Fintech Daily Digest

"The GENIUS Act tries to mitigate credit risk on stablecoins by declaring their property of the investor vis-a-vis custodians, and prioritizing the investors' claims vis-a-vis creditors of the issuer. But neither is really a fix, and the truth is that absent a government guaranty, there's no way around this problem. No matter how much stablecoins are prioritized in bankruptcy, bankruptcy is a slow process, and time is money. And there are limits to how far stablecoins can be prioritized in bankruptcy without rendering the bankruptcy system unworkable. (Making stablecoins the property of the investors is no help in an issuer bankruptcy because all the investor gets is a digital token that is worthless without the redemption right, and that's just a bankruptcy claim; this is different than in the custodian bankruptcy scenario.) The only real way to ensure 100% timely repayment is a government backstop, but that's not something the industry wants (because it goes with regulation)." (Adam Levitin)

U.S. President Donald Trump named Bitcoin (BTC), Ethereum (ETH), XRP, Solana (SOL) and Cardano (ADA) as five assets to be included in a U.S. strategic crypto reserve. The initial announcement made on Truth Social excluded BTC and ETH ("A U.S. Crypto Reserve will elevate this critical industry... which is why my Executive Order on Digital Assets directed the Presidential Working Group to move forward on a Crypto Strategic Reserve that includes XRP, SOL, and ADA. I will make sure the U.S. is the Crypto Capital of the World. We are MAKING AMERICA GREAT AGAIN!). However, in a later post they were added ("I also love Bitcoin and Ethereum!"). https://truthsocial.com/@realDonaldTrump/posts/114093946326587357

The Bank of Ghana (BOG) expects to launch its retail central bank digital currency (CBDC) in 2025 (contingent on an act of parliament), with offline payments a key function the central bank is confident in delivering. Kwame Oppong, head of fintech and innovation, pointed out that the "technology for offline payments has been around since the 1990s, but the challenge was to ensure that the requirement of frequent reconnection and re-syncing was not obstructive. That means the experience is not truly like offline payments. We wanted to create an instrument that allows people to live off-grid and use it as they would use cash."

I report this Iraqi News story about the Iraqi central bank issuing CBDC just for the record because it's second-hand information (not directly from the Iraqi central bank) and it's odd in that it describes the CBDC replacing paper notes in transactions with central banks. Prior to this, the only evidence I have ever found of Iraq researching CBDC was a 2022 Arab Monetary Fund (AMF) report.

The Bybit security breach is turning out to had been a supply-chain attack, which is way worse than initially anticipated. While most crypto hacks exploit phishing or hacked workstations, this attack was executed directly through a supply chain compromise of Safe {Wallet}'s UI infrastructure, enabling attackers to manipulate transactions at the source. The attackers breached Safe{Wallet}'s AWS S3 storage and injected malicious JavaScript directly into its UI. This means _every_ Safe user could had been affected. https://docsend.com/view/s/rmdi832mpt8u93s7

Meme coins typically are purchased for entertainment, social interaction, and cultural purposes, and their value is driven primarily by market demand and speculation. In this regard, meme coins are akin to collectibles. Meme coins also typically have limited or no use or functionality. Given the speculative nature of meme coins, they tend to experience significant market price volatility, and often are accompanied by statements regarding their risks and lack of utility, other than for entertainment or other non-functional purposes. It is the [U.S. SEC Division of Corporate Finance] view that transactions in the types of meme coins described in this statement, do not involve the offer and sale of securities under the federal securities laws.

"The US Securities and Exchange Commission has agreed in principle to drop its lawsuit against crypto firm Consensys. The suit claimed that aspects of MetaMask violated securities laws. According to Ethereum co-founder and Conensys founder Joseph Lubin, the SEC has agreed to file a motion effectively ending the case, and the conclusion of the litigation is still subject to final approval from the commission."

The Central Bank of the Russia has postponed the launch of the digital ruble from July 2025 to a later date to be determined. According to Governor Elvira Nabiullina the central bank needs more time to work out all the details in the pilot and hold all consultations with banks on the economic model that is most attractive to customers. 15 banks, 1,700 citizens and about 30 companies have taken part in the pilot that started in August 2023.

Bybit was largely following best practices by storing only as much currency as needed for day-to-day activity in warm and hot wallets, and keeping the rest in the multisig cold wallets. Transferring funds out of cold wallets required coordinated approval from multiple high-level employees of the exchange. But no matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.

Banco Central do Brasil (BCB) published a technical report on the first phase of the Drex wholesale central bank digital currency (CBDC) pilot that focused on testing the use of tokenized deposits. The platform used was a private, permissioned version of the Ethereum blockchain. The pilot involved the participation of 16 financial institutions, which were selected from a pool of 36 candidates. The pilot tested a range of use cases, including the issuance and transfer of tokenized deposits, as well as the settlement of transactions involving tokenized government bonds. BCB found a tough "trilemma" between privacy, programmability, and oversight. Advanced cryptography (like zero-knowledge proofs) can hide transaction details to protect user privacy, but this also makes it hard for regulators to monitor illicit activity or even for the system to run complex smart contracts. The next phase of the pilot program will focus on advancing privacy while allowing pilot participants to suggest more use cases.

The U.S. Securities and Exchange Commission (SEC) has closed its investigation into crypto exchange Gemini, adding to a growing list of firms that have escaped the regulator's scrutiny for now. In a February 26, 2025 notice shared by Gemini co-founder and president Cameron Winklevoss, the SEC said it had concluded its investigation and "based on the information we have as of this date," the regulator will not recommend an enforcement action. The SEC charged crypto lending firm Genesis Global Capital and crypto exchange Gemini with offering unregistered securities through Gemini's "Earn" program on January 12, 2023.

"Lazarus Group isn't an occasional player in the hacking world; it is frequently the prime suspect in major crypto heists. The North Korean state-backed group has siphoned billions from exchanges, tricked developers, and bypassed even the industry's most sophisticated security measures."

The Bermuda Monetary Authority (BMA) is inviting proposals for a collaborative pilot project aimed at testing embedded supervision practices within the context of decentralized finance (DeFi). Embedded supervision refers to the direct integration of regulatory oversight, compliance checks, and automated reporting into the technological foundation of a financial platform-particularly within its smart contracts, protocols, or data layers-so that supervisory requirements are inherently enforced in real-time with limited or delayed human intervention.

"The evolution of cash should provide each User with the ability to instantly authenticate a banknote at any time. To do this, it is necessary not only to develop the ability to conveniently, quickly and practically unnoticeably check banknotes for the User, but also to interest the entir e population of the country in regularly conducting such checks. Modernization of central bank cash with Blockchain technology is the optimal solution to this problem, which will allow the population of the country not only to check the legitimacy of each banknote, but also to carry out digital transactions using hybrid banknotes, during which the legitimacy of cash will always be checked in the background."

"In this 2024 paper we propose, implement, and evaluate two extensions to OpenCBDC, an open-source transaction processor designed for central bank digital currency. First, we enable the central bank to audit the monetary supply. This feature reduces the trust required in sentinels - the most exposed components of this architecture - so that it can in principle be outsourced to intermediaries. Second, we leverage Pedersen commitments and zero-knowledge range proofs to hide transaction amounts while maintaining auditability. This feature improves privacy beyond the level offered by the original OpenCBDC design. Performance measurements show that auditability and privacy reduce the throughput of the shards to 30 % of the original, but the scalability remains close-to-linear in the number of shards. For example, 8 shards can process peak loads of ≈135,000 transactions per second. By adjusting resources, CBDC operators can meet their throughput goals with auditability and privacy."

"This paper presents zkLedger, the first system to protect ledger participants' privacy and provide fast, provably correct auditing. Banks create digital asset transactions that are visible only to the organizations party to the transaction, but are publicly verifiable. An auditor sends queries to banks, for example "What is the outstanding amount of a certain digital asset on your balance sheet?" and gets a response and cryptographic assurance that the response is correct. zkLedger has two important benefits over previous work. First, zkLedger provides fast, rich auditing with a new proof scheme using Schnorr-type non-interactive zero-knowledge proofs. Unlike zk-SNARKs, our techniques do not require trusted setup and only rely on widely-used cryptographic assumptions. Second, zkLedger provides completeness; it uses a columnar ledger construction so that banks cannot hide transactions from the auditor, and participants can use rolling caches to produce and verify answers quickly. We implement a distributed version of zkLedger that can produce provably correct answers to auditor queries on a ledger with a hundred thousand transactions in less than 10 milliseconds."

The U.S. Securities and Exchange Commission (SEC) has dropped its investigation into Uniswap Labs, the Brooklyn-based company behind the decentralized protocol of the same name. The SEC's decision to close its investigation into Uniswap Labs is the latest in a wave of similarly-dropped investigations into crypto companies, including Robinhood Crypto and non-fungible token marketplace OpenSea. The SEC has also agreed to drop its case against Coinbase, pending approval from the agency's commissioners, according to the crypto exchange.

"In a shocking turn of events, Bybit, one of the largest crypto exchanges, was hacked for approximately $1.5B in ETH. This incident ranks among the largest crypto hacks of all time, eclipsing even the infamous Mt.Gox collapse and FTX implosion. While broader contagion has been contained, examining the series of events and its on-chain footprints can provide valuable context on the hack and its market impact."

"Elliptic has attributed the Bybit theft to North Korea's Lazarus Group, based on various factors, including our analysis of the laundering of the stolen cryptoassets. North Korea-linked actors have stolen over $6 billion in cryptoassets since 2017, with the proceeds reportedly spent on the country's ballistic missile program."

Chainalysis published an analysis of how the February 21, 2025 Bybit exploit occurred; the attackers' tactics, techniques, and procedures (TTPs) and their consistency with the Democratic People's Republic of Korea (DPRK); and how Chainalysis is collaborating with Bybit and law enforcement to help recover funds. This attack highlights a common playbook used by the DPRK: orchestrating social engineering attacks and employing intricate laundering methods in an attempt to move stolen funds undetected. Funds from the Bybit exploit have also consolidated in addresses holding funds from other known DPRK-linked attacks, providing further evidence that the nation state actors are behind this latest incident.