Welcome back to Market Movers.
We'll defy rocked by two massive thefts totaling nearly $600 million stolen barely a month apart. $577 million was wiped out across just two major exploits.
The Drift Protocol on April 1st, and also the Kelpdow Bridge was drained for $292 million on April 18th.
Now these two strikes alone account for about 76% of all crypto hack losses so far this year.
So can the sector implement compliance rules before policymakers step in, or should compliance in DI be approached with varied lens?
Now to help us break all of this down here at Consensus, I am joined by Ari Redbord, Global Head of Policy at TRM Labs.
Ari, great to have you here.
Thank you so much for joining me.
I always love our conversation.
So thank you so much for having me.
Well, thank you so much for joining us.
It has been a busy 3 days here in Miami. consensus and we've been hearing from policymakers Trad F, Defi, innovators, as well as people such as yourself.
So when it comes to the hacks that we're seeing so far this year, what do you make of how North Korea has been behaving?
Yeah, it's really pretty extraordinary.
You look around the space and you realize this ecosystem is growing very, very quickly, but that's more and more incentive for bad actors like North Korea to attack it, and they really have been attacking it at scale.
You mentioned that 76% number.
I mean that is really extraordinary to think of that.
These aren't just hacks.
These are, these are stolen funds, around 600 million that's going to weapons proliferation and destabilizing activity.
So look, I think, I think North Korea's getting much better at this.
If you looked at the playbook for the drift protocol hack in particular, I mean you come to a conference like this and it's chilling.
They sent, you know, they sent people to conferences to meet with.
The drift team to invest in the business.
This wasn't just sort of a tech hack.
This was a social engineered hack at scale.
And what concerns me most of all is that drift is one of probably many targets that we may see play out over the next, you know, weeks and months.
And North Korea's really playing the long game, and we need to fight back.
And Ari, I want you to break this down because we talk about technology, whether we're talking about this intersection. of DFI and SRTF, but at the end of the day it's actually about human beings, isn't it, when we talk about social engineering.
So tell us about some of the tactics here.
It absolutely is, and I think it's just being extremely vigilant because at the end of the day it is, you know, these, there are phishing attacks.
They're reaching out to individual people to get access to the private keys, to these validators to be able to attack this ecosystem.
So I think it's being incredibly careful.
Cybersecurity is critical.
By the time we get involved and we're tracking and tracing funds, that's a race against time.
And what we really have to do is stop these attacks from happening in the first place.
I think a lot of the conversation has been what can D5 protocols do or why are D5 protocols so vulnerable, and I think that's a part of this.
And I think that's why we need real robust cybersecurity standards and beyond.
But I actually take a little bit of a different tact, and that is we need to go. the bad guys, right, this is not about sort of blaming victims because North Korea is attacking them.
It's how do we go after North Korea if North Korea steals 600 million from the DeFI ecosystem, we should be going, taking that back, and that means national security.
That means offensive cyber, that means empowering the private sector to potentially go after these guys.
So I think there's a lot we can do way beyond sort of crypto or crypto compliance when it comes to this threat.
Yeah, and Ari, you and your team monitor these situations, and also you have your hands on a lot of data here.
So given the fact that so many people are invested in digital assets nowadays, what would you say to Americans who are watching right now when it actually comes to security, especially in this day and age of artificial intelligence?
Absolutely.
Look, bad actors are moving faster than ever.
We saw about a 500% increase in AI enabled scams and fraud over the last year.
That means phishing attacks have gotten much better.
We don't live in a world anymore of broken English and Nigerian princes.
It's really about sort of like fairy tale or deep fake videos.
It's about, you know, voice audio from your child or your boss, and it's just being extremely vigilant all the time when it comes to sort of like.
Your interaction online, this proliferation of pig butchering scams occur start with a text message, and I think so much of this sort of the education piece and from a security piece, look, I think we need to be very careful about putting ourselves out there.
You look around this conference and it's like, obviously this, this, this space loves social media.
We love to be on X.
We love to be on these platforms, but I think some of it is being very, very careful.
We're seeing violent crimes against.
Crypto holders.
So I think a lot of this is just being extremely vigilant, but I think really on the flip side, and when I think about this, this is becoming when North Korea can steal 6 billion over the last several years, that goes for to weapons, that goes to destabilizing the Korean Peninsula and really the world, and I think that this is when we need to use every national security tool that we have in the US and our allies to go after these guys.
Yeah, and finally, Ari, I know you and I could probably have an entire hour devoted to this on a podcast.
Can we do that?
Let's do that.
But here there are policymakers as well as lawmakers on the ground.
So I do want to get your take on the Clarity Act, especially on the heels of what Patrick Woods said on stage here at Consensus.
Yeah, absolutely.
Look, I defer to Patrick on all things clarity.
I know the White House is working really, really hard to get everyone together.
I think this is like herding cats times 100 probably at this point.
I think there are a couple of sticking points, and I think we're seeing a move beyond stable coin yield, which I think is really exciting.
I think still some of the issues around Dei that we're talking about are going to be interesting.
What could regulation potentially look like, developer protections, and then ethics.
I think has become sort of a huge holdup.
But there is, there is room for negotiation and compromise, and you know, I think, I think people have said recently, and I agree that a good bill means no one's happy.
And hopefully at the end of the day we'll have a really solid bill, but I am a big fan of clarity.
I think from our perspective there's a lot of great AML and and information sharing provisions in there today that I think will make this space safer.
But really the key is if we want developers to build in the US and build in a compliant way, we need to give them the rules of the road.
July.
I hope so.
I think that would be awesome.
That seems really fast, but I know this administration moves fast.
So like, so we'll see.
We're going to get this done, and I think July is aggressive, but I'm hopeful.
Well, Ari, always great talking to you.
I know you have to head to the stage for your panel, so thank you so much for joining us this morning.
We appreciate all of your insight.
Thank you so much.
Thank you.
