Blockchain Bites: Australia kicks off 2nd consultation on AML/CTF reforms, Binance’s CZ sentenced to serve time following plea deal, Motions fly as Tornado Cash case twists and turns, Philippines KOs offshore exchanges, On chain sleuths trace North Korean hackers


Authors: Michael Bacina, Steven Pettigrove, Tim Masters, Jake Huang, Luke Higgins, Luke Misthos, Kelly Kim,

Service: Blockchain | FinTech
Sector: Financial Services | IT & Telecommunications

Michael Bacina, Steven Pettigrove, Tim Masters, Jake Huang, Luke Higgins, Luke Misthos & Kelly Kim of the Piper Alderman Blockchain Group bring you the latest legal, regulatory and project updates in Blockchain and Digital Law.

Australia kicks off 2nd consultation on AML/CTF reforms

Earlier today, the Attorney-General’s Department announced the commencement of a second round of consultations on reforms to Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regime. The consultation follows an initial consultation commenced in April 2023 and proposes detailed reforms based on feedback received to date. The proposed reforms are intended to simplify Australia’s AML/CTF regime, while expanding it to cover a wider range of businesses and virtual asset service providers.

The Department highlighted:

Australia is one of a handful of countries that are not meeting the Financial Action Task Force’s requirement to regulate lawyers, accountants, trust and company service providers, real estate agents and dealers in precious metals and stones [tranche two entities].

The second stage consultation, ‘Reforming Australia’s anti-money laundering and counter-terrorism financing regime’ proposes to expand the scope of ‘designated services’ which are regulated under the AML/CTF Act to include certain services under the tranche two sectors. This will impose AML/CTF obligations on previously unregulated entities, including an enrolment requirement with the Australian Transaction Reports and Analysis Centre (AUSTRAC).

The consultation comprises an overview document and five targeted papers:

Paper 1 – Further information for real estate professionals

Paper 2 – Further information for professional service providers

Paper 3 – Further information for dealers in precious metals and precious stones

Paper 4 – Further information for digital currency exchange providers (DCEs), remittance service providers and financial institutions

Paper 5 – Broader reforms to simplify, clarify and modernise the regime

The first three papers address AML/CTF vulnerabilities in tranche two sectors, suggesting a list of services in each sector which should be categorised as a ‘designated service’ under the AML/CTF Act 2006 (Cth) (the AML/CTF Act). Paper 4 proposes expanding the scope of regulated services concerning digital currencies, suggesting among other things, the replacement of the term ‘digital currency’ in the AML/CTF Act with ‘digital asset’. Paper 5 sets out a number of proposals to simplify, clarify and modernise the AML/CTF regime.

Paper 4 promises significant reforms in relation to digital currencies including:

  • A transition from regulating “digital currencies” to “digital assets” bringing a broader range of digital assets within the AML/CTF regime, including broader coverage of stablecoins and potentially non-fungible tokens;
  • The addition of new categories of designated services relating to digital assets, including businesses involving exchange between digital assets, digital asset custody, digital asset transfers and participation in initial offerings;
  • The extension of the travel rule to digital assets, potentially including transfers to self-hosted wallets;
  • The extension of requirements to make international fund transfer instruction reports (or IFTIs) in relation to digital asset transfers above certain thresholds.

The proposed reforms follows other jurisdictions such as the UAE and Cayman Islands which revised their AML/CTF rules to escape or avoid being placed on FATF’s ‘grey list’. While Australia is a founding member of the FATF, they have previously failed to comply with 16 of the 40 FATF standards. Australia’s reforms are expected to be implemented ahead of a FATF review expected in 2026-2027.

The reforms would mark a significant expansion of the scope of the existing AML/CTF regime, including as it relates to persons and businesses dealing in digital assets. It is important that the reforms take into account practical considerations in relation to digital assets, including key definitions and challenges such as self-hosted wallets and the sunset problem, to ensure that the regime is workable and fit-for-purpose. Accordingly, industry participation will be vital in shaping legislation.

Submissions can be made through the Attorney-General Department’s website until 13 June 2024. The Department welcomes opinions from stakeholders, current and potential prospective reporting entities among others. The Attorney-General’s Department will also host roundtable discussions for ‘affected sectors on sector-specific issues’.

Written by Steven Pettigrove and Kelly Kim


Binance’s CZ sentenced to serve time following plea deal

The enigmatic billionaire former CEO of Binance has been sentenced to 4 months in prison in the United States.

Changpeng “CZ” Zhao was sentenced by US Federal judge after prosecutors sought a three year sentencing submissions, saying the:

scope and ramifications of Zhao’s misconduct were massive

The prosecutor’s sentencing submission opening with a quote from CZ to his staff saying “Better to ask forgiveness than permission”. However, CZ’s lawyers had sought a sentence of probation only, arguing that in comparison to banking industry cases concerning breaches of anti-money laundering laws:

no defendant in a remotely similar … case has ever been sentenced to incarceration

The guidelines for sentencing suggested an 18 month sentence would be appropriate, so the 4 month sentence will be viewed as a win for CZ.

The US Department of Justice, together with the Treasury Department and the Commodity Futures Trading Commission (CFTC), reached a plea deal last year under which Binance and CZ pleaded guilty to anti-money laundering and US sanctions violations in connection with failed controls on the Binance platform. Binance agreed to pay a USD$4.3B fine and CZ stepped down as CEO of Binance. CZ had voluntarily travelled to the US for the trial and had been free on a US$175M bond prior to hearing, meeting with tech luminaries and politicians.

The US Securities and Exchange Commission (SEC) was not a party to the proceedings and with Binance facing a class action in Canada, as well as staff being arrested in Nigeria, it remains to be seen if the SEC will bring a prosecution against Binance, or whether this will mark the beginning of the end of large prosecutions of digital currency exchanges in the US and a move towards licensing and regulation.

Written by Michael Bacina


Motions fly as Tornado Cash case twists and turns

The United States Department of Justice (DOJ) is standing firm following a defence motion to dismiss charges against Roman Storm, one of the co-founders of Tornado Cash. In its 111-page response filed in the District Court of New York, the DOJ contends that crucial facts in the case are in dispute and should be left for a jury to decide.

Storm and fellow developer Roman Semenov are accused of conspiring to commit money laundering, running an unlicensed money transmitting business, and breaching sanctions laws in connection with their role in developing the Tornado Cash platform. US authorities allege that groups like North Korea’s Lazarus Group exploited Tornado Cash for money laundering activities.

Storm pleaded not guilty to all charges in September 2023 and was released on a $2 million bond shortly after his arrest. In late March 2024, Storm’s legal team moved to dismiss the indictment. Semenov also argues that he contributed to the code design of the protocol, but isn’t responsible for its usage.

The defence argues that Tornado Cash doesn’t meet the criteria of a “financial institution” which would be required to apply anti-money laundering measures. The defence also alleges that Storm lacked control over the service to prevent its misuse after immutable smart contracts were deployed on the Ethereum blockchain.

The prosecution countered that Storm played a pivotal role in operating the cryptocurrency mixer, facilitating criminal anonymity. They criticised the co-founders for failing to implement adequate Know Your Customer and sanctions screening measures to block sanctioned addresses.

The legal standoff unfolds amidst the US government’s intensified crackdown on crypto-mixing services.

Last week, the founders of Samourai Wallet, Keonne Rodriguez and William Hill, were arrested and charged with conspiracy to commit money laundering and operating an unlicensed money transmitting business. These charges carry significant penalties, with a maximum sentence of 20 years for money laundering conspiracy and five years for operating an unlicensed money transmitting business.

The DOJ’s enforcement action against Tornado Cash has seen mixed reactions from blockchain enthusiasts and industry professionals alike. Amanda Tuminelli, Chief Legal Officer at the DeFi Education Fund, was critical of the DOJ’s “misapplication of the law” in her thread on X which she said would “ruin [the] weekend” of those who read the full DOJ document:

The legal battle will likely have broader ramifications for software developers as the Government seeks to make the Tornado Cash founders liable for the acts of third parties who exploited the autonomous smart contracts underpinning the protocol. The forthcoming trial will likely define the boundaries of legitimate software development activities and developers’ liability where that software facilitates illicit funds flows.

Written by Steven Pettigrove and Luke Higgins


Philippines KOs offshore exchanges

The Securities and Exchange Commission (SEC) of the Philippines has ordered tech giants Apple and Google to remove the Binance app from app stores, citing regulatory and investor concerns.

The SEC released a statement in which Emilio B. Aquino, Chairperson of the SEC, suggested Binance was operating as an unregistered broker and selling unregistered securities to Filipinos.

The SEC has identified [Binance] and concluded that the public’s continued access to these websites/apps poses a threat to the security of the funds of investing Filipinos

Last year, the SEC warned the public against investing in and using Binance and began exploring means for blocking the company’s website and apps. The regulator took steps to block access to the Binance website last month following a transition period to allow users to withdraw funds.

[Removing and blocking applications of Binance will] prevent the further proliferation of its illegal activities in the country, and to protect the investing public from its detrimental effects on our economy

Binance operates the largest cryptocurrency exchange in the world, but it has faced a series of legal setbacks in recent months. Binance’s founder, Changpeng Zhao (AKA CZ) stepped down as CEO at the end of last year and was sentenced to four months prison this week over AML/CTF breaches.

The SEC’s actions follow a broader crackdown on unlicensed crypto exchanges offering services in the country. It is also part of a broader global trend to regulate and licence crypto exchanges domestically and restrict access to offshore offerings. Binance itself has taken steps to seek licensing in local jurisdictions, recently becoming the first virtual exchange to obtain an operational MVP licence in Dubai from the Virtual Assets Regulatory Authority.

Written by Steven Pettigrove and Luke Misthos


On chain sleuths trace North Korean hackers

The Lazarus Group (also known as APT38, BlueNorOff and various other names) is a hacker group believed to be affiliated with the North Korean government. Since at least 2009, it has been actively involved in large scale cyber-attacks, leveraging sophisticated techniques to target both private and public entities for monetary gain. In recent times, the Group targeted blockchain protocols, including the high-profile Ronin Bridge hack in early 2022 and the Harmony Bridge exploit in 2023.

A 15 month investigation led by ZachXBT, a blockchain researcher noted for tracing and revealing on chain hacks and exploits, found that the Group laundered nearly USD$200M worth of cryptocurrency into fiat across 2020 to 2023. Industry leaders from MetaMask, Binance Security Team, TRM Labs and Five I’s combined their expertise to assist in the on-chain analysis of over 25 hacks, across different blockchains.

The report details various techniques used by the North Korean group, from security breaches, software bugs enabling unauthorised withdrawals, remotely accessing computers, compromising private keys to sending phishing emails. Once illicit funds were acquired by the group, they passed through multiple channels including crypto mixers, peer-to-peer (P2P) marketplaces and exchange services.

According to ZachXBT’s findings, the Group employed the sanctioned mixer Tornado Cash and ChipMixer, which was been subject to a coordinated international takedown in 2023. To further complicate tracing, the Group leveraged P2P exchanges including Noones and Paxful, making deposits in batches, totalling USD$44M over July 2022 to November 2023.

ZachXBT reflected on the grim findings in a tweet:

Despite this worrying trend, ZachXBT’s investigations highlight the power of on-chain analytics tools in tracing the movement of illicit funds, including identifying the channels used for laundering funds and off-ramping. While combating cybercrimes, in particular those involving cryptocurrency remains a persistent challenge, blockchain’s very transparency holds the keys to tracing wrongdoers, better intelligence sharing and coordinated action to prevent future attacks.

Written by Steven Pettigrove and Kelly Kim