skip to content

Top Stories of the Week - 12/1

Weekly Top Stories 12-1-23 - Galaxy Research

This week in the newsletter, we write about the U.S. Treasury’s letter to the Senate Banking Committee, the launch of new bitcoin mining pools, and the wild demands made by a DeFi hacker.

Subscribe here and receive Galaxy's Weekly Top Stories, and more, directly to your inbox.

Treasury Department Requests New Overreaching Powers

On Tuesday, the United States Department of the Treasury (Treasury) sent a letter to Congress with proposals for legislative change designed to enhance counter-terrorist financing measures. The letter, still unreleased to the public, builds upon concerns raised in a previous letter signed by over 100 U.S. lawmakers and sent to Treasury and the National Security Advisor last month (previously covered here).

The letter highlights the limitations of current financial sanctions in countering the sophisticated methods employed by terrorists to fund their operations. Central to Treasury's proposal are two recommendations. The first is the development of a new secondary sanctions tool specifically aimed at the FinTech and cryptocurrency sectors. This tool would be similar to the existing Correspondent Account or Payable-Through Account (CAPTA) sanctions but tailored to address the unique challenges posed by these modern financial platforms. Treasury points out that the current CAPTA sanctions, effective in traditional banking, fall short against cryptocurrency exchanges and certain money service businesses that do not rely on traditional correspondent banking relationships.

The second principal recommendation advocates for substantial updates to the legal and regulatory frameworks governing financial transactions. This includes revising the Bank Secrecy Act (BSA) and the International Emergency Economic Powers Act (IEEPA). The proposed revisions aim to redefine the category of "financial institution" under the BSA to encompass entities like cryptocurrency exchanges, Virtual Asset Service Providers (VASPs), virtual asset wallet providers, blockchain validators, and decentralized finance services. Furthermore, the Treasury proposes creating explicit IEEPA authority to designate specific blockchain nodes or elements of cryptocurrency transactions, addressing the decentralized nature of these technologies.

The letter also recommends extending the jurisdiction of the Office of Foreign Assets Control (OFAC) over transactions involving USD-backed stablecoins, even in cases where these transactions do not involve U.S. touchpoints. Specifically, this means clarifying that both IEEPA and BSA jurisdictions should apply to foreign-based entities that engage with the U.S. financial system, with the provision for substituted compliance in cases where these entities are in Financial Action Task Force (FATF)-compliant jurisdictions.


These recommendations represent a sea-change on the part of Treasury to adapt U.S. financial regulatory mechanisms to the evolving landscape of global crypto finance and FinTech. Treasury’s proposal for new sanctions in the FinTech and cryptocurrency space, akin to CAPTA sanctions, are targeted and could help restrict transaction handling by correspondent banks for sanctioned entities. However, defining a new cryptocurrency-related category of “financial institution” under the BSA that includes exchanges, VASPs, virtual asset wallet providers, certain blockchain validator nodes, and decentralized finance services raises several concerns.

This approach would require entities like blockchain validators and DeFi protocols to handle sensitive personal and financial information, opening new attack vectors for obtaining users’ personal data. Furthermore, the proposal’s broad scope, encompassing entities that are purely software providers or infrastructure components, fails to differentiate between the actual technology and the transactions that occur on them. As Austin Campbell wrote on X, “it’s a bit like requiring ACH itself to do KYC/AML… requiring KYC to use your web browser… and requiring roads to KYC cars before they can pass down.”

Further, the proposals continually raise the prospect of giving OFAC jurisdiction over dollar denominated stablecoins, no matter who issues them or who has primary supervisory and regulatory authority over them or where they are issued. This should be concerning to anyone in crypto and frankly anyone who thinks we should re-write banking law and trade finance in this context. Essentially, this would re-underwrite US banking law, giving Treasury broad and unprecedented powers over any form of dollar used in any part of the world. If enacted, it is unlikely to be well received by entities with no relation or interaction with the United States. How would the US and US entities like it if foreign governments started asserting regulatory jurisdiction over bank transactions that existed between US persons?

Beyond the substance of the letter, we see the letter’s existence and its transmission to Congress as significant. Treasury does not often send targeted “calls for action” to Congress and when they do, they typically are done behind closed doors or through Executive Orders and reports. So, the fact that the Deputy Secretary of the Treasury penned this letter to Congress suggests a coordinated blend of policy discussions are developing, perhaps with an eye towards one of the must-pass-moving-vehicles that Congress is considering. The most pertinent is the National Defense Authorization Act (NDAA), which legislators have been eyeing to attach their policy priorities to—not just crypto related. Beyond the NDAA, the spending debates early next year are ripe for policy riders. More to come on this, but we expect there to be additional legislative debate surrounding the contents of this letter in the coming weeks. – Lucas Tcheyan

Bitcoin Mining Pool Development in the Spotlight

Demand, a new Bitcoin mining pool utilizing Stratum V2 officially launched. Stratum V2 is the next generation messaging protocol used by mining pools and miners to coordinate operations. The use of Stratum V2 optimizes miner pool communications by reducing the number and the size of network messages passed between a bitcoin miner and a pool. As a result, mining pools using Stratum V2 can find jobs faster, potentially increasing revenue and efficiency. Additionally, Stratum V2 mining pools also benefit from increased censorship resistance through end-to-end encrypted messaging and the ability for miners, rather than pools, to construct block templates and choose transactions for blockchain inclusion.

Demand's mining pool distinguishes itself by exclusively catering to independent miners defined as “solo mining pools”. These solo mining pools are not technically traditional mining pools as Demand is not pooling hash rate. Instead, what Demand offers is the ability to easily use the stratum v2 protocol with no additional lift on the miner’s end. From not pooling hash rate from other miners, Demand ensures that the entire block reward accrues to the successful miner. Demand is spearheaded by fi3, the core developer of the open-source Stratum V2 Reference Implementation (SRI), which is the foundation codebase of the Demand ecosystem.

Shortly after the release of Demand’s mining pool, another new mining pool using Stratum V2 launched called “Ocean”. Notably, Jack Dorsey led the $6.2m round for Ocean in an attempt to help decentralize Bitcoin’s mining pool concentration. Ocean's mining pool uses a non-custodial approach, ensuring that miners directly receive rewards from the Bitcoin network rather than relying on the pool to distribute rewards. Also enhancing transparency, Ocean commits to providing a comprehensive view of the block template creation process. This commitment empowers miners to autonomously verify and audit every facet of Ocean's mining pool operations, fostering a heightened level of trust and accountability in Bitcoin’s mining pool sector. While Ocean markets itself as a censorship-resistant mining pool, its founder, Luke-Jr, has publicly disclosed an inclination to block inscription-related transactions, specifically Ordinals and BRC-20s. This stance garnered substantial backlash from the Bitcoin community on Twitter. The criticism stems from the fact that inscription-related transactions, historically constituting 20% to 60% of total transactions, are extremely profitable for miners. It's noteworthy to mention that Ocean's first mined block included inscription-related transactions but potentially filtered out OP_RETURN-related transactions.


We have already witnessed notable mining pools like Braiins launch a Stratum V2 pool where miners are required to run the SV2 software and send SV2 packets. Overall, Demand is an innovative concept for independent mining operations and a step forward for SV2 production. Nonetheless, with Braiins, Ocean, and Demand now running mining pools utilizing Stratum V2, developers working on SV2 will be able to use these three pools as case studies to further stress test the SV2 protocol.

The recent surge in new mining pools implementing Stratum V2 is a step forward in optimizing how pools and miners communicate while further educating the broader mining industry on the importance of Stratum V2. Despite larger mining pools like AntPool, Foundry, and ViaBTC not adopting Stratum V2 yet, the technical advancements Stratum V2 offers should not be glossed over. In our prior research report on Stratum V2, we highlighted that the Stratum V1 protocol was not designed for the high hashrate levels we experience today. When Stratum V1 was originally designed, Bitcoin’s network hashrate was only ~12 Th/s. In contrast, the current hashrate has exponentially grown to surpass 480m TH/s. Given the rapid and continuous growth in Bitcoin's network hashrate, it becomes imperative to update a core protocol that has served the mining industry for over a decade. Stratum V2 emerges as the most promising upgrade for four key reasons:

  • The protocol is well defined and documented, decreasing the barrier to entry for mining operations.

  • Optimizes bandwidth for all mining operations by reducing the byte size of messages and eliminating unnecessary messaging.

  • Allows mining pools to find opportunities faster, potentially increasing revenue.

  • Increases censorship resistance through end-to-end encrypted messaging between miners and pools and the ability of miners, rather than pools, to select transactions for inclusion.

Stratum V2 is poised for increased adoption, especially among smaller and new mining pools in the short term. Galaxy Research has not only extensively covered Stratum V2 but has actively contributed to its development. Although Stratum V2 is still in progress, substantial strides in adoption are anticipated in the long run. - Gabe Parker

KyberSwap Exploiter Demands Complete Control Over DEX and Company

On Thursday, November 30, the hacker behind the exploit of decentralized exchange (DEX) KyberSwap sent a message encoded in an Ethereum transaction demanding “complete executive control” over the company and the DAO controlling the DEX. The hacker, calling themselves the “Kyber Director”, added in their on-chain message that Kyber, the company, must surrender all assets under its control including but not limited to: shares, equity, tokens, partnerships, websites, servers, passwords, code, social channels, basically any and all creative and intellectual property of Kyber.

In exchange for meeting the hacker’s demands, the hacker stated that he would buy out the company at a “fair valuation”, double the salary of company employees, revamp the DEX into a “new cryptographic project”, and rebate DEX liquidity providers for 50% of their losses. Calling the proposed exchange their best and only offer, the hacker signed off on their message by requesting contact via Telegram through the handle “@Kyber_Director”. The hacker also warned that the involvement of law enforcement agencies about their theft would result in the immediate termination of their proposed deal.

Since the exploit on Wednesday, November 22, the hacker has sent a slew of on-chain messages, each more brazen and mocking in tone than the last. The Kyber team has responded to a few of these messages notifying the hacker that they have already reached out to law enforcement and cybersecurity firms and demanding that the hacker return 90% of user funds. On Saturday, November 26, the Kyber team announced that they had successfully negotiated the return of 90% of user funds stolen in a separate incident by frontrunning bots that had extracted roughly $5.7m worth of assets from KyberSwap pools on Polygon and Avalanche during the exploit.

The exploit took place on Wednesday, November 22, and drained the protocol across multiple blockchains including Ethereum, Binance Smart Chain, Arbitrum, Optimism, Polygon, BASE, Scroll, and Avalanche. The hacker stole over $54.7m worth of crypto assets. The nature of the exploit has been described by many industry experts as an extremely sophisticated attack on a decentralized finance (DeFi) application that was unprecedented in its complexity and detailed engineering. One of the firms that facilitated the audit of KyberSwap code, Sherlock, wrote on X/Twitter that the exploit “almost certainly required weeks’ worth of research to find, and likely longer to plan the attack.” Sherlock added: “The scariest part of this exploit is that it isn't clear what could have been done better to prevent it outside of throwing significantly more money at the problem. There's no ‘smoking gun’ or obvious negligence that led to it.”


In addition to being complex, the nature of the bug exploited on KyberSwap was also unique to the way this DEX implements concentrated liquidity, which is a feature of many DeFi protocols that enables liquidity providers to concentrate their funds and optimize liquidity within specific price ranges. The Kyber hacker triggered an infinity money glitch, also called a “reentrancy” attack, by carefully adjusting pool liquidity such that one of the checks to ensure the price of assets are updated in a pool fails. However, as Doug Colkitt, the founder of Ethereum-based DEX Ambient Finance points out, the check failed by an infinitesimally small rounding error that changed values by less than 0.00000000001%. It is difficult to overstate the specificity and deep knowledge of KyberSwap smart contracts that was required to pull off this exploit.

Though likely not replicable across other DEXs due to the unique way KyberSwap implements concentrated liquidity, the fact that this tiny loophole in code caused the loss of over $50m in assets illustrates how difficult it is for smart contract developers to write secure code. Despite KyberSwap smart contracts having been audited by multiple firms and the upgraded version of the protocol introduced back in 2022, the protocol was still exploited over a year later in 2023. As we discussed in a prior newsletter about the Balancer exploit in August 2023, hacks and exploits of DeFi protocols are commonplace and precisely why many decentralized applications have evolved to handle these seemingly inevitable vulnerabilities through higher levels of centralization by relying on fail-safe mechanisms like multi-sig wallets and deep-pocketed foundations financing lucrative bug bounty programs.

One additional takeaway worth highlighting from the most recent high-profile DeFi exploit is the reliance on law enforcement and centralized agencies to retrieve user funds. Despite the bold and audacious demands made by the hacker, it is unlikely that they will be able to freely spend the funds they have stolen without increasing the risk of their identity or identities being uncovered through on-chain forensics and investigation. The idea that “code is law” or that the rules enforced and not enforced by a smart contract have the final say over who owns the assets on a blockchain is untrue because in most cases, especially DeFi hacks, protocol teams like the Kyber development team will rely on law enforcement for the retrieval of user funds. When code fails, which happens with some frequency with DeFi protocols, the law is the law. - Christine Kim

Charts of the Week

On-chain rates are beginning to cross an important gap. Stablecoin supply APYs are testing off-chain Dollar rates, and the productivity of other cryptocurrencies is outpacing that of competing off-chain assets and strategies. This is important to understanding the crypto demand story as incentive to hold and implement on-chain assets is beginning to exceed that of off-chain alternatives. The recent bottoming and growth in the supply of stablecoins is also suggestive of tides beginning to change.

The yield achievable with DeFi’s largest stablecoins has been testing that of off-chain Dollar yields. Even though retreating liquidity (reduction in stablecoins supplied to on-chain lending markets) is pushing on-chain yields higher, it offers incentive for users to deploy their Dollars on-chain instead of through off-chain channels.

Aave + Compound Stablecoin Weighted Average Supply Rates - Chart

Alternatively, crypto assets are becoming increasingly more productive in the models of key applications, like MakerDAO. The blended average fee Maker is able to charge users minting DAI with crypto assets is at year-to-date (YTD) highs. The spread between the fee rates achievable with these assets and off-chain assets is also at YTD highs. The average RWA fee rate is 3.68% compared to crypto assets’ average of 5.51% (spread of 1.83%). This is a sign that demand for crypto assets is rising.

MakerDAO: RWA and Crypto Blended Fee Rates - Chart

Other News

  • Coinbase tells some customers it received subpoena related to Bybit

  • Sei blockchain to add Ethereum Virtual Machine support in V2 upgrade

  • AntPool agrees to refund record $3 million Bitcoin transaction fee

  • MicroStrategy buys $593.3 million in bitcoin, may raise up to $750 million in new stock sale

  • Cosmos founder to airdrop forked ATOM1 tokens to voters against reducing Hub inflation

  • Circle seeks to expand USDC presence in Japan with SBI Holdings

  • Tornado Cash plummets 56% after Binance says it's delisting token