The 2020-created regulatory package now awaits the European Council’s approval before being enforced. Following two previous postponements, the European Parliament has held the final vote on the Markets in Crypto-Assets Act (MiCA).
The legislation, initially proposed in 2020, must be approved by the European Council before taking effect.
The vote took place on April 20. Stefan Verger, the European Parliament member and crypto advocate, said this to be a milestone for the crypto industry.
What’s the point of the Markets in Crypto-Assets Act (MiCA)?
MiCA aims to establish standardized regulations and harmonized rules for crypto assets across the European Union (EU), providing legal certainty for the crypto industry and investors.
The regulation will set guidelines for the operations, structure, and governance of digital asset token issuers and impose rules on transparency and disclosure requirements for crypto issuance and trading.
MiCA’s specific provisions regarding stablecoins will be enforced in July 2024, while other provisions, including those for crypto asset service providers, will come into effect in January 2025.
The regulation has been met with cautious optimism. However, the regulations mentioned in the 400-page document have also presented concerns by specialists.
For instance, the current draft, which was submitted to vote, does not mention decentralised finance (DeFi), address the growing crypto lending and staking sector, or establish rules for nonfungible tokens.
The industry speaks strongly for the need for cooperation between governments, regulators, and industry stakeholders. This was one of the topics at Paris Blockchain Week 2023.
While the future is uncertain, EU officials say that MiCA should help mitigate the negative impacts of incidents such as FTX’s insolvency in the future.
Limitation of MiCA
MiCA will become the first comprehensive pan-European crypto framework, set to take effect in 2024. During the latter half of last year, when most of the MiCA text had been drafted, the industry experienced several shocks, creating new challenges for regulators.
However, given the rapid expansion and dynamic nature of the crypto industry, there will always be new issues that will need to be addressed.
This raises the question of whether MiCA, given its current imperfections, can be considered a truly “comprehensive framework” a year from now.
More importantly, will it be an effective set of rules to prevent future failures similar to those involving TerraUSD or FTX?
EU DeFi regulations need to improve
A significant oversight in the MiCA is its treatment of decentralised finance (DeFi). The current draft largely omits any mention of this more recent organisational and technological development in the crypto space, which could pose a problem when MiCA is implemented.
If and when more users turn to DeFi, after the countless failures of the centralized platforms, customers will need regulations to receive protection. And there’s also the money laundering issue. However, given the decentralisation of DeFi, regulating this branch is a huge hurdle for authorities. Customers are still new to the crypto market, and many take their first contact using centralised exchanges.
But the absence of a specific section devoted to DeFi does not imply it is impossible to regulate. DeFi is essentially a collection of derivatives, bonds, loans, and equity financing presented as something new and innovative. In this sense, industry thought leaders believe that the yield-bearing, lending, and borrowing of collateralised crypto products are areas of interest for investment and commercial banks and should be regulated similarly. In this context, the suitability requirements outlined in MiCA could be helpful. For example, DeFi projects might be classified as providing crypto asset services in MiCA’s terminology.
Lending and staking
DeFi might be the most prominent, but it is not the only shortcoming of the forthcoming MiCA. The EU framework also neglects to address the burgeoning sectors of crypto lending and staking.
Considering recent failures involving lending giants like Celsius and the increasing attention of American regulators to staking operations, EU lawmakers will need to develop appropriate regulations as well.
The market collapse last year was driven by poor practices in this space, such as weak or non-existent risk management and reliance on worthless collateral.
On the other side of the financial system are banks. Legacy commercial or investment banks and even “traditional” fintech companies face more stringent regulations. Some believe the EU should provide a standard that should apply to all these services and products, which includes both investment banks and crypto platforms offering lending and staking services.
Non-fungible tokens (NFTs) are another area to monitor. In August 2022, European Commission Adviser Peter Kerstens revealed that despite the lack of a specific definition in MiCA, NFTs would be regulated like cryptocurrencies in general. In practice, this could imply that NFT issuers would be considered crypto asset service providers and required to submit regular reports of their activities to the European Securities and Markets Authority through their local governments.
Is the EU’s regulation (MiCA) a good thing?
While MiCa still has some unresolved issues, the industry is moving forward and helping legitimise the market.
However, it’s necessary that European lawmakers keep pace with regulatory updates. There’s a need for a more robust approach to some of the technical standards and guidelines currently being developed as part of the MiCA regime. The process of developing and putting these regulations in place is also slow in the EU.
On the other hand, the EU has legislation for the crypto industry, whereas other economic powers do not.
Following numerous postponements, Ethereum validators are now able to retrieve their staked Ether and associated rewards from the Ethereum mainnet. The Shapella hard fork has been successfully implemented on the Ethereum mainnet, enabling validators to withdraw their staked Ether from the Beacon Chain.
The highly anticipated Shapella update on Ethereum has been launched, introducing the much-awaited new feature, the Ether unstaking. The Ethereum community has expressed various reactions to the latest update in the ecosystem. The term “Shapella” is a combination of “Shanghai” and “Capella,” referring to simultaneous upgrades. This hard fork marks a significant milestone in Ethereum’s development, generating excitement among community members for the network’s future.
The highly anticipated update occurred at 10:27 pm UTC on April 12, during epoch number 194,048. In the initial hour following the hard fork, Ethereum block explorer beaconchai.in reported that 12,859 Ether were released through 4,333 withdrawals.
Ether staking rewards are withdrawn
At present, approximately 44% of validators, equating to 248,043 out of 559,549 active validators, have the option to request a partial or complete withdrawal.
Most of the current withdrawals range from 2.8 to 3.2 ETH, indicating that primarily staking rewards are being withdrawn at this time. Data from Rated Network Explorer reveals that just before the Shapella hard fork was implemented, 3,996 validators joined the exit queue.
Based on data from blockchain analytics company Nansen, crypto exchange Huobi possesses the most significant portion of withdrawable Ether at 30%. The decentralized autonomous organization PieDAO follows with a 17.7% share.
Nansen data indicates that 284,622 Ether from 7,948 validators are awaiting complete withdrawal. The price of Ether experienced minimal fluctuations during the first hour after the hard fork, as forecasted in an April 11 report by blockchain intelligence platform Glassnode. In theory, the hard fork could unlock 18.1 million Ether on the Beacon Chain, which is equivalent to over $34.8 billion.
However, the Ethereum Foundation has implemented several measures to prevent a sudden influx of ETH into the market. Glassnode’s report projected that less than 1% of the total amount would be released during the first week, and the 12,859 Ether unlocked within the first-hour accounts for a mere 0.07% of the total Ether staked on the Beacon Chain.
As for the market, the predictions are optimistic. The capacity of Ether to surpass resistance levels has led some analysts to predict a $3,000 price target in Q2 2023. Data from analytics provider Santiment reveals that whale accumulation remains robust, increasing by 0.5% in March.
This positive buying activity could support on-chain data indicating that Ether sell pressure following the Shanghai hard fork will be insignificant.
Ethereum Investment Proposal EIP-4895 facilitated the transfer of staked Ether from the Beacon Chain to the Ethereum Virtual Machine (EVM). This is known as the execution layer, thereby enabling withdrawals. This update on the Ethereum blockchain represents the most substantial upgrade since the Merge on September 15 and brings Ethereum one step closer to achieving a fully operational proof-of-stake system.
The community celebrates the Ethereum Shapella upgrade
During the Shapella watch party organized by the Ethereum Foundation team, Ethereum co-founder Vitalik Buterin expressed that the network is currently in a “really good place.” He said the most challenging and rapid aspects of the Ethereum protocol’s transition have essentially concluded. There are still substantial tasks to be accomplished, but they can proceed at a more relaxed pace.
In celebration of the new update, crypto singer Jonathan Mann performed a song at the Shapella watch party.
As some community members celebrated the event, others focused on the network’s future prospects. Ethereum community member Anthony Sassano highlighted the next significant feature, EIP-4844, which aims to improve the scalability of rollups on Ethereum.
The Shapella update is expected to attract more institutional investors to Ethereum.
The U.S. Treasury warns about DeFi. But they acknowledge that the majority of money laundering, terrorist financing, and proliferation financing still take place using fiat currency or outside the realm of cryptocurrency.
According to a recent report from the U.S. Treasury Department, it was observed that individuals from the Democratic People’s Republic of Korea, along with other fraudsters, were exploiting vulnerabilities of DeFi to facilitate money laundering. The report also stated that the majority of instances of money laundering, terrorist financing, and proliferation financing still took place using fiat currency or outside the crypto ecosystem.
The U.S. Treasury, in its “Illicit Finance Risk Assessment of Decentralized Finance” report, which was published on April 6th, stated that certain groups engaged in illicit activity from North Korea were able to take advantage of some DeFi platforms’ non-compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations.
How illicit activity is performed on DeFi platforms
These actors utilize different tactics and services, such as exchanging virtual assets for other more manageable or less traceable virtual assets, using cross-chain bridges to swap virtual assets from other blockchains, sending virtual assets through mixers, and placing virtual assets in liquidity pools as a form of layering.
Although the money laundering process by malign actors remains the same, they may use new methods like chain hopping. Criminals find DeFi services more appealing than centralized VASPs as they don’t need to provide customer identification information.
Such laundering methods pose challenges for investigators tracing illegal proceeds, and actors typically use more than one technique, with a level of sophistication depending on their technical experience and familiarity with DeFi services. However, even lesser-skilled actors have been observed using some of these tactics, according to law enforcement.
Most of the time, they use:
DEXs and cross-chain bridges to convert virtual assets. Illicit actors often use decentralized exchanges (DEXs) to exchange virtual assets, such as cryptocurrencies, into a different virtual asset. They may do this to exchange into a more liquid asset that has higher trading volumes and is easier to cash out into fiat currency. They may also exchange virtual assets for another virtual asset that is compatible with a cross-chain bridge, mixer, or other DeFi service or exchange for an asset that is less traceable. This allows them to move their funds between different blockchains and makes it more difficult for authorities to trace financial transactions.
Virtual asset mixers to obfuscate transaction information. Criminals use virtual asset mixers to functionally obfuscate the source, destination, or amount involved in a transaction. Mixers pool or aggregate virtual assets from multiple individuals, wallets, or accounts into a single transaction. They may also split an amount into multiple amounts and transmit the virtual assets as a series of smaller independent transactions or leverage code to coordinate, manage, or manipulate the structure of the transaction. Mixing services may be advertised as a way to evade Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) requirements and rarely include the capacity and willingness to provide upon request to regulators or law enforcement the resulting transactional chain or information collected as part of the transaction.
Placing illicit funds in liquidity pools to generate funds from trading fees. Illicit actors can place criminals’ proceeds in a DeFi service’s liquidity pool, where the assets provide liquidity to support trades on the service. By placing funds into liquidity pools, actors may generate funds from trading fees. Liquidity providers typically lock their virtual assets into the liquidity pool and may receive a portion of fees or some other type of return or interest created through the DeFi service. This allows bad actors to receive profits from their illicit funds without directly accessing them.
The report’s highlights
The report highlighted that inadequate AML/CFT controls and other deficiencies in DeFi services “facilitate the theft of funds.” Brian Nelson, the undersecretary of the Treasury for Terrorism and Financial Intelligence, pointed out that illicit actors, including criminals, scammers, and North Korean cyber actors, were utilizing DeFi services to launder illicit funds. To reap the potential benefits of DeFi services, addressing these risks is necessary.
However, the Treasury reaffirmed that most instances of money laundering, terrorist financing, and proliferation financing still took place using fiat currency or outside the digital asset ecosystem.
Officials recommended increasing regulatory supervision of AML/CFT for platforms offering DeFi services, providing guidance to DeFi platforms on AML/CFT, and addressing regulatory gaps.
The evaluation was conducted in compliance with an executive order on digital assets signed by President Joe Biden in March 2022. In response to the order, various U.S. government agencies have started examining the potential implications of different aspects of the digital asset space on the country’s financial system and payment infrastructure.
According to a blog post by a pseudonymous Bitcoin app developer called 0xB10C, a mysterious entity has allegedly been gathering the IP addresses of BTC users since March 2018. The entity has reportedly used 812 different IP addresses to conceal its identity while collecting data.
This activity violates the users’ privacy as the entity is said to be linking the IP addresses to their BTC addresses. Over the past few years, Bitcoin node operators have reported the entity’s IP addresses in several public posts.
0xB10C, the developer behind Bitcoin analytics websites such as Mempool.observer and Transactionfee.info, has previously received a Bitcoin developer grant from Brink.dev. In a recent blog post, 0xB10C revealed an entity that they have named “LinkingLion,” due to the IP addresses associated with it passing through LionLink network’s colocation data center. However, 0xB10C noted that ARIN and RIPE registry information suggests that LionLink may not be the originator of the messages.
LinkingLion reportedly uses 812 different IP addresses to establish connections with Bitcoin full nodes that are visible on the network, and then asks which version of the Bitcoin software they are using. However, the entity often closes its connection without responding, despite the node’s compliance with the request, occurring approximately 85% of the time.
The recent blog post suggests that the mysterious entity may be attempting to determine if a particular Bitcoin node can be reached at a specific IP address. While this behavior may not be alarming on its own, what the entity does the other 15% of the time is what raises concerns. The post by 0xB10C indicates that during this 15% of the time, the entity does not immediately terminate the connection. Instead, it listens for inventory messages containing transactions or requests for an address and then listens for both inventory and address messages before closing the connection within 10 minutes.
Although this behavior is typical of a node updating its copy of the blockchain, LinkingLion never requests blocks or transactions, suggesting that the entity has an ulterior motive for gathering this information.
Tracking the IP address of a specific Bitcoin address
As per 0xB10C’s blog post, LinkingLion might be keeping track of transaction timing to identify the node that received a transaction first, allowing the entity to associate an IP address with a specific Bitcoin address. The developer explained that nodes that complete the version handshake and remain connected obtain knowledge of the node’s inventory, including blocks and transactions. The timing information of when a node announces new inventory is particularly relevant, as the entity may learn about a new wallet transaction from that node first. Given its connections to several listening nodes, the entity can utilize this information to link broadcast transactions with their corresponding IP addresses.
To counteract the potential invasion of privacy caused by LinkingLion, 0xB10C has created an open-source ban list that nodes can utilize to block connections from the entity. However, the developer cautioned that the entity could bypass this ban list by altering the IP addresses it employs to connect. 0xB10C believes that the only long-term solution to the issue is to change the transaction logic in Bitcoin Core, which developers have struggled to achieve thus far.
During a conversation with Cointelegraph, 0xB10C noted that this vulnerability could impact not just users running their own nodes but also users who depend on a third-party server through a wallet such as Electrum or Mycelium. As a result, the privacy of a large number of BTC users is potentially at risk.
According to 0xB10C, when using an Electrum wallet, users connect to a remote Electrum server and communicate information such as which addresses they are interested in and details of their transactions, all of which can be associated with their IP address if they don’t use Tor or a similar tool to protect their privacy. The developer further explained that LinkingLion could operate public Electrum servers and entice users to connect to them, potentially allowing the entity to obtain users’ IP addresses and associated transaction data. As a result, it has been suggested that running an Electrum server connected to one’s node is a safer option.
The issue of privacy has been a persistent concern among Bitcoin and other cryptocurrency users. While Bitcoin addresses are pseudonymous, the entire transaction history associated with them is publicly available. Notably, Breeze Wallet has sought to enhance privacy on the network by utilizing cryptographic puzzles and off-chain transactions. Despite these efforts, Bitcoin educator Andreas Antonopoulos has argued that Bitcoin may never be fully private.
Recently, the Montana Senate passed a bill that aims to safeguard the interests of crypto miners operating within the state.
The proposed law is currently being reviewed by the Montana House of Representatives and seeks to eliminate discriminatory regulations that could hamper their mining operations, both for individuals and commercial entities.
The bill seeks to exempt digital assets used as payment from taxes, and allow home crypto mining that uses less than 1 megawatt of energy annually, except when it violates existing noise bylaws.
The proposed pro-crypto mining bill in Montana aims to remove any energy rate classification that hinders home crypto mining and digital asset businesses. Lobbyists and crypto companies have been working together for years to establish crypto-friendly laws in the state. Montana has high wind energy potential, but remote wind projects struggle due to the need for long transmission lines. However, the bill can be an early buyer of that power and help to bring customers (Bitcoin miners) to the state. There is a misconception that mining is bad for the grid or the environment is holding back the crypto-mining industry in the United States, despite it being a powerful tool for balancing the grid and cleaning up the environment.
Regulatory policies also fail to consider the positive aspect of this process. One of these would be the grid balancing concept.
Crypto mining is best suited for states with grid-balancing programs. These programs pay participants to lower their power consumption during times of high power prices or low supply. Miners can easily reduce their power consumption at any hour of the day, making them ideal participants in such programs.
What is the Montana pro-crypto bill?
The proposed bill seeks to establish a “right to mine digital assets” in Montana and prevent discriminatory electricity rates for crypto miners. The bill also protects “home” mining and removes local government’s power to use zoning laws to prohibit crypto mining operations.
Additionally, the bill prohibits extra taxes on the use of crypto as a payment method and categorizes digital assets as personal property, similar to stocks and bonds. The Montana Senate passed the bill on Feb. 23 with 37 for and 13 against, and it will now be presented to the House for approval. Finally, the bill will require the signature of Governor Greg Gianforte to become law, who may choose to veto it.
How Montana Could Benefit from Pro-Crypto Mining Bill
Proponents of the bill anticipate that Montana can attract mining companies by updating legislation, which will, directly and indirectly, boost the region’s economy.
Montana State Senator Daniel Zolnikov, the primary advocate of the bill, believes that Montana has a lot to gain by embracing the digital asset industry.
By permitting unrestricted crypto mining operations, Montana can potentially attract more businesses and investments from the cryptocurrency sector, creating jobs in rural communities.
Senator Zolnikov hopes that this move will signal to the larger digital asset industry that Montana welcomes their innovation and new companies into the state.
Sustainability Concerns Surrounding Montana’s Pro-Crypto Mining Bill
Despite optimism about the potential benefits of crypto mining, some are concerned about the impact on small towns and communities.
Colin Read, former mayor of Plattsburgh, New York, and SUNY economics professor, pointed out that mining companies often fail to deliver on their promises of job creation.
Additionally, an influx of crypto mining companies could cause energy and sustainability challenges, as seen in New York, which experienced skyrocketing retail energy rates due to increased demand.
As a result, the New York Public Service Commission introduced steeper energy tariffs for crypto miners to mitigate the issue.
Similar challenges have arisen in Texas, where crypto mining businesses have set up operations, leading to power grid overloading during extreme weather conditions.
In Montana, Missoula County has implemented requirements for crypto mining firms to either consume or generate enough renewable energy to cover 100% of their operations, responding to concerns about power consumption and pollution. These sustainability concerns underscore the importance of balancing the potential economic benefits of pro-crypto mining legislation with sustainable energy practices.
Montana’s weather conditions, including summer heat rising above 100 degrees Fahrenheit (38 Celsius) and sub-zero temperatures in winter, contribute to the state’s high per capita energy consumption rate. Due to environmental concerns surrounding the environmental impact of crypto mining, several American states have implemented laws limiting energy-intensive activities, such as placing caps on energy usage or restricting energy sources.
For instance, New York recently imposed a temporary ban on mining firms using non-renewable energy sources to reduce the state’s carbon footprint. Montana may face similar sustainability challenges if its pro-crypto mining bill is passed.
Senator Zolnikov addressed these concerns, stating that Montana already has an attractive energy mix for digital asset mining and that the bill aims to provide legal certainty for long-term operations. Montana has access to geothermal, wind, solar, and hydro energy sources, including the Missouri River and its tributaries, which are used to generate hydroelectric energy.
Will the pro-crypto bill pass?
Montana’s pro-crypto mining bill aims to attract more cryptocurrency mining businesses to the state, potentially bringing positive transformations. However, the bill’s approval could lead to initial sustainability challenges related to eco-friendly and sustainable energy.
While Montana presently has both renewable and non-renewable energy sources, the state’s response to emerging changes in the wake of the pro-crypto mining legislation will be crucial. Balancing economic benefits with sustainable energy practices will be a delicate balancing act for Montana.
Euler Finance fell victim to a flash loan attack that resulted in the loss of more than $195 million in stablecoins and ERC-20 tokens.
On March 13, Euler Finance, a noncustodial lending protocol based on Ethereum, was hit by a flash loan attack. This resulted in the theft of millions of dollars in Dai (DAI), USD Coin (USDC), staked Ether (stETH), and wrapped Bitcoin (wBTC). As per the latest update from on-chain data, the attacker carried out multiple transactions and was able to steal almost $196 million, making it the largest hack of 2023 thus far.
The funds stolen include the following:
DAI (8,877,507.35)
wBTC (849.14)
stETH (73,821.42)
USDC (34,413,863.42)
stETH (3,897.50)
stETH (8,099.30)
As per findings by the crypto analytic company Meta Seluth, the recent attack appears to be linked to the deflation attack that occurred a month ago. The attacker leveraged a multichain bridge to transfer the funds from BNB Smart Chain (BSC) to Ethereum and executed the attack today.
This DeFi attack on Euler Finance is one of the most significant hacks of 2023 thus far.
Movement of funds from Euler Finance. Source: Meta Seluth
ZachXBT, another well-known on-chain investigator, confirmed the correlation and stated that the attack’s fund movement and approach bear striking similarities to those of bad actors who recently targeted a BSC-based protocol.
In the previous attack, the attackers deposited the funds into Tornado Cash, a cryptocurrency mixer. Presently, the illicitly obtained funds are residing in the following hacker-controlled addresses:
0xebc29199c817dc47ba12e3f86102564d640cbf99 (Contract) – 8,877,507.34 DAI
0xb2698c2d99ad2c302a95a8db26b08d17a77cedd4 – 8,080.97 ETH
0xb66cd966670d962c227b3eaba30a872dbfb995db – 88,752.69 ETH & 34,186,225.91 DAI
Euler Finance has acknowledged the exploitation and reported that they are working closely with security experts and law enforcement agencies to address the matter.
According to Slowmist, a blockchain security firm that conducted an in-depth analysis of the attack, the attacker utilized flash loans to deposit funds and then proceeded to trigger liquidation by leveraging them twice. After donating the funds to the reserved address, the exploiter performed a self-liquidation to obtain any remaining assets.
The exploit’s success can be attributed to two key factors. Firstly, the funds were donated to the reserved address without undergoing a liquidity check, resulting in a soft liquidation. Secondly, the soft liquidation logic was activated by high leverage, allowing the liquidator to acquire most of the collateral funds from the liquidated user’s account by only transferring a portion of the liabilities to themselves.
The entire process occurred within a single transaction (one per pool) using flash loans obtained from AAVE.
It seems that one of the smart contracts in Euler has a glitch where it fails to verify the health factor during the execution of the donateToReservers() function. As a result, the attacker could liquidate their position from the protocol, repay the flash loan, and generate a substantial profit.
In a funding round last year, Euler Finance secured $32 million in investments from notable entities such as FTX, Coinbase, Jump, Jane Street, and Uniswap. Euler Finance garnered significant attention for its liquid staking derivatives (LSDs) offerings, which enable stakers to unlock liquidity for staked cryptocurrencies like Ether and potentially increase their returns. LSDs are a relatively new type of token, and they now account for up to 20% of the total value locked in decentralized finance protocols.
Today the Euler Foundation is launching a $1M reward in the hope that this provides additional incentive for information that leads to the Euler protocol attacker’s arrest and the return of all funds extracted by the attacker.
Movement of funds from Euler Finance. Source: Meta Seluth