Crypto Critics' Corner

,

Episode 107 – Harmony Horizon Exploit, Lazarus Group, and Cryptocurrency Bridges

Harmony Horizon Exploit, Lazarus Group, and Cryptocurrency Bridges Crypto Critics' Corner

Bennett and Cas revisit the Harmony Horizon bridge exploit from last year, discuss why the Lazarus Group is targeting cryptocurrency so much, and go over the billion plus lost on cryptocurrency bridges over the past year. Special thanks to ZachXBT, who uncovered the movements of Lazarus exploit funds as they were happening.

Cas Piancey and Bennett Tomlin discuss the hacks of Wormhole, Harmony, and the inappropriate backing of Binance tokens.

This episode was recorded on January 25th, 2022.

Other episodes mentioned in this episode:

Other resources mentioned in this episode:

Where to find Crypto Critics’ Corner:

Subscribe to get each episode delivered to your inbox:

We also have a Discord Server you can join here.

English Transcript:

00:00:05:00 - 00:00:12:04
Cas Piancey
Welcome back, everyone. I am Cas Piancey. I'm joined, as usual by my partner in crime, Mr. Bennett Tomlin. How are you today?

00:00:12:04 - 00:00:12:21
Bennett Tomlin
I’m doing well. How are you?

00:00:12:21 - 00:00:34:22
Cas Piancey
Guess tired. Drinking some coffee? It's pretty late for it, but I need it today. We are going over something that we didn't go over previously, which I found interesting. We've. We have talked about wormhole. We did a full episode on that though at the time I don't think we understood who had done it or what what it was about.

00:00:35:13 - 00:00:36:26
Bennett Tomlin
We still don't know who's done wormhole.

00:00:36:27 - 00:00:55:21
Cas Piancey
Right but we didn't. Yeah, we it's I guess it's just very curious to me that one was so big. The other big one that we've mentioned in other episodes is definitely a Axie Axie Infinity Ronin Network. They got hacked for the biggest bridge hack ever. That was also last year, I believe. So two of the biggest hacks ever last year.

00:00:55:21 - 00:01:21:18
Cas Piancey
And we also had over a billion in bridge hacks alone in 2022. So it was a crazy year. But today we're talking about harmony because they're in the news again, the Horizon Bridge on the Harmony Blockchain, which happened last year. Again, one of the bigger ones, roughly $100 million. And basically this was done. It's been confirmed by the Lazarus Group, which also did the Ronin Network, if I'm remembering correctly.

00:01:21:18 - 00:01:22:08
Bennett Tomlin
That is correct.

00:01:22:08 - 00:01:30:29
Cas Piancey
They're moving these funds and that's why we're going to talk about it. Let's get started with what actually happened last year to the Horizon Bridge.

00:01:31:00 - 00:02:12:18
Bennett Tomlin
Their bridge might many so-called bridges was a glorified multi-signature wallet. And it seems what happened is their private keys got compromised is what we knew up until a few days ago when the FBI issued their reports confirming that the Lazarus Group was behind this hack and detailing a little bit more about how they did it. In some respects, it was very similar to the 2015 Bitstamp Hack or what we believe happened with the 2016 Bitfinex Hack, where it was a spear phishing attack with well designed malware exploits that once the user opened in them on their system, would then be able to compromise and get the private keys.

00:02:12:18 - 00:02:22:26
Bennett Tomlin
It seems Lazarus Group was able to successfully spearfish enough key holders harmony to be able to compromise the bridge and withdraw a whole bunch of assets.

00:02:22:26 - 00:02:42:28
Cas Piancey
And to be clear, their multisig was composed of if I and I believe I'm getting this correctly, I don't know what the deal is now. I know they're still kicking somehow. I believe there were four multi sigs and you basically just need to compromise two of those multi sigs to compromise the bridge itself, which ultimately is what happened.

00:02:42:28 - 00:03:06:18
Cas Piancey
Right. So they they compromised this chain. This chain is, as you said, Ethereum, Binance, smart chain. We got this $100 million that was moved into numerous, numerous coins. It was in USD, it was in Ethereum, it was in wrap bitcoin. But they transferred. If I'm and again, hopefully I'm getting this correctly they immediately transferred all of it into a theorems that right I.

00:03:06:18 - 00:03:34:03
Bennett Tomlin
Think they swapped at least the majority of it pretty quickly into a theorem. They especially had to make sure they did that with the centralized stablecoin circling tether in those because those can be frozen by the issuer. Right. And so I know those were quickly swapped for Ethereum. I don't know if all of the assets were immediately swapped for Ethereum, but broadly, their goal was to get them into Ethereum because Ethereum is harder to freeze or stop.

00:03:34:03 - 00:03:48:08
Cas Piancey
Ultimately, they got this Ethereum, they did tornado cash. They basically mixed it, right. They mixed this Ethereum at some point after stealing it. But people were still or or did they not? Was that just recently?

00:03:48:08 - 00:04:11:15
Bennett Tomlin
So I don't think they did use tornado cash. And I think the Germany hacker did before their recent little thing that we're about to get to. They did pass it to Railgun, which is a chain hopping, zero knowledge privacy protocol. And then they started moving it on to a whole bunch of different exchanges, including notably will be which is which is run by Justin Sun.

00:04:11:17 - 00:04:18:17
Bennett Tomlin
They won't say it's run by Justin Sun, but holy shit, it's run by Justin Sun. Can we all just agree it's run by Justin Sun.

00:04:19:02 - 00:04:22:18
Cas Piancey
I mean, I think even Justin Sun is ready to admit that now, right?

00:04:23:08 - 00:04:54:07
Bennett Tomlin
Kind of thing. So you'll half admit it. Yeah. And so tens of millions of dollars were transferred on will be and then immediately transferred off and then sent to a whole bunch of different addresses and I think mixed again before then moving under some other exchanges. So what they were clearly trying to do with this quick move through will be, as this exchange was, to try to add this extra level of mixing to their asset because as it goes into the wallet and then out of the wallet into these other addresses, these coins are fungible.

00:04:54:09 - 00:05:10:04
Bennett Tomlin
The Ethereum, in a single EOA account is fungible. All of it's going in and it's coming out. It's not like Bitcoin where you can track specific unspent transaction outputs. And so by sending it to the exchange, it immediately withdrawing, you're helping confuse the path of the funds.

00:05:10:04 - 00:05:29:27
Cas Piancey
We basically had this major hack for roughly $100 million, I believe in total it was actually $99.7 million worth of assets at the time. So this happened in June of last year. This is pretty interesting to me that what happened was they drained a bridge for all of its assets or most of its assets, roughly $100 million at the time.

00:05:29:27 - 00:05:42:23
Cas Piancey
They did some coin hopping maneuvers. They consolidated their assets. And now we're seeing eight months later, North Korean hacking group Lazarus is now doing something with them. I guess a bunch of it was frozen.

00:05:42:24 - 00:06:01:22
Bennett Tomlin
I want to say like 150 Bitcoin worth got frozen, which would be a chunk of it, but certainly not the whole thing. I think ZachXBT who we've had on the show before identified at least 26.4 million, which was pulled off of hobby after being deposited in there. And so that part definitely was not frozen. And we're saying frozen.

00:06:01:22 - 00:06:28:28
Bennett Tomlin
We really more say seized rate like will be took possession of these assets before they could be withdrawn by the hacker. And then what we saw after their mixing and stuff is they left to Obi was them trying to get it to a bunch of other like small OTC desk, small exchanges. And so it looks like Lazarus Group is trying to convert cryptocurrency into Dirty fiat to fund their missile program, their nuclear program.

00:06:28:28 - 00:06:33:11
Bennett Tomlin
That seems to be what some reporting has suggested the Lazarus Group funds are used for.

00:06:33:12 - 00:07:09:01
Cas Piancey
So I just did the math. You said roughly 150 Bitcoin. I think that amounts to at right now current prices. I'm suggesting that what it's 22,000 I haven't checked its recently probably. Right so I'm just saying 22,000. That's that's we'll just go with three and a half million dollars. So that's a 3.5% fee if they got the rest off of Huobi and were able to move it, that is a 3.5% transaction fee for being able to move the rest of these funds, these illicit funds for them, hopefully, I guess.

00:07:09:01 - 00:07:29:12
Cas Piancey
Right. If they're if the idea was to do this is to be able to exchange that for either U.S. dollars or services of some kind. I don't know what services you could get with actual Ethereum, but I would think you would be trading this for U.S. dollars yuan or some other like currency that you could then buy goods from.

00:07:29:12 - 00:07:47:06
Cas Piancey
Any allies that you have if they got the rest of those funds off of will be I don't think the story is will be freezes 3.5% of the funds. I think the story is they moved 97% of their funds. But did they move all of the all of the money on to Obi or just a small chunk?

00:07:47:07 - 00:08:12:29
Bennett Tomlin
I am honestly not sure. And part of the issue here is these quote, these hacks are always quoted in dollar amounts rate, but it eventually became Ethereum and whatever else. Right. And that asset is volatile. And so I don't know how much of the numbers we're seeing were changed because the price of Ethereum has fallen and how much might be them moving other funds through other avenues that they weren't trying to mix or obscure through what rate?

00:08:12:29 - 00:08:36:09
Cas Piancey
I'm going through Zack's work, which is great. We also this friend of the show, we've had him on. So I you know, I urge anyone who isn't already following ZachXBT on Twitter, obviously, go ahead and do that. They were able to withdraw, according to Zach, $38 million worth the worth of Bitcoin, which is 10% of the total was frozen is what we can say, which is better than nothing.

00:08:36:09 - 00:08:56:13
Cas Piancey
I don't know. Not great. But still, again, like I'm saying, the story doesn't seem to be Huobi seizes all of all of this cryptocurrency and does a good job of stopping the North Korean hackers from deploying their capital. It seems to me like the story is North Korean hackers are able to obfuscate majority of the funds they put on will be.

00:08:56:13 - 00:09:09:00
Bennett Tomlin
Yeah, and I think something I might have not fully appreciated here did they swap will be did they transact because they came in with Ethereum and came out with Bitcoin, right.

00:09:09:00 - 00:09:09:10
Cas Piancey
Yeah.

00:09:10:02 - 00:09:18:18
Bennett Tomlin
So they didn't just like hit the exchange and then withdraw. They hit the exchange transacted, sold this Ethereum into bitcoin and then pulled it.

00:09:18:18 - 00:09:44:09
Cas Piancey
Out which is definitely worse for will be also worth pointing out he he shows an example we'll link to it but he shows an example of the Lazarus Group chain hopping funds and the example he shows is Bitcoin to Avalanche. We've never talked about that on the show, but that is another blockchain. So Bitcoin to Avalanche, to Ethereum, to BitTorrent, which is not something you would necessarily suspect to Tron.

00:09:44:16 - 00:10:07:26
Cas Piancey
And BitTorrent and Tron are both Justin Sun coins, so I don't know, like they're relying on a Justin Sun exchange and then they're chain hopping too to Justin Sun cryptocurrencies like it seems like the terrorists and criminals are enjoying the concepts that Justin Sun is building out.

00:10:07:26 - 00:10:34:28
Bennett Tomlin
Yes, we did an episode on Justin Sun. You and I have very strong opinions and Justin Sun I certainly do. And it is strange that they chose Huobi to do this. I don't think it's that strange that like to Justin Sun coins were involved in this chain hopping. My understanding is that how this privacy protocol is supposed to work is you move the whole bunch of chains to try to obscure it as much as possible.

00:10:35:14 - 00:10:37:18
Cas Piancey
But yeah, I get that too. I get that.

00:10:37:23 - 00:10:50:21
Bennett Tomlin
Was a little weird, but yeah. No, you're right. Broadly that like Justin Sun has ended up whether knowingly or unknowingly providing useful infrastructure for criminals. And I think that's kind of the question right, knowingly or unknowingly.

00:10:50:29 - 00:10:55:01
Cas Piancey
I'm interested in why they would use BitTorrent particularly to chain up. I don't because.

00:10:55:01 - 00:10:55:05
Bennett Tomlin
It's.

00:10:55:17 - 00:11:00:00
Cas Piancey
I don't suspect that I don't suspect that BitTorrent is getting a ton of volume.

00:11:00:00 - 00:11:00:19
Bennett Tomlin
It did change.

00:11:00:19 - 00:11:02:16
Cas Piancey
I guess maybe I'm wrong. Right.

00:11:03:13 - 00:11:08:18
Bennett Tomlin
My understanding is it's a dead chain. No real development, very little use.

00:11:08:19 - 00:11:15:08
Cas Piancey
Trading volume 15, 15 and a half million. I mean, in the scheme of things, that isn't very much and it seems like on chain.

00:11:15:08 - 00:11:18:20
Bennett Tomlin
Volume, like people actually transacting with it I think is.

00:11:18:20 - 00:11:19:13
Cas Piancey
Yeah, that's true.

00:11:19:19 - 00:11:20:00
Bennett Tomlin
For.

00:11:20:08 - 00:11:22:20
Cas Piancey
Probably nothing. Yeah, probably nothing.

00:11:22:20 - 00:11:30:09
Bennett Tomlin
And so I was just looking back, I think it was Binance who ended up being the one who froze those bitcoins we were previously discussing.

00:11:30:09 - 00:11:53:23
Cas Piancey
It almost exclusively trades on Justin Sun exchanges, 30% of it of its volume is on Poloniex and Huobi, and the rest is just spread out between a bunch of other things. But again, this points to the idea of like, I don't know, maybe, maybe that suggests that when they're chain hopping, those are the cheapest chains for them to transact in.

00:11:53:26 - 00:12:02:02
Cas Piancey
Well, okay, that's why they're willing to do that. Is that because the volume doesn't benefit them? We understand that on chain volume certainly doesn't benefit.

00:12:02:10 - 00:12:34:19
Bennett Tomlin
They have only kept the barest of looks at BitTorrent since Justin's then acquired it and I just checked it out again. And it seems part of its own purpose is to serve as some kind of cross-chain infrastructure, like their advertising is the chain connecting the chains. And so now I wonder if the reason it was used is because it is useful for chain hopping, specifically because of how it's built, which again I haven't kept that much up on because it's Justin Sun doing just insane bullshit.

00:12:34:19 - 00:12:58:07
Cas Piancey
I'm wondering if if our perception of Justin Sun has been, I guess, misguided insofar as perhaps a lot of the stuff he's doing is quite deliberate and the crowds that he's attracting are exactly who he wants to. Also, I see him getting a lot more praise as he still exists, even in the cryptocurrency industry, which I think is funny.

00:12:58:07 - 00:13:03:17
Cas Piancey
Like I feel like everyone's just giving him props because he hasn't been arrested yet.

00:13:04:06 - 00:13:20:26
Bennett Tomlin
Continued existence is now the standard for excellence in cryptocurrency. The bar is so low. Have you been in over the last two years? Not yet been indicted and are still currently breathing? You're a hero. Yeah.

00:13:21:11 - 00:13:34:05
Cas Piancey
This is it's funny because it's like I'm reflecting on it. I'm like, literally, though, like the fact that dope on has been charged but is not sitting in a prison cell. People are like, celebrate him, celebrate this man. And it's like, I'll.

00:13:34:05 - 00:13:39:10
Bennett Tomlin
Davison's you see, we're trying to raise 25 million to do whatever it is they're doing.

00:13:39:10 - 00:14:04:02
Cas Piancey
It's a comedy. It's a fucking comedy. I just wonder if a lot of this is very deliberate and as much as, like, it clearly attracts the wrong kind of attention right here we are talking about an known North Korean hacking group that's done insane things before, like they literally almost were able to hack the the Fed. Do you do you know that story?

00:14:04:03 - 00:14:05:10
Cas Piancey
Have we talked about that before?

00:14:05:16 - 00:14:16:28
Bennett Tomlin
I don't think we've talked about it. I do remember that they like broadly North Korea switched from trying to rob banks to robbing cryptocurrencies because it was so much easier to get the cryptocurrencies.

00:14:16:29 - 00:14:45:26
Cas Piancey
35 fraudulent instructions were issued by security hackers via the Swift Network to illegally transfer close to $1,000,000,000 from the Federal Reserve Bank of New York belonging to a Bangladesh bank. The Central Bank of Bangladesh. These guys are clearly quite talented and able to steal money almost. They they did steal and they didn't steal billion dollars, but they did steal money essentially from not only the Central Bank of Bangladesh, but the Federal Reserve of New York.

00:14:45:26 - 00:15:10:29
Cas Piancey
So it's kind of crazy that, like you said now they've just moved on to like, oh, you mean we can steal like ten times as much by just hacking these civilian networks instead that aren't protected and have all of their code open source and haven't checked for errors and are simple multisig that we can break. I don't know.

00:15:10:29 - 00:15:26:07
Cas Piancey
It's troubling to me that I would be worried if I was just in sun. And it's funny. I kind of figured that we wouldn't be discussing bridges in 2023, but I think this is going to come up like they're not going away. They're not going away and this is going to come up again.

00:15:26:08 - 00:16:00:18
Bennett Tomlin
Yes, it absolutely will. I mean, there's two more we intend to discuss in this episode alone. But I do think there is kind of an interesting dynamic I want to focus on here. One of the other bridges we want to discuss is wormhole, which we discussed in the past and at the time was one of the largest cryptocurrency hacks ever, with about 300 million being taken out of the bridge that hacker had since swapped basically all of it into ether and has now started this absurd process of going, levered long and staked ether.

00:16:00:29 - 00:16:28:22
Bennett Tomlin
So they swapped their ether for wrapped, staked ether or die against that. Use that to buy more staked ether wrapped that burrowed more die against that use that to buy more staked ether wrapped that burrowed more die against and use that to buy more staked ether. Until the hacker of the Wormhole Bridge has ended up as the fifth largest holder of staked ether.

00:16:28:22 - 00:16:58:03
Bennett Tomlin
And the reason I'm bringing this up is one it's wild to watch this hacker just go leveraged long on stick to theorem but also because it illustrates something we talked about back in our episode about the 2016 Bitfinex hack when we were talking about Russell, Con and Dutch. It's hard to cash out cryptocurrencies. These groups do it like Lazarus Group works with a variety of money launderers around the world to be able to make these conversions and to eventually get this into cash.

00:16:58:03 - 00:17:29:13
Bennett Tomlin
But it is challenging for these hackers to get the majority of their funds out in usable currency. And so we see them take these moves where they end up more in the cryptocurrency ecosystem. Right. Because it is so challenging to cash out. And I think this wormhole hacker behavior of leveraging long in into the cryptocurrency ecosystem is an interesting contrast to the Harmony Bridge hacker who just keeps mixing in chain hopping, mixing in chain hopping and sending to rogue desks and exchanges to cash out what they can't.

00:17:29:21 - 00:17:35:26
Bennett Tomlin
And so, like, it looks to me like they're probably two pretty distinct groups with different motivations.

00:17:35:26 - 00:18:12:17
Cas Piancey
It's fascinating as well that like, yeah, as you said, okay, so one of them is like becoming this whale and the other it's like it's wild because it's almost like the Lazarus Group is poisoning wells as it goes to these different places to cash out. Who's going to pay a responsibility, right. If they cash out money, if they're able to move money through these exchanges and they're able to cash out into something either less transparent or more obfuscated or however they make it work for themselves or straight up cash, who is going to have to bear that burden?

00:18:12:17 - 00:18:16:01
Cas Piancey
And I suspect it's the exchanges and the people who work with them.

00:18:16:01 - 00:18:44:10
Bennett Tomlin
I think poisoning the well was a really interesting way to put it, because you'll remember from when Tornado Cash was added to the list of effect sanctions, one of the justifications is that Lazarus Group had used tornado cash in the past. And so now any other mixer, they end up using any of these privacy protocols they end up passing their coins through, are potentially future targets of the global U.S. sanctions regime.

00:18:44:10 - 00:19:05:25
Cas Piancey
It's a tough position to be in. And I'm not in a sense I am. But I mean, jeez, what are you supposed to do? I don't know what you're supposed to do. I don't know how you're supposed to deal with that in any meaningful sense. Clearly, if Sisi and Justin Sun, two of the biggest names in the industry, are working together to try to stop these guys from using their exchanges and yet they're able to move.

00:19:06:11 - 00:19:23:17
Cas Piancey
I don't know how 90% of their money is still into and out of places like Huobi. I mean, I don't know. I don't know what you do. I don't know how you solve that. That seems like a potentially very serious problem for a centralized exchange, I think.

00:19:24:04 - 00:19:51:20
Bennett Tomlin
And there have been cases of this in the past, especially with like U.S. domiciled exchanges where there have been prohibitions or limitations on people depositing, using coins that were recently mixed. It's not necessarily common or universal, but you can dig through Reddit or the old forums and find exchanges basically saying you're set to withdraw only you deposited from this mixer.

00:19:51:25 - 00:20:15:06
Bennett Tomlin
We don't want to do business with you anymore. I think that it is possible that is going to become a more common compliant strategy for exchanges to just reduce some of that risk. Then you can track the known hot addresses and the hot coins and reduce the risk that those are going to quickly be mixed, deposited and then withdrawn.

00:20:15:20 - 00:20:29:18
Bennett Tomlin
Right, because you're not going to let them take those out once you see them come from the mixer. Right. And so potentially, I think that there's going to be more pressure on exchanges to take more proactive steps like that.

00:20:29:19 - 00:20:52:22
Cas Piancey
So I think that's maybe accurate. But but my issue I guess my issue with it is that I think and we see this with banks as well. We see this with all kinds of platforms. I think in L.A., even clubs and stuff are like basically what I'm going to suggest is that there's a you understand there's rules that are going to be broken and fines that you're going to have to pay.

00:20:53:01 - 00:21:25:26
Cas Piancey
And literally as a part of your budget. And I suspect this is at every center. Again, every centralized cryptocurrency exchange, a part of your budget is just designated. Okay, these are the fines we're expecting to pay for the next year for breaking OFAC sanctions, for offering unregistered securities, for whatever. Right. And there's a tradeoff that you're making because you're like and we're paying maybe $100 million in fines, but we're going to make $300 million from offering all this stuff and breaking all these rules.

00:21:26:03 - 00:21:50:13
Cas Piancey
So who cares? And I think that having the volume, allowing these tradable markets and allowing people to do a certain amount of KYC, free trading on your platforms, like it's always going to be an easy and attractive option to these business owners, I think is my way of putting it, especially if the potential penalties that they're paying are simply fines.

00:21:51:02 - 00:22:13:09
Bennett Tomlin
And I think this is kind of what it comes down to. If there is ever meaningful enforcement against offshore exchanges by the United States, are they going to be looking for like death penalties? Take these places out, like these people up, kind of things? Or are they going to be willing to take large fines and settlements and things like that?

00:22:13:09 - 00:22:33:16
Bennett Tomlin
In theory, like you would think that the differentiator between those two types of cases should be whether or not the exchange was making a good faith effort. And so things like exchanges collaborating to freeze bad assets and collaborate with the Department of Justice on that is probably going to make it more likely you get a fine rather than a death penalty.

00:22:33:24 - 00:22:53:26
Cas Piancey
I think that's a fair assessment. And again, reason for me to suspect that we're not going to see meaningful transitions or changes to plenty of these exchanges. While we might see more from a few or maybe even these major exchanges like Binance have been kind of forced to, I think overall. That's right. I like that. It isn't the design.

00:22:54:12 - 00:22:58:04
Cas Piancey
That's not the that's not going to drive potential business to you.

00:22:58:09 - 00:23:02:24
Bennett Tomlin
And the note of Binance if I can take over for a second.

00:23:03:09 - 00:23:03:26
Cas Piancey
Yeah, please.

00:23:04:15 - 00:23:30:22
Bennett Tomlin
Binance kind of has their own bridge. It's not really a bridge, but Binance issues 94 tokens on Binance Smart Chain that are supposed to be backed by tokens from other chains and things like that. It's basically a bridge, except they're more open about it being administered by Binance and a few days ago, Bloomberg reported that for dozens of these coins.

00:23:31:06 - 00:24:04:07
Bennett Tomlin
Well, that's right. They had not been keeping the collateral for them separate and then it instead been co-mingling it with client funds in cold wallets. This comes after data innovation confirmed that Binance pegged USD issued under Binance Chain was regularly not backed by adequate collateral in the wallet that was supposed to have it. So there's a couple of things going on here that I think are really important to draw attention to, and then something that's kind of really determine when to pull this towards.

00:24:04:15 - 00:24:34:06
Bennett Tomlin
But one this suggest operational issues and shortfalls because they were not making sure that they had the assets in the right places before these tokens were being issued. And to Binance chain to these assets were being stored in these cold wallets. Binance is proof of reserves. That was done in December by managers who no longer does cryptocurrency work, compared the balance in the Binance called Wallets to user liabilities to prove they were fully reserved.

00:24:34:07 - 00:25:05:00
Bennett Tomlin
These B tokens are not customer liabilities, but the assets for them were stored in these called wallet. So the assets were overrepresented in the liabilities were underrepresented in this analysis for the proof of reserves. So we've got co-mingling of client and corporate funds, which is already problematic. We have them having these corporate assets in there for the proof of reserves, and we have them just not having evidence of having adequate collateral for these.

00:25:05:00 - 00:25:35:09
Bennett Tomlin
And well, I was looking into this. I read the Binance's proof of reserves report again and I noticed there was 2150 times as much USDC in reserves as they needed to cover user liabilities. They had about $1 million in total user liabilities and well over 2 billion USDC on hand when this report happened. The reason for this seems to be that they announced they were going to be converting all USDC deposits into BUSD.

00:25:35:22 - 00:26:08:11
Bennett Tomlin
Hmm. But they needed to keep enough USDC on hand to be able to service withdrawals and things like that. However, we have issues again, namely one, it suggests that they had over $2 billion of unencumbered assets, that they were corporate assets that they were able to use to acquire these surplus stablecoins because when you hear conversion, what you would expect binance's to do is take the deposited USDC redeem it issued BUSD and have that on hand.

00:26:08:22 - 00:26:37:09
Bennett Tomlin
But instead they have billions of dollars in surplus, which means they had to create billions of dollars of extra BUSD without the benefit of being able to redeem that USDC which suggests Binance has far more liquid unencumbered cash in the banking system than I initially expected. The other problem is that USDC shows up on the proof of reserves again and there are no customer liabilities in USDC, which means all the USDC they have on hand is corporate funds.

00:26:37:09 - 00:27:08:27
Bennett Tomlin
They're showing those corporate funds in the proof of reserves again. And as I looked into this even more, I started all of their corporate funds are likely stored in the Binance wallets. And we know this because if you go back to their own blog posts specifically the one entitled Transparency in Wallets at Binance, you hear them claim that they hold all of its clients crypto assets in segregated accounts, which are identified separately from any accounts used to hold crypto assets belonging to Binance.

00:27:08:27 - 00:27:30:03
Bennett Tomlin
But when you read further down in that same article, you realize they don't mean segregated into a separate account. Like on the blockchain. They mean they have an internal accounting system that keeps track of how much of the amount in these called wallets or whatever is client funds and how much is corporate funds. Which again, brings us back to two issues.

00:27:30:12 - 00:27:57:21
Bennett Tomlin
One, the proof of reserves almost certainly contains Binance corporate funds, which were used as assets and not represented as liabilities, which brings into question the claims of solvency that CC was making after that report was published to the entire ability for that to count as any kind of segregation depends on Binance's ability to maintain accurate internal accounting records.

00:27:57:28 - 00:28:27:22
Bennett Tomlin
And they had dozens of their B tokens, not appropriately managed. They had their flagship Binance Peg BUSD Stablecoin not appropriately managed to the tunes of millions and millions and millions of dollars so their entire claim segregation of client crypto assets depends entirely on Binance having perfect or very, very good internal accounting records. And the former CFO of Binance reportedly was not allowed to even see the Binance books.

00:28:28:07 - 00:28:38:12
Bennett Tomlin
The entire thing is fucking bullshit in which you have to place your entire trust into the demonstrated lack of ability for Binance to maintain accurate records.

00:28:38:15 - 00:29:12:05
Cas Piancey
Hopefully everybody knows where I'm going with this. Where have we seen this before? Right. Where have we seen this before? And if you if your answer is you're right. But if your answer is also almost every fraud ever, you're also right. Like Enron was this WorldCom was the most of the major corporate frauds in the past 50 years have relied on accounting fraud to some degree, or at least like significant mismanagement to the point of paying no attention whatsoever, to the point of criminal negligence.

00:29:12:05 - 00:29:44:25
Cas Piancey
And what you're pointing to suggests that and we've talked about this with tether with other companies like either what what is happening here is that they're purposely obfuscating to hide something that if it comes out they know is very bad for their business, which is terrible. And you hope that's not the case or they're so bad at corporate management and accounting that they just have completely lost track.

00:29:45:10 - 00:30:06:22
Cas Piancey
And that's terrible too, because you really need these people to be in control of what is happening with with these funds. We understand we've seen we've seen what can go wrong when you're not paying enough attention to what is happening with your with your funds in your centralized exchange. He's called Sam Bankman-Fried. And like I just this is terrifying to me.

00:30:07:00 - 00:30:34:13
Cas Piancey
I would be scared. It doesn't mean that anything is essentially unbacked, even though it is unbacked or it's improperly directed funds, it doesn't mean that anything is going to go bankrupt. It doesn't mean that anybody like Binance doesn't have funds to continue operations. It's nothing like that. That is not what the suggestion is. I'm saying the scared part is that they're not paying attention.

00:30:34:26 - 00:30:56:14
Cas Piancey
They are not paying attention and either it's on purpose or by accident. And both are bad. That's all I'm saying. And that. And if these people are the ones in charge of your money and you're moving money on to their platform, this should worry you, that's all. It doesn't mean you have to like that. This is not financial advice, I guess is what I'm trying to say.

00:30:56:21 - 00:30:59:24
Cas Piancey
But like it it just it it's troubling.

00:30:59:24 - 00:31:23:13
Bennett Tomlin
Yes, it absolutely is. And I do want to go back to your point of this. Doesn't mean that the funds weren't there. Right. It gives us reason to question it based on finance's own public statements in this evidence. But that doesn't mean it's untrue. And if we go back to the CFTC case against Tether, one of the things they ended up proving is that Tether was willing to issue tether against anticipated wire transfers.

00:31:23:14 - 00:31:48:12
Bennett Tomlin
There's this tendency among cryptocurrency companies because they're already operating somewhat in the gray to convince themselves the exact order of operations is not that important. It doesn't matter if you issue them before you get the money in your bank account. As long as the money eventually gets to your bank account, it doesn't matter if you have these without the appropriate tokens in the collateral wallet as long as they eventually get there.

00:31:48:12 - 00:32:16:13
Bennett Tomlin
And I think that kind of idea, combined with the fact that Binance has been playing a regulation and jurisdiction hopping game over the last several years where they transfer between these corporate entities. So often I have an intuition that it would be very challenging, even for the current C-level executive leadership at Binance, to really get a solid understanding of the complete financial situation of the Binance Empire.

00:32:16:13 - 00:32:27:10
Bennett Tomlin
There's these suggestions like this USDC like these B tokens, like this Binance pegged USD that suggests there are serious gaps in their record keeping.

00:32:27:14 - 00:32:51:06
Cas Piancey
When you can't get an audit, it's concerning if it's clear that you can't get an actual audit and nobody knows where the money is, which again, like this should sound familiar to people. You should be like reacting like, oh yeah, this sounds like FTX, this sounds like Tether, this sounds like Bitfinex this sounds like it. Yeah, of course it does.

00:32:51:16 - 00:33:14:24
Cas Piancey
Of course it does. That doesn't mean it ends up the same way. It just means even the even the most powerful and largest players in the industry are doing a piss poor job of maintaining any semblance of being a respectable financial entity.

00:33:14:24 - 00:33:24:12
Bennett Tomlin
It's especially striking to me because arguably binance's systemic importance just keeps going up there. What, like 70% of the volume in cryptocurrency at this point?

00:33:24:12 - 00:33:25:17
Cas Piancey
Yeah, something like that.

00:33:25:17 - 00:33:34:01
Bennett Tomlin
A complete asset seizure, a shutdown or an external collapse of Binance. It's devastating. It's Mt. Gox level.

00:33:34:08 - 00:34:05:19
Cas Piancey
I think that's right. I would perceive that the regulators and law enforcement agents would prefer to work with the largest player as opposed to shut down the largest player. So I don't think I don't think, yes, we'll find out. I think it would be more likely I think it would be more likely that there would be such drastic mismanagement at Binance that it could have catastrophic failure on its own.

00:34:05:23 - 00:34:18:00
Cas Piancey
I think that is a real possibility just based on what we've seen recently regarding their books. So I think that is far more likely than regulators and law enforcement agents figuring out a way to shut it down entirely.

00:34:18:00 - 00:34:49:09
Bennett Tomlin
I, I think I agree with you. There was a Department of Justice press conference recently which left a lot of people feeling unfulfilled because they announced that it was going to be the largest cryptocurrency indictment they had done. And it ended up being bits lotto, a hydra darknet market connected Russian Chinese exchange that had been laundering the proceeds from this drug trafficking and probably laundering some money for an oligarch somewhere.

00:34:49:09 - 00:35:01:23
Bennett Tomlin
What's interesting is that since the feds shut down Hydra several months ago, they have seemed to have been working through many of the counterparties for Hydra. And you know which one is the largest one still standing?

00:35:02:25 - 00:35:03:19
Cas Piancey
Is it Binance?

00:35:03:25 - 00:35:37:00
Bennett Tomlin
It is, yeah. So there is a part of me, especially with Reuters reporting again, that they get confirmation that like hundred million went from Bits Lotto to Binance after coming from Hydra. Besides the direct Hydra transfers to Binance, listen, Binance has the former chief of the Department of Justice's AMLO's Money Laundering and Asset Recovery Service in DC. Metaphorically, I don't know if he's physically there trying to negotiate a deal for Binance.

00:35:37:00 - 00:35:50:23
Bennett Tomlin
According to the Reuters reporting, my gut instinct is they're going to get a deal. But there's a part of me that looks at what they did, the bids lotto. And if you end up with Binance being larger than that, how do you publicly justify pursuing one and letting the other go?

00:35:50:27 - 00:36:16:03
Cas Piancey
They seemingly have done done as much with banks and other things before. So I agree. I my only counterpoint would be that that like if we look at how the great financial crisis was handled by regulators and law enforcement, um, you know, I think what was it like when one bank was criminally prosecuted? It wasn't like the like small community bank for.

00:36:16:03 - 00:36:17:18
Bennett Tomlin
Yeah. And even they.

00:36:17:18 - 00:36:18:21
Cas Piancey
Ended up not.

00:36:18:21 - 00:36:24:07
Bennett Tomlin
Getting a sentence or not getting found guilty. And so like, well.

00:36:24:19 - 00:36:27:01
Cas Piancey
Because they really were not the ones to prosecute.

00:36:27:27 - 00:36:45:02
Bennett Tomlin
And so yeah, you're right. Yeah. Money, power, prestige within the, in the industry in the Department of Justice's hesitancy to cause a collapse of an industry makes me favor finance. Getting some of deal, especially when you have the former chief negotiating on your behalf.

00:36:45:02 - 00:37:16:19
Cas Piancey
But anything is possible. I agree with that. Anything is possible. Yeah, I'm not suggesting it's impossible and that I am not suggesting. Also the biggest likelihood is that, you know, realistically binance's is fine and nobody needs to worry. Right? Yeah. That's like I think it's, it's we need to counter all of this with we're not trying to pull a fire alarm when there is clearly just an oven that's overheated or something and you just need to turn the oven off or something.

00:37:16:19 - 00:37:27:08
Cas Piancey
But like, we don't know. We don't know what if it's an oil fire in the oven? We don't know. Like we don't know what's actually going on. So we can't really suggest anything.

00:37:27:12 - 00:37:48:10
Bennett Tomlin
We absolutely do not have, like a strong reason to believe finance is insolvent. What we do know is Binance has serious process gaps that they seem to have transparency issues, even internally to sea level executives. And there are these strange behaviors in ongoing investigations. That's what we know.

00:37:48:10 - 00:38:13:05
Cas Piancey
But yeah, we're kind of off the rails here anyway. This was supposed to be a bridge discussion about Lazarus Group, and I think we've we've covered that. If anything else occurs with this, this is a story I'd like us just to circle back to at some point, because I think North Korea is just fascinating and them trying to get their hands so desperately on anything even cash adjacent is a I don't know.

00:38:13:05 - 00:38:31:07
Cas Piancey
It's a fascinating story to me. So we'll continue to cover this, obviously. And let's, uh, let's give a shout out to the Lazarus Group for funding crypto Critics Corner. Thank you guys. Hit that lake and subscribe button for all our Jesus. I really don't want that. Okay. Or some shit to come joking.

00:38:31:09 - 00:38:32:11
Bennett Tomlin
You just get some.

00:38:32:11 - 00:38:36:05
Cas Piancey
Really fucking joking FBI like Christ Almighty.

00:38:38:03 - 00:38:39:01
Bennett Tomlin
And when you.

00:38:39:01 - 00:38:41:02
Cas Piancey
Never know what you know and what the fuck.

00:38:41:04 - 00:38:41:19
Bennett Tomlin
Griffith.

00:38:42:14 - 00:39:11:28
Cas Piancey
I'm going to backtrack here, huh? Let's figure out a different way to end this episode. Actually, big news out of crypto critic's corner. We have, uh, we've created our own bridge on the CasCoin Blockchain. It is, it allows you to bridge likes, subscribes and reviews and ratings and all of that stuff. But you have obviously you have to buy Cascoin to use the bridge.

00:39:12:22 - 00:39:36:14
Cas Piancey
So if you could go ahead by more Cascoin, it's obviously not available on any currency. Cryptocurrency exchanges is available on my personal dex the CasCoindesk's. So go ahead by some Cascoin uh wire us that money to my personal bank account and, uh, see you guys soon.

2 responses to “Episode 107 – Harmony Horizon Exploit, Lazarus Group, and Cryptocurrency Bridges”

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: