Cryptohack Roundup: Cambodia’s new crypto directive

The National Bank of Cambodia has introduced a new directive allowing commercial banks and payment service providers to offer limited services involving crypto assets, excluding unsecured cryptocurrencies such as Bitcoin. The policy allows stablecoins and tokenized traditional assets to be managed under strict regulatory conditions.

Under the directive, banks and payment service providers can carry out crypto-related transactions for their own use and offer similar services to customers. Permitted activities include exchanging crypto assets for fiat currencies, facilitating transfers, and providing custody solutions. Institutions must obtain prior approval from regulators before offering these services, and the directive prohibits the use of clients’ crypto holdings for institutional purposes.

Certain restrictions are in place to minimize risks and improve compliance. Commercial banks are prohibited from issuing their own crypto assets and transacting directly or indirectly with unsecured cryptocurrencies. Trading in derivatives linked to these assets is also prohibited.

The central bank said stablecoins and tokenized assets are considered less risky due to their backing of tangible assets or fiat currencies. Cambodia has historically maintained a restrictive approach towards cryptocurrencies, citing concerns over fraud and money laundering. The National Bank of Cambodia previously blocked access to 16 unlicensed cryptocurrency exchange websites, including Binance, Coinbase and OKX. Only two licensed entities currently operate in the country’s regulatory sandbox, but neither is authorized to facilitate crypto-to-fiat exchanges.

A hacker compromised Animoca Brands co-founder Yat Siu’s X account by using it to promote a fraudulent token. The fake token, named MOCA and hosted on the Solana blockchain, sought to exploit similarity to the legitimate Moca Coin, also tracked as MOCA. The real piece is related to Animoca’s Mocaverse project. The metaverse and gaming venture capital firm said on social media that it would not launch any new tokens or non-fungible tokens.

The breach was caused by a phishing email pretending to be X, claiming to resolve a copyright infringement issue, according to crypto investigator ZachXBT. He linked the exploit to more than a dozen similar phishing incidents over the past month, which collectively resulted in losses of around $500,000. A screenshot shared by ZachXBT showed the fraudulent post from Siu’s account.

The Mocaverse ecosystem, associated with Animoca and Siu, includes the legitimate Moca Coin, described as an “omni-chain network token” for a community foundation. Mocaverse said Siu’s account had been secured and that X was in the process of verifying ownership. Other official accounts of Animoca Brands, Moca Network and MOCA Foundation were not affected.

On-chain data shows that the scammer has been active on memecoin creation platform Pump.fun and has launched several NFT collections in recent weeks. The wallet linked to the scam contains approximately $67,000 in USDC, although its connection to phishing activities is uncertain.

Former FTX Digital Markets co-CEO Ryan Salame’s prison sentence has been reduced by one year and his release is now expected in March 2031, Cointelegraph reported, citing U.S. Bureau of Prisons records. Salame pleaded guilty in September 2023 to charges of operating an unlicensed money transmitting business and campaign finance fraud. Originally sentenced to 7.5 years in prison in May, his initial release date was scheduled for April 2032. The reason for this reduction is unclear.

Salame’s lawyers had asked for a shorter sentence, arguing that confiscation of his assets was punishment enough and saying he was unaware of the fraud orchestrated by FTX founder Sam Bankman-Fried. Despite these allegations, Judge Lewis A. Kaplan imposed a 90-month sentence, citing the seriousness of the case and the financial damage caused by FTX’s collapse.

The United States Internal Revenue Service has issued temporary relief from crypto cost-based reporting rules, a move aimed at mitigating potential tax liabilities for digital asset investors, Cryptonews reported. The relief delays the implementation of a rule that would have required centralized crypto exchanges to default to the First In, First Out accounting method for calculating capital gains. FIFO, which assumes that older assets are sold first, often results in higher taxable gains during market recoveries. The deferral, effective until December 31, 2025, gives brokers additional time to adjust to various accounting methods.

During this period of relief, taxpayers may opt for alternative accounting methods such as the highest-in, first-out method or specific identification. These options allow investors to strategically select assets for sale, providing greater flexibility and potential tax savings.

A hacker known as the “Blockchain Bandit” has resurfaced, consolidating 51,000 Ether worth $172 million into a single wallet after two years of inactivity. Blockchain investigator ZachXBT reported that the hacker transferred the stolen Ether in batches of 5,000 ETH from 10 separate wallets. The December 30 transactions marked the first activity involving the funds since January 2023, when the hacker also moved 470 Bitcoins.

The Blockchain Bandit initially accumulated nearly 45,000 ETH through a technique called “Ethercombing,” which involves mining weak private keys generated by faulty code and random number generators.