New ERC-4337 standard released; US Bank Regulators, G20, IMF and OSC Address Crypto Risks; DeFi Hack Victims Recover Crypto Via Code Exploit | Baker Hostetler
New ERC-4337 Smart Contract Standard Released to Improve Wallet Security
Of Christopher Lamb
According to reports, Ethereum has implemented a new feature known as “account abstraction,” which has been in development for two years and could “make it easier for users to recover crypto if they lose private keys to an online wallet.” Deployed via a smart contract called EntryPoint (formally known as ERC-4337), account abstraction “turns users’ wallets into smart contract accounts, to make Ethereum wallets more user-friendly and to prevent the loss of keys.” According to reports, account abstraction works by taking externally owned accounts (EOAs), such as accounts used on MetaMask or Coinbase Wallet, and merging the code-based operation of contract accounts (CAs) “and creating built-in mechanisms that can allow users to retain access to their crypto” in case users lose their private keys. Recovery systems include a “social recovery system” and the ability to create “multi-sig wallets” (where multiple users must sign off on a transaction) as an “additional security mechanism.”
According to reports, the new ERC-4337 standard is “expected to help mainstream adoption by finally making crypto user-friendly.” ERC-4337 has passed an audit and will be made available on all Ethereum Virtual Machine compatible blockchain networks. A key feature of the new feature is that “[n]New users will no longer need to learn about complicated seed sentences or the technical process of setting up a wallet to onboard the decentralized crypto world.” According to reports, in addition to recovering users’ wallets, benefits include “two-factor authentication, signing transactions on your phone, setting monthly spending limits on an account, using session keys to play blockchain games without constantly having to approve transactions, [and] decentralized mining of wallets; [and] smart accounts can be configured to automatically pay bills and subscriptions.”
For more information, please see the following links:
US Federal Bank Regulators Issue Joint Statement on Crypto-Liquidity Risk
Of Robert A. Musiala Jr.
The three main US federal banking regulators recently published the “Joint Statement on Liquidity Risks for Banking Organizations Resulting from Vulnerabilities in the Crypto-Asset Market.” The statement “highlights, among other things, important liquidity risks related to crypto-assets and crypto-active sector participants that banking organizations should be aware of”. The statement specifically highlights certain liquidity risks associated with “[d]deposits placed by a crypto-asset-related entity for the benefit of the crypto-asset-related entity’s customers (end customers)” and risks related to “[d]deposits constituting stable coin-related reserves.” The statement warns that “when a banking organization’s deposit funding base is concentrated in crypto-asset-related entities that are highly interconnected or share similar risk profiles, deposit fluctuations may also be correlated, and liquidity risk may therefore be further increased.”
According to the statement, “it is important for banking organizations that use certain funding sources from crypto-asset-related entities … to actively monitor the liquidity risk inherent in such funding sources and establish and maintain effective risk management and controls commensurate with the level of liquidity risk.” In this regard, the statement lists the following effective risk management practices:
- Understand the direct and indirect drivers of the potential behavior of deposits from crypto-asset-related entities and the extent to which these deposits are subject to unpredictable volatility.
- Assess potential concentration or correlation across deposits from crypto-asset-related entities and associated liquidity risk.
- Incorporate liquidity risk or funding volatility associated with crypto-asset-related deposits into contingency funding planning, including liquidity stress testing and, as appropriate, other asset-liability management and risk management processes.
- Conduct robust due diligence and ongoing monitoring of crypto-asset-related entities that establish deposit accounts, including assessing the representations made by those crypto-asset-related entities to their end customers about such deposit accounts that, if inaccurate, could lead to rapid outflows of such deposits.
For more information, please see the following links:
G20 announces upcoming reports on global crypto regulation
Of Amos Kim
According to a recent announcement by the G20 – a group of the 20 largest economies in the world – the Financial Stability Board (FSB), the International Monetary Fund (IMF) and the Bank for International Settlements (BIS) expect to issue various reports in 2023 with the aim of set standards “to ensure that the crypto-asset ecosystem, including so-called stablecoins, is closely monitored and subject to robust regulation, supervision and oversight to reduce potential risks to financial stability.” Among other things, the FSB intends to release recommendations on the regulation, oversight and supervision of global stablecoins, cryptocurrency asset activities and markets in July and its joint “synthesis paper integrating the macroeconomic and regulatory perspectives of cryptoassets” with the IMF in September. The IMF will also report on the “potential macro-financial implication of widespread adoption of [central bank digital currencies]” the same month.
According to the announcement, other expected reports include the BIS’s “report on analytical and conceptual issues and possible risk mitigation strategies related to cryptoassets” and a report by the Financial Action Task Force (FATF) on “the use of cryptoassets to make terrorist financing transfers.” These announcements was made following the conclusion of a two-day G20 financial meeting in India. According to reports, at the meeting, US Treasury Secretary Janet Yellen said it was “critical to put in place a strong regulatory framework” for cryptocurrency-related activities, but noted that the US did not propose “outright bans against crypto activities.” In contrast, IMF Managing Director Kristalina Georgieva reportedly said banning crypto should be an option for G20 countries.
For more information, please see the following links:
IMF addresses crypto policy; OSC issues notice for crypto trading platforms
Of Robert A. Musiala Jr.
The International Monetary Fund (IMF) recently published a policy document titled “Elements of Effective Policies for Crypto Assets” to address questions from IMF members about “how to respond to the rise of cryptoassets and the associated risks.” Among other things, the paper presents a policy framework for cryptoassets that aims to achieve key policy goals such as macroeconomic stability, financial stability, consumer protection, and market and financial integrity and “outlines key elements necessary to ensure that these goals are achieved.”
According to a recent press release from the Ontario Securities Commission (OSC), the OSC has published a new staff notice that describes “a change in CSA staff practice related to our expectation that crypto-asset trading platforms (CTPs) that continue to operate in Canada while seeking registration and related exemption, they submit a pre-registration undertaking (a PRU) to the CSA.” The staff notice also provides additional guidance to CTPs, including a list of areas where the OSC is requesting “new commitments” from unregistered CTPs and new expectations for unregistered CTPs that continue to operate in Canada while pursuing applications for registration.
For more information, please see the following links:
DeFi Hack Victims exploit code vulnerability to regain control of hacked crypto
Of Christina O. Gotsis
According to reports, a Web3 infrastructure firm and decentralized finance (DeFi) platform this week conducted a “counter-exploit” on the Wormhole protocol hacker that stole approximately $321 million in wrapped ETH via a vulnerability in the protocol’s token bridge. The Web3 infrastructure firm and DeFi platform first became aware of the possibility of obtaining these assets when a whitehat group contacted them in February with a proposal to exploit a previously unknown vulnerability in the DeFi platform’s code. According to a blog post by the DeFi platform, on February 21, the High Court of England and Wales issued an order allowing the retrieval of the assets from addresses linked to the Wormhole exploit. The counter-exploit essentially allowed the DeFi platform to hack the hacker’s addresses and retrieve $225 million worth of digital assets in a secure wallet.
For more information, please see the following links:
[View source.]