How Crypto Gets Hacked: Issue #6
DAO Hacker Found, Circumventing SWIFT, and Frozen Crypto Assets
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
Did She Find “THE DAO” Hacker?
Laura Shin recently wrote a book called “The Cryptopians” about how Ethereum was created from the beginning and all the controversy surrounding its founding.
While researching for this book, she thinks she may have uncovered the identity of the original DAO hacker:
I wrote about the original DAO hack in “The Death of The Dao,” but she provides a lot of other information in her posts from interviews with those involved.
In her article in Forbes (or Medium) and on her podcast, she describes how her and her contacts used Chainalysis data, transaction history, an IP address and the timing of those transactions in order to identify who they believe to be the hacker: a developer who worked on the DAO, and wrote about 52 comments in the DAO Slack channel about potential issues in the code. He was trying to help, and then at some point decided he would just steal the DAO funds instead.
I’ll let you read more about it in the links provided if you’re interested. It’s a great story and I plan on reading her book.
It was something everyone in the Ethereum community thought would always remain a mystery, and now it seems like there is a lot of evidence that she finally found him.
She also did a follow-up podcast with three members who helped create the original DAO, which I found even more insightful.
Towards the end of this podcast, they talk about the “code is law” defense, and it seems like not all developers in crypto are on board with it (Many in the crypto community believe that if the code is written in a way that it can be exploited, people are within their rights to take advantage of it. They see it more as an intelligent arbitrage rather than hacking or theft). One DAO developer believed he should get whatever is coming to him, even if it means long prison time.
I’m still waiting to see if the “code is law” defense can hold up in court, but my guess is it won’t.
Either way, good job by Laura to finally solve the mystery!
Could Russia Use Crypto To Circumvent SWIFT?
According to Chainalysis, probably not:
Caroline Malcolm, Chainalysis’ head of international policy, told CoinDesk that the blockchain analytics firm had not yet seen any unusual activity from Russian crypto exchanges over the last few days.
Even if some individuals do choose to turn to crypto, it’s unclear whether they would be able to effectively bypass sanctions using decentralized assets. Companies might monitor sanctioned wallets for any transactions or refuse to transact with these addresses entirely.
“We've seen that in the past with sanctions, you've got examples where wallet addresses have been named as sanctioned entities, and that allows Chainalysis to put in place alerts for our customers, whether they be government or from industry,” Malcolm said. “So that if they have transactions, which you know, intersecting with sanctioned entities, they'll be able to see those and get an alert on those immediately.”
The (Biden) administration has experience regulating Russian crypto business. Earlier this year, Treasury sanctioned Russia-based SUEX and 25 affiliated cryptocurrency businesses, blacklisting the exchange from the dollar financial system, for allegedly helping criminal hackers clean and cash out their loot. It was the first crypto business to receive that designation.
Ari Redbord, a former Treasury senior adviser who heads government affairs at TRM, which among other things develops analytics on financial crimes, said his organization has identified at least 340 businesses in Russia that could be potentially used as “on and off ramps” for crypto currency.
Redbord said that because of the breadth of the sanctions, the amount of crypto that Russia would need to replace the billions of sanctions “would be very difficult to off-ramp into traditional currency.”
Ori Lev, who served as a head of enforcement at Treasury’s Office of Foreign Assets Control during the Obama administration, said that overall, “whether it’s using cryptocurrency or relying on China, there are mitigating actions they can take but they can’t recreate the financial system.”
While I think they will try to follow the North Korean playbook and try to use crypto to engage in thefts, money laundering, and evading sanctions, Russia is a much bigger country with much bigger expenses than N. Korea. They might use cryptocurrency exchanges, but it will be hard to find one willing to take the risk of being blacklisted by all NATO countries.
Russia can try to evade sanctions using crypto, but it wouldn’t be enough.
To Freeze or Not to Freeze
Speaking of crypto exchanges, there seem to be some questions around what their responsibility is with the war in Ukraine.
The Vice Prime Minister of Ukraine asked crypto exchanges to block all users with a Russian-linked address:
Obviously, all United States crypto exchanges have agreed to comply with the law for sanctioned individuals and the Russian government, blocking them from using their services. The sanctions do not include individual citizens of Russia at this time. Because it does not break the law, many exchanges have already declined this request by the Ukraine government:
Cryptocurrency exchange Binance, which currently has no official headquarters, will be “taking the steps necessary to ensure we take action against those that have had sanctions levied against them,” a spokesperson told Blockworks Monday. However, it is not open to a blanket ban of all accounts.
“We are not going to unilaterally freeze millions of innocent users’ accounts,” the spokesperson said.
“Crypto is meant to provide greater financial freedom for people across the globe. To unilaterally decide to ban people’s access to their crypto would fly in the face of the reason why crypto exists.”
Coinbase "will not institute a blanket ban on all Coinbase transactions involving Russian addresses," despite a request from a Ukrainian government official to do so.
A spokesperson for the popular U.S.-based exchange told Decrypt, "A unilateral and total ban would punish ordinary Russian citizens who are enduring historic currency destabilization as a result of their government’s aggression against a democratic neighbor."
Meanwhile, Russians are buying up more cryptocurrency as their own currency is undergoing high inflation:
But Ukrainians are doing the same for similar reasons:
“Like the Russians, Ukrainians are also buying crypto as never before,” the report said. “Many Ukrainians worry that the banking system in the country may collapse and are seeking to crypto as a safe haven.”
The report added that Ukrainians fleeing the country will be “able to bring some of their wealth with them”—hence the surge in trading volume.
Since Russia invaded Ukraine on February 24, interest in crypto has skyrocketed in both nations.
My Take: I get where Ukraine is coming from: Russian citizens have been backing Putin and his dreams of conquest for a long time, and now they are trying to fight for their lives. I also think this is a slippery slope, and would turn the Russian people against the entire western world if we end up punishing regular Russian citizens with sanctions. They would have no way out of the NATO-backed “economic bomb” and their country’s currency destruction.
Unfortunately, Russia could use this to their advantage in order to acquire more cryptocurrency and skirt sanctions imposed on them. But like I stated above, it most likely won’t be enough to fund the war and save their central bank anyway.
Besides, creating a bank run in Russia and having most of its citizens stop using their own country’s currency, and exchange it for something like bitcoin, sounds like a good strategy for NATO. It would make the Russian oligarchs and government leaders feel even more pressure.
I just hope it’s not too much: you never know what a madman will do when he’s backed into a corner.
On that happy note, thanks for reading!