There have been a bunch of legal updates in the crypto space heading into the weekend. YouTube influencer KSI is facing accusations of engaging in pump-and-dump schemes related to crypto investments. Despite his claims of innocence and attributing actions to inexperience, critics like ZachXBT and Coffeezilla argue these actions fit the definition of a pump-and-dump.
Debt Box is contesting the SEC's attempt to dismiss an enforcement action against it, accusing the SEC of trying to avoid sanctions while leaving open the possibility of future actions. This legal tussle comes after the SEC admitted to lying in its court statements regarding Debt Box's operations. Meanwhile, NIST is investigating a vulnerability in the "Binance Trust Wallet app," which could allow attackers to exploit a flaw in the app's use of the trezor-crypto library.
KSI and his Crypto Controversy
YouTube personality Olajide Olayinka Williams Olatunji, better known as "KSI," has come under scrutiny for alleged involvement in pump-and-dump crypto investment schemes. The controversy surrounding the YouTuber resurfaced when KSI reactivated an old crypto-focused account on X, attracting comments from crypto investigators ZachXBT and Coffeezilla.
Upon KSI's return to the platform, where he previously discussed crypto token investments to his 371,000 followers, ZachXBT quickly accused him of preparing to "share garbage again." The accusation was supported by evidence of KSI promoting the XCAD Network, a watch-to-earn project, and subsequently selling $850,000 worth of XCAD tokens. Additional claims also pointed to a pattern where KSI hyped up projects like Ethernity Chain (ERN) only to sell off massive amounts of his holdings shortly after promoting them.
In response to these allegations, KSI admitted to selling XCAD tokens but claimed he did so to invest in the now-defunct Terra Luna Classic (LUNC). He insisted that his actions were not malicious and attributed them to his inexperience and excitement in the crypto space. KSI explained his contradictory tweets as an attempt to counteract what he perceived as the adverse effects of his social media influence on his investments.
Coffeezilla, in a follow-up video, challenged KSI's defense, arguing that public promotion followed by private selling fits the definition of a pump-and-dump scheme, regardless of the YouTuber’s intentions. KSI's close association with Logan Paul, who is also embroiled in a crypto-related controversy over a failed NFT project, seems to further complicate the narrative.
Debt Box Fights SEC's Dismissal Attempt in Legal Battle
Meanwhile, software firm Debt Box is actively opposing the United States Securities and Exchange Commission's (SEC) request to dismiss an enforcement action against it. Although it seems a bit illogical at first, a filing from Feb. 14, from Debt Box criticized the SEC's motion as an attempt to sidestep potential sanctions.
The core of the dispute lies in the SEC's admission of inaccuracies in its statements to the court, which led to a reevaluation of the evidence and a decision to potentially dismiss the case without prejudice. This move, according to Debt Box, is a strategic effort by the SEC to avoid penalties while keeping the door open for a future, possibly revised enforcement action against Debt Box and others.
Debt Box has also framed the SEC's request for dismissal as an attempt to gain preferential treatment in federal courts, contrasting the SEC's own leniency towards businesses that promise restructuring or additional ethics training when accused of misleading investors. This filing comes after a late December 2023 acknowledgment by the SEC that it made false statements to the court, prompting Judge Robert Shelby to demand clarification, especially regarding Debt Box's alleged plans to move assets overseas to evade regulation.
Despite the SEC's request for a temporary dismissal to conduct an internal review and its commitment to internal training and changing legal representation, Debt Box is pushing for the originally scheduled Mar. 7 hearing to proceed. This insistence comes in the wake of the SEC's emergency measures taken in early August 2023, which included securing a temporary restraining order to freeze Debt Box assets amid allegations of defrauding investors through the sale of unregistered securities linked to digital asset mining.
The SEC's actions were based on concerns that Debt Box would get rid of evidence or secretly transfer assets if warned of the restraining order. Now, as the legal battle continues, the focus remains on whether the court will allow the SEC's dismissal request or side with Debt Box in its quest for a full hearing.
NIST Investigates Trust Wallet App Vulnerability
The National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, is currently analyzing a vulnerability in an older version of the "Binance Trust Wallet app" that could potentially allow attackers to steal funds from crypto wallets. The vulnerability is linked to the app's misuse of the trezor-crypto library for generating mnemonic words, which should only be verified at the entropy source, a physical location where data is generated. This flaw was discovered after a similar vulnerability led to losses in July of 2023.
NIST pointed out that attackers could exploit this vulnerability by systematically generating mnemonics for each timestamp within a specific timeframe and linking them to wallet addresses to steal funds. The issue was first revealed on Feb. 8, and investigations are ongoing to assess the possible impact of this vulnerability.
A spokesperson for Trust Wallet admitted that the issue with the Trezor library dates back to 2018, affecting iOS wallets created between March and July of that year. During that period, Trust Wallet was an open-source project, and the issue was confined to about 10,000 downloads.
The vulnerability came under scrutiny after a series of hacks on numerous Ether (ETH) wallets, prompting investigations by Secbit Labs into the iOS version of Trust Wallet. These investigations linked an older wallet generation weakness to large thefts that happened on Jul. 12, 2023. Despite Trust Wallet now being a separate legal entity and operating independently from Binance.com, the implications of the vulnerability have raised some serious concerns.
An independent investigation by Milk Sad uncovered at least 6,572 unique wallet mnemonics at risk of fund loss because of the use of unsafe functions in the trezor-crypto library by the Trust Wallet app for iOS.
NIST is set to assign a base score to the app's vulnerability ranging from 0 to 10 based on its severity when it completes its investigation.
