Greetings! We’re excited to be back in your inbox. In this edition we’ve got a reflection on digital identity from ETH Denver, and an acknowledgment of North Korea’s growing crypto money laundering skills. Plus all the news that’s fit to Glitch.

How will we know which AI agents to trust?

The question of how to best identify ourselves in digital spaces is as old as the internet. The rise of artificial intelligence is making how we try to answer that question weirder and weirder.

Take the idea of “proof of personhood,” a term popularized by Worldcoin, which has developed a cryptographic credential tied to biometric data that verifies one’s status as a real person—not a bot. That sounds useful, given the crescendoing drumbeat from the tech realm that AI is going to eat the world.

But is it really that simple? And why would another human necessarily be more trustworthy than an AI?

“Sure, we might want to know if a thing is human or artificial intelligence,” Billy Luedtke, founder and CEO of a startup called Intuition, said during a lightly attended Saturday morning panel at ETH Denver last week entitled Bye bye biometrics: AI demands stronger security standards. “But then you enter the philosophical realm of: Are the AI just us?” Luedtke continued. “Are those actually also human, and just kind of like the aggregate human consciousness?”

It sounds bizarre, even a little insane. But he’s got a point. It’s not unreasonable to think that at some point in the not-so-distant future it will be normal to have AI agents working on our behalf. How should they identify themselves? Wouldn’t they be, at least sort of … us?

Another panelist, Evin McMullen, the CEO of the zero-knowledge cryptography-based ID company Privado, described a system her shop has developed that accounts for this. Called “know-your-agent,” it gives users “the ability to assign a unique identifier to an instance of an agent and to relate that to a unique human being, or a set of human beings,” McMullen said. This means an agent can “represent itself on behalf of you and can enter spaces where you have privileges to do so,” she said.

Even if a bot isn’t connected to a real human identity, that doesn’t mean it’s bad. But how will we know if it can be trusted? For example, Luedtke said, “you might have a swarm of bots that aren’t human, but they’re performing a bunch of really productive actions.” What’s crucial to know is “the reputation of the thing,” he argued.

“You need the aggregate set of data the thing has created, and the aggregate set of data created about the thing, and then you can reason about the reputation of the thing.” Does its track record suggest it can be trusted? That’s the sort of question Luedtke’s company aims to help answer.

Whatever the solution turns out to be, it seems clear that Luedtke and McMullen are right about the problem: we’ll need new methods for determining whether to trust the friendly bot who insists it’s trying to help you, not scam you. Once again: the future is weird. —Mike Orcutt

Share

Kim Jong Un (still) has crypto in a pickle

We said it just over a year ago: as long as one of America’s nuclear-armed adversaries is capable of exploiting cryptocurrency technology and the crypto industry to generate illicit profit, crypto is going to have political problems. North Korea’s $1.5 billion (mostly in ether) theft from Bybit, by some estimates the world’s second largest exchange, was not only stunning in its scale but also in how elaborate and clever it was.

The attack began weeks before the actual heist, when alleged North Korean state actors compromised the laptop of an employee of Safe{Wallet}, the provider of the multisignature wallet software Bybit uses to store digital money. “This developer was one of the very few personnel that had higher access in order to perform their duties,” Safe{Wallet} stated in a March 6 summary of its forensic investigation. As a security measure, multisignature wallets won’t allow a transaction to go through until a certain number of “signers” agree. The attacker inserted malicious code into the Safe{Wallet} website, which made it possible to fool Bybit’s three signers, including CEO Ben Zhou.

Of course, stealing the crypto is only half the battle—and apparently the North Koreans have also leveled up their money laundering operation. “The speed at which the stolen funds are being laundered is particularly alarming,” blockchain analytics firm TRM Labs stated in a March 4 analysis. The attackers have taken advantage of cross-chain “bridges” like THORChain to convert Ethereum tokens into bitcoin and then spread it across many wallets (more on that below). “This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,” TRM Labs wrote.

Some crypto security experts have been critical of Bybit’s security protocols, and a few have said the heist was preventable. Do crypto exchanges need more safety rules? ByBit is based in Dubai and doesn’t serve US customers. Either way, just as important as how badly Bybit performed is how well North Korea has performed. It’s also hard to ignore that this is happening at a time when regulators in the US seem to be adopting a laissez-faire approach toward the industry. A big enough national security pickle could quickly shift priorities. —Mike Orcutt

Share Project Glitch

HEADLINE WATCHER

At crypto summit, Trump says US will be “the Bitcoin superpower.” The president held a four-hour gathering of crypto executives and investors at the White House. “High IQ individuals around this table,” he said after some high-profile execs called him “wonderful,” according to the New York Times. What was the point of the summit? Great question. “This wasn’t a meeting where things were being decided or disclosed,” Chainlink founder Sergey Nazarov told the Times.

Bybit CEO says 20% from $1.5 billion theft has “gone dark” as hackers swap to bitcoin. Fallout from the Bybit heist is spreading. Bybit CEO Ben Zhou told The Block 20% of the stolen $1.5 billion worth of ether tokens have “gone dark”—they’ve been transferred through exchanges that don’t use KYC, and can be considered laundered. The remaining tokens are mostly still traceable. That’s left the community behind the decentralized “cross-chain” protocol ThorChain with a difficult choice. Should they let vast quantities of Ether trades through and risk being an accomplice to one of the largest money laundering efforts in history? Or halt trading and exert centralized, unilateral power over a community that views such control as a mortal sin? According to The Block, the Bybit hackers have moved hundreds of millions through THORChain, which makes it possible to swap coins from one blockchain for coins from another. The hackers have been executing an elaborate laundering scheme that involves changing ether to bitcoin and moving it across thousands of different wallets. The activity on THORChain has led to internal division and to the resignation of one of the project’s lead developers.

Reddit co-founder Alexis Ohanian joins bid to acquire TikTok, plans to move social app “onchain” We’ve discussed Project Liberty, the outfit that’s been making noise about buying up the US arm of TikTok, before. Now it has gained a new partner with serious social media chops. The idea appears to be that with Ohanian on board, the bid will be more attractive (to US interests, at least) because of a stated goal of letting users control their own data. No word on how that squares with Reddit’s widely publicized sale of user data to AI firms.

Argentine prosecutor aims to freeze $110 million in proceeds tied to Libra memecoin scandal. Eduardo Taiano, a federal prosecutor in Argentina, has requested that as much as $110 million be frozen, and has asked for the “the recovery of deleted social media posts, including those by (President Javier) Milei promoting the Solana-based memecoin,” reports Cointelegraph, citing local media outlet Clarín. We published our thoughts about Libra last issue.

Coinbase acquires Iron Fish team to accelerate privacy efforts on Base. The team, which is led by founder and CEO Elena Nadolinski, will “stand up a new privacy pod” within Coinbase’s Layer 2 platform, Base, and will develop “privacy preserving primitives across Base.” The Iron Fish Layer 1 blockchain, which uses zero-knowledge cryptography to enable private transactions, “will remain independent and unaffiliated with Coinbase or Base,” according to Coinbase.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.