ChainCatcher news, according to Bloomberg, the founder of the cryptocurrency mixing service Bitcoin Fog has been sentenced to 12 and a half years in prison for laundering tens of millions of dollars from the sale of illegal drugs on dark web markets.U.S. District Judge Randolph Moss sentenced 36-year-old Roman Sterlingov to 150 months in prison at the federal court in Washington. Prosecutors stated that Bitcoin Fog handled hundreds of millions of dollars in untraceable transactions, some of which came from known dark web markets. Roman Sterlingov was convicted of conspiracy to launder money, money laundering, and two counts related to operating an unregistered money transfer service.

ChainCatcher news, according to The Block, the co-founder of the cryptocurrency mixing service Samourai Wallet has been arrested. Prosecutors stated that they are suspected of laundering $100 million from Silk Road and other illegal markets. On Wednesday, Samourai CEO Keonne Rodriguez and CTO William Lonergan Hill were charged with operating Samourai Wallet.Prosecutors indicated that Samourai is an unlicensed remittance company involved in "over $2 billion in illegal transactions and facilitated over $100 million in laundering transactions for illegal dark web markets, including Silk Road." Rodriguez was arrested on Wednesday morning and will face a judge in Pennsylvania.It is reported that Hill was arrested in Portugal, and the U.S. is seeking extradition. Prosecutors stated that Samourai's web servers and domain name have also been seized, and the application can no longer be downloaded from the Google Play Store in the U.S. Rodriguez and Hill are charged with money laundering and unlicensed money transmission, with maximum sentences of 20 years and 5 years, respectively.

ChainCatcher news, according to The Block, Coinbase stated in comments submitted to the Financial Crimes Enforcement Network (FinCEN) on Monday that the U.S. Treasury's proposed rulemaking on cryptocurrency mixing fails to adequately address regulatory gaps while requiring crypto platforms to provide unnecessary data and resources. Coinbase stated that regulated crypto platforms are already obligated to record and report suspicious activities and illegal crypto mixing rules, but requiring crypto platforms to report all cryptocurrency mixing activities, including those with legitimate purposes, is not an effective use of company resources. The document also questioned the lack of a monetary threshold for record-keeping and reporting. Coinbase's Chief Legal Officer Paul Grewal wrote in an X post that the absence of a monetary threshold "will only lead to a large number of reports of non-suspicious transactions." Grewal stated, "Congress has indicated that this data dump is a waste of time and resources."Grewal stated in an X post, "If the Treasury wants to focus on this issue, they should help exchanges fulfill their existing obligations to report suspicious activities involving mixing. This is what the Treasury has done elsewhere, and specific guidance is more effective than mandatory bulk reporting rules." In light of these issues, Coinbase suggested that FinCEN should introduce a threshold to eliminate bulk reporting of small transactions. Coinbase also recommended that only record-keeping should be required, rather than reporting, to mitigate privacy and security risks.Coinbase's comments are a response to FinCEN's proposed rulemaking aimed at increasing the transparency of cryptocurrency mixing activities, which was introduced last October. Many illicit actors, such as North Korean hackers and Russian ransomware attackers, use crypto mixers for money laundering activities. While FinCEN stated in its proposal that such mixers may facilitate money laundering, it acknowledged that cryptocurrency mixing can be used for "legitimate and innovative purposes."

ChainCatcher news, according to Arkham monitoring, the hacker group Lazarus Group extracted $1 million worth of Bitcoin from its mixing pool and sent $150,000 worth of Bitcoin to a previously inactive address.

ChainCatcher news, Bitcoin Core developer Luke Dashjr posted on social media, "The discussion about OP_RETURN is not new; it dates back to 2014 when Bitcoin Core 0.9.0 was released, which included the OP_RETURN policy aimed at preventing more severe forms of spam. At that time, the default maximum data carrier size limit implemented by all nodes was 40 bytes; this has always been and remains sufficiently large for binding data to transactions (32 bytes for a hash, 8 bytes for a unique identifier). The subsequent increase of the default value to 80 bytes was a completely voluntary decision and in no way contradicts the design goal of OP_RETURN to create provably prunable outputs to minimize the damage caused by data storage schemes, which have always been considered abusive. There are also other good technical reasons why I choose to retain the lower default value of Bitcoin Knot, and there is no reason to increase it."Luke Dashjr stated that he and the OCEAN team have no intention of filtering coinjoin transactions. These provide an innovative tool for enhancing Bitcoin privacy, and when constructed correctly, coinjoins can easily stay within the OP_RETURN limit (in fact, they have no reason to have any OP_RETURN data at all). He has some personal ideas on how to mitigate the recent issues, namely that some coinjoin transactions were flagged as spam by Knots v25, and he is willing to leverage all his and his team's resources to sincerely collaborate on developing solutions.

ChainCatcher News, the U.S. Securities and Exchange Commission (SEC) has charged the cryptocurrency exchange Kraken with violating federal securities laws by mixing up to $3.3 billion of customer and company funds while operating as an unregistered broker, clearing agency, and dealer, stating that "Kraken sometimes holds more than $500 million in customer cash, and it also mixes some customer cash with its own cash; in fact, Kraken sometimes directly pays operating expenses from bank accounts holding customer cash."

ChainCatcher news, according to Scopescan data monitoring, several dormant addresses related to Mixin Kernel have transferred 3600 ETH (7.12 million USD) to a new address (starting with 0x077a8) and are preparing for ETH2 staking.

ChainCatcher news, Bitcoin financial services company Swan Bitcoin announced that it will ban user accounts that directly interact with mixing services. Swan Bitcoin explained that this change is due to pressure from its banking partners in light of proposed rules by the Financial Crimes Enforcement Network (FinCEN), which aim to require institutions facilitating transactions like mixing services to report relevant information.Swan Bitcoin co-founder and CTO Yan Pritzker stated that while the company itself has an open policy allowing mixing as a privacy service, it cannot provide deposit services to customers if it cannot work with compliant custodians and banks. Swan Bitcoin prefers to completely avoid risk rather than engage in investigative work.

ChainCatcher message, user @CryptoAlex_BOX posted on the X platform stating that Li Xiaolai responded to the Mixin incident in the community, pointing out: Recently focusing on addressing various residual issues from this incident; there is no 100% security, and various compromise solutions are being considered, new strategies will definitely be used in the future; the hackers took away more ETH, while BTC was relatively less, the ratio is significantly different, caused by the hackers; for the future management of BOX pegged assets, he will adopt new solutions.

ChainCatcher news, Mixin founder Feng Xiaodong stated in Mixin Messenger that the main stolen assets in this attack were Bitcoin, Ethereum, and ERC-20 format USDT. The compensation ratios for users are as follows: Bitcoin (90%), Ethereum (30%), ERC-20 format USDT (10%).Feng Xiaodong mentioned that the teams of other cryptocurrencies are preparing to use existing funds and borrow money to purchase the corresponding assets for 100% compensation. For the three tokens mentioned above, which had the largest amount of stolen funds, compensation will be calculated in USD bonds based on the price of the tokens on the day they were stolen, with priority given to compensating the victims of ERC-20 USDT.In addition, Feng Xiaodong also stated that the previous estimate of the loss being 200 million USD was due to the fact that Mixin, as a system designed primarily for privacy and decentralization, makes it very difficult to account for and recover assets, and it is impossible to determine the losses completely. Currently, only a portion of the lost assets has been recovered.

ChainCatcher message, Mixin has posted updates on the theft incident on social media: At the first moment of the incident, Mixin contacted Google and the blockchain security company Slow Mist for assistance in the investigation. After a few days, Mixin has completed most of the asset inventory work, and the situation is much more optimistic than expected. The losses are not as severe as estimated. Mixin reminds everyone to temporarily avoid trading, market making, and other operations on the Mixin Network to prevent unnecessary losses.In addition, Mixin stated that specific compensation rules will take some time.

ChainCatcher message, Mixin leaves a message on the chain for hackers, most of the assets on the Mixin platform belong to users, and hopes that the attackers can return the stolen assets. If the attackers choose to return the assets, they can leave 20 million dollars as a bug bounty and contact Mixin at bug@mixin.one to learn more about the reward details.

ChainCatcher message, Zhao Changpeng commented on social media about the Mixin theft incident: "Yesterday, a hacking incident occurred with Mixin. I am not very familiar with Mixin, but this is really puzzling. When a 'decentralized peer-to-peer network' with a database is hacked, it could lead to the loss of assets for half of the users. This indicates that not all projects claiming to be decentralized have truly achieved decentralization."

ChainCatcher news, Jiang Zhuoer, the founder of the Liebit mining pool, stated on Weibo that the theft of 200 million dollars from Mixin is quite suspicious, as the BTC in BOX should not have been stolen.Jiang Zhuoer mentioned that the BTC in BOX, since it is a long-term investment and not circulating, should normally exist in a cold wallet. If the server was hacked, it is possible for coins that are circulating, like BOX and XIN, to be stolen from a hot wallet, but it is impossible for the BTC in a cold wallet to be stolen. However, now BTC has been stolen, while BOX and XIN have not? Moreover, the operating party announced a 50% compensation without waiting for the investigation results, and the source of the compensation amount is questionable.

ChainCatcher news, according to reports from the security shield, as of September 25, 2023, the top ten hacker attacks of the year include Mixin (loss of $200 million), Euler Labs (loss of $197 million, hackers have returned the funds), Vyper/Curve (loss of $73.6 million, hackers returned $52.3 million), CoinEx (loss of $70 million), Atomic Wallet (loss of $65 million), Stake (loss of $41 million), CoinsPaid (loss of $37.7 million), Poly Network (loss of $26 million), low-carb-crusader (loss of $25 million), and phishing targeting whales (loss of $24 million). Mixin is the largest crypto hacking incident so far this year.