Crypto just set two milestones: US regulators reached a $100 million settlement with exchange BitMEX over money laundering concerns, while Poly Network suffered a DeFi hack worth over $600 million — both record figures.
This effectively meant almost three quarters of a billion dollars in value evaporated from cryptocurrency markets overnight. But does it matter for the broader ecosystem?
Slap on the wrist
The Commodities Futures Trading Commission (CFTC) announced Tuesday that a US district court ordered Hong Kong-headquartered BitMEX to cough up $100 million.
The settlement, the largest in cryptocurrency history, acknowledges that “for over six years, BitMEX failed to implement and maintain a compliant anti-money laundering program and a customer identification program, and it failed to report certain suspicious activity.”
BitMEX must immediately pay $80 million, with the remaining $20 million due after regulators finalize reviews.
BitMEX’s fine springs from CFTC allegations levied in October last year. Authorities indicted and charged the exchange’s top four execs with violating the Bank Secrecy Act (which concerns offshore money laundering).
Those execs (including chief Arthur Hayes) stepped down from the company as a result, but BitMEX is still online.
With this in mind, the fine is a stark reminder that years of flouting regulations and criminal malfeasance tends to attract slaps on wrists rather than complete shut down or seizure — at least for corporate entities.
And with $1 trillion in trade volume over the past year and $2 billion moving daily, BitMEX is likely unphased.
Some have noted that the BitMEX insurance fund — a growing stash of Bitcoin held by BitMEX designed to “provide an assurance […] that profitable traders are likely to receive their expected profits” — dwarfs the fine at over $1.5 billion.
However, BitMEX never earmarked that Bitcoin to pay out legal fees or settlements.
Hacker turned troll
Almost simultaneously, a hacker stole about $600 million in crypto from Poly Network, which markets itself as an interoperability protocol for blockchains.
The attacker exploited a flaw in the code to steal vast sums of stablecoins USDC and Tether (USDT), as well as wrapped Ether and Shiba Inu, among others.
Tether froze the USDT (worth $33 million), as announced by the stablecoin’s chief tech guy Paolo Ardoino. The hacker deposited some of the USDC on Curve Finance, a liquidity pool for decentralized exchanges (and considered lost).
While the exact circumstances surrounding the hack aren’t yet known, the perp has trolled onlookers with messages buried in transactions made with the stolen funds.
Poly Network advised the hacker to reach out or face criminal charges.
The attacker has since returned about $4 million in crypto to the protocol, according to its Twitter account.
DeFi hack on track for heist record
For scale, the looting of the Central Bank of Iraq in 2003 (allegedly ordered by Saddam Hussein) is regarded as history’s largest bank heist.
Around $900 million was lost but most of the funds were eventually recovered.
So, if the Poly’s hacker doesn’t return the bulk of the $611 million, this seemingly silly DeFi raid could very well be the most successful heist in history.
In fact, the haul would more than triple its closest competitor: the 2007 Dar-es-Salaam Bank heist, also in Iraq, which saw $282 million ($350 million with inflation) never recovered.
WannaCry, one of the most infamous ransomware attacks ever, was only able to acquire roughly 51 BTC. That was worth about $150,000 at the time, $2.36 million today.
But does it matter?
Update 18:59 UTC, Aug 11: Clarified in paragraph 22 that Dar-es-Salaam Bank is in Iraq.
Poly Network’s hacker has now sent back $260.97 million worth of crypto, according to Chainalysis. Despite the funds returned so far, the incident remains the most expensive heist in history.