffmeister

Jurisdictions Where Retail CBDC Is Being Explored

I’ve made some minor updates to my tabulation of retail central bank digital currency (CBDC) explorers. I count 85, which is lower than the count of some other trackers that, for currency unions, count all member countries. I count only the central bank that is responsible for currency issuance (e.g., the European Central Bank (ECB) in the Eurozone, and the Eastern Caribbean Central Bank in the Eastern Caribbean Currency Union (ECCU)). If I count all eight Eurozone member countries whose central banks are contributing to the ECB CBDC work, plus all eight member countries of the ECCU, my tally goes up to 101. If I also include all Eurozone countries I have a big fat headline number of 112! [See my tabulation here]

Thailand’s Central Bank Extends Retail CBDC Study to Pilot Phase

The Bank of Thailand (BoT) is extending the scope of retail CBDC development by starting a pilot study. It will adopt technology developed by Giesecke+Devrient and it is expected to run from the end of 2022 to mid-2023. However, the BoT emphasized that the purpose of the pilot is to assess the suitability of technology and CBDC design, and at present it does not have plans to issue retail CBDC until thorough consideration of benefits and associated risks for the financial system. [Read more at the Bank of Thailand]

ZB Exchange Loses Nearly $5M in Suspected Hack, Pauses Withdrawals

Crypto exchange ZB Exchange has paused user withdrawals, likely in response to a suspected hack that appears to have drained nearly $5 million in tokens from the firm’s hot wallet. The multimillion-dollar loss is the latest in a series of security breaches to hit crypto companies this year and the third multimillion-dollar hack reported this week. [Read more at CoinDesk]

PayTech and the D(ata) N(etwork) A(ctivities) of BigTech Platforms

The Bank of Canada published a paper that models the trade-off faced by BigTech payment platforms between costs associated with compensating users for their privacy concerns and revenues from the harvested data. The results of the modeling lead to two policy implications. First, data monetization is not necessarily inefficient from a social point of view because data are socially valuable and users are compensated for their privacy concerns with cheaper platform services. Second, when assessing BigTechs’ introduction of payment services, one needs to consider the bundling of data and payments and the implied complementarity. In economies with large payment frictions, data-driven payments tend to increase social surplus. In advanced economies, however, where payments are already fairly efficient, payment-driven data can lead to inefficient adoption by platforms that seek to generate data beyond what is socially efficient. [Read more at the Bank of Canada]

Upcoming events I’m affiliated with:

The CBDC Think Tank, in partnership with the International Monetary Fund and George Washington University, is hosting a full-day in-person CBDC Masterclass on October 12 in Washington DC. The sessions are designed as instructional deep dives with full presentations and Q&A components. [Register here]

Kiffmeister’s #Fintech Daily Digest (20220804)

August 4, 2022 ~ kiffmeister

A pair of hacks rattle an already jittery crypto industry

Solana said that at least 7,700 wallets that held at least $5.2 million crypto-assets, including Solana tokens and USDC stablecoins, had been breached. Earlier in the week, Nomad, a blockchain bridge, acknowledged that about $190 million had been taken from it after a hacker infiltrated its system. (A blockchain bridge allows users to swap crypto from one blockchain to another making it vulnerable to “both sides” weaknesses on either blockchain.) The Nomad attack was a “free-for-all,” because the hacker’s original code allowed anyone to copy it and steal the crypto for themselves. [Read more at the Washington Post]

Slope wallet provider saved user seed phrases in plain text, Solana security researchers find

Solana also said that the closed-source Slope wallet may be responsible for the exploit. And security firm Otter reported that the Slope wallet app sent out users’ seed phrases to a centralized server. Slope hired this server from a company called Sentry. It added that seed phrases passed to Slope’s server were saved in the form of readable text. Since the phrases were not encrypted, anybody with access to this specific Sentry server could potentially access users’ private keys. [Read more at The Block]

Coinbase selected by BlackRock to provide Aladdin clients access to crypto trading and custody via Coinbase Prime

Investment manager BlackRock has formed a partnership with Coinbase to make crypto-assets directly available to institutional investors. Mutual customers of Coinbase and BlackRock’s investment management platform. The access will be granted through Coinbase Prime, an existing integrated trading platform for institutional crypto investors. Aladdin users will be able allow to manage their crypto-asset exposures directly in their existing portfolio management and trading workflows for a whole portfolio view of risk across asset classes. The platform integration and functions will be rolled in phases. [Read more at Coinbase]

Entity-based vs activity-based regulation: a framework and applications to traditional financial firms and big techs

The Bank for International Settlements (BIS) published a paper that proposes a framework for classifying regulatory measures with a financial stability objective as activity-based (AB) or entity-based (EB). AB measures constrain an activity on a standalone basis, whereas EB measures constrain a combination of activities at the level of entities. Since such combinations underpin much of financial intermediation, financial stability regulation features EB measures at its core, even though its ultimate objective is to make financial activities more resilient. In discussing the relative merits of AB and EB measures, the paper applies its framework to the regulation of banks, collective investment vehicles and big techs. When addressing systemic risk, neither AB nor EB regulation need be consistent with a level playing field, contrary to a widely held view. [Read more at the BIS]

An Illustrative Industry Architecture to Mitigate Potential Fragmentation across Central Bank Digital Currency and Commercial Bank Money

A paper by a couple of Barclays staffers aims to provide a mitigation to the risk that the adoption of central bank digital currency (CBDC) fragments payments markets and retail deposits. It introduces the concept of ecosystems providing a common programmability layer that interfaces with the account systems at both commercial banks and the central bank. The paper focuses on a potential U.K. CBDC, including industry ecosystems interfacing with commercial banks using open banking application programming interfaces (APIs). [Read more at Arxiv.org)

Upcoming events I’m affiliated with:

Kiffmeister’s #Fintech Daily Digest (02/20/2022)*

February 20, 2022February 20, 2022 ~ kiffmeister

Wyoming Lawmakers Want State to Launch Its Own Stablecoin

Wyoming lawmakers have proposed the Wyoming Stable Token Act (SF0106), which paves the way for the crypto-friendly state to launch its own dollar-pegged token. The act would allow Wyoming treasurer Curtis Meier Jr. to create a state stablecoin pegged to the U.S. dollar. The token would be redeemable for a single dollar held in trust by the state. [Read more]

OpenSea Confirms Phishing Attack Affecting Multiple Users

OpenSea is investigating a phishing attack aimed at users of its non-fungible token (NFT) platform. The hacker(s) stole several NFTs and had already sold a few for ethereum worth $1.7 million, according to CEO Devin Finzer. NFTs are blockchain-based deeds of ownership to different kinds of digital items, from expensive illustrations of apes to collectibles like celebrity autographs. [Read more]

Canadian Court Freezes Millions in Convoy Protestor Funds—Including Bitcoin

An Ontario Superior Court judge has issued an order to freeze millions of dollars in funds, including crypto-assets, as Ottawa’s convoy protests continue. The freezing order—known as a Mareva injunction—was part of a wider lawsuit filed against the convoy by the residents of Ottawa. The Canadian government is involved in an ongoing effort to seize protestors’ funds. [Read more]

However, it is impossible to freeze crypto-asset address and render it useless to the owner. The only way to do that is by using force to ultimately obtaining a crypto owner’s private keys. This is why fundraisers, like Nunchuk, utilize multi-signature controls. Basically, people worried about getting their crypto funds frozen should not keep crypto on centralized platforms. [Read more]

Judge orders Terraform Labs to comply with SEC subpoenas

A judge in the Southern District of New York has granted a US Securities and Exchange Commission (SEC) application for an order requiring Terraform Labs to comply with investigative subpoenas. The SEC is investigating whether Terraform Labs had violated US securities laws with its Mirror Protocol, a platform which creates crypto-assets for users to buy and sell popular stocks. [Read more]

UAE Prepares to Launch Nationwide Crypto Licensing System

The United Arab Emirates Securities and Commodities Authority (SCA) is reportedly getting ready to start issuing federal licenses to cryptocurrency service providers in the first quarter. The SCA will regulate the crypto industry with input from the central bank, but local financial centers can establish their own daily procedures around licensing. [Read more]

* To get these updates sent to your inbox, please sign up here. Also, for those interested in intra-day updates and news that didn’t make the Daily Digest cut, please check out my Diigo fintech bookmarks: https://www.diigo.com/user/kiffmeister/Fintech.

Central Bank Digital Currency Workshop, Hosted by the CBDC Think Tank

In Q2 2022, the CBDCTT will launch the OpenCBDC Sandbox for evaluating, studying and learning from the OpenCBDC Boston Fed and the MIT Digital Currency Initiative open source CBDC platform. It will provide easy to use access, with the CBDCTT providing training and all updates. It’s available exclusively to central banks and official institutions. [Read more]

Kiffmeister’s #Fintech Daily Digest (01/16/2022)

January 16, 2022 ~ kiffmeister

North Korean Hackers Have Prolific Year

According to Chainalysis, North Korean cybercriminals launched at least seven attacks on cryptocurrency platforms in 2021 that extracted nearly $400 million worth of digital assets. These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected “hot” wallets into DPRK-controlled addresses. Once they gained custody of the funds, the attackers began a careful laundering process to cover up and cash out. [Read more]

Bitfinex advises Ontario-based users to close accounts before March 1

Bitfinex said it would be immediately closing the accounts for Ontario-based customers who have no balances on the platform. In addition, it planned to restrict access to those who do not have open positions in the exchange’s peer-to-peer financing market or open margin positions. Ontario-based users who have balances or open positions on Bitfinex will no longer have access to any services starting on March 1. The exchange advised customers to withdraw funds before the effective date. [Read more]

To get these updates sent to your inbox, please sign up here. Also, for those interested in intra-day updates and news that didn’t make the Daily Digest cut, please check out my Diigo fintech bookmarks: https://www.diigo.com/user/kiffmeister/Fintech.

Central Bank Digital Currency Workshop, hosted by the CBDC Think Tank

The CBDC Think Tank (CBDCTT) is hosting an in-person CBDC Workshop in Washington DC on February 24. It’s an intensive and hands-on CBDC course for central bank leadership and staff that are looking to understand and position for CBDCs. The workshop is a mix of lectures from CBDC experts and hands-on exercises. Certification of completion will be provided by the CBDCTT. Note that it is open only to staff from central bank staff and finance ministries! [Register here]

Kiffmeister’s #Fintech Daily Digest (01/13/2022)

January 13, 2022 ~ kiffmeister

Derivatives are coming to Coinbase, following purchase of FairX

Coinbase intends to enter the derivatives trading markets, having acquired the FairX derivatives exchange. FairX is a Designated Contract Market derivatives exchange regulated by the Commodity Futures Trading Commission. FairX only launched in May 2021, but it has already secured brokerage partnerships with TD Ameritrade and E*Trade, and 18 others. Coinbase said the acquisition is a “key stepping stone on Coinbase’s path to offer crypto derivatives to retail and institutional customers in the US.” [Read more]

Central bank digital currencies (CBDCs) in Latin America and the Caribbean

The Bank for International Settlements (BIS) published a paper that examines the views toward CBDCs Latin American and Caribbean (LAC) region central banks , drawing on their responses to a survey conducted by the BIS in late 2020 and early 2021. It also examines whether the engagement of LAC central banks with CBDCs can be explained by the structural characteristics of their economies. Thirdly, it reviews the long list of potential benefits, costs and risks of CBDCs, focusing on their relevance to the LAC economies. Finally, the paper reviews the design choices that central banks face and the actual choices made by a number of central banks in the region. [Read more]

BIS, SNB and SIX successfully test integration of wCBDC settlement with commercial banks

The BIS, the Swiss National Bank and SIX successfully tested the integration of wholesale (wCBDC) settlement with the core banking systems of five commercial banks. The experiment explored the settlement of interbank, monetary policy and cross-border transactions on the test systems of SIX Digital Exchange, SIX Interbank Clearing (the Swiss real-time gross settlement system) and the core banking systems of Citi, Credit Suisse, Goldman Sachs, Hypothekarbank Lenzburg and UBS. The test was part of Project Helvetia, an ongoing investigation into the settlement of tokenised assets with wholesale CBDC. [Read more]

Visa Partners With ConsenSys to Help Bridge CBDCs With Traditional Finance

Visa has teamed up with Ethereum scaling firm ConsenSys to help central bank digital currency (CBDC) networks bridge the gap with traditional financial institutions. Visa has created a CBDC Payments Module to serve as an on-ramp for CBDCs to existing payment networks. Banks and issuer processors will be able to plug into the module and integrate their existing infrastructure. Customers will eventually be able to use their CBDC-linked Visa card or digital wallet anywhere that Visa is accepted globally. Visa is currently in the process of integrating the Module with the ConsenSys Codefi CBDC sandbox powered by ConsenSys Quorum. [Read more]

USDF Consortium Launches to Enable Banks to Mint USDF Stablecoins

The USDF Consortium, an association of FDIC-insured financial institutions, launched, with a mission to build a network of banks to further the adoption and interoperability of a bank-minted USDF stablecoin. USDF will be minted exclusively by U.S. banks and will be redeemable on a 1:1 basis for cash from a Consortium member bank. The Consortium’s founding bank members include New York Community Bank, NBH Bank, FirstBank, Sterling National Bank, and Synovus Bank. [Read more]

Funds Lost to DeFi Hacks More Than Doubled to $1.3B in 2021: Certik

Certik reported that the amount of money lost in decentralized financed (DeFi) project hacks more than doubled to $1.3 billion in 2021, with centralization the most common vulnerability. According to DefiLlama data, the total value locked (TVL) in DeFi protocols at end-2021 was $243.88 billion, up from $18.29 billion the year before, meaning the lost funds shrank to 0.5% of TVL last year from 2.78% in 2020. [Read more]

Central Bank Digital Currency Workshop, hosted by the CBDC Think Tank

The Central Bank Digital Currency Think Tank (CBDCTT) is hosting an in-person CBDC Workshop in Washington DC on February 24. It’s an intensive and hands-on CBDC course for central bank leadership and staff that are looking to understand and position for CBDCs. The workshop is a mix of lectures from CBDC experts and hands-on exercises. Certification of completion will be provided by the CBDCTT. Note that it is open only to central bank staff and finance ministries! [Register here]

Kiffmeister’s #Fintech Daily Digest (10/30/2021)

October 30, 2021January 25, 2022 ~ kiffmeister

Bitcoin Accounting Zaps Millions From MicroStrategy’s Income

“MicroStrategy massive Bitcoin bet increased in value by more than $1.3 billion during the third quarter. But accounting rules require MicroStrategy to take a writedown if the tokens it buys fall — even only temporarily — below the price it paid for them. So, for the third quarter, MicroStrategy booked a $65 million writedown, leading to an unprofitable quarter.” [Read more] Tesla’s income statement was similarly dinged – it took an an impairment charge of $51 million in the third quarter on its Bitcoin holdings, even though the crypto-asset gained roughly 30% during the period.

DeFi Protocol Cream Finance Loses $130 Million in Latest Crypto Hack

DeFi protocol Cream Finance suffered yet another hack this year after an exploit stole at least $130 million in what could be one of the largest thefts in decentralized finance. Cream was involved in similar attacks that stole nearly $38 million in February and almost $19 million in August. Meanwhile, a hacker stole $600 million worth of crypto tokens from the PolyNetwork protocol in August in what is considered to be the largest DeFi hack ever. [Read more]

Kiffmeister’s #Fintech Daily Digest (08/13/2021)*

August 13, 2021 ~ kiffmeister

Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch

“More than $600 million was stolen in a cyberattack that targeted DeFi cryptocurrency platform Poly Network. Poly Network said all of the funds bar $33 million worth of the digital coin tether has now been returned. But $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker… In a message embedded in a digital currency transaction, the suspected hacker said they would ‘provide the final key when _everyone_ is ready.'”

Divergent evolution of EU and US e-money and stablecoin regulation

Here’s a very thorough thread from @finhstamsterdam on how the EU upfront regulation of e-money (due to a non-existing payments regulatory starting point) and the US wait/see/regulate approach to stablecoins (based on already existing competencies and law) are equally logical.

*To get these updates sent to your inbox, please email me at kiffmeister@protonmail.com. Also, for those interested in intra-day updates and news that didn’t make the Daily Digest cut, please check out my Diigo fintech bookmarks: https://www.diigo.com/user/kiffmeister/Fintech.

Kiffmeister’s #Fintech Daily Digest (09/27/2020)

September 27, 2020 ~ kiffmeister

Cryptocurrency Exchange KuCoin Hacked, $203 Million Moved

The Singapore-headquartered digital asset exchange KuCoin detected large withdrawals of crypto-asset tokens to an unknown wallet on September 25. One or more hackers obtained the private keys to the exchange’s hot wallets. About $203 million worth of tokens were been moved to a different address. KuCoin transferred what was left in them to new hot wallets, abandoned the old ones and froze customer deposits and withdrawals. Also cryptocurrency exchanges and blockchain projects froze about $130 million of the stolen assets to minimize the damage.

Fintech Credit Risk Assessment for SMEs: Evidence from China

An IMF working paper suggested that the fintech approach to assessing credit risk yields better predictions of loan defaults. The fintech approach uses big data and machine learning models, versus traditional approaches that use financial data and scorecard models. 1.8 million loans to Chinese small and medium-size enterprises (SMEs) by online lender MyBank, a subsidiary of Ant Group, were analyzed. The results showed that BigTech’s proprietary information can complement or, where necessary, substitute credit history in risk assessment, allowing unbanked firms to borrow.

US SEC issues no-action letter on compressed digital asset settlement process

The U.S. Securities and Exchange Commission (SEC) took a major step toward streamlining digital asset securities settlement by compressing the previous four-step process into three in a bid to reduce operational risk for broker-dealers. The SEC issued a no-action letter on September 25, stating it will not penalize any broker-dealer operating an alternative trading system (ATS) that trades digital asset securities — if they adhere to the new guidelines.

Posted from Diigo: https://www.diigo.com/user/kiffmeister/Fintech