IRS Offered Tax Refund on Staking Rewards

The biggest crypto news and ideas of the day

Feb. 3, 2022

If you were forwarded this newsletter and would like to receive it, sign up here.

Sponsored by

Welcome to The Node.

In today’s newsletter: Illegal crypto mining in Russia. Institutions are 50% of Coinbase's business. And the IRS offered a tax refund on staking rewards.

Questions? Feedback? We’d love to hear from you – simply reply to this email.

–Daniel Kuhn

Today’s must-reads

Top Shelf

STAKE TAXES: The U.S. Internal Revenue Service (IRS) offered a Tennessee couple a refund on income taxes paid for unsold staking rewards as part of what appears to be a settlement in an ongoing legal fight – a move industry experts say signals an important shift in the way the IRS views crypto staking. In 2019, Joshua Jarrett paid income tax on 8,876 tezos tokens he earned through staking, which the IRS treated as income. Jarret asked the IRS to return the taxes he paid, arguing the tokens were “created property.”

ARCTIC MINING: The electricity consumption in Russia's Irkutsk region rose fourfold in 2021 because of illegal mining, Russian news agency Tass reported on Wednesday. Increased energy demand has been leading to power outages in the region, which is sometimes cited as the most popular location for illicit mining. Meanwhile, a number of crypto miners in Texas are shutting down some or all their operations as the region awaits an Arctic blast that is likely to test the state’s power grid this week.

INSTITUTIONAL BACKING: Institutions now make up 50% of Coinbase's business, up from 10% three years ago, an exchange executive said at MicroStrategy's Bitcoin for Corporations conference. Meanwhile, Evertas, an insurance platform focused on the cryptocurrency space, has been granted approval to call itself a Lloyd’s of London coverholder – the first such arrangement with the three-century-year-old institution. Finally, the Bank of Russia announced on Thursday that Atomyze, which tokenizes metals trading on the Hyperledger network, is the central bank's first approved “digital assets operator.”

REAL FUN? GameStop is partnering with no-gas Ethereum layer 2 Immutable X for the launch of its NFT marketplace, which will include “billions of low-cost, in-game assets that can easily be bought and sold,” including digital real estate and in-game skins. Meanwhile, on separate earning calls, Nintendo’s president said the company has no plans to expand into the metaverse while Meta Platforms said its newly created Facebook Reality Labs division lost $10.2 billion in 2021. Finally, Neopets Metaverse, a Solana-based project that launched in September, is facing serious backlash from fans of the once-popular digital pet game.

PROVING RESERVES: Kraken on Thursday announced the results of a proof-of-reserves audit showing the crypto exchange held $19 billion in bitcoin and ether. Other crypto assets were not included in the audit. Accounting firm Armanino completed the independent audit on Dec. 31, 2021, a culmination of “years” of work that required reconstructing a Merkle tree to prove every coin was proper.

When it comes to buying, borrowing, or earning on your crypto, you won’t find an easier, safer way to do it than Nexo.

Right now you can earn $25 worth of Bitcoin for each friend you refer. And the best part is that your referral gets $25 in BTC too!

How it works? It’s quite simple - sign in to your Nexo account, copy your unique link and start referring like your life depended on it!

And here is what’ll happen next: you and your referrals will both get $25 in BTC within 30 days of them passing the Advanced Verification and topping up the equivalent of $100 or more of any asset supported on the Nexo platform.

What others are writing...

Off-Chain Signals

It's never been easier to earn interest on Bitcoin and Tether with BitMEX EARN. Enjoy up to 10% APR on Tether and 4% on Bitcoin, fully backed by the BitMEX Insurance Fund.

With new products, reliable security, and responsive customer service, there’s never been a better time to join BitMEX. Start earning interest today by subscribing to EARN here.

BitMEX products and services are not available to US Persons and in other specified jurisdictions.

Putting the news in perspective

The Takeaway

Hacks, Exploits: Crypto Pulls Definitions From a Hat

Yesterday, beginning at 18:24 UTC, someone or something exploited a security vulnerability on Wormhole, a tool that allows users to swap assets between Ethereum and a number of blockchains, resulting in the loss of 120,000 wrapped ether (or wETH, worth about $321 million) on the platform.

This is the second largest decentralized finance (DeFi) attack to date, according to rekt’s leaderboard, in an industry where security exploits are fairly common and part of users’ risk curve. There’s a whole business made out of code reviews, a lexicon of industry-specific jargon to explain what’s going on and something of a playbook to follow if and when “hacks” inevitably occur.

Wormhole, apart from catching and patching this bug earlier, has seemingly tried to do the right thing: They shut down the platform to prevent further losses, notified the public of what they know and announced Jump Trading is on the line to replenish the stolen coins.

Read more: Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M

Furthermore, in a move that’s becoming increasingly common, the Wormhole Deployer has posted an open message to the exploiter on Ethereum offering them a “white hat agreement” and $10 million for an explanation of the attack in exchange for the stolen funds.

Excuse the simile, but this is like waiting for a magician to pull a rabbit from a top hat. The world is waiting to see whether they’re dealing with a “white” or “black” hat hacker, terms meant to explain a hacker’s motivations. The reality is likely to be a little more gray.

Hacks vs. exploits

“Black hat hackers are criminals who break into computer networks with malicious intent,” according to Kaspersky security experts. They may use malware, steal passwords or exploit code as it’s written for “self-serving” or maybe “ideological” reasons. White hats, aka “ethical hackers” or “good hackers,” are the “antithesis.”
“They exploit computer systems or networks to identify their security flaws so they can make recommendations for improvement,” Kaspersky writes.

Due to the way crypto networks are designed, it’s often unclear who it is you’re dealing with. Users exist as long strings of alphanumeric gibberish, and their past is reduced to a series of transactions connected with their address.

This system has some benefits. Even if platforms don’t “know” their “customers,” all transactions are recorded on-chain and anyone can “verify” which coins belong to whom. DeFi exploits are often dead ends: Exchanges, used as on and off-ramps to and from the crypto economy, can blacklist stolen funds, reducing those token’s utility and value to nothing.

That may explain why some of the most prominent exploits see masterminds return their bounties. For instance, last August, the Poly Network “hacker,” as they came to be referred to, returned nearly all of the $610 million worth of stolen crypto assets, and asked for people to see their exploit as a “white hat hack,” meant to bring awareness to a disastrous bug.

This might be rewriting history – a post hoc explanation for an attack that was ultimately poorly executed? It might be happening again: We don’t know the Wormhole exploiter’s motivations, but the bridge’s team seems to be asking that they eat the bug in exchange for a tidy $10 million.

In a sense, the system is set up in an attacker’s favor. When someone uses the code as it’s written, but not as intended, technologists will refer to that as an “exploit.” Code is given precedence above human action, so that human errors – like fat fingering a bad transaction or missing a gaping security hole – are explained as a natural process of the code.

An attack is only elevated to the level of a “hack” when the code is rewritten or broken. This is an important technological distinction, even though the terms likely stem from the gaming industry where “hacking” a game to gain an unfair advantage is often frowned upon whereas “exploits,” or finding loopholes in the game, are boasted about.

It’s probably fair to say this recent attack wasn’t part of the Wormhole Deployer’s plans or motivations. A mistake in the code was seemingly made, or not found, and solutions are being worked out. It might point to the “fundamental security limits of bridges,” as Ethereum co-creator Vitalik Buterin noted in a prescient blog posting a few weeks ago.

The attacker conducted a series of transactions so that Wormhole “smart contract” confused falsely minted wETH will the real stuff – a full breakdown here. It was a loophole that someone with deep knowledge and a lot of time was able to exploit.

Some people will consider this attack as a contribution to the overall body of knowledge about crypto. Some have even said this process may ultimately lead to “unhackable code,” as every smart contract is a potential “million-dollar bug bounty.”

So, it’s worth asking if the language crypto uses to explain its myriad vulnerabilities (risks stacked on risks) contributes to the ongoing business made out of hacks. Or if sometimes we’re pulling definitions from hats.

–Daniel Kuhn

The Chaser...

The Node

A newsletter from CoinDesk

Were you forwarded this newsletter? Sign up here.

See Previous Editions

Copyright © 2021 CoinDesk, All rights reserved.

250 Park Avenue South New York, NY 10003, USA

Manage your newsletter subscriptions | Unsubscribe from all CoinDesk email