FreeCryptoCurrency.Me

NFT project Azuki’s floor price has crumbled since its Elementals NFT sale, with holders down around $21,500 per NFT.

The floor price of the main Azuki NFT collection — the lowest available price in the collection — has fallen from 17 ether ($33,300) to 6 ether ($11,800), according to OpenSea data. 

The Elementals collection, which was only sold to Azuki NFT holders because they scooped them all up before the public sale, is faring badly too. These NFTs were sold with a starting price of 2 ether, which would drop over time during the dutch auction. Yet following the sale they opened with a floor price of just 1.6 ether ($3,100) — which has now fallen to 0.84 ether ($1,600).

As a result, NFT holders are down around 11 ether ($21,600) for each of their main NFTs and 1.15 ether ($2,250) for each NFT they bought in the recent sale. Unsurprisingly, the community has been quite frustrated.

“The whales and OG made their disappointment very clear to the team, just not going public to vent their frustration. Lots of these convo happen in private DM,” said DeFiance Capital founder Arthur Cheong on Twitter. “Lots of whales made it clear that this is the last chance they have to make it right.”

Cheong, who repped an Azuki as his Twitter profile picture for a long time, is now selling his collection of four rare NFTs. He had spent 127 ether ($250,000) on the collection.

Following the Elementals sale, there was a big increase in sales. There were 1,335 NFT transactions on June 27 alone, resulting in 14,800 ether ($29 million) of trading volume, according to Nansen.

$34 million in royalties

While the Azuki project raked in $37.5 million from the Elementals sale, it has also continued to rake in royalties on sales of the collection on secondary NFT marketplaces. The project has brought in 17,340 ether ($34 million) in all-time royalties, according to Nansen.

While these royalties were largely from OpenSea, they now come in primarily through Blur. That said, the effective royalty rate dropped toward the end of 2022 and royalties have considerably decreased in volume.

Azuki, however, isn’t laughing all the way to the bank. The project has acknowledged that it missed the mark on the Elementals sale and said that it wants to make things right.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The lack of a spot ETF leads to the growth of over-the-counter products like the Grayscale Bitcoin Trust, which are more expensive, illiquid and inefficient, the report said.

The Monetary Authority of Singapore (MAS) announced new requirements for crypto firms to keep their customers’ funds in a statutory trust before the end of the year. The new requirements are “draft legislative amendments” and are open for public comments before they are passed into law.

The MAS said the new requirements for digital payment token (DPT) service providers “will mitigate the risk of loss or misuse of customers’ assets and facilitate the recovery of customers’ assets in the event of a DPT service provider’s insolvency.”

Crypto platforms will also be required to perform daily reconciliation, maintain proper records and operate custody services independently, the regulator said. Additionally, they will need to provide clear risk disclosures to customers regarding the storage of their assets.

The new requirements follow a public consultation on proposed rules for the crypto sector in October. Singapore will now also push ahead to restrict crypto firms from providing lending and staking services to retail customers, as first proposed in October. While “self-staking” will be allowed.

“MAS would like to clarify, in response to feedback received, that retail customers are not prohibited from handling their own assets (e.g. self-staking), including the lending and staking of those assets,” the regulator said. But crypto platforms “will be restricted from facilitating staking arrangements for retail customers, in addition to lending of retail customers’ assets.” 

These new requirements will be made official through guidelines and changes to the Payment Services Regulations 2019. They are currently open for public feedback until August 3, the MAS said.

Singapore’s ongoing crypto regime 

The MAS said it will release more responses to the October consultation feedback in multiple parts. Today’s new requirements are just Part 1 of the response, focused on the rules for separating and safeguarding customers’ assets.

Overall, the new requirements are to protect consumers from losses “given the extremely high risk and speculative nature of DPT trading,” the regulator said, adding that consumers must also continue to exercise “utmost caution” when trading in crypto as they may lose their assets.

“While the segregation and custody requirements will minimize the risk of loss of customers’ assets, consumers may still face significant delays in recovering their assets in the event of insolvency of the service providers,” the MAS said. “Consumers must also remain vigilant and not deal with unregulated entities, including those based overseas, as they risk losing all their assets.”

While Singapore continues to tighten its regulatory regime for the crypto sector, Hong Kong is aiming to attract more crypto firms in the region.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto exchange Huobi quietly fixed a data breach that had reportedly put users’ assets at risk since June 2021.

The breach involved the exposure of credentials granting write privileges to all of Huobi’s AWS S3 buckets, which the company uses for its cloud storage, according to white hat hacker and citizen journalist Aaron Phillips.

Anyone with access to the credentials could have modified content on Huobi’s domains, including huobi.com and hbfile.net. Additionally, user data and internal documents were also at risk of exposure, Phillips said.

The severity of the breach was significant, Phillips added, alleging that it had the potential for attackers to “carry out the largest crypto theft in history.” Huobi, which handles over $10 billion in monthly trading volume according to The Block’s data dashboard, deleted the compromised account and secured its cloud storage on June 20, Phillips reported.

Phillips found no evidence the breach was used to carry out an attack.

Phillips highlighted the vulnerability of Huobi’s content delivery networks (CDNs) and websites, which can lead to the injection of malicious scripts. The CDNs could have compromised every Huobi login page, potentially affecting every user who logged into a Huobi website or app over the last two years, he said.

It risked users losing their account and crypto assets and exposed sensitive information, such as contact details and account balances of crypto users. This included a database of crypto whales and Huobi’s over-the-counter (OTC) trade data, Phillips said.

Huobi says it’s been fixed

“The incident this time involved the leakage of user contact information on a small scale (4,960 individuals),” Huobi said in an email to The Block. “The type of information leaked does not involve sensitive information and does not affect user accounts and fund security. The incident occurred on June 22, 2021, due to improper operations by personnel related to the S3 bucket in the testing environment of the Huobi Japanese AWS site. The relevant user information was completely isolated on October 8, 2022.”

“Huobi Japanese site and Huobi Global site are completely different entities. After being discovered by a white hat team, the Huobi Security Team promptly took action on June 21, 2023, immediately closing the relevant file access permissions. The current issue has been fixed, and all related user information has been deleted. We appreciate the contributions made by the white hat team to Huobi’s security,” Huobi added.

Huobi’s response to the breach ultimately resolved the issue and secured its cloud storage. However, it took months for the white hat to receive a response from Huobi, and the leaked credentials remained online even after he first notified Huobi of the issue in June 2022, Phillips said. 

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

An unknown attacker managed to swap out over $10 million worth of ether in gains following a security attack on Poly Network this Sunday, according to latest data aggregated by security firm Beosin.

Poly Network is a cross-chain bridge that facilitates asset transfers across different blockchains. The incident allowed the perpetrator to mint varying amounts of 57 tokens across blockchains, the Poly Network team noted. These included Ethereum, BNB Chain, Metis and Polygon.

Following the exploit, the attacker’s crypto wallet displayed an on-paper value exceeding $34 billion, Beosin noted. However, this value did not translate into actual gains for the attacker due to a pronounced lack of liquidity in the affected chains.

Only a small portion of the artificially minted tokens was exchanged for ether (ETH) on the Ethereum and Binance Smart Chain networks, totaling approximately 5,196 ETH, or $10.1 million, noted Beosin. 

Security analysts at Beosin and Dedaub suggested that the attack on Poly Network may have stemmed from a compromise or theft of private keys used in the platform’s main smart contract, rather than from a specific vulnerability within the contract’s logic. They alleged that the private keys for three out of the four admin wallets, which power the project’s main smart contract, were compromised. The Poly Network team has not yet responded to this claim.

This incident marks the second major security hack for Poly Network. In 2021, someone stole $611 million worth of assets from the project, only to later return them in what was considered one of the largest crypto heists to date.

Poly Network’s response

Following the incident, Poly Network announced a suspension of its services and said it was actively working with centralized exchanges and law enforcement agencies to identify the perpetrator and recover the funds. Centralized exchanges are particularly significant in this context, as they possess the ability to track suspicious activities and halt transactions associated with the illicitly minted tokens. 

The Poly Network team recommended that the affected projects withdraw liquidity from decentralized exchanges (DEX) and urged users holding the impacted assets to unlock them and claim back their liquidity pool (LP) tokens tied to those assets. The team also appealed to the attacker to return the user assets in order to “avoid any potential legal consequences.”

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto service providers in Singapore are now required to safekeep customer assets under a statutory trust before the end of the year.

“We have only been given a similar profile picture to that of the original Azuki holders,” the DAO proposal reads.

South Korean trading volumes for the bitcoin offshoot token boomed last week, spurring a price spike last week.

The bill marks the country’s first step towards a digital asset legal framework.

PLUS: Japan is a regulatory success story when it comes to digital assets and Web3. But walking around the recent IVS Crypto Conference in Kyoto, one can’t help but feel that something is amiss.