Taiwan’s Crypto Framework Bill Passed Parliament

Check out the biggest breaking crypto market updates for today:

Taiwan Officially Proposes Crypto Bill With First Reading Passed At Parliament

The Virtual Asset Management Bill, a crypto bill introduced by Taiwanese legislators has reportedly passed the first reading at Taiwan’s Legislative Yuan. 

The bill seeks to provide “better protection” for customers and “properly supervise” the industry. It suggests mandating risk mitigation practices for virtual asset service providers (VASPs), such as separating customer funds from the company’s reserve funds, establishing an internal control and audit system, and joining the local trade association. 

Yung-Chang Chiang, a member of the Legislative Yuan who jointly proposed the special act, stated, 

“After the first reading of the bill, discussions on the regulatory framework for the virtual asset industry have progressed to the next stage. We hope that the Financial Supervisory Commission can also submit their version of a draft bill to the legislature, allowing various sectors of society to further consolidate consensus during the process.” 

While Taiwan’s FSC last month released guidelines for the crypto sector to form its own self-supervisory rules through a potential industry association, such measures lack legal enforceability, the lawmaker said. 

“In this case, under the authority of this special law, regulatory authorities can impose administrative penalties on operators who violate these self-regulation rules. Without such a special law, the regulators would lack the ability to impose penalties,” Chiang said earlier this month at a parliament hearing.” 

The special crypto law, proposed by Chiang and 16 other lawmakers, would require all crypto platforms operating in Taiwan to apply for a permit. If they failed to, regulators could order them to cease operations. 

There is no specific timeline for the second reading of the bill, but it may not occur by the end of January 2024, according to Chiang’s office. The current tenure of all lawmakers in Taiwan ends next January. 

Currently, Taiwan has required virtual asset services providers to comply with anti-money laundering laws ince the FSC introduced anti-money laundering rules in July 2021. Otherwise, the crypto industry remains largely unregulated.

UK Bill For Seizing Illicit Crypto Finally Becomes Law

The Economic Crime and Corporate Transparency Bill – a bill that seeks to grant UK law enforcement agencies the power to seize and freeze crypto assets used for crime – has officially become law after receiving the King’s approval on Thursday. 

The bill covers a range of criminal activities from drug trafficking to cybercrime and allows local cops to seize crypto with criminal links even without a conviction. 

The bill was introduced last September, and since then amendments have been added to ensure the measures were extended to cover terrorism. 

Separate provisions to help authorities seize other assets that can help identify crypto linked to crime were also added. It was passed by the Parliament on Wednesday. 

Although the U.K. has expressed a desire to become a global hub for crypto and has passed some legislation to legitimize crypto in the country, it has also been clamping down on crypto crime and scams. Law enforcement agencies have already seized hundreds of millions of pounds worth of crypto tied to criminal activity and have placed crypto tactical advisers in police departments nationwide to assist in investigations.

Fireblocks UniPass Wallet Tackle Ethereum ERC-4337 Account Abstraction Vulnerability

Crypto infrastructure firm Fireblocks has reportedly identified and assisted in tackling an ERC-4337 account abstraction vulnerability in the smart contract wallet UniPass. 

Fireblocks described it as the first account abstraction vulnerability within the Ethereum ecosystem. The vulnerability was discovered during a white hat hacking operation and was found in hundreds of mainnet wallets. According to Fireblocks, the vulnerability would allow a potential attacker to carry out a full account takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process. 

As per Ethereum’s developer documentation on ERC-4337, account abstraction allows for a shift in the way transactions and smart contracts are processed by the blockchain to provide flexibility and efficiency. 

Conventional Ethereum transactions involve two types of accounts: externally owned accounts (EOAs) and contract accounts. 

EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by the code of a smart contract. 

When an EOA sends a transaction to a contract account, it triggers the execution of the contract’s code. 

Account abstraction introduces the idea of a meta-transaction or more generalized abstracted accounts. Abstracted accounts are not tied to a specific private key and are able to initiate transactions and interact with smart contracts, just like an EOA. 

As Fireblocks explains, when an ERC-4337-compliant account executes an action, it relies on the Entrypoint contract to ensure that only signed transactions get executed. These accounts typically trust an audited single EntryPoint contract to ensure that it receives permission from the account before executing a command.

Fireblocks said: 

“It’s important to note that a malicious or buggy entrypoint could, in theory, skip the call to “validateUserOp” and just call the execution function directly, as the only restriction it has is that it’s called from the trusted EntryPoint.” 

According to Fireblocks, the vulnerability allowed an attacker to gain control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once the account takeover was complete, an attacker would be able to access the wallet and drain its funds. 

Several hundred users who had the ERC-4337 module activated in their wallets were vulnerable to the attack, which could be performed by any actor on the blockchain. 

The wallets in question only held small amounts of funds, and the issue has been mitigated at an early stage. 

Having ascertained that the vulnerability could be exploited, Fireblocks’ research team managed to carry out a white hat operation to patch the existing vulnerabilities. This involved actually exploiting the vulnerability: 

“We shared this idea with the UniPass team, who took it upon themselves to implement and run the whitehat operation.” Fireblocks said. 

Ethereum co-founder Vitalik Buterin previously outlined challenges in expediting the proliferation of account abstraction functionality, which includes the need for an Ethereum Improvement Proposal (EIP) to upgrade EOAs into smart contracts and ensure the protocol works on layer-2 solutions.

Luke Baldwin