Multichain was caught: What legal risks should we pay attention to when developing cross-chain technology?

Source: Lawyer Liu Honglin

Introduction

The CEO of Multichain, a Chinese cross-chain bridge project, was involved in criminal offenses Others were taken away by the Chinese police for investigation, and the tokens plummeted overnight. Is cross-chain technology designed to solvevalue interoperability between different blockchains really impossible to start a business in China?

01 The founder was arrested and the project was forced to stop operations< /h2>

On May 21, 2023, Zhao Jun, CEO of the well-known cross-chain project Multichain, was taken away from his home by domestic police and lost contact with the global Multichain team. The team contacted the MPC node operator and learned that their operational access key to the MPC node server had been revoked.

Subsequently, the task force contacted Zhao Jun’s family and learned that all of Zhao Jun’s computers, mobile phones, hardware wallets and mnemonic phrases had been confiscated. Since the launch of the project, all operating funds and investor investments have been controlled by Zhao Jun.

On June 4, Zhao Jun’s family successfully logged into their home computer on the cloud server platform and only allowed Multichain team engineers physical access to the home computer to fix technical issues with Router2 and Router5.

On July 9, Zhao Jun’s sister transferred the remaining user assets in the router pool and subsequently notified the team and multiple project parties. The funds were transferred to an EOA address controlled by Zhao Jun’s sister.

On July 13, based on information provided by Zhao Jun’s family, the police took Zhao Jun’s sister away.

According to SlowMist monitoring, since July 7, the total amount of funds flowing out of Multichain has reached US$265 million, distributed in Ethereum, BNB Chain, Polygon, Avalanche, Arbitrum, Optimism, Fantom, Cronos, Moonbeam chain. Among them, US$65.82 million has been frozen by Circle and Tether, and 1,296,990.99 ICE (approximately US$1.62 million) has been burned by the Token issuer.

According to public information, Multichain was established in July 2020 and received US$60 million in financing in December 2021. Investment institutions include Binance Labs, Sequoia Capital, IDG Capital, Three Arrows Capital, DeFiance Capital, TRON Foundation, Hashkey Capital, Circle, Hypersphere Ventures, Primitive Ventures and Magic Ventures.

02 What is cross-chain blockchain?

The rapid development of public chains is inseparable from the increasing popularity and innovation of blockchain technology. According to exaggerated data, there may be hundreds of public chains currently in existence, and different communication protocols, consensus rules, and governance models exist between different blockchains. Well-known public chains include Bitcoin, Ethereum, Solana, Binance Smart Chain (BSC), etc. In addition, there are many other public chain projects based on different consensus mechanisms and technical architectures. Each public chain has its unique characteristics, advantages and application scenarios. ThereforeInteroperability between different blockchainsallows users to transfer assets and information between chains Cross-chaintechnology has become inevitable.

Cross-chain technology is a key technology in the blockchain industry, aiming to solve the problem of data circulation and assets between different blockchains Transfer and value interoperability issues. The underlying technology of cross-chain technology is relatively complex. Non-technical people can understand cross-chain technology with a simple example. In most cases, when users want to cross assets from chain A to chain B, they need to first save the assets to the designated address of chain A using cross-chain technology. Next, when the bridge detector receives this information, An equal amount of wrapped tokens will be minted in chain B, or cross-chain assets will be converted into native assets of the target chain by establishing a fund pool in the target chain, and finally the money will be transferred to the user's account in chain B.

The most concerning issue with cross-chain technology is security. For cross-chain entrepreneurs, in addition to project safety, personal safety is also required.

03 Legal risk of project being attacked

Cross-chain Security incidents in technology are not uncommon. On July 3, 2021, the contract of the Chainswap cross-chain project was attacked, and some user tokens were withdrawn from the wallets interacting with ChainSwap. The total loss was approximately US$800,000. On July 12, 2021, Anyswap’s newly launched V3 cross-chain liquidity pool was also hacked, with a total loss of more than $7.87 million. In August 2021, Poly Network announced that the main network was hacked, and users' assets on the three blockchains of BSC, Ethereum and Polygon were transferred in total by US$610 million, becoming the largest DeFi security incident to date.

Since blockchain technology is decentralized in nature, it can be very difficult to determine the responsible party when a defect or vulnerability in a smart contract results in a loss. In the event of loss of user assets, it is a relatively complex issue whether cross-chain project parties should bear relevant responsibilities.

In this regard, there are two things that project parties can do in advance:

1. Smart contract security audit. Ensure that smart contracts undergo security audits to technically prevent vulnerabilities and attacks. Most cross-chain technologies themselves deal directly with finance and are related to user funds. Therefore, the design and implementation of cross-chain technology protocols need to take security into consideration from the beginning, and no matter how rigorous it is, it cannot be too rigorous. In addition, it is best for the agreement to be audited by at least two security auditing companies to reduce security risks. It does not introduce unnecessary administrator identities, and at the same time limits the permissions of protocol deployers and administrators to prevent all funds in the entire protocol from being exposed to security risks due to the leakage of a single account.

2. Write the contract. Ensure that the user agreements and contract terms between the project party and partners, investors and users are clear and clear, and try to stipulate in the text the responsibilities and obligations of each party in the event of a security incident, as well as the consequences in the event of loss of user assets. compensation mechanism.

04 Legal risks of project legal currency

The vast majority ofcross-chainprojects will have their own project tokens. What cross-chain entrepreneurs must understand is that the legal frameworks for blockchain and cryptocurrency vary greatly in different countries and regions. For example, the U.S. Securities and Exchange Commission (SEC) may consider certain tokens to be securities, while the European Union may have a completely different classification. This means that various legal requirements and regulatory frameworks must be taken into account when designing and implementing cross-chain solutions.

Issuing currency is an even more sensitive issue in China. On September 4, 2017, the central bank and seven other ministries and commissions issued the "Announcement on Preventing Token Issuance and Financing Risks", which clearly pointed out thattoken issuance financing is essentially an illegal public financing without approval and is suspected of illegal sales. Token tickets, illegal issuance of securities, illegal fund-raising, financial fraud, pyramid schemes and other illegal and criminal activities require that all types of token issuance and financing activities should be stopped immediately from the date of the announcement, and token issuance financing has been completed Organizations and individuals should make arrangements for liquidation and retirement.

If the project issues tokens to users in mainland China, it is a high-voltage line for supervision.

05 KYC, KYT and AML

Multichain in the introduction was caught. According to public media reports, it was involved in laundering huge amounts of money for criminal groups. Due tocross-chainsome characteristics of the technology itself, such as anonymity and difficulty in tracking, it is easily targeted by criminal groups as a tool for money laundering.

Specifically, cross-chain technology involves the transfer of assets between multiple different blockchain networks, some of which may have higher anonymity and privacy protection functions, such as Zero-knowledge proofs or privacy coins, which make it easier for money launderers to hide the origins and destinations of their financial flows. At the same time, cross-chain involves the transfer of assets between multiple blockchain networks, making tracking and monitoring these transactions more complex. Some cross-chain protocol designs also make transaction records more difficult to track or monitor, providing more opportunities for money laundering activities.

Statistics from Ouke Cloud Chain Research Institute show that money laundering, fraud, pyramid schemes, and gambling are the four most common forms of virtual currency crimes in 2022. Among them, 54.72% of virtual currency crimes are related to money laundering, and 21.13% related to fraud.

Governments of various countries do not like virtual currency, and a very important reason is that it has been misused by bad people. Once a criminal gang is targeted by regulatory authorities, thecross-chain projects that provide assistance to the criminal group’s criminal assets will naturally not be disconnected. And cross-chain projects certainly cannot defend themselves on the basis of technological neutrality. In August 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the currency mixer Tornado Cash. According to sanctions documents, Tornado has been used to launder more than $7 billion worth of crypto assets since its creation in 2019. , which includes more than $455 million in crypto assets stolen from two blockchain applications by the North Korean hacker group Lazarus Group.

Doing a good job of KYCand AML can effectively reduce the aforementioned risks.

KYC(Know Your Customer): Designing and implementing an effective KYC process is the first step in ensuring business compliance. This includes collecting and verifying users’ identifying information such as name, address, ID and other relevant information. Ensure that the KYC process complies with local laws and regulations and is continuously updated and reviewed. It should be noted that when collecting and processing the aforementioned personal data, it is necessary to ensure compliance with privacy regulations and clearly inform users of the data collection and use methods. KYC is more suitable for the fiat currency world, while KYT is more suitable for the blockchain world.

KYT(Know Your Transaction):KYT It is a process used by financial institutions to monitor and track financial transactions for fraud or suspicious activity. KYT can help financial institutions identify the source and destination of each transaction, assess transaction risks, take appropriate measures, and report suspicious matters to regulatory authorities. trade. KYT is different from the KYC commonly used in the traditional financial field. KYC mainly focuses on the identity information of customers, and more on the static identity of specific individuals/institutions, while KYT mainly focuses on the dynamic transaction process of customers. If in the traditional financial field, KYT is currently a plus,but invirtual assettransactions, KYT may become a necessity to deal with risks.

The reason is that in the blockchain world, there is no link like opening a bank account where you need to provide a lot of identity authentication materials. The principle of people in the currency circle when opening an account is everything. You can open it yourself without asking anyone, and you can create countless on-chain addresses anonymously. In this case, it is difficult to know the real identity of the other party through a string of garbled wallet addresses, let alone anti-money laundering prevention. KYT will help blockchain users identify which addresses and transactions are risky, find black addresses of suspected illegal transactions, and trace the black addresses back to the start and end of the transaction. Suspicious transaction behavior, transaction addresses in the dark web, its associated addresses, KYC records of a certain address on the exchange, and other information can link the on-chain address with the corresponding entity, thereby linking the anonymous on-chain world with real-name offline identity for linking.

AML (Anti-Money Laundering) : Implement effective transaction monitoring mechanisms to identify and report any suspicious or unusual transaction activity. Utilize technical tools and systems to monitor clients' trading patterns, capital flows and risk behaviors, and take necessary measures to investigate and report in a timely manner.

Effective KYC, KYT and AML measures can reduce risks related to money laundering, terrorist financing and other financial crimes, and build trust and reputation, while ensuring the safety of project parties and providing benefits to businesses and users. Provide a safer and more secure environment.

06 Summary

As more and more Countries and regions have brought anti-money laundering of virtual assets into the scope of supervision. Institutions involved in the issuance and circulation of virtual assets will inevitably need to supplement KYC due diligence through KYT to meet the regulatory compliance requirements.

While pursuing technological innovation and business model exploration, cross-chain entrepreneurs must make legal risk management a top priority. Only in this way can we ensure our own safety. Only on the basis of our own safety can we have the long-term development of the project and the safety of user assets.