Web3 Wavefronts - Digestible News on Crypto, DeFi and AI

Portugal’s public prosecutor unit opened a money laundering investigation into Elledgy Media and producer Elvira Gavrilova-Paterson after ICIJ Coin Laundry reporting linked event promotions to alleged crypto schemes tied to Vladimir Okhotnikov. Investigators are examining whether more than $4 million that moved through Elledgy since 2024 financed promotional campaigns for platforms connected to Okhotnikov and are mapping event budgets, vendor payments, sponsor invoices, and talent fees to determine whether payments masked transfers tied to those promotions. Gavrilova-Paterson, a Ukraine-born producer based in Portugal, organized red carpet placements, talent bookings, festival activations at Cannes and Venice, and global media rollouts across multiple jurisdictions through Elledgy. Regulators and reporting show Okhotnikov is accused of orchestrating schemes that attracted roughly $1 billion over about five years, including Forsage (U.S. authorities report participant losses above $340 million), and ICIJ traced roughly $29 million through a wallet tied to Meta Whale during a period that overlapped with a marketing push; authorities in Australia and Canada issued warnings and Vietnamese police arrested promoters, and a Georgian court convicted Okhotnikov in absentia on laundering charges tied to about $1.1 million and sentenced him to 10 years. Investigators describe a repeatable enforcement playbook involving smart contracts that incentivize recruitment, affiliate networks and influencer roadshows, rapid cross-border cash movements, branding shifts, and off-chain payments through vendors and events that complicate tracing. The reporting and enforcement teams advise Web3 founders, investors, and legal teams to treat festival placements, sponsorships, and production budgets as potential regulated flows, build enhanced counterparty due diligence into commercial processes, require verifiable beneficial ownership and bank-level documentation, use independent smart contract audits and escrow arrangements for promotional spend, and maintain a live risk register for vendors and promoters. Immediate risk controls recommended include pausing paid promotions with new or unvetted partners until enhanced due diligence is complete, mandating beneficial owner attestations and third-party identity verification, insisting on independent reviews of any token or contract mechanics tied to promotional campaigns, and structuring payments through escrow or controlled accounts to prevent invoice repurposing. Signals to monitor include Portugal’s formal case decisions, asset freezes, mutual legal assistance requests, SEC or DOJ filings that tie wallets or promoters to enforcement actions, continued on-chain tracing of wallets linked to Meta Whale or successor brands, and disclosure or documentation requests served to festivals, agencies, and banks; if prosecutors file formal charges, authorities may seek domestic asset actions and coordinated records requests abroad, and further SEC or DOJ filings could accelerate seizures or arrests. Source: https://web3businessnews.com/crypto/portugal-probe-producer-crypto/

A U.S. operation named Absolute Resolve began in the early hours of January 3 with more than 150 aircraft striking air defense systems, airfields and mobility nodes across northern Venezuela, and U.S. authorities reported that Nicolás Maduro and Cilia Flores were captured and flown out of the country. Satellite imagery and reports showed explosions around greater Caracas, damage to infrastructure and a legislative building, and outages and communications interruptions in southern Caracas. U.S. officials described the operation as intelligence-driven, said a small command cell authorized the action to reduce leak risk, and stated that charging documents against Maduro are being prepared while a senator said the secretary expects no further kinetic action and that Maduro will face a U.S. trial. Colombia confirmed involvement, deployed border forces and warned of refugee pressure; Russia and China issued condemnations; the U.N. called for restraint; and Venezuela requested a U.N. Security Council meeting. Crypto markets repriced geopolitical risk during low-liquidity hours as Bitcoin and major altcoins declined, perpetual funding turned negative, basis compressed, option skew favored puts, market makers widened spreads and reduced inventory, stablecoin order books saw heavy two-way flow, and Latin American P2P spreads widened. Venezuela’s broad retail adoption of USDT, USDC and P2P rails for remittances and commerce links local on-ramps and off-ramps to global liquidity, and power outages could affect mining operations, pool hash rates and mining throughput. Officials indicated that Treasury and State may update sanctions and guidance that would affect exchange routing, custody and compliance costs for exchanges, market makers and stablecoin issuers. Advisory guidance included prioritizing liquidity quality, maintaining contingency plans for custody and fiat ramps, and holding short-duration hedges and cash buffers; recommended indicators to monitor over the next 72 hours include official U.S. statements on operational scope and detainee status, cross-border incidents and refugee surges, oil price moves, exchange policy updates for Venezuelan users, stablecoin spreads across Latin American P2P channels, funding and basis metrics, open interest, deposit and withdrawal anomalies tied to Venezuelan IP clusters, and daily mining hash rate trends and reports of grid outages. Source: https://web3businessnews.com/crypto/us-strikes-venezuela-crypto/

Community and vendor datasets report about 50 to 60 wrench attacks on cryptocurrency holders in 2025, nearly double the 2024 count and part of more than 215 physical incidents logged since 2020. Analysts monitoring forums, local news, and police blotters state the true count is higher because many victims decline to disclose wallet or exchange details. Attackers combine public blockchain data, leaked personal information, and social media signals to map holdings to real names and addresses. Attack methods include fake deliveries, utility pretexts, staged yard checks, impersonation to gain entry, on‑site testing of small transfers followed by escalation, restraint, threats, and forced account access. Incidents cluster around cryptocurrency price movements and data spills. Organized crews outsource enforcement to local proxies, use rented housing for staging, rotate vehicles and prepaid phones, and coordinate remotely to validate balances and direct exits. A San Francisco case involved a gunman posing as a delivery driver, restraint of the resident, accomplice verification of balances by phone, staged transfers over roughly 90 minutes, and an estimated $11 million loss. Reports also document retirees coerced in Florida, torture and threats in Texas over believed hardware wallets, and threats against family members in Europe and Brazil. Underreporting occurs because victims fear reputational damage, expect mishandling of crypto evidence by police, or view losses as irreversible, and law enforcement records often list generic robbery charges without on‑chain details. Improved case reporting with structured incident fields would enable better detection, trend analysis, and linkage across incidents. Defensive measures for individuals and teams include reducing public signals that link wallets to identities or addresses, scrubbing leaked personal data, protecting family information, improving home perimeter security and delivery verification, adopting multisignature custody with geographically and role‑separated signers, storing hardware wallets and seed backups offsite, implementing policy‑based custody with offsite cosigners and time locks, and separating signing workstations from everyday devices. Post‑incident actions include calling law enforcement immediately, providing wallet addresses and transaction hashes, preserving device logs and camera footage, notifying exchanges and analytics firms to trace and flag funds, and coordinating insurers and legal counsel through a single point of contact. Metrics to monitor include incident counts from community databases, arrest and conviction rates, share of cases tied to leaked personal data, time from incident to first custodial or exchange touch, and percent of losses that interact with services where freezes are possible. Organizations should test response playbooks with red‑team drills that assume in‑person coercion, and insurers increasingly require proof of multisig separation and documented privacy controls. Law enforcement and exchanges are developing playbooks to handle on‑chain evidence and coordinated responses, and available reporting indicates attackers can execute physical coercion with basic wallet skills and access to leaked data. Source: https://web3businessnews.com/crypto/wrench-attacks-crypto-2025/

Starting January 1, 2026, jurisdictions implementing the OECD Crypto Asset Reporting Framework (CARF) require Reporting Crypto Asset Service Providers (RCASPs) to collect transaction-level data and user tax information; the EU will implement CARF via DAC8, the UK is aligning domestic rules to the same timeline, and more than 48 jurisdictions have committed to the standard. RCASPs generally include exchanges, broker-dealers, custodial platforms and providers that effect crypto-to-fiat, crypto-to-crypto trades or similar disposals, and some jurisdictions will require registration and appointment of a responsible officer. Platforms must collect tax residence self-certification and tax identification numbers (TINs), validate these against KYC/AML records, and report user identity, tax residence and TIN, transaction type and date, asset category and quantities, proceeds or consideration in fiat, and fees according to local CARF schemas; reporting covers crypto-to-fiat trades, crypto-to-crypto transactions and certain platform-effected transfers, and providers must be able to file nil returns, submit corrected filings, and retain multi-year records. Governments plan to begin exchanging 2026 activity data in 2027; reporting periods and filing deadlines will vary by jurisdiction, with some fixed early-year dates and others allowing up to nine months after year end. Platforms should update onboarding to capture tax residence and TINs, build or procure CARF-capable reporting engines that support jurisdiction-specific schemas and versioning, secure market data for fiat conversions, establish a single asset taxonomy and reconciliation logic, run dry runs and backfill legacy accounts in 2026, and prepare to file in 2027 according to local deadlines. Providers must align privacy notices with GDPR and local privacy rules, retain documentation of due diligence and remediation, assign accountable owners to monitor OECD guidance and local implementing legislation, and prepare playbooks for regulatory inquiries and discrepancy resolution. Jurisdictions will enforce filing requirements and impose penalties for late or incorrect filings, and cross-border data matching will enable tax authorities to detect discrepancies between platform reports and taxpayer filings. Source: https://web3businessnews.com/crypto/crypto-tax-reporting-uk-eu-2026/

Show description: On December 30, 2025, Senator Joe Gruters filed SB 1038 and SB 1040 to establish the Florida Strategic Cryptocurrency Reserve and the Cryptocurrency Reserve Trust Fund. The bills assign administration authority to the state Chief Financial Officer, Blaise Ingoglia, and require both bills to pass together to take effect. If enacted, the program would begin on July 1, 2026. The reserve may only acquire digital assets with a two-year average market capitalization of at least $500 billion, a threshold that currently limits eligibility in practice to Bitcoin. SB 1038 creates the reserve inside the Office of the Chief Financial Officer, grants the CFO authority to manage investments and operations, and establishes an advisory committee for guidance, oversight, and reporting. SB 1040 creates the Cryptocurrency Reserve Trust Fund to hold appropriations, statutory receipts, and crypto assets, and to pay operating, custody, audit, and technology expenses. Funding sources include legislative appropriations, statutory income, receipts from purchases or exchanges, blockchain forks and airdrops when assets are retained, and profits from non-crypto investments. The bills centralize risk management through the CFO and the advisory committee, require documented procedures for investment decisions, custody, and reporting, and allow transactions under federal banking rules using chartered banks and registered investment vehicles. The program contains a sunset clause that terminates the program on July 1, 2030 unless the legislature renews it and requires liquidation of assets with proceeds transferred to the General Revenue Fund on termination. The bills reference actions by Texas, Wyoming, New Hampshire, Arizona, and Wisconsin and cite Wisconsin’s 2024 pension allocations to spot Bitcoin ETFs as a precedent for using regulated products and custody. Implementation tasks include finalizing custody arrangements, selecting compliant vendors, and producing reporting templates and control checklists prior to any capital deployment, and procurement should expect requirements for SOC reporting, segregation of duties, hardware security modules or multi-signature key management, provable chain of custody, incident response processes, and frequent standardized audits. Source: https://web3businessnews.com/policy/florida-crypto-reserve-bills-2026/

Ghana legalized cryptocurrency trading through the Virtual Asset Service Providers Bill 2025, which establishes a supervised licensing regime for exchanges, custodians, broker-dealers, payment gateways, and other virtual asset service providers. The law preserves the Ghanaian cedi as the country's sole legal tender while allowing individuals to buy, sell, and hold virtual assets under a compliance framework. Oversight is split between the Bank of Ghana and the Securities and Exchange Commission, supported by designated agencies for financial intelligence, consumer protection, and law enforcement. Regulators will roll out phased licensing and supervisory rules during 2026 that include application windows, fit-and-proper testing for management, operational readiness checks, and technical guidance on custody, disclosures, and conflict management. Authorized VASPs must implement customer due diligence, know-your-customer checks, anti-money-laundering and counter-terrorist-financing programs, transaction monitoring, recordkeeping, timely reporting, custody segregation, recovery and resolution plans, and solvency and liquidity buffers aligned to their business model and risk profile. Consumer protection measures require segregation of client assets, daily reconciliation, multi-signature and cold storage standards, insurance where applicable, and independent auditing, and supervisors will have powers to pursue misleading promotions and unlicensed offerings. About 3 million Ghanaians, roughly 17 percent of adults, already interact with digital assets and informal crypto activity is estimated at approximately three billion dollars annually. Existing operators serving Ghanaian users must register and strengthen governance, compliance, travel-rule data exchange, sanctions screening, incident response, vendor management, and documented recovery plans to continue operating. Banks and payment firms must reassess correspondent risk and partner due diligence, and exchanges and fintechs can pursue partnerships to provide regulated custody, merchant services, and remittance services under the new framework. Ghana's approach follows similar moves in neighboring countries and aligns with trends in Nigeria and Kenya toward formal VASP oversight. Enforcement will rely on information sharing, on-site and thematic inspections, robust data collection from domestic entities, and cooperation with foreign regulators to trace funds and obtain records for offshore platforms and decentralized venues. Key dates include phased rulemaking and licensing windows in 2026, consultation papers on custody and disclosures, and technical standards for the travel rule and wallet security, and firms are advised to prepare license applications, board and management structures, AML operations, custody segregation, and audit readiness ahead of those milestones. Source: https://web3businessnews.com/policy/ghana-legalizes-crypto-vasp-law/