His extradition to Montenegro was followed by the hearing. Californian resident has sued three Asian banks, alleging that they enabled a crypto-scam worth $1 million by not conducting proper KYC checks and AML checks. US lawmakers have also demanded an explanation for a cyber attack on the Treasury Department that has been attributed to Chinese APTs. Blockchain firm Virtuals Protocol also addressed a vulnerability found by researcher Jinu in one of their smart contracts.
Do Kwon’s Legal Saga unfolds at First Hearing in New York
Do Kwon, Terraform Labs’ co-founder Do Kwon, appeared in front of a US magistrate on January 2, 2025. He pleaded guilty to charges related to the failure of the Terra eco system. These charges are securities fraud, money-laundering, commodities fraud and wire fraud.
Kwon was in his first court appearance since being extradited to the United States. Kwon accepted to remain in custody without bail during the hearing. A status conference has been scheduled for January 8, 2025 to discuss evidence-sharing and motions, as the case progresses towards trial.
Do Kwon
Kwon was extradited after Montenegrin officials decided that he had met all the requirements to be sent to the United States of America or South Korea. Bojan Bozovic, Montenegrin Justice Minister, approved Kwon’s extradition on Dec. 27 due to his seriousness of crimes, location of offenses and other legal factors. On Dec. 31 Montenegrin PM Milojko Spajic had confirmed that Kwon is in US custody.
These legal developments form part of an ongoing saga involving Kwon. His extradition and legal proceedings have been going on since 2023. Terraform Labs reached an agreement with the US Securities and Exchange Commission in 2024, agreeing to pay 4.47 billion dollars. This included $204 million of penalties for Kwon’s actions.
A lawsuit alleges that banks enabled crypto fraud
Kwon’s not the only crypto-figure currently dealing with legal problems. Ken Liem of California filed a suit against three Asian banks. Ken Liem claims that the banks failed to perform basic checks which could have saved him from becoming a victim of a cryptocurrency scam. The suit was filed on December 31, 2024 in a California District Court. It claims that Liem lost almost $1,000,000 in a pig-butchering scam, after he was contacted by LinkedIn about a cryptocurrency investment opportunity in June 2023.
Scam of Pig Butchering (Source:Datos insights )
Liem, according to his attorneys, was convinced over a period of several months to send money to alleged scammers under the pretext that cryptocurrency investments were made in his name. The money was transferred into accounts with Hong Kong’s Fubon Bank, Chong Hing Bank as well as Singapore’s DBS Bank before it went to other accounts.
In the suit, the bank is accused of not performing adequate Know Your Customer and Anti-Money Laundering checks. The attorneys claim that this would have raised concerns regarding the account holders. This could potentially prevent the opening of the accounts.
They also claim that banks knew that there was a very high likelihood that these accounts would be used for fraud, and that even a simple check of the account records could not have found any evidence that they were being used in a lawful manner. The attorneys claim the banks also enabled illicit money to be moved.
The lawsuit also accuses banks of not complying with US Bank Secrecy act, which requires financial institutions to keep detailed records on transactions and to report any suspicious activity to Financial Crimes Enforcement Network. Liem’s legal team argues the banks fall under this act as DBS is based in California, and Fubon & Chong Hing processed transactions via Liem’s Wells Fargo account in the US.
Richou Trade, FFQI Trade Xibing and Weidel are named in the suit as being Hong Kong entities accused of illegally diverting Liem’s money to third party accounts, while falsely claiming that it would be invested for cryptocurrency. Liem’s lawyers are seeking a jury trial as well as at least $3,000,000 in damages.
The Treasury Cyber Breach: Lawmakers demand answers
Two US Republican legislators urged Treasury Department officials to reveal details of a cyber-attack that had been attributed to an entity sponsored by the Chinese government. Senate Banking Committee Chair Tim Scott, and House Financial Services Committee Representative French Hill, both members of the Senate Banking Committee as well as the House Financial Services Committee sent a request to Treasury Secretary Janet Yellen in December 2024 for a complete congressional briefing on Jan. 10th.
Both lawmakers expressed concern about the incident that occurred on December 2, in which an APT actor was able to gain access to employee workstations as well as certain documents not classified. Scott and Hill stressed the importance of safeguarding sensitive federal data. This is especially true since Treasury stores critical information such as tax records, beneficial ownership information and suspicious activity reports.
The lawmakers also asked about existing security measures at the Treasury and requested information on the type of documents accessed, the way the incident occurred and what steps were being taken to avoid similar incidents. The group called for improvements in protocols that protect federal systems against foreign attackers.
In a letter dated Dec. 30, the Treasury Department confirmed that an APT group sponsored by China was responsible for this incident. Treasury has also committed to submitting a report containing additional information within thirty days as required by Federal Information Security Modernization Act. China, meanwhile, denied involvement and dismissed the US allegations.
Virtuals Protocol Fixes Bug
Not only the US Treasury Department made a security mistake. Virtuals Protocol, an artificial intelligence agent blockchain company, has recently fixed a serious vulnerability found in one of their audited contracts. The issue was discovered by a pseudonymous researcher on Dec. 3rd, 2024. He reported the problem to the company. Jinu was surprised to learn that Virtuals Protocol didn’t have a bug bounty program in place, so the issue wasn’t eligible for reward.
Jinu claims that the vulnerability was a result of a failure to validate the threshold for creating AgentTokens. It was possible to exploit this vulnerability and prevent the creation of AgentTokens, until the contract is patched. Jinu noticed Virtuals Protocol had initially shut down its Discord dedicated group to report the bug, which led people to spread the bug via social media platforms X.
Virtuals Protocol immediately issued a patch and reached out to Jinu in order to confirm the vulnerability. The company apologized and thanked the researcher who reported the problem. Virtuals Protocol also promised Jinu they would assess the severity of this bug, and then issue a reward.
The company is yet to determine the rewards for Jinu’s work, despite the fact that the fix was quickly implemented. Jinu first reviewed the code as a curiosity, after a friend had invested in a Virtuals Protocol token. The code was examined for only 30 minutes before the problem was identified.
