SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al Document 146: Status report, Attachment 1

District Of Columbia District Court
Case No. 1:23-cv-01599-ABJ-ZMF
Filed October 11, 2023

Joint STATUS REPORT by SECURITIES AND EXCHANGE COMMISSION. (Attachments: # (1) Exhibit REDACTED, # (2) Exhibit REDACTED)(Murphy, John)

BackBack to SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al

Tags No tags have been applied so far. Sign in to add some.

Jump to Document 146 or Attachment 12

  Formatted Text Tab Overlap Raw Text Right End
Page 1 Exhibit
Page 2 September 21, VIA EMAIL
George S. Canellos, Esq.
Matthew J. Laroche, Esq.
MILBANK LLP
William R. McLucas, Esq.
Matthew T. Martens, Esq.
Tiffany J. Smith, Esq.
Matthew Beville, Esq.
Jeremy Adler, Esq.
WILMER CUTLER PICKERING HALE AND DORR LLP
Re:
SEC v. Binance Holdings Limited, et al. (1:23-cv-01599)
Dear Counsel:
In an effort to narrow the issues in dispute consistent with the Court’s recommendations at
the September 18, 2023 hearing, attached are requests for specific documents and communications
that fall within the SEC’s June 23, 2023 Requests for Production. (See Attachment A). We have
included representative citations to deposition transcripts where applicable. As previously
discussed, please also provide updated certified interrogatory responses, including those set forth
in the Proposed Order to the SEC’s Motion to Compel. (See Dkt. 102, Proposed Order at ¶ 8.)
Please complete your production of these materials, consistent with the SEC’s data delivery
standards by October 6, 2023. We are open to discussing an expedited timeline for production of
these materials, but many of the documents should be readily identifiable, having already been
identified in deposition or our prior discussions. As the Court noted at the hearing this week, a
more complete production prior to depositions will best facilitate the examination of the deponents
and help avoid having to call witnesses back because of subsequent productions.
In addition, as requested in my September 19 email, please provide available dates for inperson depositions in Washington, D.C. for the individuals listed below, preferably in the order
they are identified. For certain individuals, we are open to discussing scheduling more than one
deposition on a given day and remote options.
Page 3 September 21,

30(b)(6) designee
We welcome the opportunity to meet and confer regarding the scope and time allotment
for the 30(b)(6) deposition. As discussed, we believe such deposition testimony on the identified
topics would be an efficient and effective way to address many of the key issues and may alleviate
the need for, or at least help streamline, the depositions of some of the other individuals.
We reserve our rights to amend or add requests or notice additional depositions.
We appreciate your prompt attention to this matter. Feel free to contact us with any
questions or concerns.
Respectfully,
_/s/ Jennifer Farer
Jennifer L. Farer
cc:
Matthew Scarlato
Jennifer L. Farer
J. Emmett Murphy
David A. Nasse
Jorge G. Tenreiro
SECURITIES AND EXCHANGE COMMISSION
2
Page 4 September 21, 2023 Farer Ltr. to BAM
ATTACHMENT A I. DOCUMENTS
1. Documents sufficient to identify all wallet custody software and related services provided
by any Binance entity including Ceffu and the identity of the corresponding entity or
individual providing such services.
2. Documents relating to Ceffu and any Binance Entity that provides wallet custody
software and related services to BAM and the Binance.US Platform, including documents
concerning the identification of Ceffu as a wallet custodian in policies and procedures
and to the SEC and auditors; any confusion and clarification about Ceffu’s and Binance
Holding’s role and provision of wallet software and other services; and the comparison of
the services and infrastructure Ceffu provides to that of provided to BAM for purposes of
evaluating security reports, practices, and controls.
3. All board minutes and resolutions relating to the purpose of the note $250 million
promissory note between Zhao and BAM, BAM’s review and approval of the note, and
any priority rights that would encumber Customer Assets.
A. For the time period January 2023 to Present
4.
5. Big Data Team’s Daily reconciliation reports for deposit wallets, cold wallets, hot wallets
and staking wallets, including “Block Chain Reconciliation Diff Report.” (Zhang 62-64)
6. All records of Zhang transfer and whitelisting requests, including requests he initiates to
shard holders. (Zhang 113-115, 123-124, 143)
7. SOC2, ISO, and other reports and questionnaires relating to the security and controls of
third-party custody or wallet software providers including BitGo, Aegis, BHL, CEFFU,
Block Technologies, and any other Binance Entity. (Kellogg 110-113, 334).
8. All documents related to Ceffu, BHL wallet software or custody, security reports, and
any wallet custody questionnaires, including cybersecurity due diligence questionnaires.
(Kellogg 67-68, 77, 90-91, 301, 303-304, 319, 332, 335)
9. Technical documentation concerning the architecture, infrastructure, systems, user
applications, software, and protocols relating to clearing; custody and control of the
wallets and private keys wallet; and whitelisting implementation, including:
a. Diagrams of the infrastructure and relevant systems, how systems talk to each
other, and flow of funds and assets and related data, including those provided to
third parties. (Kellogg 281, 292-293)
eposition.
b. Diagram and other documents referenced in Exhibit 18 to
05:32-5:33)
Attachment A incorporates by reference, as if fully set forth herein, definitions provided in the
Consent Order wherever defined terms from the Consent Order are used. Deposition transcript
citations are representative and do not reflect all references to the identified documents.
1
Page 5 September 21, 2023 Farer Ltr. to BAM
c. Technical documentation regarding BAM’s wallet whitelisting implementation, as
described in section 4.7 of the Binance.US Digital Asset & Custody Operations
Policy, including overall system architecture, user applications involved in
requesting and confirming changes to the whitelist (including, but not limited to,
web and/or mobile applications), and any supporting backend infrastructure.
10. Documentation concerning controls, access to, and activity involving the architecture,
infrastructure, systems, user applications, software, and protocols relating to clearing;
custody and control of the wallets and private keys wallet; and whitelisting
implementation, including:
a. Forms and documents authorizing access to AWS, documentation of access
controls, and logs for the AWS environment that show history of rights and
access, and root and admin account holders, rights, and activity. (Kellogg 121,
125;
5:59-6:00).
b. Risk registry relating to control and access to PNK. (Kellogg 136, 208).
c. All logs identifying individuals’ rights to PNK and access, admin, and activity
logs (including setting thresholds) for PNK, including documents sufficient to
confirm historical access and that changes were made to remove all access and
rights of personnel of any Binance Entity. (Kellogg 138-142; 154-155; 202-203;
11:35 – 11:37 AM)
d. Access and activity logs and reports for TSS portal. (Kellogg 244; Zhang 119123, 133)
e. Access and activity logs and reports for BitGo and Aegis. (Kellogg 278, 280)
10:34:35 AM-10:36AM (Audit
f. Quarterly access reviews for systems. (
Plan), 11:30-11:34 AM (PNK), 3:59-4:00 PM (Logistical access change
management))
g. Key shard processes and use of key shards, including historical records, audit logs
identifying internal requests to transfer Customer Assets, source and destination
wallet addresses, and which key shard holders participated in approving and
signing the associated blockchain transaction.
11. Documents related to “custody oversight team.” (Kellogg 240, 252)
12. Policies, procedures, logs, technical documentation, and documents concerning validation
relating to the generation, transfer, revocation, decommissioning of keys or key shards
used to control wallets holding company or Customer Assets, and monitoring of certain
control activities. (Kellogg 328-29)
13. Policies and procedures for current shard holders regarding custody and control of the
shard. (Kellogg 250)
14. Document or Procedures concerning controls in place for private keys, including “Private
key authorization methodology” maintained by operations team. (Kellogg 297-299)
15. Documents related to staking and internal staking ledgers, including documents related to
any Binance Entity’s involvement in staking. (Kellogg 169, 191, 194-196)
16. Documents or logs reflecting security testing of BAM systems and platforms, including
PNK, TSS, shard activity, and whitelisting process. (Kellogg 57, 86)
2
Page 6 September 21, 2023 Farer Ltr. to BAM
17. Clearing team and Treasury team spreadsheets monitoring approvals and intraday
activity. (Kellogg 210-211, 268)
18. Documents related to Approval Max evidencing approval chain for asset disposition.
(Kellogg 210-211)
19. Documents sufficient to identify Boran’s ownership, relationship to the Binance Entities,
relationship with and services provided to BAM, and any compensation for such
relationship and services provided. (Kellogg 228-232)
20. Any data collected or produced in connection with “packet capture” or any other network
capture exercises involving Binance.US and the BHL environment. (Kellogg 78, 79, 203,
282)
21. List of Binance Entities considered for purposes of the Consent Order. (Kellogg 214-216)
22. Policy governing shard process and the approval process.
01:20:08 -01:21:11)
23. Any notes of meetings with FGMK relating to security, custody, and control of assets and
reconciliation of assets.
05:19:13PM; see Fernandez Exs. 7-9, 11, 19, 20)
24. Reports on cash reconciliation and customer liability for fiat and crypto
05:23:47PM; 5:31-5:32 PM)
5:54:40)
25. Key Control Matrix.
55:26)
26. Memo from
listing related parties.
27. Documents BAM provided to FGMK referenced in FGMK_SEC_029026.
28. Reports from Lukka about the reconciliation of crypto balances.
6:07:22PM)
29. Board materials, including invitations, agendas, meeting minutes, meeting materials,
resolutions, and documentation of any other Board action, and all communications
regarding same, concerning compliance with the Consent Order and possession, custody,
control, transfer, security, segregation, availability, and any encumbrances for company
and Customer Assets, and sufficiency of assets to satisfy Customer liabilities.
30. Data and logs concerning use and the source code, for the TSS portal and mobile
applications, including that which is depicted in BAM_SEC_LIT00005028BAM_SEC_LIT00005035.
31. Source code for server-side components involved in the transaction signing process for
cold storage wallets.
32. Data generated by or logs associated with the “Shadowrocket” application in connection
with the Key Shard devices, TSS protocol (including TSS portal and application), or
other infrastructure associated with the TSS protocol and its implementation.
33. For each of the wallet and/or key management software, TSS protocol, TSS portal, PNK,
and any other software relating to clearing, custody, whitelisting, and control of company
or Customer Assets, provide the following:
a. Documents sufficient to identify all current and former code repository names,
descriptions, repository bundle, and platform, including but not limited to GitHub,
GitLab, AWS, self-hosted, etc.
b. Documents sufficient to identify all current and former root or administrative
account holders and their permission level(s) for the backend production systems,
including but not limited to the servers, databases, etc.
c. Documents sufficient to show when users accessed the backend production
systems, including but not limited to the servers, databases, etc.
3
Page 7 September 21, 2023 Farer Ltr. to BAM
d. Documents related to the release of and updates to software and corresponding
applications, including but not limited to Release Notes, Change Logs, Change
Requests, Technical Diagrams, etc.
e. Documents sufficient to identify all current and former code repository members
and their role permissions.
34. Documents sufficient to identify all current and former code platform (e.g., GitHub,
GitLab, AWS, self-hosted) organization users and their permission levels, including but
not limited to Owners, Members, Moderators, Billing Managers, and Security Managers.
35. All Documents related to changes in the PNK system configuration, including but not
limited to change requests, threshold configuration, and system documentation of all
updated parameters.
36. Forensic image of a key shard device or sufficient data or documentation to provide
assurance that the source code and test environment are representative of the operation of
a production key shard device.
37. Apple account information for the Apple ID associated with each key shard device,
including name of account holder, address, email address, payment information, and any
access or administrative rights to the device, software, or applications on the device.
38. Detailed monthly trial balances and general ledger account detail, including general
ledgers that track deposits, trading, transfers, and withdrawals through quarters end.
39. Monthly reconciliation demonstrating how corporate fiat and digital assets (on an
individual digital asset basis) reported in the trial balances/general ledgers tie to the
corporate wallet balances in the PNK system.
40. Monthly reconciliation demonstrating how customer fiat and digital assets reported in the
crypto wallets (e.g., customer deposit wallets, staking wallets, hot wallets, and cold
wallets) reconcile to the customer wallet or account balances in the PNK system.
B. For the time period June 2023 to present
41. Bank account opening documents for all new bank accounts or payment processors and
documents sufficient to identify: beneficial owners, signatories, and any other personnel
authorized to make transfers and withdrawals.
42. Monthly statements for all accounts holding company and/or Customer Assets
II. COMMUNICATIONS
1. Communications, including Telegram chats, regarding $250 Million loan. (Zhang 98100)
2. Communications concerning Ceffu and any Binance Entity that provides wallet custody
software and related services to BAM, including communications concerning the
identification of Ceffu as a wallet custodian in policies and procedures and to the SEC
and auditors; any confusion and clarification about Ceffu’s and Binance Holding’s role
and provision of wallet software and other services; and the comparison of the services
and infrastructure Ceffu provides and the services and infrastructure Ceffu or any
Binance Entity provides to BAM for purposes of evaluating security reports, practices,
and controls.
4
Page 8 September 21, 2023 Farer Ltr. to BAM
A. For the time period January 1, 2023 to Present
3. Slack or other communications with Big Data team. (Zhang 63-68)
4. Communications with Binance Holdings Wallet Team, including group Telegram chat
channel called “U.S. Wallet.” (Zhang 70-72; 78)
5. Communications and Wea chats related to the Sigma Chain transaction and related issues
about which Zhang testified during his deposition. (Zhang 86-88)
6. Communications relating to shard initiators, shard requests, and shard review and
approvals or denials, including communications on the Shard devices and with and
between Shard holders. (Zhang 119-123; Kellogg 258, 338-340;
7. All communications regarding transferring key shards from to Binance.US personnel in
U.S. (Zhang 134-135;
01:39; Kellogg 340-342)
8. Communication about access to TSS system. (Zhang 134-135)
transfer of her
9. Communications, including all Wea chats, concerning
control over staking ledgers to BAM (Zhang 136-138), adding another BAM initiators for
shard approval (Zhang 133), and transfer of shards (Zhang 120-21, 143).
10. Any and all Slack communications from Zhang relating to shard requests for approvals,
shard approvals and declinations, and shard app updates.
01:49-01-01:56; 2:10)
11. Communications with BHL regarding crypto asset wallet software, private keys, and the
possession, custody, control, transfer, withdrawal, security, segregation, availability, and
encumbrances of company or Customer Assets. (Kellogg 312)
12. Communications with BHL regarding safety and security of Customer Assets.
13. Communications related to responses to the due diligence questionnaire, including
communications through WHISTIC platform. (Kellogg 77; 91; 319; 334-35)
14. Slack communications related to access permissions and authorizations. (Kellogg 152)
15. Slack or other communications related to security, wallet custody, MBX, and PNK
permission changes. (Kellogg 311-312; 145)
16. Communications with
at BHL concerning possession, security, custody,
control, segregation, transfer, availability, encumbrances, and/or withdrawal of company
or Customer Assets and related systems and software. (Kellogg 68, 303, 306, 320).
17. Communications with BHL about SOC or other security reports and custody
questionnaire, including requests, provision of reports and information, and discussion of
such reports. (Kellogg 304, 315)
18. Communications with or about
concerning possession, security, custody,
control, segregation, transfer, encumbrances, and/or withdrawal of company or Customer
Assets and related systems and software, including, but not limited to, clearing, TSS
protocol, TSS portal, key shards, and associated devices and software. (Kellogg 339-344,
Zhang 133-140).
19. Communications related to “custody oversight team,” including communications relating
to regrouping. (Kellogg 240, 252; BAM_SEC_LIT_00005034)
5
Space
Issues Laws Cases Pro Articles Firms Entities
Issues Laws Cases Pro Articles Firms Entities
 
PlainSite
Sign Up
Need Password Help?