In today’s bitcoin and cryptocurrency news, know about an issue in the most recent version of Arbitrum, an Ethereum scaling network, was uncovered by a white hat hacker, and it might have resulted in the theft of more than $530 million. Meanwhile, due to the decentralized nature of cryptocurrencies, their supporters have generally been staunchly opposed to the idea of regulation. To restore people’s faith in cryptocurrency, anti-money-laundering and know-your-customer measures must be implemented immediately. Finally, in the United States, Canada, and the United Kingdom, tax authorities are increasingly using their summons powers to compel cryptocurrency exchanges to share customer data. This is in contrast to the rest of the world, where information on taxpayers with cryptocurrency assets is difficult to obtain.

The Ethereum-Draining Bug in Nitro Upgrade Was Fixed by a Hacker

Original Source: Hacker Saves Abritrum From Ethereum-Draining Bug in Nitro Upgrade

A white hat hacker identified a problem in Arbitrum’s newest upgrade that might have stolen $530 million.

OffChain Labs rewarded 0xriptide with 400 ETH (about $530,000) for sharing the discovery.

Arbitrum released Nitro on August 31 in preparation of Ethereum’s switch from proof-of-work to proof-of-stake.

0xriptide immediately began searching Arbitrum Nitro’s code for weaknesses, according to a blog post.

Ethereum scaling networks like Arbitrum avoid the Ethereum mainnet’s poor performance and high transaction fees by “rolling up” a large number of transactions on a secondary chain and relaying them as a single transaction. Increasing Ethereum transaction speed and affordability can expose consumers to problems.

0xriptide uncovered a hole in the bridge between Ethereum mainnet and Arbitrum Nitro that allowed hackers to change Arbitrum’s destination address. Any Ethereum funds earmarked for Aribitrum could be rerouted to a hacker’s wallet.

According to 0xriptide, a hacker might have used the issue to suck from Arbitrum’s incoming deposits. Over 400,000 ETH, or $534 million at the time of writing, migrated into Arbitrum from Ethereum between Artibrum Nitro’s introduction in late August and when 0xriptide notified OffChain Labs of the flaw.

The greatest single deposit to Aribtrum in the recent three weeks was 168,000 ETH, or $225 million. No hacker exploited the issue, and Arbitrum suffered no attacks.

Cross-chain bridge attacks are widespread in Ethereum scalers like 0xriptide. Lazarus Outfit, a North Korea-affiliated hacking group, stole $622 million worth of ETH from play-to-earn game Axie Infinity in March. In June, the same group stole $100 million from Harmony Protocol’s Ethereum sidechain bridge.

OffChain Labs sent 0xriptide 400 ETH, or $530,000, the web3 bug bounty platform ImmuneFi.

0xriptide thanked the Arbitrum team for the 400 ETH incentive and for their L2 implementation.

The hacker may now regret their discoveries. They tweeted on Tuesday that Arbitrum might have been more generous given the money saved.

Reasons Why Crypto Companies Require Anti-money Laundering Rules

Original Source: Opinion: Why crypto businesses need anti-money laundering regulations

In the past, cryptocurrency regulation was opposed. A bitcoin subreddit post from four years ago on crypto regulations shows that introducing security restrictions was viewed negatively.

Much has changed in cryptocurrency since then. Crypto fraud and Ponzi schemes like OneCoin have mocked bitcoin and pushed for regulation.

People behind crypto platforms seek legislation to prevent fraud in the business.

Why is crypto regulation important? Here’s how to comply.

Why crypto needs rules

Gary Gensler, chair of the US Securities and Exchange Commission (SEC), told the Financial Times last year that crypto platforms need regulation. In recent years, cybercriminals have favored crypto platforms.

Satoshi Nakamoto created bitcoin after the 2008-2009 financial crisis to avoid state-controlled financial systems. But philosophies change with environments.

According to the FTC, in the 14 months to Q1 2022, fraudsters took $1 billion from 46,000 consumers in crypto-scams. The decentralized blockchain architecture on which cryptocurrencies are based is ideal for money laundering and cybercrime.

Blockchain analytics startup Chainalysis tracks ransomware payments in crypto. The company’s 2022 report on ransomware payments showed more than $692 million in 2020, almost doubling the previous year.

Money laundering: Chainalysis documented a 1,964% rise in cryptocurrencies laundered through DeFi protocols, or nearly $900 million.

Crypto would benefit from regulation even without cybercrime.

In an interview with the Financial Times, Gensler summed up the issue. “At $2 trillion in value worldwide, if it’s going to have any importance five and 10 years from now, it’ll be within a public policy framework,” he said. History shows it doesn’t last long outside. Trust is at the heart of finance.”

Regulations for cryptocurrencies

A recent DIFC Fintech conference presented intriguing views on legislation and cryptocurrency.

Some 95% of regulators are working on crypto regulations.

The crypto business wants clear laws because it believes they will boost the industry.

When Binance instituted KYC verifications, 96% of customers complied.

The SEC fined 2021 digital asset market participants $2.35 billion.

In 2021 SEC enforcement proceedings, 65% accused fraud, 80% alleged unregistered securities offering violation, and 55% alleged both.

The FATF recently categorized virtual asset service providers as cryptocurrency exchanges, stable coin issuers, DeFi protocols, and non-fungible token (NFT) marketplaces.

This definition sets the tone for rules and directives to follow. As a result, the worldwide prognosis for crypto laws is bright and developing.

The UK and US are establishing crypto legislation, for example. The UK’s HM Treasury says: “HM Treasury expects financial crime including anti-money laundering rules to apply to all wallets and issuers and that they will also have to register under AML [anti-money laundering] registration for their activities related to all sorts of crypto-assets.”

United Kingdom Tax Authorities Share America’s Passion for Crypto Trading Data

Original Source: U.K. Tax Authorities Join the U.S. in Zeal for Crypto Trading Data

Second in a series on U.S. and international cryptocurrency taxation

Tax authorities throughout the world are straining to get information on taxpayers with cryptocurrency assets, but in the U.S., Canada, and U.K., officials are increasingly using summons powers to compel cryptocurrency exchanges to reveal client data. The IRS’s pursuit for cryptocurrency-related taxpayer information in the U.S. shows no indication of ending. In August, the IRS won judicial clearance to serve cryptocurrency-related John Doe summonses on SFOX. The corporation must give information on U.S. taxpayers who spent $20,000 or more on cryptocurrencies between 2016 and 2021.

The IRS has been a pathfinder in its six-year pursuit for Bitcoin tax data. In 2016, the IRS filed a John Doe summons against a cryptocurrency exchange. It’s Coinbase. It wasn’t obvious whether other countries would follow the IRS’s lead. Since then, several English-speaking countries have sued cryptocurrency exchanges. Varied countries have different norms, as these summonses show.


The IRS may be losing billions of dollars due to cryptocurrency’s anonymity and misunderstanding over tax reporting obligations. U.S. bitcoin tax deficit estimated at $50 billion.

The IRS has a strong data-gathering tool. Internal Revenue Code section 7609(f) authorizes the IRS to seek a John Doe summons to investigate a taxpayer or group of taxpayers whose identities are unclear. These summonses must pass three tests.

The summons must involve a specific person or group;

There’s reason to believe the person or group broke a tax law;

Information and identities sought from summoned records must be unavailable elsewhere.

This implies the IRS must have a plausible cause for suspecting bitcoin users haven’t paid income taxes. This standard is tough.

The IRS must need the information. IRS advice states that a John Doe summons cannot be used for “fishing.” Investigators should have finished their research before seeking a summons for a specific compliance violation. Using the information they acquire, they must also investigate taxpayers’ tax liabilities. (IRM, “John Doe Summons Statutory Requirements”)


Canada is slower than the U.S. to summon cryptocurrency exchanges. In March 2021, the Canada Revenue Agency got judicial approval for its first cryptocurrency-related third-party request on Coinsquare. Coinsquare is the CRA’s first and only publicly known cryptocurrency-related request, but it’s notable since its information-seeking criterion is different than the IRS’s.

Unlike the IRS, the CRA does not need a reasonable basis to believe taxpayers are noncompliant when submitting an unnamed people requirement. The CRA wanted to know if Coinsquare’s customers were paying taxes, but it didn’t suspect fraud.

The CRA wanted Coinsquare to:

List of current and inactive customer accounts held alone or jointly

A list of crypto and fiat transfers. CRA also requested:

source, destination of deposits and withdrawals;

fiat or cryptocurrency transferred;

transaction dates and times;

Coinsquare aggregates cryptocurrency addresses and bank accounts for deposits and withdrawals.

A list of Coinsquare’s customers’ over-the-counter and off-exchange trades and cryptocurrency addresses.

The CRA didn’t get enough. After negotiating with Coinsquare, it agreed to limit its request to Coinsquare’s largest and most active accounts with at least C $20,000 in deposits. The CRA’s history suggests that bitcoin users with Canadian accounts should expect government scrutiny, even if no criminality is suspected.


British authorities have more experience and a wider net for bitcoin data demands than the CRA. HM Revenue & Customs reportedly contacted Coinbase, eToro, and CEX.IO for user data in 2019. Gherson LLP submitted a freedom of information request with HMRC over bitcoin data harvesting. HMRC said in its FOI request that it used international conventions to get information from overseas crypto exchanges.

Cryptotaxes are changing

As governments navigate the opaque world of cryptocurrencies, it’s evident there’s no consistent standard for the data taxing authorities can request from cryptocurrency exchanges. Countries have distinct strategies. The mobile and cross-border nature of cryptocurrencies requires different techniques.

Taxing jurisdictions’ legal rights to customer data are unclear. Given the growing precedents, taxpayers with bitcoin accounts should not expect protection. They should expect tax authorities to find their transactions and consult an international tax specialist to handle their reporting requirements.

Summary of today’s Bitcoin and Cryptocurrency news

To put it simply, the worth of their finding, though, might have caused the hacker to change their mind. They tweeted on Tuesday that given the hundreds of millions of dollars saved, Arbitrum could have been more benevolent.

Meanwhile, financial institutions need to get ready by employing the necessary skill sets, establishing the essential platforms, and having the proper controls in place to comply with the new requirements as the reach of AML and KYC legislation for crypto transactions notably expands around the world.

Finally, whether or not taxation jurisdictions have a legal authority to demand access to customer data is a topic of much debate. Investors in cryptocurrencies should not assume any privacy in their purchases or sales given the growing body of precedents. Instead, companies should consult a seasoned international tax professional for guidance as they negotiate their reporting requirements and prepare for the possibility that tax authorities will uncover their transactions.