Happy Monday. Or maybe not so happy, if you were depending on Google for your job. Here are our top stories today.
The Amazon of DeFi?
That's what Yearn Finance is rapidly becoming as a result of acquisitions and partnerships, CoinDesk's Brady Dale suggests in a big-picture analysis this morning. If Bezos' behemoth has become synonymous in consumers' minds with low prices, wide delivery and ample selection, Cronje's creation could achieve similar status among the "degens" of decentralized finance by delivering low fees, high yields and a wide selection of risk profiles. Hmm, a financial supermarket. Where have we heard that one before?
Nexus Mutual CEO hacked
But not Nexus itself. The DeFi insurer's chief, Hugh Karp, is out $8M worth of its NXM tokens thanks to a wily attacker. Karp is being gracious about it, though. "If you return the NXM in full, we will drop all investigations and I will grant you a $300K bounty," he told his unknown assailant on Twitter.
Bitcoin is still on track to hit a new high of $20,000 in the coming weeks, several analysts told CoinDesk markets reporter Omkar Godbole. MicroStrategy borrowing $650 million to buy more of the digital gold is one factor that drove the price up over the weekend. But leveraged bets are a risky strategy, for pros only, and even Vitalik is warning; don't try this at home, kids.
The U.S. government is fanatical about collecting data. Securing it? Not so much.
Over the weekend, it emerged that several U.S. federal agencies and potentially thousands of international corporations have likely had their communications networks compromised, in what appears to be the most sophisticated act of espionage in the past decade.
Reports indicate that malicious actors, likely backed by the Russian state, have hacked their way to troves of sensitive information at the U.S. Treasury and Commerce departments. A routine code update introduced spyware onto a key piece of management software developed by SolarWinds. Not much has been publicly confirmed, though it appears these hackers have had free access to much of the Treasury and Commerce departments' email systems dating back to the spring of this year.
Yet, the damage could be far more widespread: SolarWinds also counts the Secret Service, the Defense Department, the Federal Reserve, Lockheed Martin and the National Security Agency, among its customers.
The attack serves as the latest reminder of the amount of personal, professional and publicly sensitive information that transverses the internet and is held in sometimes insecure databases. Over the past several decades, government and corporate agencies have amassed vast quantities of data – on both companies and individuals – all potentially subject to exploitation. Knowing what types of data, how it's stored, how long it's kept by government or corporate institutions is often the exception. Far more frequently, these information stores are black boxes.
Last week, CoinDesk's privacy reporter Ben Powers detailed how the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Treasury Department responsible for snooping out and eliminating crime in financial systems, maintains a database of detailed personal and business information.
In its mission to acquire and disseminate data related to crime, FinCEN has a window into the world of the global economy. This includes information related to suspicious activity reports (SARs), a form of documentation that came into the public light after publication of the FinCEN Files. SARs are filed by banks, and other financial institutions, to alert federal watchdogs of sketchy behavior, but in themselves are not confirmations of any wrongdoing.
Powers' report focused on the fact that much of this data may never be deleted and is hackable, just like any online system.
"I don't think data retention is seriously thought about at the government level," Michael Yaeger, a shareholder at the law firm of Carlton Fields, told Powers. "They specify how long they retain it at the bank level, but the government doesn't. It's not in the habit of destroying data."
In a memo late last week, FinCEN clarified there is no limit on "the sharing of personally identifiable information" between private financial institutions, like banks or cryptocurrency exchanges, under the 2001 Patriot Act's safe-harbor provisions. In fact, the U.S. agency is encouraging these institutions to share information, while lowering the bar to what may be deemed pertinent.
"Overall, the sheet seemingly lowers the obstacles for further sharing of personal customer information among banks, the threshold of what qualifies as "suspicious" activity and whether the entities sharing customer information even need to be financial institutions," Powers wrote in a second article, co-authored by CoinDesk's regulatory maven Nikhilesh De and Executive Editor Marc Hochstein.
To be sure, this is all in the service of catching bona fide bad guys. But the first paragraph of Powers' first piece is a salient warning, particularly in light of the subsequent SolarWinds revelations: "If a despotic government's bank transactions can be leaked, so can yours."
Who won #CryptoTwitter?
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.