In July, the crypto space suffered 16 individual hacks, which resulted in close to $266 million in losses. Efforts to fight against these attacks are growing. India's Bharat Web3 Association is making cybersecurity improvements, and Wisconsin’s Department of Financial Institutions launched a crypto scam tracker. China is still fighting its battle against crypto fraud, and recently arrested several suspects involved in a scam. Additionally, the US Copyright Office is calling for new legislation to address the challenges posed by AI-created deepfakes.

July’s Crypto Hacks Total $226M

In July, the cryptocurrency ecosystem faced losses amounting to about $266 million because of 16 separate hacking incidents. A major contributor to this high number was the Indian crypto exchange WazirX, which suffered a hack on July 18 that resulted in a loss of over $230 million. This incident alone accounted for 86.4% of the total crypto lost to hacks during the month. 

Independent investigations into the patterns and techniques used revealed that the WazirX hack was executed by North Korean hackers. According to the blockchain investigation firm PeckShield, the stolen funds are still under the hacker’s control. 

Other victims of July's crypto hacks included the algorithmic protocol Compound Finance, which lost $24 million, the bridging protocol Li.Fi, which lost $10 million, and both the decentralized AI protocol Bittensor and the liquidity provider Rho Markets, who each lost $8 million. 

In most of these cases, hackers moved the stolen funds to the crypto mixer Tornado Cash to evade detection and tracing. Compared to July, June saw a lower total loss of $176 million from around 20 hacking incidents.

On the last day of July, the Terra blockchain temporarily halted operations at block height 11,430,400 after a hack that drained $6 million. The hacker exploited a well known vulnerability to steal 60 million ASTRO, 500,000 USDT, 3.5 million USDC, and 2.7 Bitcoin. The Terra developers responded with an emergency chain upgrade and resumed block production the same day. 

According to an update from the company, validators holding more than 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring, with more validators expected to follow suit. 

Deddy Lavid, the co-founder and CEO of Web3 security firm Cyvers, pointed out that centralized finance (CeFi) entities have become the largest targets for crypto hackers in 2024. He also shared that attacks against smart contract-based projects are on the rise.

BWA Strengthens Cybersecurity After WazirX Hack

After July’s hacks, countries and companies are taking steps to make sure they are protected against any future attempts. After the $230 million hack on WazirX, India’s Bharat Web3 Association (BWA) is intensifying its efforts to improve cybersecurity and consumer protection in the crypto industry. 

BWA is chaired by Dilip Chenoy, and has established two new internal groups to address these issues and investigate the security breach. One group is focusing on cybersecurity, and consists of chief information security officers from member firms who will develop standard operating procedures and implement solutions to prevent future breaches. The second group will address consumer protection by making sure that guidelines are up-to-date and user interests are safeguarded.

Chenoy stated that a thorough investigation into the breach is underway, and that the BWA is actively in communication with WazirX and Liminal to comprehensively examine the incident. The BWA also requested a very thorough forensic analysis, root cause evaluation from both companies, and an assessment of potential legal and remedial actions. Chenoy also suggested a third-party evaluation of the forensic report be done.

The BWA is traditionally more focused on regulatory compliance matters like registering the Financial Intelligence Unit and implementing Anti-Money Laundering measures, but it is now expanding its scope to include cybersecurity. The association includes major players like Coinbase, Polygon, CoinSwitch, Liminal, Biconomy, Tax Nodes, Giottus, and Hike, but will also involve WazirX’s local rival CoinDCX in its newly established groups.

Wisconsin Launches Crypto Scam Tracker

The Wisconsin Department of Financial Institutions (DFI)  launched a publicly accessible tracker to prevent crypto and other investment scams. On July 30, the DFI revealed that Wisconsinites lost almost $3.55 million to financial grooming and crypto fraud based on victim reports from January 2022 to June 2024. The new investment scam tracker relies on consumer complaints to gather crucial threat information and alert the public to make it harder for perpetrators to deceive more investors.

According to Wisconsin government records, 22 entries were made into the investment scam tracker from older complaints. Most victims fall prey to pig butchering scams or investing in fraudulent crypto trading platforms. 

While the DFI did not verify the factual details and losses reported by complainants, the main goal of the tracker is to alert and protect crypto investors against possible threats. The DFI will update the tracker on an ongoing basis, which is searchable by company name, scam type, or keyword. 

Additionally, DFI Secretary Cheryll Olson-Collins advised people that crypto transfers might be untraceable and irreversible, and urged them not to give money to anyone they met online or allow access to their bank account or digital wallet. She also made sure to mention that Wisconsinites are much less likely to fall victim to crypto investment scams if they avoid interacting with unknown people or businesses offering unrealistic returns.

The Federal Bureau of Investigation also recently issued a warning that urged Americans to use only registered cryptocurrency money services businesses that comply with Know Your Customer and Anti-Money Laundering laws.

China’s Crypto Ban Fails to Prevent Scams

Unfortunately, not all criminals are deterred by these efforts. Despite its stringent cryptocurrency bans, mainland China is still struggling to eradicate crypto investment scams. Law enforcement in the Shaanxi province recently dismantled a crypto fraud scheme and arrested four suspects, according to a report by local news agency Baidu. 

The suspects defrauded a victim, referred to as Wang, of 410,000 Chinese yuan, or $56,800. Wang filed a complaint on July 16 that claimed he was lured into investing in cryptocurrency through an application by people he met online who promised guaranteed profits through a system loophole.

After the complaint was filed, the Criminal Investigation Bureau launched an investigation, and identified the suspects through multiple visits and inquiries. On July 23, police arrested suspects Zhai and Li in Zhengzhou City, Henan Province, and on July 25, suspects Wang and Li were arrested in Kaifeng City, Henan Province. The four suspects are now criminally detained on fraud charges, and the case is still under investigation.

China has enforced many bans on crypto activities, including trading and mining, with the latest Bitcoin ban in 2021 affecting virtually all crypto transactions. Despite this, the Chinese government allows the holding of crypto and protects local crypto investors as it recognizes crypto as virtual property protected by law. 

Chinese law enforcement actively cracks down on illegal crypto-related activities, with local police frequently uncovering operations. In December of 2023, the Chinese State Administration of Foreign Exchange busted an underground bank that used crypto to offer illegal exchange services. It moved over 15.8 billion yuan, worth about $2.2 billion, through more than 1,000 bank accounts across 17 provinces to buy crypto on overseas exchanges and provide yuan exchange services.

US Copyright Office Calls for Deepfake Legislation

Some crimes are also proving to be more difficult to deal with. The United States Copyright Office released the first part of a series of reports addressing legal and policy issues related to artificial intelligence and copyright law, with a focus on digital replicas which are more commonly known as “deepfakes.” 

The report was published on July 31, and calls for new federal legislation to address the challenges posed by digital fakery. The authors argue that the speed, precision, and scale of AI-created digital replicas necessitate very quick action to prevent serious harm in various sectors, including entertainment and politics.

The office is advocating for a law that is distinct from existing copyright infringement laws because of the very unique nature and potential harm of digital replicas. The report pointed out that both businesses and individuals can suffer serious financial, reputational, and personal harm from deepfakes. 

The proposed law will apply beyond the commercial market as it recognizes that people can also harm each other with deepfakes. It will be limited to an individual's lifetime, with separate laws potentially addressing estates and post-mortem infringement. Additionally, the law will target the distribution or making available of unauthorized digital replicas rather than the act of creation alone, except in cases where the creation was for nefarious reasons.

While the findings of the report are not legally binding, the Copyright Office advises the executive, legislative, and judicial branches on copyright matters. It is likely that Congress and future administrations will consider the report's recommendations. 

Future reports in the series will cover some other topics like the copyrightability of works created using generative AI, training of AI models on copyrighted works, licensing considerations, and allocation of potential liability.