The SEC also found that Tai Mo Shan had acted as a statuary underwriter for the Terra sister token Luna, which was an unregistered security.
Tai Mo Shan agreed to the fine, and to a prohibition on future violations of securities laws.
SEC fines Jump Crypto subsidiary $123 million
The SEC has levied a $123 million fine against Jump Crypto subsidiary Tai Mo Shan, which was part of a secret deal with Terraform Labs to help prop up the floundering Terra stablecoin in May 2021. Jump spent $20 million to help the supposedly “self-healing” stablecoin regain its $1 peg, earning about $1.28 billion in the process, and Terraform Labs CEO Do Kwon would later claim that the restoration to a $1 price was thanks to an automatic feature of the Terra project and not some backroom deal. This lie by Terraform Labs and Jump Crypto helped build confidence in the sustainability of the Terra token, which collapsed horrendously a year later.
- “Tai Mo Shan to Pay $123 Million for Negligently Misleading Investors About Stability of Terra USD”, U.S. Securities and Exchange Commission [archive]
Per a court order, Oasis rewrites the rules for Jump Crypto to recover stolen assets
In a world where "code is law", crypto users don't necessarily expect that the smart contracts might change out from under them — particularly given contracts are often assumed to be immutable once they're deployed. However, for various reasons including the need to patch bugs in deployed contracts, some projects use upgradable smart contracts.
This decision was what allowed Jump Crypto to obtain a court order requiring the Oasis platform to "upgrade" a smart contract in such a way that Jump Crypto could remove stolen funds from where the hacker had placed them on the Oasis protocol. Oasis released a defensive statement, writing that their cooperation in the recovery was "only possible due to a previously unknown vulnerability in the design of the admin multisig access", and that "we will be making no further comment at this time". Oasis is a frontend for the MakerDAO project, which was originally started as part of MakerDAO but later spun into a separate entity, though it still appears to enjoy preferred status by MakerDAO.
The stolen funds in question were the proceeds of the February 2022 Wormhole bridge exploit, in which attackers stole 120,000 wETH (then ~$326 million; now $192 million). After the hack, Wormhole's parent company Jump Crypto plugged the hole left by the hack with their own funds. Since then, the attackers have been moving the funds throughout the cryptocurrency ecosystem, even taking out a highly-leveraged position on in Lido-staked Ether last month.
Ultimately, Jump was able to recover around $140 million via their "counter-exploit". While many celebrated the recovery, some were concerned about the precedent of a so-called defi platform changing a smart contract to remove funds from a wallet at the direction of a court. Some described the upgradability as a "backdoor". "If they'd do it for Jump, what does that say about possible coercion via state actors?" wrote one trader on Twitter.
Wormhole, a cross-blockchain bridge, is hacked for more than $320 million in one of the largest hacks to date
The Wormhole Network is a blockchain bridge between Solana and various other blockchains, allowing assets to be traded across the different and not otherwise interoperable chains. After an attacker was able to spoof a guardian account, Wormhole was exploited on February 2 for 120,000 wETH, or about $326 million. The network was taken down for maintenance, and Wormhole promised that "ETH will be added over the next hours to ensure wETH is backed 1:1". The parent company of Wormhole, Jump Trading, replaced the funds that had been drained; meanwhile, Wormhole offered a $10 million bounty to try to tempt the attacker into returning the funds. The hack was the fourth-largest cryptocurrency theft of all time, trailing behind the $480 million Mt. Gox theft in 2014, the $547 million Coincheck theft in 2018, and the $611 million Poly Network theft (that was later returned) in 2021.