Some of you seemed to disagree with my prediction that a spot bitcoin ETF would not be approved this year. Come tell me where I'm going wrong! But, in the meantime, consider crypto and its relevance to sanction enforcement, particularly in light of last week's news that North Korea was behind the Axie Infinity Ronin hack.

Also, please accept my apologies for the lateness of this week's newsletter. Extenuating circumstances must be claimed, and the following week's will be delivered to your inbox on Tuesdays as usual.

Sanctions evasion

The narrative

According to the US authorities, a North Korean-linked cyber outfit was responsible for the $625 million Ronin bridge hack last month. In other words, one of the largest crypto attacks was carried out by a nation state. There's a building story here about North Korea's behavior, but that's not the main point of interest for me.

Why it matters

North Korea appears to be hacking crypto exchanges and networks to seize funds for its own personal usage. And of more immediate interest, adding an Ethereum address to the U.S. sanctions list does not appear to have halted the laundering of funds.

Breaking it down

The Office of Foreign Asset Control (OFAC) of the United States Treasury Department has added a single Ethereum address to its Specially Designated Nationals list, also known as the sanctions list.

The address was linked to the hack of Axie Infinity's Ronin Bridge, which resulted in the theft of 173,000 ETH and 25.5 million USDC (about $625 million on March 29) from the bridge network.

What's really intriguing is that the wallet continued to send cash even after it was added to the sanctions list. Within 24 hours, the wallet's controller - thought to be the North Korean hacking group Lazarus – transmitted roughly 3,000 ETH to currency mixer Tornado Cash, continuing a pattern established by the hackers after stealing the ether.

These transfers out were still going on earlier this week. The funds appear to have been routed through an intermediary wallet in several cases before being delivered to Tornado Cash.

Previously, parties who supported sanctioned businesses risked being put to the US sanctions list.

Anand Sithian, counsel at Crowell & Moring and a former trial attorney in the U.S. Department of Justice's money laundering division, advised crypto companies to keep an eye out for addresses and wallets linked to mixers, noting that regulators such as the Financial Crimes Enforcement Network (FinCEN) have "highlighted the financial crimes risks associated with mixers, which obfuscate the source of transactions and thus prevent tracing transactions on the blockchain."

"To the extent that there are U.S. touch points or U.S. persons participating in such transactions," he stated, "crypto firms may face enforcement from FinCEN, OFAC, and/or the U.S. Department of Justice, depending on the activity at issue and if any U.S. laws were violated." "Even if there is no wrongdoing, an inquiry can be extremely resource-intensive and distracting to leadership." As a result, crypto firms may want to avoid mixers as much as possible."

Tornado Cash management have stated that penalties cannot be applied to the protocol itself, according to Muyao Shen, a former CoinDesker and current Bloomberger.

The mixer introduced a Chainalysis compliance tool to its user-facing decentralized application on Friday, which prevents transactions from the sanctioned address — albeit, once again, the protocol is untouched.

Regulators may not agree, but the funds are still moving, at least so far.

Meanwhile, on the North Korean front, the US government is warning that the country may continue to try to raise revenue through crypto firms (and others).

Biden’s rule

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

US President Joe Biden has formally declared his desire to nominate Michael Barr, a former Treasury official, former Ripple board member, and current University of Michigan Dean, to be the Fed's vice chair for supervision.

Elsewhere:

Some Indian Payment Processors Cut Off Local Crypto Exchanges: A number of Indian cryptocurrency exchanges have declared that they will no longer accept rupee deposits or withdrawals.
Attacker Drains $182M From Beanstalk Stablecoin Protocol: So, according to my understanding, this was not a hack or an exploit, but rather an attack. In any case, the perpetrator used a flash loan (a loan that is repaid almost instantly, possibly within the same block) to borrow a large number of Beanstalk's governance tokens, which the attacker then used to vote in favor of a protocol change that transferred all of Beanstalk's funds to the attacker. All of this was "legal" in terms of how the code was written.
Crypto Proponents Fear SEC 'Backdoor' Regulations on Exchanges, Dealers: Jesse Hamilton of CoinDesk investigates two SEC ideas that have the crypto community up in arms: Essentially, each proposal appears to redefine the terms "exchange" and "dealer" (respectively) so that they may include crypto protocols and decentralized platforms. However, it is unclear — and this uncertainty is causing concern among industry representatives.

Outside CoinDesk:

(CNBC) The U.S. Secret Service has seized roughly $102 million in cryptocurrencies over the past seven years, according to assistant director of investigations David Smith.
(Mel Magazine) An older article, but in honor of Monday being the tax deadline in the U.S., here’s a reminder that you should track all of your transactions because it will terrify your tax professional.
(Politico) Prime Trust was listed as the contributor of $14 million sent to the Protect Our Future super Political Action Committee in Federal Election Commission filings. In reality, it seems Prime Trust was actually the intermediary for funds sent by FTX founder Sam Bankman-Fried and FTX engineering director Nishad Singh.
(The New York Times) Last week, my commute to the office was interrupted when my subway line stopped for what the engineer running the train described as “police activity ahead.” It wasn’t until I got into the office that I learned there had been a mass shooting several stops ahead. This Times ticktock details how it all unfolded.
(University of Wisconsin) Researchers at the University of Wisconsin looked into whether muting video conferencing apps actually stopped them from recording audio. The privacy-focused amongst you will not be thrilled by their results. The actual paper is here.