Architechnosecurigeek. Tinkerer. General trouble maker.
542 stories
·
9 followers

Three Arrows Capital crypto hedge fund defaults on Voyager loan

1 Comment and 2 Shares

Prominent crypto hedge fund Three Arrows Capital has defaulted on a loan worth more than $670 million. Digital asset brokerage Voyager Digital issued a notice on Monday morning, stating that the fund failed to repay a loan of $350 million in the U.S. dollar-pegged stablecoin, USDC, and 15,250 bitcoin, worth about $323 million at today’s prices.

3AC’s solvency crunch comes after weeks of turmoil in the crypto market, which has erased hundreds of billions of dollars in value. Bitcoin and ether are both trading slightly lower in the last 24 hours, though well off their all-time highs. Meanwhile, the overall crypto market cap sits at about $950 billion, down from around $3 trillion at its peak in Nov. 2021.

Voyager said it intends to pursue recovery from 3AC (Three Arrows Capital). In the interim, the broker emphasized that the platform continues to operate and fulfill customer orders and withdrawals. That assurance is likely an attempt to contain fear of contagion through the wider crypto ecosystem.

“We are working diligently and expeditiously to strengthen our balance sheet and pursuing options so we can continue to meet customer liquidity demands,” said Voyager CEO Stephen Ehrlich.

As of Friday, Voyager said it had approximately $137 million in U.S. dollars and owned crypto assets. The company also noted that it has access to a $200 million cash and USDC revolver, as well as a 15,000 bitcoin ($318 million) revolver from Alameda Ventures.

Last week, Alameda (FTX founder Sam Bankman-Fried’s quantitative trading firm) committed $500 million in financing to Voyager Digital, a crypto brokerage. Voyager has already pulled $75 million from that line of credit.

“The default of 3AC does not cause a default in the agreement with Alameda,” the statement said.

CNBC did not immediately receive a comment from 3AC.

How did 3AC get here?

Three Arrows Capital was established in 2012 by Zhu Su and Kyle Davies.

Zhu is known for his incredibly bullish view of bitcoin. He said last year the world’s largest cryptocurrency could be worth $2.5 million per coin. But in May this year, as the crypto market began its meltdown, Zhu said on Twitter that his “supercycle price thesis was regrettably wrong.”

The onset of a new so-called “crypto winter” has hurt digital currency projects and companies across the board.

Three Arrow Capital’s problems appeared to begin earlier this month after Zhu tweeted a rather cryptic message that the company is “in the process of communicating with relevant parties” and is “fully committed to working this out.”

There was no follow-up about what the specific issues were.

But the Financial Times reported after the tweet that U.S.-based crypto lenders BlockFi and Genesis liquidated some of 3AC’s positions, citing people familiar with the matter. 3AC had borrowed from BlockFi but was unable to meet the margin call.

A margin call is a situation in which an investor has to commit more funds to avoid losses on a trade made with borrowed cash.

Then the so-called algorithmic stablecoin terraUSD and its sister token luna collapsed.

3AC had exposure to Luna and suffered losses.

“The Terra-Luna situation caught us very much off guard,” 3AC co-founder Davies told the Wall Street Journal in an interview earlier this month.

VIDEO6:0806:08
What’s going on in the crypto market right now?

Contagion risk?

Three Arrows Capital is still facing a credit crunch exacerbated by the continued pressure on cryptocurrency prices. Bitcoin hovered around the $21,000 level on Monday and is down about 53% this year.

Meanwhile, the U.S. Federal Reserve has signaled further interest rate hikes in a bid to control rampant inflation, which has taken the steam out of riskier assets.

3AC, which is one of the biggest crypto-focused hedge funds, has borrowed large sums of money from various companies and invested across a number of different digital asset projects. That has sparked fears of further contagion across the industry.

“The issue is that the value of their [3AC’s] assets as well has declined massively with the market, so all in all, not good signs,” Vijay Ayyar, vice president of corporate development and international at crypto exchange Luno, told CNBC.

“What’s to be seen is whether there are any large, remaining players that had exposure to them, which could cause further contagion.”

Already, a number of crypto firms are facing liquidity crises because of the market slump. This month, lending firm Celsius, which promised users super high yields for depositing their digital currency, paused withdrawals for customers, citing “extreme market conditions.”

Another crypto lender, Babel Finance, said this month that it is “facing unusual liquidity pressures” and halted withdrawals.

— CNBC’s Ryan Browne contributed to this report.

Read the whole story
petrilli
1 day ago
reply
"How did it get here?" Because the entire cryptocurrency world is a ponzi scanm?
Arlington, VA
acdha
1 day ago
reply
Washington, DC
Share this story
Delete

Twitter to allow Musk to speak at an all-hands call

1 Comment

A decision that either demonstrates a whole lot of confidence Musk will still be purchasing Twitter or is just extremely reckless, has apparently been made by Twitter CEO Para Agrawal. Certainly, Agrawal knows things we all do not, but if Musk doesn't buy his company the damage done by this failed acquisition will certainly be sizeable. — Read the rest

Read the whole story
petrilli
15 days ago
reply
I'm going to go with extremely reckless.
Arlington, VA
Share this story
Delete

Taiwan Restricts Russia, Belarus to CPUs Under 25 MHz Frequency

1 Comment
Taiwanese government effectively bans all high-tech exports to Russia and Belarus.

Read the whole story
petrilli
27 days ago
reply
Ouch that's gonna hurt.
Arlington, VA
Share this story
Delete

DEA Investigating Breach of Law Enforcement Data Portal

1 Comment

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Unidentified hackers shared this screenshot of alleged access to the Drug Enforcement Administration’s intelligence sharing portal.

On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA.

KrebsOnSecurity shared information about the allegedly hijacked account with the DEA, the Federal Bureau of Investigation (FBI), and the Department of Justice, which houses both agencies. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.

“DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the agency said in a statement shared via email.

According to this page at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA.

A document published by the Obama administration in May 2016 (PDF) says the DEA’s El Paso Intelligence Center (EPIC) systems in Texas are available for use by federal, state, local and tribal law enforcement, as well as the Department of Defense and intelligence community.

EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA uses to identify property thought to have been purchased with the proceeds of criminal activity (think fancy cars, boats and homes seized from drug kingpins).

“The EPIC System Portal (ESP) enables vetted users to remotely and securely share intelligence, access the National Seizure System, conduct data analytics, and obtain information in support of criminal investigations or law enforcement operations,” the 2016 White House document reads. “Law Enforcement Inquiry and Alerts (LEIA) allows for a federated search of 16 Federal law enforcement databases.”

The screenshots shared with this author indicate the hackers could use EPIC to look up a variety of records, including those for motor vehicles, boats, firearms, aircraft, and even drones.

Claims about the purloined DEA access were shared with this author by “KT,” the current administrator of the Doxbin — a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly.

As KrebsOnSecurity reported earlier this year, the previous owner of the Doxbin has been identified as the leader of LAPSUS$, a data extortion group that hacked into some of the world’s largest tech companies this year — including Microsoft, NVIDIA, Okta, Samsung and T-Mobile.

That reporting also showed how the core members of LAPSUS$ were involved in selling a service offering fraudulent Emergency Data Requests (EDRs), wherein the hackers use compromised police and government email accounts to file warrantless data requests with social media firms, mobile telephony providers and other technology firms, attesting that the information being requested can’t wait for a warrant because it relates to an urgent matter of life and death.

From the standpoint of individuals involved in filing these phony EDRs, access to databases and user accounts within the Department of Justice would be a major coup. But the data in EPIC would probably be far more valuable to organized crime rings or drug cartels, said Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley.

Weaver said it’s clear from the screenshots shared by the hackers that they could use their access not only to view sensitive information, but also submit false records to law enforcement and intelligence agency databases.

“I don’t think these [people] realize what they got, how much money the cartels would pay for access to this,” Weaver said. “Especially because as a cartel you don’t search for yourself you search for your enemies, so that even if it’s discovered there is no loss to you of putting things ONTO the DEA’s radar.”

The DEA’s EPIC portal login page.

ANALYSIS

The login page for esp.usdoj.gov (above) suggests that authorized users can access the site using a “Personal Identity Verification” or PIV card, which is a fairly strong form of authentication used government-wide to control access to federal facilities and information systems at each user’s appropriate security level.

However, the EPIC portal also appears to accept just a username and password, which would seem to radically diminish the security value of requiring users to present (or prove possession of) an authorized PIV card. Indeed, KT said the hacker who obtained this illicit access was able to log in using the stolen credentials alone, and that at no time did the portal prompt for a second authentication factor.

It’s not clear why there are still sensitive government databases being protected by nothing more than a username and password, but I’m willing to bet big money that this DEA portal is not only offender here. The DEA portal esp.usdoj.gov is listed on Page 87 of a Justice Department “data inventory,” which catalogs all of the data repositories that correspond to DOJ agencies.

There are 3,330 results. Granted, only some of those results are login portals, but that’s just within the Department of Justice.

If we assume for the moment that state-sponsored foreign hacking groups can gain access to sensitive government intelligence in the same way as teenage hacker groups like LAPSUS$, then it is long past time for the U.S. federal government to perform a top-to-bottom review of authentication requirements tied to any government portals that traffic in sensitive or privileged information.

I’ll say it because it needs to be said: The United States government is in urgent need of leadership on cybersecurity at the executive branch level — preferably someone who has the authority and political will to eventually disconnect any federal government agency data portals that fail to enforce strong, multi-factor authentication.

I realize this may be far more complex than it sounds, particularly when it comes to authenticating law enforcement personnel who access these systems without the benefit of a PIV card or government-issued device (state and local authorities, for example). It’s not going to be as simple as just turning on multi-factor authentication for every user, thanks in part to a broad diversity of technologies being used across the law enforcement landscape.

But when hackers can plunder 16 law enforcement databases, arbitrarily send out law enforcement alerts for specific people or vehicles, or potentially disrupt ongoing law enforcement operations — all because someone stole, found or bought a username and password — it’s time for drastic measures.

Read the whole story
petrilli
46 days ago
reply
Wait, so are these the people we're supposed to "trust" with crypto backdoors?

Nope.
Arlington, VA
Share this story
Delete

Twitter CEO Parag Agrawal Fires Company’s Heads of Product and Revenue

2 Comments

Kayvon Beykpour, who’d been head of product at Twitter since 2018:

Interrupting my paternity leave to share some final @twitter-related news: I’m leaving the company after over 7 years.

The truth is that this isn’t how and when I imagined leaving Twitter, and this wasn’t my decision. Parag asked me to leave after letting me know that he wants to take the team in a different direction.

While I’m disappointed, I take solace in a few things: I am INSANELY proud of what our collective team achieved over the last few years, and my own contribution to this journey. [...] I’m proud that we changed the perception around Twitter’s pace of innovation, and proud that we shifted the culture internally to make bigger bets, move faster, and eliminate sacred cows.

Beykpour arrived at Twitter after their acquisition of Periscope, a product that, in hindsight, has proven to have been ahead of its time. I bet we hear from Beykpour again.

As reported by TechCrunch, the other executive canned by Agrawal was revenue product lead Bruce Falck, who wasted no time updating his Twitter bio.

Why would Agrawal make these moves now, while Twitter’s future — including Agrawal’s, to be clear — is completely up in the air? Idea 1: Agrawal has reason to believe the Musk acquisition is going to fall through, so he’s managing the company as he sees fit. Idea 2: Agrawal thinks the deal is going through and is trying to keep his job as CEO by doing what he thinks (or knows) Musk wants done.

Read the whole story
petrilli
46 days ago
reply
As someone who worked for the current CEO, I can say it's entirely #2. He's auditioning for asshole in chief.
Arlington, VA
Share this story
Delete

Deep End

1 Comment and 7 Shares
Hey! No running in the back-arc basin!
Read the whole story
petrilli
53 days ago
reply
Arlington, VA
Share this story
Delete
1 public comment
dukeofwulf
53 days ago
reply
I can't believe he left out the formation of hot tubs in the diagram. Crucial to the pool cycle.
Next Page of Stories