The SEC has dropped its cases against Uniswap, Coinbase, and Robinhood’s crypto unit, marking a shift in its approach to crypto regulation. For years, the SEC has claimed that many crypto tokens are unregistered securities and that platforms offering them operate as illegal exchanges. These legal battles have drained companies of millions in legal fees and stifled innovation in the industry.
Uniswap was under investigation for potentially running an unregistered securities exchange, with questions about whether its governance token, UNI, qualified as a security. Coinbase faced a lawsuit that sought to regulate it like a traditional stock exchange. Robinhood’s crypto unit was also under scrutiny. Now, all three cases have been dropped, allowing these companies to focus on growth rather than fighting bureaucratic overreach.
The SEC justifies its existence by claiming to protect investors, but its actions often do more harm than good (famously failing to prevent the Bernie Madoff Ponzi scheme despite multiple warnings).
In traditional finance, companies issuing stocks must register with the SEC and provide disclosures. The SEC has attempted to force these same rules onto crypto, ignoring the technology’s decentralized nature. Their enforcement-first approach has created uncertainty while failing to curb actual fraud.
The reality is that crypto doesn’t need the SEC’s heavy-handed intervention. Markets function best when individuals are free to assess risk and make their own decisions. The dismissal of these cases is a win for innovation, but as long as regulators continue their attempts to control decentralized networks, the fight isn’t over.
Mid 🤝
Largest Theft In History
​
The recent ByBit hack, orchestrated by North Korea’s Lazarus Group, is now officially the largest theft in history, surpassing even Saddam Hussein’s infamous 2003 bank heist, where he stole nearly $1 billion. This time, the hackers made off with a staggering $1.46 billion in crypto assets.
While the full attack vector is still under investigation, a clearer picture is emerging. The breach originated from a compromised machine belonging to a Safe{Wallet} developer. With access to this machine, the attackers deployed a malicious JavaScript payload directly into Safe{Wallet}’s productionAWS S3 bucket, a critical infrastructure component serving frontend resources.
From there, all they had to do was wait. When ByBit’s signers initiated their next cold wallet transaction, the compromised UI detected the event and swapped the legitimate transaction with a fraudulent one. Because the signers trusted Safe{Wallet}’s hosted interface, the malicious transaction was unknowingly approved and executed.
Diagram showing a simplified overview of the attack
The implications extend far beyond ByBit. Safe{Wallet}’s UI is widely used across the crypto industry, meaning many other companies could have been at risk. This incident underscores the severe risks of supply chain attacks and the dangers of relying too heavily on third-party software, especially for high-value transactions.
Where do we go from here? If even Safe{Wallet}’s UI isn’t safe to use, what alternatives do users have? I won’t overstate it, but this is a serious concern. At the end of the day, you must always know what you’re signing. Relying on local transaction building and triple-checking the calldata before signing should be heavily encouraged. Because in the end, how much paranoia is too much when you’re securing wallets holding over $1 billion?
1. While writing your Solidity, use the --watch flag with forge build. This will save you a lot of time recompiling: forge build --watch
Foundry auto compiles when you make changes to your source code.
​
2. Ever wanted to quickly make docs that you can host for your Foundry project? Run forge doc --serve --port 4000 then go to http://localhost:4000 to see some pretty professional looking docs.
​
​
See you next Thursday!
Got thoughts on this week’s newsletter? Reply to this email or DM me. I’d love to hear from you!
​
Disclaimer: The views and opinions expressed in this newsletter are my own and do not reflect those of my employer or any affiliated organizations. Nothing in this publication constitutes financial, legal, or investment advice.
Blaine Malone
Join '3 Thoughts Thursday', the weekly crypto newsletter.
High to Low Cypherpunk Values 📜 No More Bridging 🌉 Weekly Foundry Command 🔨 High 🌎 Cypherpunk Values 📜 Throughout my 9 years in crypto, I’ve consistently believed we could improve onboarding by effectively communicating cypherpunk values. My rationale is simple: if we articulate these values clearly, I believe most people would naturally align with them. If you're unfamiliar with the Cypherpunk Manifesto, I highly recommend reading the original version and the recent Ethereum adaptation by...
High to Low Whats up down with $ETH? 💰 @ParaSwap Pay Up! 💸 Weekly Foundry Commands High 🌎 Whats up down with $ETH? 💰 I don’t usually focus on prices, but there’s been a lot of chatter lately about Ethereum’s recent dip. The total crypto market cap is still hovering around $2.7 trillion, roughly the same as 123 days ago. Yet, in that same window, $ETH has fallen by about 40%. So what’s behind the discrepancy? A lot of people act like they know exactly why prices move the way they do. I’m not...
High to Low Dusting Off the Classic 2017 Altcoin Portfolio Bullish on Pectra Weekly Foundry commands High 🌎 Dusting Off the Classic 2017 Altcoin Portfolio Donald Trump’s announcement of a U.S. "Crypto Strategic Reserve" has been making waves this week. The former president, who I remember dismissed Bitcoin as a scam, is now positioning the United States as the “Crypto Capital of the World.” If 2017 me had heard this news, I would have been over the moon. Back then, the idea of the U.S....
