The exploit began around 4:36 p.m. on November 11th, when an unknown actor quickly converted stolen stablecoins to Ethereum (ETH), before converting them to Bitcoin (BTC). , it was sent to illiquid but non-custodial exchanges such as FixedFloat and ChangeNow. , using a permissionless THORChain bridge.
This is an excerpt from The Node newsletter, a daily roundup of the most important crypto news from CoinDesk and beyond.You can subscribe to get the full version Click here for the newsletter.
“They'll probably leave the funds in a blender or send it to a shady service next time,” ZachXBT noted.
Attackers hope to have ready access to mixers to launder these funds. Because that step is a taxable transaction, at least under U.S. law.
Hacks like this happen all the time in cryptocurrencies, and are likely only being discussed because of the alleged victim, Binance, the world's largest exchange. The paltry sum of $27 million could be part of the ingenuity of a seemingly smart or experienced hacker. It is enough to know that it was likely frozen by Tether.
At this point, it's speculation, an educated guess at best, but it appears that someone who has or has had inside information about Binance's operations is behind the attack. As others have pointed out, having millions of money stored in hot wallets (wallets connected to the internet) creates problems.
According to on-chain data, the attacked wallet received $26 million from another Binance hot wallet called “Binance 16” on November 5th. This could argue for or against the Binance Insider theory in that someone at Binance might know about it. Although the wallet was recently refilled, Binance is a prime target for attacks and is something of a trophy for hackers, as it is the largest exchange, so the exchange's hot wallets are closely monitored by would-be hackers. There is a high possibility that
As of this writing, Binance has neither confirmed nor denied this attack. Binance's deployer wallet has been suspended since December 2020, and the victim's wallet is not necessarily affiliated with Binance. However, on the Binance blog, an anonymous contributor named The Narrator, who has an impressive posting history, wrote about the exploit and said that “the victim's address is associated with the #Binance deployer.”
A Binance spokesperson confirmed to CoinDesk that its security team is investigating the exploit.
Although the hackers and victims are still unknown, this is an opportunity to think about a growing issue related to cryptocurrencies: taxes. This week is Tax Week here at Consensus Magazine, where we focus on the big unanswered questions about tax policy around the world for this nascent industry.
Poloniex said it would make the affected users permanent, but that in itself causes significant tax reporting implications. FTX customers' fears were further heightened when the fraudulent exchange FTX, run by a money laundering team led by recently convicted Sam Bankman Fried, was hacked in November 2022.
“under [U.S.] For tax purposes, it is much more difficult to claim that a loss is the result of theft than it is to simply say it was theft. “Taxpayers typically need to prove that criminal theft occurred,” Myles Fuller, head of government solutions at TaxBit, wrote in a recent editorial. Additionally, traders must convince the IRS that their activity was for the purpose of generating income and that a genuine theft actually occurred, but exploits remain unresolved, especially in the wider world of cryptocurrencies. This point is complicated, as it is often the case that
Further, Mr. Fuller said, “Taxpayers still need to wait before deducting losses because they have to wait until they have reasonable certainty as to whether or how much recovery will be obtained.'' is not deductible because the recovery would reduce the amount of the loss.'' ”
If hack victims receive compensation, how should it be characterized? What if an exchange decides to use tokens to reimburse users, like Bitfinex did in 2018? Drops are generally considered income when received, but many tax professionals would like to update this policy to the point where airdrops are converted into other virtual currencies or fiat currencies.
Finally, and of course, the recent hot wallet hack is a reminder of how burdensome current tax policy is for the average crypto user. According to Etherscan data, the exploiter made a series of transactions immediately after the hack, and within eight minutes he transferred $2.7 million to 10 new addresses.
Under US law, each conversion of Tether to Ether is taxable, as is any subsequent conversion to Bitcoin. It's hard to sympathize with the thieves, who at this point seem unlikely to pay up anyway, but the evidence of the transaction is a reminder of how unwise our current tax policy is. While the amount laundered remains largely unchanged, users' tax bills increase with each hop.
This is one of the many reasons why cryptocurrencies, despite sharing many attributes of money, have not yet caught on as a regular form of payment. For example, many tax experts argue that conversions should be considered “in-kind” payments or have minimal limitations.
In either case, cryptocurrencies and cryptocurrency hacking are unlikely to disappear anytime soon. So let's think about the tax implications.
