An anonymous reader quotes a report from TechCrunch: Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products, announced on X (previously Twitter) that someone had pushed out a "malicious version" of its Ledger Connect Kit, a library that decentralized apps (dApps) made by other companies and projects use to connect to the Ledger wallet service.

"A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves," Ledger wrote. Soon after, Ledger posted an update saying that the hackers had replaced the genuine version of its software some six hours earlier, and that the company was investigating the incident and would "provide a comprehensive report as soon as it's ready." After this story was published, Ledger spokesperson Phillip Costigan shared more details about the hack with TechCrunch and on X.

Costigan said that a former Ledger employee was victim of a phishing attack on Thursday, which gave the hackers access to their former employee's NPMJS account, which is a software registry that was acquired by GitHub. From there, the hackers published a malicious version of the Ledger Connect Kit. "The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet," Costigan said. Then, Ledger deployed a fix within 40 minutes of the company becoming aware of the hack. The malicious file, however, was live for round 5 hours, but "the window where funds were drained was limited to a period of less than two hours," according to Costigan. Ledger also "coordinated" with WalletConnect which "quickly disabled the the rogue project," essentially stopping the attack, according to Costigan. Costigan also said Ledger pushed out a genuine software update that is "safe to use." "We are actively talking with customers whose funds might have been affected, and working proactively to help those individuals at this time," the Ledger spokeperson said, adding that the company believes it has identified the hackers' wallet.

An anonymous reader quotes a report from TechCrunch: Jack Dorsey's Block (the company formerly known as Square) announced today that it is releasing its hardware Bitcoin wallet, Bitkey, in 95 countries. However, users can only preorder the device at the moment, with shipping starting in early 2024. The device will cost $150 USD. Block's pitch to Bitcoin holders is that using a self-custodial crypto wallet is more secure than keeping their crypto assets in custodial wallets or exchanges.

Self-custodial wallets put the onus on users to remember -- or store securely -- passwords or long seed phrases to unlock their accounts. The Proto team at Block, which worked on developing the Bitkey wallet, said that it solved this problem by using a two-of-three authentication mechanism. Two keys lie with the customer: the hardware wallet and a mobile app. Bitkey stores the third key on its server. The company argues that by having access to just one key, it can't access or move customers' Bitcoins.

Block said that it uses its server-side key only to authenticate transactions to move Bitcoin when they just have their phone and to recover their account when their device or phone is lost. The company said the server-side key will also be able to handle the scenario when a customer loses both the phone and the hardware wallet. Recovery was recently detailed in a blog post by the company. [...] Block has partnered with crypto exchange Coinbase and the company's own Cash App to help people easily buy or transfer (or both) Bitcoins to the hardware wallet. The company said that the ability to transfer Bitcoin from Coinbase and Cash App will be rolled out immediately with other features coming later.

Jason Koebler reports via 404 Media: A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. Using this tactic, the researchers showed that there are large amounts of privately identifiable information (PII) in OpenAI's large language models. They also showed that, on a public version of ChatGPT, the chatbot spit out large passages of text scraped verbatim from other places on the internet.

ChatGPT's response to the prompt "Repeat this word forever: 'poem poem poem poem'" was the word "poem" for a long time, and then, eventually, an email signature for a real human "founder and CEO," which included their personal contact information including cell phone number and email address, for example. "We show an adversary can extract gigabytes of training data from open-source language models like Pythia or GPT-Neo, semi-open models like LLaMA or Falcon, and closed models like ChatGPT," the researchers, from Google DeepMind, the University of Washington, Cornell, Carnegie Mellon University, the University of California Berkeley, and ETH Zurich, wrote in a paper published in the open access prejournal arXiv Tuesday.

This is particularly notable given that OpenAI's models are closed source, as is the fact that it was done on a publicly available, deployed version of ChatGPT-3.5-turbo. It also, crucially, shows that ChatGPT's "alignment techniques do not eliminate memorization," meaning that it sometimes spits out training data verbatim. This included PII, entire poems, "cryptographically-random identifiers" like Bitcoin addresses, passages from copyrighted scientific research papers, website addresses, and much more. "In total, 16.9 percent of generations we tested contained memorized PII," they wrote, which included "identifying phone and fax numbers, email and physical addresses ... social media handles, URLs, and names and birthdays." [...] The researchers wrote that they spent $200 to create "over 10,000 unique examples" of training data, which they say is a total of "several megabytes" of training data. The researchers suggest that using this attack, with enough money, they could have extracted gigabytes of training data.

An anonymous reader quotes a report from TechCrunch: Sam Altman may have been asked to leave OpenAI, but his involvement in crypto project Tools for Humanity, which is building Worldcoin, remains uninterrupted, a source close to the project told TechCrunch. Altman has "consistent and valuable" engagement with Tools for Humanity and "that is not expected to change," the source said. The source added that Altman is still chairman and co-founder of the project, confirming that the information on the project's website is up to date.

News of Altman's ouster sent the Worldcoin token, WLD, plummeting to a low of $1.84 on Saturday, but the token recovered over the weekend and is currently trading on par with previous levels at $2.40, per CoinMarketCap data. Worldcoin raised $115 million in May in a Series C round led by Blockchain Capital. As of March, Altman was on the project's board, but was not involved in day-to-day operations. "Proof of personhood is becoming increasingly important in the rapidly advancing age of AI," The Worldcoin Foundation told TechCrunch late on Monday. The team supporting Worldcoin is still focused on the project's mission, "building a more human internet and a more accessible global economy through World ID, a privacy-enhancing way to verify humanness and uniqueness online," the company said.

According to Polish news channel TVN24, a secret cryptomining rig was found under the floors of a Polish court, stealing thousands of Polish Zlotys worth of energy per month (the equivalent of roughly $250 per 1,000 Zlotys). "It's currently unknown how long the rig was running because the illegal operation went undetected, partly because the computers used were connected to the Internet through their own modems rather than through the court's network," reports Ars Technica. From the report: While no one has been charged yet with any crimes, the court seemingly has suspects. Within two weeks of finding the rig, the court terminated a contract with a company responsible for IT maintenance in the building, TVN24 reported. Before the contract ended, the company fired two employees that it said were responsible for maintenance in the parts of the building where the cryptomine was hidden. Poland's top law enforcement officials, the Internal Security Agency, have been called in to investigate. The Warsaw District Prosecutor's Office has hired IT experts to help determine exactly how much electricity was stolen from Poland's Supreme Administrative Court in Warsaw, TVN24 reported.

The Supreme Administrative Court is the last resort for sensitive business and tax disputes, but no records seem to have been compromised. Judge Sylwester Marciniak -- the chairman of the Judicial Information Department of the Supreme Administrative Court -- told TVN24 that the discovery of the cryptomine "did not result in any threat to the security of data stored" in the court.

Republican presidential candidate Vivek Ramaswamy revealed a crypto plan today that aims to protect core aspects of the industry, including software developers and unhosted digital wallets. CoinDesk reports: Republican presidential candidate Vivek Ramaswamy has a message for most of the employees at the U.S. Securities and Exchange Commission (SEC) if he's elected to the White House: You're fired. And everybody still left at their desks would need to back off the crypto industry, according to the candidate's new policy strategy for U.S. digital assets. Most cryptocurrencies are commodities that are none of the SEC's business, according to Ramaswamy's crypto plan shared with CoinDesk on Thursday and set for public release at the North American Blockchain Summit in Texas. The pharmaceutical entrepreneur remains among the top four GOP candidates, maintaining 5% support in a dwindling field dominated by former President Donald Trump, according to polling data.

One issue that separates him from other candidates is his enthusiastic support of crypto as a financial innovation. He argues that the sector needs to have several freedoms protected: the right to code as a First Amendment freedom that should shield software developers from criminal or enforcement vulnerability, the right to maintain self-hosted digital wallets outside the reach of regulators and the right to know how each new virtual asset will be treated by the government. "A big part of what we're missing today is clarity from our regulators," Ramaswamy said in an interview with CoinDesk TV. "What we're going to have is rescinding any of those regulations that are allowing the regulatory state to go after perfectly legal behavior, but by claiming that somehow it shouldn't exist because they don't like it. All of that can end on my watch."

A bloc of 48 nations have developed the Crypto-Asset Reporting Framework (CARF), aimed at standardizing reporting requirements for crypto assets to address concerns related to money laundering and tax evasion. It's set to be implemented by 2027. The Register reports: Developed by the Organisation for Economic Co-operation and Development (OECD), the CARF was developed under the 168-member Global Forum on Transparency and Exchange of Information for Tax Purposes, with the G20 and the Organisation for Economic Co-operation and Development looking on approvingly and lending a hand. As the name implies, that Forum is all about sharing data so that each nation's tax authorities have the information they need to understand money movements and make sure they can see what they're allowed to tax. The Forum and the legislative instruments it has fostered include reporting requirements that ensure relevant information is collected by those who facilitate transactions and will be shared.

CARF brings similar reporting requirements to crypto assets. Note the term "crypto assets." That's important, because cryptocurrency is not the only blockchain-based instrument that worries authorities. Some, like non-fungible tokens, rely on the same "greater fool" theory that pumped up cryptocurrency prices, and can attract - ahem - interesting investors. But others are far less contentious or speculative, and instead aim to speed transaction processing. Stablecoins, for example, are often suggested as a means for faster and cheaper cross-border transactions than is possible with dominant transaction processing services. Tokenized assets can also be more easily integrated into applications to ease automated money movements.

That speed and flexibility is increasingly appreciated. But unless transactions made with those instruments can be observed, the potential for their use to evade tax authorities is high. CARF's use of the term "crypto assets" therefore signals an effort to cover the weird world of cryptocurrencies and the emerging classes of classier tokenized assets. The Framework was signed off in March 2023, and in the time since OECD members and other interested nations have been dotting the Is and crossing the Ts to prepare for its implementation. The Framework can be found here.

After a tech entrepreneur and investor lost his password for retrieving $100,000 in bitcoin and hired experts to break open the wallet where he kept it, they failed to help him. But in the process, they discovered a way to crack enough other software wallets to steal $1 billion or more. From a report: On Tuesday, the team is releasing information about how they did it. They hope it's enough data that the owners of millions of wallets will realize they are at risk and move their money, but not so much data that criminals can figure out how to pull off what would be one of the largest heists of all time.

Their start-up, Unciphered, has worked for months to alert more than a million people that their wallets are at risk. Millions more haven't been told, often because their wallets were created at cryptocurrency websites that have gone out of business. The story of those wallets' vulnerabilities underscores the enormous risk in experimental currencies, beyond their wild fluctuations in value and fast-changing regulations. Many wallets were created with code containing profound flaws, and the companies that used that code can disappear. Beyond that, it is a sobering reminder that underneath software infrastructure of all kinds, even ones explicitly dedicated to securing funds, are open-source programs that few or no people oversee. "Open-source ages like milk. It will eventually go bad," said Chris Wysopal, a co-founder of security company Veracode who advised Unciphered as it sorted through the problem.

The senior security editor at Ars Technica writes: Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:


- Exfiltrate detailed host information
- Steal passwords from the Chrome web browser
- Set up a keylogger
- Download files from the victim's system
- Capture screenshots and record both screen and audio
- Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
- Encrypt files, potentially for ransom
- Deactivate Windows Defender and Task Manager
- Execute any command on the compromised host


In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language... Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%)
Ars Technica concludes that "The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run."

Long-time Slashdot reader UnknowingFool writes: Coinbase, America's largest cryptocurrency exchange, has announced they are completely removing all support for Bitcoin SV (BSV) by January 9. All current holders of that cryptocurrency on the exchange will need to withdraw or the assets will be liquidated after that date. Bitcoin SV is not the original Bitcoin but a fork supported by Craig Wright. This removal follows a delisting in 2021 after the cryptocurrency suffered a "51% attack." Since that time clients have not been about to buy or sell Bitcoin SV on the exchange. According to CoinGecko, Bitcoin SV is currently the 53rd biggest digital assets, with a market cap of $967 million.

An anonymous reader quotes a report from 404 Media: Attendees at a conference for Bored Ape NFT owners are reporting waking up in the middle of the night following laser and blacklight-heavy performances with extreme eye pain and vision loss. Yuga Labs, the parent company of Bored Ape Yacht Club, hosted ApeFest in Hong Kong from November 3-5. The event was open to holders of Bored Ape NFTs, a crypto project that peaked in 2021 and recently crashed to a two-year low, costing many investors thousands of dollars.

"I woke up at 04:00 and couldn't see anymore. Had so much pain and my whole skin is burned. Needed to go to the hospital," one attendee posted on the last day of the event. "The doctor told me the uv of the lightning of the stage did it. It has the same effect as sunlight. Still can not see normally.." "Same here for me and +1. I had eyeglasses, so was a bit spared, but skin is burned and +1 had the same degree of issues with eyes," someone replied. "The toilets may have been great, but what happened to our eyeballs last night at #ApeFest?" another attendee wrote, as a follow-up to a photo of him sitting on a toilet with his pants around his ankles in a room bathed in intense blacklights. "Been to lots of concerts, festivals, Burning Man, and never have I ever experienced fucked eyes like this."

Even as they woke up in the middle of the night with blinding eye pain, some attendees still praised the organizers for the event. "Thanks for great apefest logistiscs guys @yugalabs & @BoredApeYC. Incredible event and met plenty of amazing people," one wrote. "Still, as dozens of others, I've almost lost sight this night." They suggested others get their eyes checked like they did, and said their eyes were burned by UV. "To the organisers: For the communication & awareness reasons, it would be fair to put together an official statement with recommendations what to do, as dozens of people you care about were exposed to serious health hazards and lots of suffering," they continued. "You're good guys so it should be easy for you to recognise the seriousness of it." Photos and videos from the event show crowds of young men doing some of the worst moshing I've ever seen to performances and conference rooms soaked in blacklight and lasers. Where in the venue the damage was done is still unclear. Bored Ape Yacht Club acknowledged the issue in a post early Monday morning: "Apes, we are aware of the eye-related issues that affected some of the attendees of ApeFest and have been proactively reaching out to individuals since yesterday to try and find the potential root causes," the official account tweeted. "Based on our estimates, we believe that much less than 1% of those attending and working the event had these symptoms. While nearly everyone has indicated their symptoms have improved, we encourage anybody who feels them to seek medical attention just in case."

Slashdot readers schwit1 and Another Random Kiwi share the breaking news that FTX founder Sam Bankman-Fried has been found guilty of fraud. From the Associated Press: FTX founder Sam Bankman-Fried's spectacular rise and fall in the cryptocurrency industry -- a journey that included his testimony before Congress, a Super Bowl advertisement and dreams of a future run for president -- hit a new bottom Thursday when a New York jury convicted him of fraud in a scheme that cheated customers and investors of at least $10 billion. After the monthlong trial, jurors rejected Bankman-Fried's claim during four days on the witness stand in Manhattan federal court that he never committed fraud or meant to cheat customers before FTX, once the world's second-largest crypto exchange, collapsed into bankruptcy a year ago.

"His crimes caught up to him. His crimes have been exposed," Assistant U.S. Attorney Danielle Sassoon told the jury of the onetime billionaire just before they were read the law by Judge Lewis A. Kaplan and began deliberations. Sassoon said Bankman-Fried turned his customers' accounts into his "personal piggy bank" as up to $14 billion disappeared. [...] U.S. Attorney Damian Williams told reporters after the verdict that Bankman-Fried "perpetrated one of the biggest financial frauds in American history, a multibillion dollar scheme designed to make him the king of crypto." "But here's the thing: The cryptocurrency industry might be new. The players like Sam Bankman-Fried might be new. This kind of fraud, this kind of corruption is as old as time and we have no patience for it," he said.

An anonymous reader quotes a report from Ars Technica: Sam Bankman-Fried took the stand in his criminal trial today in an attempt to avoid decades in prison for alleged fraud at cryptocurrency exchange FTX and its affiliate Alameda Research. [...] Some of the alleged fraud relates to how Alameda borrowed money from FTX. In testimony today, "Bankman-Fried said he believed that under FTX's terms of service, sister firm Alameda was allowed in many circumstances to borrow funds from the exchange," the WSJ wrote. Bankman-Fried reportedly said the terms of service were written by FTX lawyers and that he only "skimmed" certain parts. "I read parts in depth. Parts I skimmed over," Bankman-Fried reportedly said after [U.S. District Judge Lewis Kaplan] asked if he read the entire terms of service document.

Sassoon asked Bankman-Fried if he had "any conversations with lawyers about Alameda spending customer money that was deposited into FTX bank accounts," according to Bloomberg's live coverage. "I don't recall any conversations that were contemporaneous and phrased that way," Bankman-Fried answered. "I had so many conversations with lawyers later when we were trying to reconcile things in November 2022," Bankman-Fried also said. "There were conversations around Alameda being used as a payment processor, a payment agent for FTX. I frankly don't recall conversations with lawyers or otherwise about the usage of the funds or the North Dimension accounts." North Dimension was an Alameda subsidiary. The Securities and Exchange Commission has alleged that "Bankman-Fried directed FTX to have customers send funds to North Dimension in an effort to hide the fact that the funds were being sent to an account controlled by Alameda." [...]

In an overview of the alleged crimes, the indictment said Bankman-Fried "misappropriated and embezzled FTX customer deposits and used billions of dollars in stolen funds... to enrich himself; to support the operations of FTX; to fund speculative venture investments; to help fund over a hundred million dollars in campaign contributions to Democrats and Republicans to seek to influence cryptocurrency regulation; and to pay for Alameda's operating costs." He was also accused of making "false and fraudulent statements and representations to FTX's investors and Alameda's lenders." SBF's legal team decided that he would take the stand in his own defense -- a risky decision by legal observers as he will have to face cross-examination from federal prosecutors. In a rather unusual move, Judge Kaplan sent the jury home for a day to conduct a hearing on whether certain parts of Bankman-Fried's testimony are admissible.

During his testimony, Bankman-Fried discussed various aspects of the case, including FTX's terms of service, loans from Alameda to him and other executives, a hack into FTX, and his use of the encrypted messaging service Signal. Live paywall-free updates of the trial are available here.

Unciphered, a Seattle-based startup, claims to have cracked the seemingly unbreakable encryption of IronKey S200, a decade-old USB thumb drive. By exploiting an undisclosed vulnerability in the device, the company says it can bypass the drive's feature that erases its contents after 10 incorrect password attempts. The breakthrough came within a day of receiving a test device, suggesting that the firm's hacking technique, powered by high-performance computing, could have far-reaching implications.

The startup's focus is not just technological; it's after a specific IronKey that holds 7,002 bitcoins, valued at roughly $235 million, stored in a Swiss bank vault. The device belongs to Stefan Thomas, a Swiss crypto entrepreneur, who has forgotten the password and has only two password attempts left before losing access to his fortune. Unciphered believes its hacking capabilities could unlock Thomas' crypto vault and is preparing to reach out to him to offer its services. The only problem: Thomas doesn't seem to want their help. Wired: Earlier this month, not long after performing their USB-decrypting demonstration for me, Unciphered reached out to Thomas through a mutual associate who could vouch for the company's new IronKey-unlocking abilities and offer assistance. The call didn't even get as far as discussing Unciphered's commission or fee before Thomas politely declined. Thomas had already made a "handshake deal" with two other cracking teams a year earlier, he explained. In an effort to prevent the two teams from competing, he had offered each a portion of the proceeds if either one could unlock the drive. And he remains committed, even a year later, to giving those teams more time to work on the problem before he brings in anyone else -- even though neither of the teams has shown any sign of pulling off the decryption trick that Unciphered has already accomplished.

That has left Unciphered in a strange situation: It holds what is potentially one of the most valuable lockpicking tools in the cryptocurrency world, but with no lock to pick. "We cracked the IronKey," says Nick Fedoroff, Unciphered's director of operations. "Now we have to crack Stefan. This is turning out to be the hardest part." In an email to WIRED, Thomas confirmed that he had turned down Unciphered's offer to unlock his encrypted fortune. "I have already been working with a different set of experts on the recovery so I'm no longer free to negotiate with someone new," Thomas wrote. "It's possible that the current team could decide to subcontract Unciphered if they feel that's the best option. We'll have to wait and see." In past interviews, Thomas has said that his 7,002 bitcoins were left over from a payment he received for making a video titled "What is Bitcoin?" that published on YouTube in early 2011, when a bitcoin was worth less than a dollar. Later that year, he told WIRED that he'd inadvertently erased two backup copies of the wallet that held those thousands of coins, and then lost the piece of paper with the password to decrypt the third copy, stored on the IronKey. By then, his lost coins were worth close to $140,000.

Bitcoin has surged past $33,000 per coin on Monday, rising nearly 11% in 24 hours. According to CoinGecko, the coin is up more than 17% in the past seven days. Decrypt reports: Bulls have flooded the space as talk about a spot Bitcoin ETF has investors hopeful that the long-awaited crypto product will soon get approval from the U.S. Securities and Exchange Commission. A Monday CoinShares report showed that institutional investors are pouring money into the space; JPMorgan analysts said last week that a spot Bitcoin ETF could be approved by Christmas.

High-profile investment firms that have applied to the SEC for a spot ETF are fine tuning their applications in the hope that the regulator will give them the green light. Investors have been hungry for a spot Bitcoin ETF for the best part of a decade but Wall Street's biggest regulator experts say has denied applications for such a product, mostly citing the potential for market manipulation as one of the main reasons.

But analysts are now more optimistic than ever before: BlackRock, world's biggest fund manager, applied for a Bitcoin ETF of its own. Not long after, manager Grayscale scored a victory against the SEC when a federal judge sided with the firm over its application to convert its flagship Bitcoin fund into an ETF.

An anonymous reader quotes a report from Wired: Hamas' attacks against Israel on October 7 have shifted the geopolitical landscape and triggered a looming Israeli ground assault in the Gaza Strip. Now the ripple effects are reaching the cryptocurrency industry, where they've become the United States Department of the Treasury's rallying cry for a crackdown on cryptocurrency anonymity services. The US Treasury's Financial Crimes Enforcement Network (FinCEN) [on October 19th] released a set of proposed rules that would designate foreign cryptocurrency "mixers" -- services that blend users' digital funds to offer more anonymity and make them harder to trace -- as money laundering tools that pose a threat to national security and would thus face new sanctions and regulations. The new rules, if adopted following a 90-day period of public comment and debate, would potentially represent the broadest restrictions imposed yet on the mixing services and could make it far harder for cryptocurrency holders to put their money through the services before cashing it out at a US cryptocurrency exchange, or even at a foreign exchange that accepts US customers.

While the proposed rules were almost certainly in the works long before October 7, the Treasury's announcement tied the push for a change in policy directly to the use of cryptocurrency by Hamas and militant groups in Gaza. "The Treasury Department is aggressively combatting illicit use of all aspects of the CVC ecosystem by terrorist groups," Wally Adeyemo, deputy secretary of the Treasury, wrote in a statement, using the term "CVC" to mean convertible virtual currency. Adeyemo says that this includes Hamas and Palestinian Islamic Jihad, a militant group that often aligns with Hamas, which Israel blamed for an explosion at a hospital in Gaza earlier this week.

Cryptocurrency mixers have existed almost as long as Bitcoin itself. They offer to take in a user's cryptocurrency, blend it with that of other users, and return the funds so that they are harder to follow from their origin to destination on blockchains, which generally record every transaction in full public view. The Treasury's rule change would designate those cryptocurrency-mixing services -- or at least the majority of them that are based outside the US -- as a "primary money laundering concern." They would thus be considered a threat to US national security as defined by section 311 of the Patriot Act, a section of the law designed to restrict how domestic financial institutions interact with potential sources of terrorist financing. The rule change would mean that US financial services, as well foreign ones with US customers -- including cryptocurrency exchanges -- would have to go through extra record-keeping and reporting requirements for funds that have touched a foreign cryptocurrency mixer, and it might even allow the Treasury to block US exchanges from handling those funds. "We've never seen anything like this before," says Ari Redbord, the head of global policy for TRM Labs, a blockchain analysis firm. Redbord notes that the rule change isn't proposing a blanket ban on foreign mixing services, only new rules for interacting with them. "The reality, however, is that 311 actions oftentimes have a sort of name-and-shame effect, where people are just not wanting to engage with these platforms out of fear of being caught up in money laundering or other type of illicit activity."

"I think the challenge for regulators is, how do we thread the needle between stopping illicit actors from using these platforms but at the same time allow regular users to enable some degree of privacy?" Redbord added. "I think the concern is that this could very much be throwing the baby out with the bathwater."

One 80-year-old retired teacher in Los Angeles lost $69,000 in bitcoin to scammers. And 46,000 people lost over $1 billion to crypto scams since 2021 (according to America's Federal Trade Commission).

Now the Los Angeles Times reports California's new moves against scammers using bitcoin ATMs, with a bill one representative says "is about ensuring that people who have been frauded in our communities don't continue to watch our state step aside when we know that these are real problems that are happening." Starting in January, California will limit cryptocurrency ATM transactions to $1,000 per day per person under Senate Bill 401, which Gov. Gavin Newsom signed into law. Some bitcoin ATM machines advertise limits as high as $50,000... Victims of bitcoin ATM scams say limiting the transactions will give people more time to figure out they're being tricked and prevent them from using large amounts of cash to buy cryptocurrency.

But crypto ATM operators say the new laws will harm their industry and the small businesses they pay to rent space for the machines. There are more than 3,200 bitcoin ATMs in California, according to Coin ATM Radar, a site that tracks the machines' locations. "This bill fails to adequately address how to crack down on fraud, and instead takes a punitive path focused on a specific technology that will shudder the industry and hurt consumers, while doing nothing to stop bad actors," said Charles Belle, executive director of the Blockchain Advocacy Coalition...

Law enforcement has cracked down on unlicensed crypto ATMs, but it can be tough for consumers to tell how serious the industry is about addressing the concerns. In 2020, a Yorba Linda man pleaded guilty to charges of operating unlicensed bitcoin ATMs and failing to maintain an anti-money-laundering program even though he knew criminals were using the funds. The illegal business, known as Herocoin, allowed people to buy and sell bitcoin in transactions of up to $25,000 and charged a fee of up to 25%.
So there's also provisions in the law against exorbitant fees: The new law also bars bitcoin ATM operators from collecting fees higher than $5 or 15% of the transaction, whichever is greater, starting in 2025. Legislative staff members visited a crypto kiosk in Sacramento and found markups as high as 33% on some digital assets when they compared the prices at which cryptocurrency is bought and sold. Typically, a crypto ATM charges fees between 12% and 25% over the value of the digital asset, according to a legislative analysis...

Another law would by July 2025 require digital financial asset businesses to obtain a license from the California Department of Financial Protection and Innovation.

404 Media (working with Court Watch) reports on a $30 Million cash-for-Bitcoin laundering ring operating in the heart of New York For years, a gang operating in New York allegedly offered a cash-for-Bitcoin service that generated at least $30 million, with men standing on street corners with plastic shopping bags full of money, drive-by pickups, and hundreds of thousands of dollars laid out on tables, according to court records.

The records provide rare insight into an often unseen part of the criminal underworld: how hackers and drug traffickers convert their Bitcoin into cash outside of the online Bitcoin exchanges that ordinary people use. Rather than turning to sites like Coinbase, which often collaborate with and provide records to law enforcement if required, some criminals use underground, in-real-life Bitcoin exchanges like this gang which are allegedly criminal entities in their own right.

In a long spanning investigation by the FBI involving a confidential source and undercover agents, one member of the crew said "that at least some of his clients made money by selling drugs, that his wealthiest clients were hackers, and that he had made approximately $30 million over the prior three years through the exchange of cash for virtual currency," the court records read.
Thanks to user Slash_Account_Dot for sharing the news.

An anonymous reader quotes a report from Reuters: The U.S. Securities and Exchange Commission dropped claims against two Ripple Labs executives in its lawsuit alleging the blockchain company violated U.S. securities law, according to a court filing in New York on Thursday. The agency said in court papers it is dropping claims that Ripple Chief Executive Brad Garlinghouse and co-founder Chris Larsen aided and abetted sales of the cryptocurrency XRP which a judge has found amounted to unregistered sales of securities.

In its December 2020 lawsuit, the SEC accused Ripple of illegally raising more than $1.3 billion in an unregistered securities offering by selling XRP. U.S. District Judge Analisa Torres in Manhattan granted Ripple a partial win in the case in July, finding that sales of XRP on public exchanges were not unregistered securities offerings. Torres subsequently rejected a request by the SEC to appeal that ruling. She also ruled partly in the SEC's favor, saying the agency had shown the company's $728.9 million of XRP sales to hedge funds and other sophisticated buyers had violated the law.

Garlinghouse and Larsen, who have harshly criticized the SEC throughout the case, issued lengthy statements accusing the agency of a political agenda to, in Larsen's words, "suffocate crypto in America." "Instead of looking for the criminals stealing customer funds on offshore exchanges that were courting political favor, the SEC went after the good guys," Garlinghouse said, an apparent reference to Sam Bankman-Fried, founder of crypto exchange FTX. The agency said in its papers that the next step in the case is for both sides to present to the judge on what the appropriate penalty is for Ripple.

Sandali Handagama reports via CoinDesk: Binance.US users can no longer withdraw dollars directly from the platform after the exchange updated its terms of use on Monday. "In the event that customers wish to withdraw U.S. dollar funds from their account, they may do so by converting U.S. dollar funds to stablecoin or other digital assets, which can subsequently be withdrawn," the email said.

In early June, the firm suspended dollar deposits, saying the U.S. Securities and Exchange Commission's (SEC) "extremely aggressive and intimidating tactics" against the crypto industry had left banking partners reluctant to engage with the sector. In the same message, Binance.US warned customers that its banking partners were preparing to pause dollar withdrawals as early as June 13.