Unchained - The Ugly Tradeoffs of Ledger’s New Recovery Service - Ep. 494
Episode Date: May 19, 2023Ledger, the crypto industry’s leading hardware wallet manufacturer, rolled out a new recovery feature this month that caused an uproar. The recovery service has dangerous implications for crypto sel...f-custody, says Foundation Devices Head of Content “Seth For Privacy.” He joins the show to discuss the downsides of closed-source code and the security risks that come with compromising for mainstream adoption. Listen to the episode on Apple Podcasts, Spotify, Overcast, Podcast Addict, Pocket Casts, Stitcher, Castbox, Google Podcasts, TuneIn, Amazon Music, or on your favorite podcast platform. Show highlights: how Ledger Recover works and why it caused an outrage in the crypto community why the fact that Ledger’s code is not open-source could be considered a problem what the concerns are about handing over additional data to Ledger how darknet markets have always existed for fake ID verifications and how it relates to Ledger’s new feature some of Ledger’s previous security lapses why introducing a trusted third party undermines one of Bitcoin’s most central tenets whether Ledger’s move is a “net good for society,” and whether people actually want a service like this in a hardware wallet whether something will go wrong with Ledger in the future Thank you to our sponsors! Crypto.com Railgun DAO Stader Labs Guest Seth for Privacy, blogger and head of content at Foundation Devices Blog Foundation Devices Twitter thread on the logistics and risks of the Ledger recovery process Links Ledger CTO Twitter thread on Ledger Recover CoinDesk: Ledger Bats Back Criticism of New Wallet Recovery Service, CoinDesk Unchained: ‘Backdoor’ for Seed Phrases? Ledger’s New Recovery Feature Spooks Users Ledger Recover webpage Haseeb Qureshi’s thread on the Ledger controversy Past Ledger security issues CoinDesk: Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft Cointelegraph: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone. Welcome to Unchained, your no-hype resource for all things Crypto.
I'm your host, Laura Shin, author of The Cryptopians. I started covering crypto eight years ago,
and as a senior editor at Forbes, was the first Mainstream Meterporter to cover cryptocurrency full-time.
This is the May 19th, 2023 episode of Unchained.
Stater Labs is a multi-chain liquid staking platform with 40K-plus D-Fi partnerships across six chains.
Soon they'll be coming to Ethereum with their LST-Eith X.
Visit statorlabs.com slash eth to sign up for their ETHX alpha list.
Ever wanted to use DFI without being tracked?
Railgun is a leading defy privacy solution on Ethereum, BSC, Arbitrum, and Polygon.
Shield your funds and use them privately in your favorite defy apps,
while Railgun's cutting-edge zero-knowledge system encrypts your data from public view.
Yes, that includes dextrating.
Visitrail.org or use the Railway app at Railway.xy.
With the crypto.com app, you can buy, trade, and spend crypto in one place.
Download and get $25 with the code, Laura.
Link in the description.
Today's guest is Seth for Privacy, blogger and head of content at Foundation Devices.
Welcome, Seth for Privacy.
Hey, Laura.
Thank you so much for having me on.
I was really excited when I got the invite to chat with you.
First time we've really gotten to cross paths and chat through all the craziness of this week.
So really looking forward to it.
Yeah.
And nice to connect with you while you're at Bitcoin, Miami.
I imagine it'll be an interesting conference as usual.
And part of the reason might be because this week,
Ledger caused quite a ruckus when it announced its new service,
although actually I guess they announced it two weeks ago.
But for some reason, it really made the rounds and caused a lot of consternation on
crypto Twitter.
And the new service is called Ledger Recovery.
But before we dive into all the details around the controversy, let's just explain what it is that ledger recover does, how it works, and how this is different from Ledger's previous offerings.
Yeah. So I think we need to also clarify something upfront in that when we talk about how Ledger recover works, we are trusting Ledger 100% that it works the way that they say it works.
And that comes down to it being closed source in both the server side and the Ledger side part.
of things. So it's tricky to say for sure exactly how it works. But the way that it's described
is essentially it's a service that you can pay to know as a month for to help you to be able to
recover funds if you lose your ledger device. That all sounds good and fine. That's not necessarily
a terrible concept. But the specifics of it are that you give over your ID, so a passport,
driver's license, something like that. You do a special selfie recording with you holding up
that ID that you're going to use for the service.
you give that over to ledger via a third party called OnFito.
And once you do that, you create an account with Ledger Recovery.
Essentially what happens is that on your ledger device, you'll be prompted through their
ledger live application.
You'll be prompted to allow ledger recover to, again, theoretically, it's closed source,
so I don't exactly, but you'll allow your ledger to encrypt the seed that's on your
ledger itself into three separate encrypted shards.
And then your ledger will send these three shards over USB or Bluetooth to your computer or smartphone.
I think both will be options.
And then the app that Ledger produces will send those shards to three different custodians.
One is Ledger themselves.
One is a company called CoinCover Global.
And then the third one was originally named as EscrowTech, which is a U.S.-based company,
but they have since removed any mentions of them from their website.
So I'm not sure if that custodian is changing at this point.
But essentially, you'll give those shards to the three custodians.
And then if you lose your ledger device, you'll get a new one.
You will sign into ledger recover.
You'll do ID verification.
And then ledger will somehow send those shards back to your device from at least two of the custodians.
You need two of three.
And then on your ledger device, those shards will be encrypted.
Your seed phrase will be restored and your funds will back where they are.
So that's the basics of how it's supposed to work.
And so what was it that the crypto community was objecting to when it came to this new offering?
I think the two biggest things are that the general understanding of how hardware wallets work
is that you have a hardware device that has some sort of security focus, whether that's in the actual security model that's taken, like being an air gap device, or if that's in the hardware itself, like using a secure element like Ledger does, that that theoretically prevents people from being able to extract private keys or use.
malware to steal your funds when you connect to a computer. And the idea that most people have
is that hardware wallets have no way to send that seed phrase off the device so that you can never
upload your funds somewhere else on accident. You can never make them hot on accident. None of that
can happen. And while in theory that is how things have worked, there's always been the possibility
that you could install malicious firmware or something that could send the seed phrase off the device,
especially if it's not an air gap device, like ledger devices aren't air gap.
you plug it in via USB or use Bluetooth.
So it's always been theoretically possible
with some sort of malicious firmware.
But most people's understanding was,
if you're running official ledger firmware,
that seed where all your funds are stored,
never leaves the device.
Now, with Ledger Recovery,
we've learned that in the firmware
that you can install on Ledger,
at least theoretically, it's only in the most recent
firmware they've released.
You can press a few buttons,
confirm and Ledger Live,
and send your seed phrase off the device,
which is, I think, a right,
terrifying prospect for many people because they generally do not want the ability to do that,
much less for it to be a baked-in functionality. The second main complaint really revolves around
the transparency of the whole process. Because Ledger themselves write closed-source code,
Ledger, the operating system that runs on your device, and the way that this actual recovery
process functions is 100% closed-source. And so what that means is no one outside of Ledger has
any visibility into how it works. No security researchers can just spend some free time to dig into it.
No one can try to ascertain how exactly this functions, what encryption is used, if it has protections
against sending to anyone but the three custodians, that sort of thing. As opposed to being something
that is free and open source in nature, where anyone can quickly look at the code. Obviously,
experts, you or I maybe aren't going to be diving into the code and finding security vulnerabilities,
but experts in the field could look at that code,
could figure out exactly how it works,
could verify the claims that Ledger makes.
But instead, they have all of this code,
closed source. No one else can see it.
So we were already trusting Ledger with this.
This isn't new.
Ledger has always been a company
that usually releases closed source software for their tools.
And so there's always been trust
that Ledger wouldn't push firmware
that could do malicious things
or that could expulterate your private keys
off the device or something like that.
And I think part of that trust has been broken
and now that the farmer explicitly has a function to do that,
even though in theory it may be secure and may be useful in a recovery sense.
So since it was always possible that they were either doing something malicious
or there was some flaw that maybe people didn't know about because it was closed source.
So people are only objecting now to the fact that it is closed source.
What because this new offering does enable you to send your private key elsewhere?
Is that what you're saying?
Yeah, I think so.
I mean, this risk has always been there.
And many of us who are strong advocates of the free and open source software movement,
free and open source hardware as well, have been, I think, kind of ringing this bell for a long time.
And that if you trust your cryptocurrency keys to a device that is closed source, to software that's closed source,
you are 100% trusting that entity to not do something malicious.
You're also trusting that no one else finds a vulnerability that isn't visible because there's no open source code that others.
are looking at and does some sort of malicious attack against it that's unknown in the wild.
This has always been possible, but I think in reality, for most people, it doesn't connect
until they see a real-world way that this type of approach can be problematic.
And so I think this has kind of brought closed source into reality for many people in an
understanding that's, okay, Ledger can do this, they actually have done this, and I should be
concerned now about using something that's closed source and not verifiable.
And so is the worry that, like, for instance, if you opt not to sign up for that service,
that somebody could get a hold of your physical device and then send your private keys,
but then you'd have to sign up for the service. So, so like what is the fear about having your keys?
And frankly, if they're split up, you know, amongst three entities, like, what is the concern about that?
Yeah, I think there's a few major fears. I think if you're someone who signs up for the service,
The biggest issues are privacy and data security
and that you're giving over all of your identifying information, selfies, audio, video,
and a lot of device information as well when you sign up for this service.
And you're directly linking that to the fact that you own cryptocurrency
and that you own enough to want a hardware wallet.
So not only have you probably given over a shipping address to ledger when you bought the device,
but now you're giving over all of your ID information as well.
So there's a large risk of them either eventually being malicious or just long.
enforcement or governments that are malicious or tyrannical going to them and forcing them to give
over information on on who has cryptocurrency seizing funds, something like that. Another main concern
is that if you don't opt into this service, it now is more easy. It's simpler for a malicious
attacker to trick you or to trick a loved one, family member, spouse, whatever, into approving
this service in a malicious way. So hopefully the service has been engineered in a way so that on the device,
only send these shards to these three legitimate custodians. But it's also possible that there's
vulnerability where someone could send you a prompt with a, for instance, a malicious version of
Ledger Live. They could send you a prompt to enable Ledger recover. Maybe your spouse says, yeah,
I'd love to make sure that I don't lose these funds when you're off on a work trip or something.
And she goes through and she signs up for this service, but it's actually a malicious entity
with a malicious version of Ledger Live and you're sending all of these shards to them in an
an unencrypted state. It's not something we can verify again. So that would be definitely
worst case, if that's possible. Outside of that, I mean, I think for those people who don't sign up
for the service, it doesn't necessarily pose a risk. It just opens up that possibility that there's
something going on that you don't approve of. And there's now code running on your device that's
explicitly designed to send the private keys off, although theoretically, in an encrypted fashion.
Okay. So in a moment, we're going to talk about some of the other concerns about ledger recover.
but first a quick word from the sponsors who make this show possible.
The scorebed app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes. I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
Or?
The score bet.
Trusted sports content, seamless sports betting.
Download today.
19 plus, Ontario only.
If you have questions or concerns about your gambling or the gambling,
of someone close to you, please go to conicsonterio.ca.
Ever wanted to use Defi without being tracked?
Railgun is the leading defy privacy solution on Ethereum.
It's available on BSC, Arbitrum, and Polygon 2.
Shield your funds and use them privately in your favorite defy apps,
while Railgun's cutting-edge, zero-knowledge system,
encrypts your data from public view,
all without leaving your preferred chain.
Yes, that includes Dex Trading.
Coming soon are integrations with,
leading yield, lending, and perp trading platforms on multiple chains.
Defy and privacy, together at last.
Visit railgun.org or use the railway app at railway.xyZ to find out more.
Meet Stater Labs, the non-custodial multi-chain liquid staking platform transforming the
liquid staking landscape.
With over $120 million in asset staked and more than 40K users across six chains,
Stater has partnered with 40 plus top DeFi protocols like ABE, Balancer, and Seeky,
with a unique multi-pull architecture and tokenomics,
ETHX, their liquid staking token on Ethereum,
empowers stakers everywhere to run a node with as little as four ETH
and earn 35% more than solo staking.
Sign up for their ETHX alpha list today and be the first to know about $1 million
in D5 rewards.
Back to my conversation with Seth.
So one other issue is, of course,
when you give the personally identifying information,
such as a government issue ID,
to these different entities.
We live in a world where there's a lot of people
who can use fake material to pretend that they are you.
So I saw some tweets about that.
So what are the fears around the proliferation of fake IDs
and how that could interact with this service?
I understand the reasoning for blocking recovery behind identification
because it is one of the harder things to fake.
It's certainly harder than just like username
and password. From what it seems, there will be a username and password and ID verification.
But username and password are very easily brute force. Most people use very simple passwords,
socially engineered. There's a lot of very easy ways to get access to someone's account
from just username and password. So the identification angle makes sense from adding complexity,
but the downsides are twofold. And that one, like we talked about a little bit earlier,
now you're trusting a third party and all of their authorized third parties, which is the language
that they use in their privacy policy
to retain that information securely.
So if on Fido was ever hacked,
the ID information for every person
who uses Ledger recover could now be
available for purchase.
And ID verification,
either fake ID verification
or legitimate ID verification
with stolen credentials,
has long been a service
that's very easy to purchase
on dark net markets and other places.
So it's not like this kind of thing doesn't exist.
This does exist now and constantly happens.
A lot of centralizing,
exchange accounts are actually opened using malicious fake identity verification or identity that's
been stolen from someone and used to sign up for an account so that they can do whatever they want
to do at that point. So the fear now is that all of your funds are not secured by the hardware
wallet that you have in your drawer or on your office desk, but in fact, anyone who has the
ability to pass identity verification as you, which is not impossible for sure, could now recover
all of your funds themselves without needing access to your physical device, which is a huge
shift in the security model from what people usually are used to with a hardware wallet,
which is a big deal. I think that's sparking a lot of the controversy around it.
And I feel like some of this criticism in a way also came up because of Ledger's own track record
on security. It was certainly something that I saw cited in some of the tweets on this. So describe
what the issues were there. Yeah. So a few years of
ago, I can't remember exactly what year it was. I think it was 2018. Ledger had a massive data breach
where information on people who had purchased ledgers was stolen. And that information included
full personal names, full shipping addresses, information on the credit card they used, things like that.
So we already have a track record of Ledger having problems securing data. And that's not even
necessarily as a slam against Ledger. This is the hardest problem to solve for large corporations
today. Cybersecurity is extremely complex, very hard to implement, and the larger company gets,
the hard rate gets. But they have a track record of having problems with that. Now we're trusting
ledger themselves as a custodian in the ledger recover service. So if you use this service,
they hold one of the encrypted shards. You're also trusting them to not ship malicious software,
whether intentionally, which I think is very unlikely, because obviously they have financial
incentives to keep their customers happy and ship software that works and that's what it's supposed to.
but it's possible that someone could hack in and release malicious binaries,
malicious installation packages that you can use to install ledger live or firmware or something under their accounts.
That's another possibility of how that could happen.
But the third main concern, I think, is that while they don't have the ID information themselves, it appears.
It's a bit unclear exactly how the relationship between ledger and unfito works,
but they likely don't have the identity information themselves.
They do have all the information on who uses the service,
what ledger devices they have,
their IP address, which is likely their home IP address,
full name, that kind of thing,
to go along with the fact that they use a ledger,
that they own cryptocurrency,
and now that they use the ledger recovery service or not.
So it continues to open up more potential attack vectors
for people to try and steal your funds from your ledger,
and it trusts yet another entity.
And the unfortunate thing with privacy policies and the privacy practices of companies like Ledger and other large companies is that it's very unclear who exactly has access to this data.
Ledger uses the term authorized third parties in their own blog post.
So it's unclear who exactly will get access to the information about your identity, about your usage of Ledger recover.
And OnFito does the same thing where they have a long, long, long list of information they collect about you, not just your identity information.
and then they also have authorized third parties.
We have no idea who that data is being shared with.
Who could sell that?
Who could steal that?
Who could get hacked and have that data leaked?
And then if your identity information
and the fact that use ledger recover is leaked,
all of your funds could be stolen at that point,
which is a huge deal when your ledger device
could be sitting safe at home in a drawer untouched,
you didn't install malware,
you didn't do anything wrong,
and yet your funds could be stolen.
And that certainly is worst-case scenario,
but it's a possibility that it gets opened up
with this type of approach.
So one counterfactual thread that I saw was by Haseeb Qureshya of Dragonfly.
And he talked about how initially he also agreed that this was a bad offering for them to introduce.
But then he realized it was based on certain misperceptions around how Ledger worked.
He was saying that he thought initially that it would just hold your keys and the keys would never leave.
Now when he realized, oh, your device can be upgraded, that that would introduce the possibility.
for potentially like bad, bad things to happen, like, you know, some new thing that takes
your private key. But then he realized that actually this isn't how ledgers have worked all along,
that they've always been upgradable because they're always adding new blockchains and things
like that. And so he actually concluded that this was totally fine. Like you've always trusted
ledger and, you know, you only have to trust them at that one point in time. You never have to do the
upgrade, you know, if for whatever reason you're not comfortable upgrading the software.
you could always just get a new, like toss out your old device and get a new device with the new software.
So what does your take on his thread there?
Yeah, I mean, the core of his argument is sound.
I mean, as we mentioned a bit today, all of this has been possible.
It's closed source.
You've been trusting Ledger when you install firmware updates that they're not including code that does this or something else malicious.
For all we know, the code to actually handle Ledger recover has been in there for a long time.
and has just been activated with this latest release.
There's no way that we can verify
whether or not this type of thing
has been possible before or on your device.
The main pushback I would have against his argument
is that it's not just fine that this is possible.
If you understand the risks
and if you understand the tradeoffs
of trusting a third party explicitly
with the security of your funds
and trusting them explicitly to do the right thing forever
and trusting them explicitly to not have any sort of malicious firmware pushed or anything like that,
then yes, I mean, life just goes on for you.
The whole point of these things being built, the whole point of Bitcoin,
the whole point of these cryptocurrencies is that we can remove trusted third parties,
that we can remove custodians, we can remove people who have control over our money.
And so when we introduce someone like Ledger as a trusted third party
and that they could do anything with your private key,
you have no visibility into that.
any firmware update could do literally anything.
It introduces back a lot of the problems that we're trying to escape from here.
So while he's right that this could always have been done,
I think that should frighten people even more than put them at ease
because it means that they have always put explicit trust in Ledger
that maybe they didn't understand.
And I think one of the big positive points of this whole situation
is that it really is kind of shaking people awake to the risks of closed source software and hardware
because it is an explicit trust that you're having to place in them,
rather having the ability to verify it,
rather than having the ability for third parties to go in and check what's happening.
So while it is technically true, it could have always been done,
that doesn't mean it's a good thing.
That just means nothing has changed explicitly here,
except that now we know that there is code running on the device
that can do things that many people don't want their hardware wallet to be able to do.
So the ledger CTO, Pascal Gatier,
disputed that this is not what people want.
and he said, I think this might have been on a Twitter spaces that they held,
he said, you're saying this is not what customers want.
Actually, this is what future customers want.
I was curious for your response to that.
I probably agree with him.
If you are purely seeking profit over principles,
I think this move makes sense.
Most of the people who don't actually see the need to remove trusted third parties,
who don't really care about the broader ethos that is behind a lot of the cryptocurrency,
movement and the free and open source movement, would be happy to have a service that
make sure that they can't lose their funds, whether that implies complete trust in a third party
or not.
There's not a concern for many people because they don't understand the risks that are inherent
until something goes wrong.
So I'm sure that there is plenty of money to be made providing a service like this.
Whether or not it's a net good for society, I think, is a harder thing and more of a philosophical
debate on whether or not helping people to custody Bitcoin with trusted third parties in
closed source code is actually a step forward or backwards from the systems that we have right now.
But I'm sure that there is a large percentage of profit that they can gain by implementing a
service like this, whether or not it's good, well done, open source, anything like that.
So I don't disagree that there are definitely people out there who want a service like this.
It's just sad to me that the way that this is being implemented by the largest company in this space
is, in my opinion, very dangerous,
especially with the aspect of the KYC,
the know-your-c-usumer ID information
that's a part of using the service in any way.
Not to mention, I think a lot of the people
who have been kind of hyping up this thing
and this need for easier custody solutions
are usually talking about, like, the Global South
and a lot of the world
that doesn't have access to these types of tools,
that doesn't have the easy self-custody tools
and that we need to improve things there.
But this actually restricts many of those
people from being able to use a service like this.
If you have to give over ID, that's not an option in much of the global South.
Whether they have an ID or not, whether they have the ability to upload it,
there are a lot of restrictions there.
So it further restricts who can gain self-custody in this manner,
if you can't even really call this self-custody.
It brings so many potential flaws and dangers that we will see something bad happen
around Ledger recover.
I think it's only a matter of time until something goes wrong.
And more people will wake up to the risks here when that does happen.
But one thing that I'm thankful for is a platform like this, my tweet thread, the ability to help people to see the issues now and make a decision.
If they're fine with the tradeoffs here and they have no problem with it, at least they knew going in what the tradeoffs and issues were with it.
But hopefully it'll also help people to see that there are some major, major risks and issues here.
And hopefully people will opt not to do a service like this.
But obviously, there's always freedom of choice.
And I'm not against, I'm not for forcing people to do one thing or another.
I just want to make sure that people have the truth going into decisions like this.
Yeah, I think one thing that's clear is so far there's no one perfect way to store or secure your coins.
It feels like every option has some tradeoffs.
And I do agree that there are certain aspects of this service that probably go against the ethos of kind of the more cypherpunk sectors of the crypto community,
which is why I think it did cause the uproar that it did.
Well, anyway, it has been very fascinating unpacking this whole incident with you.
Thank you so much for coming on Unchained.
Yeah, awesome.
Thank you so much, Laura.
It was a great chance to get to chat through this.
And I'm glad we were able to finally chat and meet a little bit.
So thank you for having me on.
Excited to see this shared out.
Don't forget.
Next up is the weekly news recap.
Stick around for this week in crypto after this short break.
Join over 80 million people using crypto.com.
One of the easiest places to buy, trade, and spend.
over 250 cryptocurrencies.
Spend your crypto anywhere using the crypto.com visa card.
Get up to 5% cash back instantly,
plus 100% rebates for your Netflix and Spotify subscriptions,
and zero annual fees.
Download the crypto.com app now and get $25 with the code Laura.
Link in the description.
Thanks for tuning in to this week's news recap.
SBF faces legal backlash over alleged fraudulent acquisition.
This week saw the beleaguered crypto empire FtX suing its ex-CEO, Sam Bankman-Fried,
co-founder Gary Wang, and former senior executive Nasad Singh over claims of fraudulent activity.
The lawsuit alleges that these key figures were aware of the insolvency of Alameda Research,
Bankman Freed's trading shop, when they acquired the stock clearing platform embed for $250 million.
FTC's current leadership claims that the funds used in this deal were illicitly drawn from FTCS
customers. Additional suits have been launched against Mbed's founder and former CEO Michael Giles
and the early investors who sold their stakes, such as Propel Venture Partners. Notably, the case
argues that FTX's bankruptcy representatives were swindled into a, quote, terrible deal due to the
overvaluation of Mbed, which they say is now virtually worthless. Subsequent attempts to sell MED
reportedly received bids far below the acquisition price. The highest bid was from Giles himself for a
near $1 million.
In related news, Alameda Research and West Realm Shire's two FTX units are suing to recover
$6.9 million from embed financial shareholders, alleging misappropriation of funds before
FTC's bankruptcy.
Jump trading profited nearly $1 billion from U.S.T.
Fresh SEC filings point towards jump trading as the unnamed firm that allegedly bolster
TerraUSD or UST amid its 2020.
amid its 2021 depugging from the U.S. dollar.
This connection emerged from the SEC's lawsuit against Terraform Labs and its co-founder, Doe Kwan,
which accuses them of investor fraud and misrepresentation regarding U.S.T.
Jump trading, a major player in crypto trading, has not been directly accused of any wrongdoing
in relation to Terra Luna's $60 billion collapse a year ago.
However, the SEC filing suggests that the firm profited nearly $1 billion from its arrangement
with Terraform Labs.
As part of the deal, Jump was provided the option to purchase Luna tokens at a 99% discount
in exchange for making trades to improve UST's liquidity, a claim reinforced by a class action complaint filed by lead plaintiff, Tayu Kim.
In a related development, Kwan was granted release from custody in Montenegro.
Kwan, along with the company's former CFO, Han Chong-June, posted a bail set at $400,000 or $436,000, as stated by the Podgorizza.
Basic Court. As part of their bail conditions, both will be under house arrest within the capital.
During their hearing, they refuted accusations that their passports from Belgium and Croatia
were fake. The duo also vowed to adhere to the terms of their bail, including responding to
court summons. Tether moves to strengthen reserves with Bitcoin investments. Tether, the issuer of
the dominant stable coin, USDT, announced this week that it will allocate 15% of its net profits to buy
Bitcoin, and a move aimed to diversify and strengthen its reserves. Based on the company's last
attestation report, this investment could total about $222 million worth of Bitcoin, adding to the $1.5 billion
Bitcoin stash already in its reserves. Tether CTO, Paolo Ardoino, said the move is rooted in what he
called Bitcoin's proven resilience, growth potential, and its standing as a favored choice
amongst institutional and retail investors. Despite past controversy surrounding the company's reserve
management, USDT remains the largest stable coin with a circulating supply of more than $82 billion.
SEC stands firm. No rush on crypto regulation clarification. In the ongoing legal tessel between
Coinbase and the U.S. Securities and Exchange Commission, or SEC, the agency requested that the
court reject the crypto exchanges plead to expedite rulemaking on cryptocurrencies. Citing no
legal obligation on a timeline for its response, that SEC emphasized the complexities involved in
defining cryptocurrency regulations. The request follows Coinbase's April legal demand for a
prompt response to its rulemaking petition on how securities laws apply to cryptocurrencies.
Coinbase's chief legal officer, Paul Graywall, expressed concern over the SEC's stance,
signaling that the regulatory ambiguity might persist. He warned of continued enforcement actions
in place of clear rulemaking. Austin Campbell, a professor at Columbia Business School,
echoed the concerns on Twitter. Quote, I am starting to
worry about the future of the U.S. financial system. If blockchain continues to dominate
mind share and use cases continue to proliferate, the U.S. will be playing from far behind
the pack and having destroyed a lot of trust with companies, many of whom may not come back,
even if things change. Ripple scores legal win as judge denies SEC motion to seal Hinman's
speech documents. In another one of its legal standoffs, the SEC faced a setback this
week when a court denied its motion to seal documents linked to a 2018 speech by form of the
former division of corporation finance director Bill Hinman, in which he stated that he did not view
Bitcoin and Ether as securities. The SEC previously argued that the documents, which Ripple sought
in discovery, were irrelevant to the case and could jeopardize the, quote, openness and candor
within the SEC. However, Judge Annalisa Torres of the Southern District of New York held that
these were, quote, judicial documents subject to a strong presumption of public access. Torres
granted some redactions requested by both parties, primarily for personal and financial information.
Ripple CEO Brad Garlinghouse hailed the ruling as, quote, another win for transparency,
anticipating the soon-to-be public Hinman emails. Meanwhile, the SEC may continue to challenge
the admissibility of the documents as the trial progresses.
SEC says Filecoin is a security. This week, Grayskill received a notice challenging the
asset manager over its Filecoin trust product. According to the SEC, Filecoin,
a token used in a blockchain-based decentralized storage network,
quote, meets the definition of a security.
Grayscale, disagreeing with this stance, said it, quote,
intends to respond promptly to the SEC staff
with an explanation of the legal basis for Grayscale's position.
While Gray's scale contests the SEC's assertion,
the follow of this regulatory tussle remains uncertain
and could result in registering the Filecoin Trust
under the Investment Company Act of 1940 or even seeking its dissolution.
Was Satoshi's stance on NFTs revealed?
A controversy erupted this week after the resurfacing of old Bitcoin talk posts
that suggested Bitcoin's mysterious founder, Satoshi Nakamoto, may have been pro-NFTs.
Udi Wertheimer, associated with Bitcoin Ordinals Project Taproot Wizards,
ignited the speculation by alleging that the first Bitcoin transaction ever was not for pizza,
but for a JPEG image back in January of 2010.
Worthheimer discovered a foreign post in which a user named Sincorkewarm,
Sabineer announced plans to sell a JPEG for 500 BTC, four months before the infamous 10,000
BTC pizza purchase. Satoshi himself appeared to provide advice on how to execute the transaction.
However, critic Mike McDonald countered that the 500 BTC received by Sabineer were donations,
not payment for the JPEG. Regardless, Satoshi's involvement in the transaction led some to
believe that he would have supported the concept of NFTs. As McDonald noted, quote, the most
notable thing of all is that Satoshi treated this all like it was the most normal thing in the world.
He'd have absolutely been pro-ordinals.
If you want to learn everything about the BRC 20 mania, don't miss Tuesday's episode of Unchained
with Dan Held and Trevor Owens or tomorrow's episode of the chopping block.
Meanwhile, Dogecoin's daily transaction volume hit an all-time high, briefly surpassing
that of Bitcoin and Lightcoin after the introduction of DRC20s.
Celsius navigates Lido withdrawals amid asset auction turmoil.
Bankrupt crypto lender Celsius reportedly transferred its 428,000 staked ETH or Steeth, valued at around $780 million, to another wallet just before Lido, the leading Ethereum liquid staking protocol, activated withdrawals.
Amid some conjectures, Simon Dixon, CEO of investment firm Bank to the Future, commented, quote, Celsius is likely lining up for staking directly without Lido in the middle.
According to on-chain data, Celsius accounts for 96.8% of Steeth withdrawal requests on Lido.
This has sparked concerns about prolonged unstaking times, though Lido reassured that a buffer of 440,000
ETH is expected to accommodate large withdrawals.
As Celsius navigates its complicated scenario, a consortium known as Fahrenheit, including
venture capital firm Arrington Capital, and minor U.S. Bitcoin Corp, has emerged as the lead bidder
for the lender's $2 billion worth of assets in its bankruptcy auction.
Michael Arrington, founder of the Aponymous VC firm,
explained the bid structure, saying, quote,
we are proposing that the assets be placed into a new company
and run with the sole goal of growing these assets to make stakeholders whole.
BlockFi moves forward with liquidation proceedings.
In an escalation of its bankruptcy proceedings,
BlockFi has emphasized its commercial claims against FTX and Alameda as pivotal,
with potential recoveries to creditors
exceeding $1 billion.
The success of the litigation will heavily influence the return of funds to clients.
Additionally, BlockFi is set on liquidating its lending platform.
Its lawyers stated, quote, given recent regulatory developments, among other things,
there may be a lack of meaningful value to be generated from a sale.
On the flip side, the bankrupt lender stated that, according to its estimates,
nearly $300 million is due to be returned to BlockFi custodial wallet users.
Additionally, the company confirmed that a hearing on the market,
the liquidation plan is scheduled for June 20th, though the final course of action will depend upon
approval from the bankruptcy court. Voyager Digital receives approval to start payouts. Bankrupt crypto
lending firm Voyager Digital is commencing its liquidation process with customers poised to recover
around 35% or $1.33 billion of their cryptocurrency deposits. The payout process is expected to commence
as early as June 1st, with a recovery rate hinching on the results of future litigation. The firm's
liquidation plan comes after a failed buyout attempt by Binance U.S. and two unsuccessful sale attempts,
including one by now bankrupt FTX. Voyager aims to repay customers with the same type of cryptocurrency
that they had in their accounts, or with the stablecoin USDC, for unsupported tokens and the
proprietary VGX token. Crypto legislation is passed in Europe. The Council of the European Union,
representing 27 member states, unanimously approved the much-awaited markets in
crypto assets regulation, or MECA. It requires wallet providers, exchanges, and other types of
crypto institutions to get licensed to operate across the block and sets reserve standards for
stablecoin issuers. Meanwhile, France has extended a welcome to crypto firms seeking refuge from
U.S. regulatory uncertainty. The country already has 74 registered crypto companies, a number that
could increase dramatically with the new Mika laws. Quote, we are proud to be pioneers, expressed
Benoit de Juveni, a French authority.
The EU's regulatory clarity is also driving a surge in venture capital funding for EU-based
crypto startups.
As pointed out by Patrick Hansen, EU policy director at USDCOin, regulatory clarity is attracting
capital and entrepreneurs globally, with VC investment in European crypto projects skyrocketing
to nearly 10 times within the year.
Time for fun bits.
Jenny from Unchained has thoughts about how Sam Altman of OpenAI is returning to
crypto and WorldCoin.
Well, Open AI founder Sam Altman is now turning his attention towards crypto, which I guess makes
sense because AI can kind of manage itself now. Like how you get back into gardening after your kids go to
college. He's close to raising $100 million, which he clarified is in Fiat for WorldCoin's new
minimalist wallet. Worldcoin isn't new. It got big last year with a crypto version of a universal
basic income, like a crypto token to be distributed equally to everyone in the world. I think this sounds
totally easy. We just need to choose one of the coins whose value is zero. And there are a lot to choose from.
There were a lot of issues with WorldCoin's initial rollout last year, but now it's back with a wallet that includes a global identification system.
Basically, it scans your irises to prove that you're a human, and I cannot wait to make all of my exes try it.
WorldCoin's first round of funding included investments from SBF, but I doubt he'll be part of this round.
Unless in lieu of cash, they accept D&D hit points.
I don't know what's going to happen with WorldCoy, but I do think it's smart for Sam Altman to have his hands in both AI and crypto.
True diversification.
The hottest sector in tech right now and crypto.
Thanks so much for joining us today.
To learn more about Seth and the implications of led to recover, check out the show notes for this episode.
Unchained is produced by me, Laura Shin, with help from Kevin Fuchs, Matt Pilchard, Zach Seward, Juan Aranovich, Sam Shreiberin, Jenny Hogan, Jeff Benson, Leandro Camino, Pamajumdar, Shoshank, and Margaret Coria.
Thanks for listening.