2022Web3應(yīng)用安全報(bào)告

BE

OSIN

022

GlobalWeb3

SecurityReport2022

&CryptoRegulatoryComplianceResearch

CONTENTS

I.2022GlobalWeb3SecurityStatistics

01

TopTenSecurityIncidentsin2022 04

TypesofAttackedProject 07

LossbyChain 08

AttackType 09

AuditAnalysis 11

StolenFundFlow 11

RugPullsin2022 12

II.2022CryptoCrime,FinancialRiskandRegulation 13

GlobalCryptoCrimeStatisticsandCases 13

RegulatoryResponsesArisingFromFinancialRisks 14

RegulatoryComplianceinDifferentCountries&Regions 16

2023GlobalRegulatoryandPolicyOutlook 25

III.SecurityGuidelinesforWeb3Users 26

PrivateKey&SeedPhrase 26

PhishingWebsites 27

IV.Beosin's2023BlockchainSecurityIndustryOutlook 28

BeosinSecurityProduct 29

AboutBlockchainSecurityAlliance 30

AboutBeosin 30

AboutLegalDAO 30AboutBuidlerDAO 30AboutFootprintAnalytics 30

CONTACTUS 31

Preface

Astheblockchainindustryushersinanewperiodofdevelopmentin2022,varioussecurityrisksarealsoemerging.Thehighoccurrenceofblockchainsecurityincidentsthatemergeoneafteranotherhasbeenaseriouschallengetotheblockchainindustry.

FromBeosin'sstatisticsin2022,multipleprojectshavebeenhackedandthehugeeconomiclosseshaveseriouslyaffectedthesecurityandstabilityoftheblockchainecosystem.

Intermsofregulationandcompliance,thereisstillalongwaytogotoimproveandestablishtherelevantsystemofblockchainindustry,andtheinterventionofrelevantdepartmentsandeffectivepromotionofindustrypractitionersareurgentlyneeded.Thecurrentdevelopmenttrendoftheblockchainindustryisgenerallypositiveandthefuturedevelopmentpotentialispromising,butitisalsoimportanttorecognizethatthechaoticsecuritysituationandmulti-facetedsecuritychallengesurgentlyrequirethestrengthen-ingofblockchainsecurityregulationandcompliance.

Inthis'GlobalWeb3SecurityReport2022&CryptoRegulatoryComplianceResearch',wewillrecaponthetop10securityincidentsandanalyzetheglobalWeb3securitystatisticsfrommultipledimensionsinsectionone.Thesecondsectionwillintroduceglobalcryptocrimestatistics,major?nancialevents,andregulatorycomplianceindifferentcountriesorregions.Insectionthree,securityguidelinesandsolutionswillbeprovidedforweb3users.The?nalsectionisBeosin's2023outlookontheblockchainsecurityindustry.

SECURING

BLOCKCHAINECOSYSTEM

I.

2022

GlobalWeb3SecurityStatistics

Contributors:

Beosinresearchteam-Mario,Donny

Datasource(AsofDec20,2022):

work/@Beosin/Footprint-Beosin-2022-Report

I.2022GlobalWeb3SecurityStatistics

In2022,BeosinEagleEyemonitoredover167majorattacksintheWeb3space,withatotallossofapproximately$3.6billionfromalltypesofattacks,anincreaseof47.4%from2021.Ofthese,10securityincidentslostover$100millioninasingleattackandlossesof21securityincidentsrangedfrom$10millionto$100million.

Byprojecttype,the12cross-chainbridgeincidentshavecausedatotallossofapproximately$1.89billion,ranking?rstamongallprojecttypes.DeFi-typeprotocolswereattacked113times,orabout67.6%ofthetotalattacks,makingitthemostfrequentlyattackedprojecttype.

Atotalof20publicblockchainshadmajorsecurityincidentsin2022,withthetopthreebyamountlostbeingEthereum,BNBChain,andSolana;andthetopthreebynumberofattacksbeingBNBChain,Ethereum,andSolana.

Vulnerabilityexploitsrankedhighestinbothfrequencyandlossthroughouttheyear,with$1.458billionlostin87vulnerabili-tyexploits.

Ofthe167majorattacksmonitoredin2022,auditedandunauditedprotocolsaccountedforroughly50/50,at51.5%and48.5%respectively.

Approximately$1,396millionofstolenfundsweredepositedintoTornadoCashin2022,representing38.7%ofthefundslostinallattacks.Only8%ofthestolenfundswererecoveredfortheyear,oraround$289million.

01

I.2022GlobalWeb3SecurityStatistics

Globalcryptocrimesamountedto$13.76billionfortheyear2022(?nancialcrimesareexcluded),withmoneylaunderingaccountingfor$7.33billion,attacks/exploits$3.6billion,pyramidschemes$1billionandscams$830million.

Amongthescamsin2022,243Rugpullshaveinvolvedatotalamountof$425million(excludingthe$440millionFTXevent).Approximately86.4%oftheprojectruggedwithfundsintherangeof$1k-$1M.

02

I.2022GlobalWeb3SecurityStatistics

GlobalTVLshranksigni?cantlyin2022,endingtheyearwithTVLdownapproximately80%fromitspeakatthebeginningoftheyear.ThemarketwasheavilyimpactedbyaseriesofblackswaneventsrepresentedbyThreeArrowsCapital,TerraLunaandFTX.

Despiteasigni?cantshrinkageinglobalcryptomarketcap,theoverallcrime?gureforblockchainin2022stillreached$13.7billion,withasigni?cantincreaseinattackscomparedto2021.Thepast2022wasatoughyearforglobalblockchainsecurityingeneral,andwillplacehigherandmoreurgentdemandsonthesecurityindustryin2023.Combatingrampanthacking,acceleratingtheestablishmentofaglobalregulatorysystem,andbringingabouttechnologicalbreakthroughstoaddressexistingindustryshortcomings-thesewillbethekeyissuestobeconsideredandurgentlyaddressedin2023.

03

2022GlobalWeb3SecurityStatistics

TopTenSecurityIncidentsin2022

No1.RoninNetwork

Loss：$624Million AttackType：Socialengineering

On29March2022,theAxieIn?nitysidechainRoninwasattackedandapproximately$624millionincryptocurrencywasstolen.Thehackersusedthestolenprivatekeytoforgeawithdrawalcredential,whichrequiredatleast?vevalidators,andeventuallytheattackersmanagedtotakecontrolof?vevalidatorstostealthefunds.

Accordingtotheinvestigation,thehackerssentafakeofferlettertoSkyMavis'engineersbywayofsocialengineering,andthedocumentallowedthehackerstocompromiseRonin'ssystem.Aftertheattack,thestolenassetsweresenttomultipleaddressesandlaunderedinbatchesthroughTornadoCash.On20May,theRoninattackerstransferredthelastbatchoffundstoTornadoCashandallassetswerelaundered.On28June,RoninannounceditsreopeningonTwitter.

Beosinsecurityteamgavethefollowingrecommendationsforsuchcross-chainbridgeprojects:1.Payattentiontothesecurityofvalidator;2.Whenthesignatureserviceistakeno?ineintherelevantbusiness,thepolicyshouldbeupdatedintimetoclosethecorrespondingservicemodule,andthecorrespondingsignatureaddresscanbediscarded;3.Inmulti-sig-natureveri?cation,themulti-signatureserviceshouldbelogicallyisolatedfromeachother,andthesignaturecontentshouldbeveri?edindependently;4.Theprojectownershouldmonitortheabnormalsituationoffundsinrealtime.

No2.BSCTokenHub(BNBChain)

Loss:$560Million AttackType:Blockchainvulnerability

On7October2022,BNBChain'scross-chainbridgeTokenHubwashacked.Thehacker?rstpaid100BNBtoregisterasaRelayerbycallingthecontractatblockheight21955968,andthenacquiredatotalof2millionBNBfromBNBChain'sTokenHubcontract.Thehackerthenpledged900,000oftheseBNBsonBNBChain'slendingprotocolVenusandborrowedout62.5millioninBUSD,50millioninUSDT,and35millioninUSDC.

BeosinsecurityteamfoundthatduetotheBSCTokenHubusedaspecialpre-compiledcontractforvalidatingtheIAVL

treewhenperformingcross-chaintransactionveri?cation.Theimplementationisvulnerable,allowinganattackertoforgearbitrarymessages.

On24October,BinancefounderChangpengZhaosaidthatthescopeoftheattacker'sidentityhadbeennarroweddownwiththehelpoflawenforcement.Inaddition,CZsaidBinancewasabletofreezeabout80to90percentofthestolenfunds,withactuallossesintherangeof$100million.

04

I.2022GlobalWeb3SecurityStatistics

No3.FTX:Hackorrugpull?

Loss:$440Million AttackType:Suspectedrugpull

On15November2022,shortlyafterFTXdeclaredbankruptcy,FTXwasannouncedthatithadbeenhacked.Approximately

$440millionwasstolen.Theadministratorsentamessagetotheo?cialtelegramgroupstatingthatthebankruptplatformhadbeenhackedandthatallapplicationsweremalware.Theadministratoradviseduserstodeletetheappandnottovisitthesiteoropentheirapps,asthiswouldlikelycontainaTrojanhorse.Therearestillmanyunknowns,manybelievethatthisislikelytobeaninsideroperation.

No4.Wormhole

Loss:$326Million AttackType:Contractvulnerability-validationissue

On3February2022,Wormholewashacked,resultinginalossofapproximately$326million.AnalysisbytheBeosinsecurityteamfoundthatthehackershadexploitedasignatureveri?cationvulnerabilityinWormholecontractsthatallowedhackerstoforgesysvaraccountsinordertomintwETH.ThevulnerabilityhadbeenpatchedinSolana1.9.4andwasstillsubjecttoareviewprocessbeforeitwas?nallylive,andthehackerstookadvantageofthisgaptoattackcontractsstillusingSolana1.8contracts.

Followingtheattack,Wormholeannouncedthatithadrestoreditscross-chainbridgefundingandwasbackonline.CryptoinvestmentfundJumpCryptoannouncedon4Februarythatithadinvested120,000EthertocoverthelossoftheincidentinordertosupportWormhole'scontinuedgrowth.

No5.Nomadbridge

Loss:$190Million AttackType:Contractvulnerability-validationissue

On2August2022,Nomad,across-chainbridgeprotocol,wassubjectedtoamassivehackthatinvolvedover500hackeraddressesandcausedalossof$190million.Beosinsecurityteamanalysedthetransactionandfoundthattheprojectownerhadincorrectlyadded0x000...000asanacceptableroot,causingthejudgementtohold,thusallowingtheattackertowithdrawthefundsinthecontract.

Asaresult,anyattackercouldsimplycopythe?rsthackedtransactionandreplaceitwithanunusedattackaddress,thenclicktosenditthroughEtherscantostealthefunds.Also,sinceitwastheReplicacontractthatwasvulnerable,allitscorrespondingBridgeRouter-relatedDAppswereaffected,sothestolenfundsexhibitedamulti-tokennature.

OnAugust3,Nomadreleasedanotetocallonwhitehathackerstoreturnthestolenfunds.AsofAugust15,theprojecthasrecovered$37million.

No6.Beanstalk

Loss:$182Million AttackType:Flashloan

OnApril17,2022,thealgorithmicstablecoinprojectBeanstalkFarmssuffereda?ashloanattack,withtheprotocollosing

$182millionandtheattackersmakingapro?tof$80million.Theattackerstransferredtheentire$80milliontoTornadoCashsoonaftertheattack.

Theattackersinitiatedaproposalonedaybeforetheattack,whichwillwithdrawthefundsfromtheBeanstalkProtocolcontract.Thehackergainedalargereserveoffundsvia?ashloan,whichwasthenswappedrepeatedly.A?nalvoteontheproposalresultedinitsbeingpassed.Inresponsetothisincident,theBeosinsecurityteamrecommendsthat:1.thefundsusedforvotingshouldbelockedinthecontractforacertainperiodoftimeandavoidusingthecurrentfundbalanceoftheaccounttocountthenumberofvotes;2.theprojectownerandthecommunityshouldpayattentiontoallproposalsand,ifamaliciousproposaloccurs,itisrecommendedtodiscardtheproposal;3.Considerbanningcontractaddressesfromvoting.

05

I.2022GlobalWeb3SecurityStatistics

No7.Wintermute

Loss:$160Million AttackType:Privatekeycompromise

OnSeptember20,2022,Wintermutelost$160millionintheDeFihack.AnalysisbyBeosinsecurityteamfoundthattheattackersfrequentlyexploited0x0000000fe6a...addresstocallthe0x178979aefunctionofthe0x00000000ae34...con-tracttotransfermoneytotheattacker'scontract.Bydecompilingthecontract,itwasfoundthatcallingthe0x178979aefunctionrequiredpermissionchecks,andbyqueryingthefunction,itwascon?rmedthatthe0x0000000fe6aaddresshadsetCommonAdminpermissions,andthattheaddresshadnormalinteractionwiththecontractbeforetheattack,soitcouldbecon?rmedthatthe0x0000000fe6a'sprivatekeywascompromised.

On21September,Wintermutecon?rmedthatithadusedProfanityandaninternaltooltocreatewalletaddressesinJune,andthattheProfanitytoolwasatriskofprivatekeybursting.

No8.Mangomarkets

Loss:$116Million AttackType:Pricemanipulation

OnOctober12,2022,theMangoprotocolonSolanawashacked,approximately$116millionwaslost.Thehackersusedtwoaccountsandatotalof10millionUSDTasstartingfundstoleverage100+millionofassets.ThemainreasonforthisattackwastheleveragedcontractdidnotlimitthepositionsthatMangocouldopen,allowingtheattackerstoraisethepriceofMangotokensforpro?t.

No9.Elrond

Loss:$113Million AttackType:VMissue

OnJune5,2022,theblockchainnetworkElrondwashacked,withhackers"obtaining"nearly1.65millioninEGLDsanddumpingthroughthedecentralisedexchangeMaiar,causing$EGLDstoplummetby92%.

Elrondhaspostedapost-mortemthattheattackersdidnotexploitanysmartcontractcodevulnerabilitiesandthattheproblemwaswiththevirtualmachine.Previousbugshavebeenresolvedandalmostallofthestolenfundshavebeenrecovered.AnyremainingmissingfundsfromknownbugswillbefullycoveredbytheElrondFoundation.

No10.Harmony

Loss:$100Million AttackType:Privatekeycompromise

OnJune24,2022,theHarmonycross-chainbridgewasattacked,costingapproximately$100million.Harmony'sfounderstatedthattheattackonHorizonwasnotduetoasmartcontractvulnerability,butrathertoaprivatekeycompromise.AlthoughHarmonystoreditsprivatekeysencrypted,theattackersdecryptedsomeofthemandsignedsomeunauthorizedtransactions.

Immediatelyaftertheattack,HarmonystoppedtheHorizonBridgetopreventfurthertransactions.ItthencontactedtheFBIandmultiplepartnerstoinvestigate.ThehackersneverthelesslaunderedthestolenfundsthroughTornadoCash.On27July,Harmonyissuedacompensationproposal.

06

I.2022GlobalWeb3SecurityStatistics

TypesofAttackedProject

In2022,12cross-chainbridgesecurityincidentscausedatotallossofapproximately$1.89billion,thehighestlossofanyprojecttype.Fivecross-chainbridgeprojectslostover$100millioninasingleincident:Ronin($624million),BSCTokenHub($560million),Wormhole($326million),Nomad($190million)andHarmony($100million).Theattacktypesmainlyincludedsocialengineering,privatekeycompromise,andblockchain/contractvulnerabilities,etc.

Ofthe167majorattacksfortheyear,DeFi-typeprojectswereattacked113times,orapproximately67.6%,whichisthemostfrequenttypebeingattacked.DeFirankssecondintermsoflossesafterthecross-chainbridge,withatotallossamountingtoapproximately$950million.

Atotalof21exchangeandwalletsecurityincidentsthroughouttheyear,resultinginatotallossofapproxi-mately$600million.Theseincidentsinvolvedhighamountsofmoneyandawiderangeofusers,andtheirattacktechniquesweremainlyprivatekeycompromises,contractvulnerabilitiesandsupplychainattacks.

07

I.2022GlobalWeb3SecurityStatistics

LossbyChain

Atotalof20publicchainshaveexperiencedmajorsecurityincidentsin2022,withthetopthreebyamountlostbeingEthereum,BNBChain,andSolana;andthetopthreebynumberofattacksbeingBNBChain,Ethereum,andSolana.

The59attacksonEthereumcaused$2.01billioninlosses,accountingfor55.8%ofthetotallossesfortheyear.

Therewere72attacksonBNBChain,with70%ofthelossinarangefromonethousandtoonemillion.Notably,approxi-mately64%oftheprojectsattackedonBNBChainwereunaudited,and80%oftheunauditedprojectswereattackedbycontractvulnerabilityexploits.

ThesevenattacksonSolanaresultedinatotallossof$512.76million,thehighestaveragelossperincidentacrossallchains.MajorsecurityincidentsontheSolanachainincludetheWormholeincidentinFebruary($326million),theCashioincidentinMarch($48million)andtheMangoMarketincidentinOctober($116million).

08

I.2022GlobalWeb3SecurityStatistics

AttackType

(FTXincidentisexcluded）

Vulnerabilityexploitssawthehighestfrequencyandlossamountthroughouttheyear.Fortheyear2022,$1,458millionwaslostfromvulnerabilityexploitsin87attacks.

Thesecondhighestlosswascausedbysocialengineering,whichistheRoninincidentinMarch,resultingin$624millioninlosses.

Thethirdlosswasfromprivatekeycompromise,with19compromisesresultinginatotallossofapproximately$430million,includingeightincidentswithasinglelossofover$10million.Accordingtothe?ndingsofsomeincidents,thetheftofprivatekeysbyteammembers/ex-membersisfrequent,whichrequiresprojectownerspayextraattentiontooperationalsecurityandstrengthenteammanagement.Therewerealsosomecasesofprivatekeycompromisesduetotheuseofthird-partytools,andprojectsareadvisedtoconductcarefulsecurityassessmentsbeforeusingthird-partytools.

09

I.2022GlobalWeb3SecurityStatistics

Abreakdownbytypeofvulnerabilitiesshowsthatthetopthreecausesoflosswerevalidationissues,blockchainvulnerabil-ity(BNBChainincident)andimproperbusinesslogic/functiondesignandreentrancy.

Eighteenvalidationissuescaused$619millioninlosses,withmajorincidentsincludingasignaturevalidationvulnerabilityintheWormholeincidentandamessagevalidationbypassissueintheNomadbridgeincident.

Themostfrequentissuewasimproperbusinesslogic/functiondesign,with30occurrences.DuringBeosin'sdailyaudits,thistypeofvulnerabilityisalsotheonethatappearsmostfrequentlyandismostlikelytobeoverlookedbydevelopers.

10

I.2022GlobalWeb3SecurityStatistics

AuditAnalysis

Ofthe167majorattacksmonitoredin2022,auditedandunauditedprojectsaccountforalmosthalfofthetotal,at51.5%and48.5%respectively.

Ofthe86auditedprojects,39attacks(45%)stilloriginatedfromvulnerabilityexploitation.Thequalitytheoverallauditmarketisnotpromising.AreviewoftheseincidentsbyBeosinfoundthatthevastmajorityofvulnerabilitiesweredetect-ableand?xableduringtheauditphase.

Noprojectsthatwereattackedduetocontractvulnerabilitiesin2022wereauditedbyBeosin.It

isrecommendedthatprojectsmustbeauditedbyaprofessionalsecuritycompanybeforetheygoliveinordertoeffectivelysafeguardassets.

StolenFundFlow

Approximately$1,396millionofstolenfundsweretransferredtoTornadoCashin2022,representing38.7%ofallfundslostinattacks.SinceTornadoCashwassanctionedbytheUSOFACinAugust,fundstransferredtoTornadoCashhavefallensigni?cantlyfromthe?rsthalfoftheyear.Only$44.85millioninstolenfundswastransferredtoTornadoCashinthefourthquarter.

In2022,approximately$289millionofstolenfundswererecovered,represent-ingonly8%ofalllosses.Thevastmajorityofthiscamefromunsolicitedreturnsfromwhitehathackers.

Around$18.2millionofthestolenfundswenttovariousexchanges.Oftenhackerswhoinvolvesmalleramountofstolenfundswouldhavetransferredassetstoexchangesimmediatelyaftertheattack.Itisparticularlyimportantforexchangestobeabletoidentifythehacker'saddressintimetoblockthetransaction.

【Allamountsareconvertedattheeventtime】

Approximately$443millioninstolenfundswerefrozenbyexchanges,withthebulkofthisamountstemmingfromtheBNBChainincidentinOctober,whenBinanceimmediatelyfroze80to90percentofthehackers'funds,resultinginanactuallossofaround$100millionforthatincident.

11

2022GlobalWeb3SecurityStatistics

RugPullsin2022

Therewere243rugpullsthroughout2022,involvingatotalamountof$425million(excludingFTXincident).

Ofthe243rugpulls,atotalof8projectshaveruggedfor$10millionormore,while210projects(approximately86.4%)ruggedwithamountsbetween$1K-$1M.

In2022,Rugpulleventswerecharacterisedbythefollowingfeatures.

Ahighnumberofruggedprojectsthroughouttheyear.Onaverage,oneprojectruggedevery1.5days.

Shortrugperiod.Mostprojectsruggedwithin3monthsaftergoinglive,that'swhymostfundingamountwereintherangebetween$1K-$1M.

Mostprojectsareunaudited.Someprojectshavehiddenbackdoorfunctionsintheircode,makingitdi?cultfortheaverageinvestorstoassessthesecurityoftheproject.

Socialmediainformationislacking.Atleasthalfoftherugpullprojectsdonothaveawell-developedwebsite,Twitteraccount,orTelegraph/Discordgroup.

Projectsarenotstandardised.Someprojectshaveo?cialwebsitesandwhitepapers,butoncloserinspectiontherearemanyspellingandgrammaticalerrors,andsomeareevenplagiarisedinlargesections.

Thenumberoftokenslaunchedundertrendingeventshasincreased.Variouskindsoftokenshaveruggedthisyear,suchasMoonbird,LUNAv2,Elizabeth,TRUMP,etc.,whichusuallygoonlinequicklyandrugwiththemoneyina?ash.

12

II.

2022CryptoCrime,

FinancialRiskandRegulation

Contributors:

HELPUniversity：LeeKhengJoo

LegalDAO：

MasterLi,VirgilHo,CarrieGan,RyanHuang,WillLiao,LouiseZhang,JoannaJing

2022CryptoCrime,FinancialRiskandRegulation

GlobalCryptoCrimeStatisticsandCases

（1）2022GlobalCryptoCrimeStatistics

AccordingtostatisticsfromBeosinKYT-thecyrptoAMLcomplianceandanalyticsplatform,globalcryptocrimesamount-edto$13.76billionfortheyear2022(?nancialcrimesareexcluded),withmoneylaunderingaccountingfor$7.33billion,attacks/exploits$3.6billion,pyramidschemes$1billionandscams$830million.

Themoneylaunderingamountaccountsfor53%oftotalcryptocrimes,someofwhichinvolvescross-bordermoneylaundering,placingahighdemandontheabilityofglobalregulatorysystemstocollaborateacrossborders.Attacksandexploits(seeSection1formoredetails)increasedsigni?cantlyin2022,withveryfewofthesecasesseeinghackersbeingarresedorassetbeingrecovered,leavinganurgentneedforglobalregulators,exchanges,users,projects,andsecuritycompaniestoworktogetherto?lltheregulatorygaps.

Pyramidschemes,whichaccountedfor$1billionin2022,ofteninvolvesalargenumberofusersandposesadangerthatshouldnotbeunderestimated.

Theglobal?guresforthecryptoscamscategorytotaled$830million,with51%ofthatamountcomingfromrugpulls.

Casesofscams

(Remark:Financialriskeventsarenotcounted）

InNovember2022,theUnitedStatesAttorney'sO?cefortheSouthernDistrictofNewYorkannouncedthatJamesZhonghadpleadedguiltytoatelecomfraud.JamesZhongwasaccusedofillegallyobtainingbitcoinsfromtheSilkRoaddarknetin2012.InNovember2021,lawenforcementseized50,676bitcoinshiddeninequipmentatthedefendant'shome,thenworthoverUS$3.36billion.TheseizurewasthenthelargestcryptocurrencyseizureinthehistoryoftheUSDepartmentofJusticeandthesecondlargest?nancialseizureeverundertakenbytheUSDepartmentofJustice.

InNovember2022,policeinLondon,England,uncoveredoneofthe"largestfraudulentoperationsintheUK'shistory,"withmorethan100peoplearrestedandapproximately￡3.2million($3.9million)involved.ThecriminalsusedafraudulentwebsitecallediSpooftoimpersonateo?cialsfromwell-knownbankssuchasBarclays,Santander,andHSBCandpaidforservicesusingBitcoin,andpolicenarroweddownthesuspectsbytrackingtheBitcoinrecordsusedtopayfortheservices.

InAugust2022,FarukFatihOzer,founderoftheTurkishcryptocurrencyexchangeThodex,wasarrestedintheAlbaniancityofElbasan.HewaswantedbyTurkishauthoritiesformorethanayearonchargesofrunningafraudulentcryptocurren-cyscheme,andin2021,hereceiveda"RedNotice"fromInterpolforhisallegedinvolvementinthecountry'slargest-everfraud,wortharound$2billion.

InFebruary2022,theUSDepartmentofJusticeannouncementstatedthatBitConnectfounderSatishKumbhaniwasaccusedoforchestratingaworldwidePonzischemeinvolvingapproximately$2.4billion.TheannouncementstatedthatBitConnectwasanallegedlyfraudulentcryptocurrencyinvestmentplatformthathadamarketcapof$3.4billion.

13

II.2022CryptoCrime,FinancialRiskandRegulation

Casesofmoneylaundering

InNovember2022,theUSDepartmentofJusticeannouncedthearrestoftwoEstoniancitizenschargedwith18countsfortheirallegedinvolvementin$575millionincryptocurrencyfraudandmoneylaundering.Accordingtocourtdocuments,theydefraudedover100thousandvictimsbyinducingthemtosignfraudulentequipmentleasingcontracts.ThecaseiscurrentlybeinginvestigatedbytheUSFederalBureauofInvestigation.

InSeptember2022,DutchpoliceannouncedthearrestofamalesuspectincryptocurrencymoneylaunderingthroughBitcoinandMonerocoins,involving10million+ofeuros.Thesuspectwasidenti?edbypoliceaftertracingbitcointransac-tionsandthefundsinvolvedwerestolenfromopensourcewalletsthatwereupdatedthroughtheuseofmalware.

InFebruary2022,theUSDepartmentofJusticeannouncedthattwoindividualshadbeenarrestedonsuspicionofcrypto-currencymoneylaunderingoffences.Thecryptocurrenciesinvolvedaresuspectedtobethosestolenfromthe2016hackofthecryptoexchangeBit?nex,andthecryptocurrenciesinvolvedwereworthapproximately$4.5billionatthetimeoftheannouncement.Atthetimeoftheannouncement,lawenforcementhadseizedover$3.6billionworthofcryptocurrencyinconnectionwiththehack.

RegulatoryResponsesArisingFromFinancialRisks

In2022,thecryptomarkethasseenaseriesofblackswaneventsrepresentedbyThreeArrowsCapital,TerraLunaandFTX.Forthiscryptomarket,whichhasgrownsigni?cantlyinthepastdecade,variousjurisdictionsaroundtheworldhaveshownalackofregulations,orevenfallenintoaregulatoryvoid.Withthisbackground,theglobalWeb3highlandsareacceleratingthedevelopmentofregulatoryframeworks,andby2023theglobalcryptomarketwillhavemovedfromthe"WildWest"tothe"AgeofLaw",withglobalregula