HSBC Australia Blocks Payments to Cryptocurrency Exchanges

HSBC started blocking payments to cryptocurrency exchanges to protect its customers against the rising number of scams.

Australian banks, including HSBC and Bendigo Bank, have started blocking payments to crypto exchanges to protect customers from scams. Meanwhile, MonoSwap, a decentralized exchange, suffered a hack due to a phishing attack on a developer while dYdX’s version 3.0 website was compromised but quickly restored. Despite these setbacks, dYdX is negotiating the sale of some of its derivatives trading software to market makers like Wintermute Trading and Selini Capital.

Australian Banks Block Payments to Crypto Exchanges

HSBC Australia announced that it will block customer payments to cryptocurrency exchanges on July 24. This happened after other major banks also started distancing themselves from the crypto industry because of concerns about scams. 

Notice of changes to payments to crypto exchanges (Source: HSBC)

HSBC informed its customers through an email that it will block payments from bank accounts and credit cards to crypto exchanges to protect customers. The bank pointed to data from Australia's competition and consumer regulator, which reported that Australians lost close to $171 million to investment scams in 2023. HSBC apologized for any inconvenience but held firm that the safety of customer funds is its top priority.

Bendigo Bank quickly followed HSBC's lead and also pointed towards the need to protect customers from investment scams as the reason for its decision. 

On the other hand, Amy-Rose Goodey, the managing director of the Digital Economy Council of Australia (DECA), is concerned about HSBC's decision because the DECA was not pre-informed. According to Goodey, this move reflects a worrying trend of restrictions affecting the digital currency community. It also proves how important it is to create improved regulatory frameworks to support innovation while still mitigating risks.

Goodey also warned that, because of this, more Australians could lose their financial right to participate in the growing digital economy. She is advocating for clear, fair, and forward-thinking regulations to help combat scams without hindering innovation. Since 2023, DECA has been part of the advisory board of the National Anti-Scam Center, which Goodey sees as a positive step forward.

Despite the new restrictions, HSBC stated that it will still accept customer payments from crypto exchanges to make sure that other banking operations would continue as usual. HSBC Australia serves 1.5 million customers through 45 branches nationwide.

MonoSwap Hacked, Users Urged to Withdraw Funds

Unfortunately, these crypto scams are not only limited to Australia. On July 24, MonoSwap, a decentralized exchange and staking platform, announced that it suffered a malicious hack. The exchange urged users not to stake or add additional funds and to withdraw their existing funds immediately to avoid losses. 

The platform identified a malicious link in a social media post and warned users not to interact with it. The breach happened on July 23 when a developer installed a malicious phishing application and was deceived into a call with scammers posing as venture capitalists. During the call, the scammers installed software on the developer’s computer which allowed them to gain access to the platform’s wallets and contracts. The scammers then withdrew most of the staked liquidity.

MonoSwap is currently investigating the incident and is planning to collaborate with venture capitalists to recover and improve security.

Crypto hacks are on the rise, according to CoinGecko co-founder and COO Bobby Ong, who warned the community on July 11 about the increasing frequency of these attacks. Ong attributes the surge to Google’s sale of its domain business to Squarespace, which resulted in the removal of two-factor security authentication, creating a security vulnerability. 

Since Ong’s warning, several high-profile hacks have taken place. On-chain sleuth ZackXBT alerted the community about a phishing page on Compound Finance’s website, which has since been dealt with. Additionally, on July 18, Indian crypto exchange WazirX was hacked, and $235 million was stolen by hackers allegedly linked to the North Korean Lazarus hacking group.

dYdX v3.0 Website Compromised

On July 23, the dYdX team reported that the website for its version 3.0 was compromised. They urged users not to visit the site or click any links associated with it until further notice.

The dYdX team assured users that the version 4.0 on Cosmos was unaffected and fully operational. The compromised user interface is hosted at dydx.exchange, but the smart contracts tied to the app were not breached, meaning that deposited funds were still safe, although users were advised against using the site for withdrawals.

Some people tested the compromised site, and received an error message: “Your wallet is not eligible. Something went wrong. Please try again with an active wallet.” This is very similar to a previous phishing scam involving Collab.land, where users with inactive wallets were prompted to try again with a wallet holding funds. Upon doing so, they were asked to sign a request, which led to their account being drained.

The compromised dYdX website seems to operate similarly. The team has not yet shared a lot of details about how the attacker managed to control the app’s domain name, but DNS hijacking attacks on Web3 protocols have become very common. 

dYdX Restores Site After Hack

Luckily, dYdX very quickly restored version 3.0 of its website after the DNS hijacking attempt. In fact, the crypto exchange's website was fully recovered within three hours of announcing the compromise.

The team advised users to delete their browser cache and restart their browser before visiting the site to make sure they are not accessing the compromised version. In a social media post, dYdX Trading Inc. confirmed the recovery and stated that the dYdX Chain, dydx.trade, and the v3 Protocol were never compromised and remain safe to use. 

Some wallet extensions like MetaMask and Phantom may still display warnings when connecting to the site, but these issues are expected to be resolved soon as well.

This incident is just one of the many ongoing security challenges faced by the crypto industry. In 2024, the value of digital assets stolen by hackers has surged, and could even potentially surpass the total for 2023. 

In the first quarter of 2024 alone, hackers stole $542.7 million in digital assets, which was a 42% increase from the same period in 2023. The amount lost to smart contract vulnerabilities decreased by 92% to $179 million in 2023 from $2.6 billion in 2022. Instead, over 55% of the hacked digital assets in 2023 were due to private key leaks. 

Mriganka Pattnaik, co-founder and CEO of Merkle Science, pointed out the rapid increase in losses from private key leaks as the biggest security concern. As of mid-2024, the total volume of stolen crypto funds is approaching $1.4 billion. Centralized exchanges are becoming the primary targets for exploits, according to a report from cybersecurity firm Cyvers.

dYdX Negotiates Software Sale

Despite this setback, dYdX is reportedly in discussions to sell some of its derivatives trading software. According to a July 23 Bloomberg report, dYdX Trading Inc., the developer of the dYdX exchange, has been negotiating the deal with crypto market makers. Some of the potential buyers include Wintermute Trading, a UK-based algorithmic trading firm specializing in digital assets, and Selini Capital, which manages alternative investments in digital assets.

dYdX also confirmed that it is exploring strategic alternatives for its v3 technology, excluding the Ethereum smart contract or other technology governed by the utility token. The protocol stated that DYDX token holders will need to vote on any changes to the smart contracts underlying v3.

The v3 protocol of dYdX focuses on perpetual contracts, which are futures contracts without an expiry date, allowing leveraged cryptocurrency trading. Since January, v3 has amassed a cumulative trading volume of $1.22 trillion, according to DefiLlama.

This potential sale comes after some recent leadership changes at dYdX. On May 13, founder Antonio Juliano stepped down as CEO without announcing his future plans. Juliano, who previously worked as a software engineer at Coinbase, Uber, and MongoDB, was succeeded by Ivo Crnkovic-Rubsamen, the former chief strategy officer. 

In June, after a community vote, dYdX launched its v5, which introduced isolated margin, isolated markets, and support for Raydium Markets. These changes allow traders to assign collateral to specific trades, reducing the risk of cross-trade collateral impact and providing dedicated insurance for each collateral pool.