Google Play Store Introduces Licensing Rules For Custodial Crypto Wallet App Developers

Starting October 29, 2025, Google Play will require custodial crypto wallet developers in more than 15 regions, including US and the European Union, to obtain proper licenses and follow recognised industry standards. In the US, developers will need to register with local regulators as a financial services business or money transmitter, while in the EU, they must register as a crypto-asset service provider.

The new policy would also necessitate stricter compliance requirements, including a written anti-money laundering (AML) program, which would result in more intensive ‘know your customer’ (KYC) checks, according to Cointelegraph. These modifications will not impact non-custodial wallets, where users have full control of their private keys.

Google Play had previously taken a cautious approach to crypto-related apps. In 2018, it banned crypto mining apps. Two years later, it removed the game Bitcoin Blast and also took down news apps from various crypto media outlets. In 2021, it took action against misleading apps that tricked users into purchasing imposter cloud services. Later in 2023, it sanctioned non-fungible token (NFT) games under strict terms, including explicit explanation of NFT features and banning gambling-style features like loot boxes.

Coinbase Loses $300,000 After Error In Token Approval

Coinbase lost about $300,000 after it mistakenly approved token transfers to a 0x Project swapper contract. The incident happened on August 13 when the company’s corporate wallet was set to allow the contract to access certain tokens. Since the contract is open for anyone to use, an MEV bot quickly took advantage of the approval and withdrew the funds.

Security researcher Deebeez from Venn Network observed the issue and noted that the same swapper had been involved in previous heists. Screenshots shared by him showed tokens, such as Amp, MyOneProtocol, DEXTools, and Swell Network being approved and then immediately taken by the bot.

Coinbase’s Chief Security Officer, Philip Martin, said the problem came from a configuration error in one of the company’s corporate decentralised exchange (DEX) wallets. He confirmed that no customer funds were affected. After discovering the mistake, Coinbase removed the approvals and moved the remaining tokens to a more secure wallet, he added.

Counter Hack Uncovers How North Korean IT Operatives Target Crypto Firms

A recent counter hack has exposed the inner workings of a small group of North Korean IT operatives who were behind the June attack on the fan token platform, Favrr. The group used at least 31 fake identities to steal around $680,000 in cryptocurrency.

Images recovered from one of the operative’s devices showed how they orchestrated the hack. They used tools like Google Drive to store documents, Chrome profiles to manage multiple accounts, and VPNs and AnyDesk for remote access while concealing their location.

The fake identities used were government-issued-looking IDs, phone numbers, and accounts on LinkedIn and Upwork. These were used to impersonate Blockchain developers and apply for crypto project jobs. A few of the profiles claimed to have worked with popular Blockchain companies before to make things look real.

According to Cointelegraph, investigators linked one of the wallets used by the operatives directly to the Favrr hack. This finding confirmed that the same network carrying out the job applications was also involved in the theft.