FCA outlines UK crypto rules

The UK’s Financial Conduct Authority has launched three major consultations outlining how it plans to regulate crypto asset activities and markets. The consultations follow announcements from the UK Treasury that crypto assets, including eligible crypto assets and stablecoins, will soon be subject to comparable oversight to traditional financial services.

Under the FCA’s initial proposals, cryptocurrency trading platforms, intermediaries, staking providers and decentralized finance-related companies will be subject to conduct, disclosure and prudential rules designed to protect consumers. The regulator also proposed a stand-alone market abuse regime, stricter admissions, disclosure requirements and prudential standards to reduce risks from low financial reserves and disorderly corporate bankruptcies.

Legal experts describe the move as a watershed moment, signaling a shift from limited anti-money laundering oversight to a comprehensive financial regulatory regime. The FCA is seeking feedback from industry by February 12 next year, ahead of implementation in 2027.

A key promoter of collapsed crypto scam iComTech has been sentenced to nearly six years in prison for his role in defrauding investors across the United States. Magdaleno Mendoza, 56, was sentenced to 71 months in prison after pleading guilty to conspiracy to commit wire fraud and illegal reentry into the United States.

Prosecutors said Mendoza played a central role in recruiting victims, particularly from Spanish-speaking and working-class communities, by promoting iComTech as a legitimate cryptocurrency mining and trading business. In reality, authorities say the company operated as a Ponzi scheme, using funds from new investors to pay off old participants and finance the developers’ lifestyles, without conducting any actual mining or trading.

Mendoza’s conviction follows prison sentences handed down to other iComTech executives, including founder David Carmona and former CEO Marco Ruiz Ochoa. In addition to prison, Mendoza was ordered to pay nearly $790,000 in restitution, forfeit $1.5 million and return a California home purchased with illicit proceeds.

The United States Securities and Exchange Commission has decided to ban Caroline Ellison, former CEO of Alameda Research, and Gary Wang and Nishad Singh, former executives of FTX, from serving as officers or directors of public companies for several years. In a statement about the litigation, the SEC said it had proposed final consent judgments in the Southern District of New York, which all three defendants accepted without admitting or denying the agency’s allegations, subject to court approval.

As part of the proposed settlements, Ellison agreed to a 10-year ban for officers and directors, while Wang and Singh agreed to an eight-year ban. All three also agreed to permanent injunctions against violations of federal antifraud laws, as well as five-year injunctions based on conduct.

The action stems from the 2022 collapse of FTX and its affiliated trading company Alameda Research. The SEC previously accused the trio of helping to deceive investors and enabling misuse of client funds. All three also faced criminal charges, while former FTX CEO Sam Bankman-Fried was sentenced to nearly 25 years in prison (see: Cryptohacks Recap: Sam Bankman-Fried Sentenced to 25 Years in Prison).

A cryptocurrency trader lost nearly $50 million in USDT after falling victim to an address poisoning attack, a common but often overlooked scam, security companies said. Onchain analytics firm Lookonchain reported that the victim mistakenly sent 49,999,950 USDT to a wallet controlled by fraudsters while attempting to transfer funds from Binance to a home address.

The attacker exploited a routine security measure. After the victim sent a small test transaction, an automated script generated a spoofed address that closely resembled the intended destination. By matching the first and last characters of the real address and inserting small transactions into the victim’s history, the attacker increased the chances that the victim would copy the fake address for a larger transfer.

Blockchain data shows the error occurred within 30 minutes. The attacker quickly swapped USDT for DAI, converted it to ether, and routed most of the funds through Tornado Cash to obscure the trail. The victim has since filed a criminal complaint and offered a $1 million bounty to recover the funds.

US federal prosecutors in Brooklyn have charged a 23-year-old man with 31 counts for allegedly running a large-scale phishing operation that stole about $16 million in cryptocurrency from about 100 Coinbase users. Ronald Spektor, of Sheepshead Bay, was arraigned on charges of first-degree grand larceny and money laundering for a scheme that authorities say operated between April 2023 and December 2024.

Prosecutors said Spektor posed as a Coinbase employee and contacted victims to warn them that their accounts had been compromised. He allegedly persuaded users to transfer their cryptocurrencies to “secure” wallets that he secretly controlled, then laundered the funds through mixers, exchange services and online gaming platforms. Prosecutors say Spektor bragged about the thefts on a Telegram channel and admitted to losing millions gambling.

Investigators have so far recovered approximately $105,000 in cash and $400,000 in crypto. Coinbase and independent blockchain investigators assisted the investigation. Spektor has pleaded not guilty.