Digital Asset Regulatory Authority

Join DARA

Regulatory Compliance & Growth in the U.S.A & Abroad

DARA

Digital Asset Regulatory Authority

A Self Regulated Organization

Presented By:

DARA U.S & DARA International

Blockchain Legal Institute Foundation

Digital Asset & Tech News From Around The USA

  • Follow DARA on LinkedIn for News Posts
  • Events To Follow: DARA Summit & BLI Global Summit
  • Artificial Intelligence Updates
  • Special Guest: Matt Tatem
  • Future Scheduled Guests: Merkle Science, Chainlink Labs
  • Next Steps

2nd Annual DARA Summit

www.dara.foundation

Blockchain Legal Institute Global Summit

www.bli.tools

Artificial Intelligence

In September, twenty-one bills sent to governors in the following states and are awaiting executive action: CA (15), ME, NY (4), WI.

Artificial Intelligence Updates

CaliforniaOn September 29, Governor Gavin Newsom (D) signed into law Senate Bill 53, the Transparency in Frontier Artificial Intelligence Act (TFAIA), authored by Senator Scott Wiener (D). 

This law establishes new requirements for frontier AI developers requiring them to publish a framework on their website describing how the company has incorporated national standards, international standards, and industry-consensus best practices into their frontier AI framework. 

The bill establishes a new consortium, called CalCompute, within the Government Operations Agency to develop a framework for creating a public computing cluster. This consortium will advance the development and deployment of artificial intelligence that is safe, ethical, equitable, and sustainable by fostering research and innovation. The bill also creates a new mechanism for frontier AI companies and the public to report potential critical safety incidents to California’s Office of Emergency Services. 

OhioHB 469 was referred to the House Committee on Technology and Innovation on October 1.

This measure determines that AI systems are nonsentient entities for all purposes under the law, and no AI system can be granted the status of a person or any form of legal personhood, or be considered to possess consciousness, self-awareness, or similar traits of living beings.

The Attorneys General of California and Delaware have opened investigations regarding the use of OpenAI chatbots by children, accusing the company of not protecting them from harm. 

A letter was issued by both AGs on September 5 which cited a recent meeting with senior members of the company to discuss dangerous interactions between AI products and users, particularly minors. The letter cited safety as a non-negotiable priority and noted the requested additional safety precautions and governance that need to be prioritized and immediate remedial measures taken. The company has its headquarters in California and is incorporated in Delaware. The planned corporate restructuring may be impacted by these actions. The letter follows on another issued to tech companies by 44 Attorneys General on August 25.

Five bills have been sent to governors in the following states and are awaiting executive action: ME, NY (4).

On September 2, North Carolina Governor Josh Stein (D) announced an Executive Order on AI to ensure the state’s leadership in AI literacy, governance, and deployment. The order establishes an AI Leadership Council, an AI Accelerator within the North Carolina Department of Information Technology (NCDIT), and AI Oversight Teams within each state agency. The council will be chaired by Secretary of Information Technology Teena Piccione and Secretary of Commerce Lee Lilley. The council will provide its recommendations on a state AI literacy strategy to the accelerator, which will coordinate with stakeholders to develop and disseminate AI literacy trainings that are understandable by and accessible to the general public.

Ohio’s HB 96 was enacted earlier this year and requires AI policies in public schools. The Department of Education and Workforce (DEW) is compiling a model policy by the end of the year and school districts will have until July 1, 2026 to adopt their own policy. This is reported to be the first measure requiring such policies be adopted, rather than issuing guidance, according to EdWeek. Last year, a coalition of businesses, nonprofit organizations and educators issued a report which recommended establishing a policy governing the use of AI in schools and the provision of AI resources and best practices for school districts.

At a meeting of the Legislative Oversight Committee, South Carolina state legislators reportedly urged the Department of Education to adapt to rapidly changing technology and implement cybersecurity protections. The agency is partnering with U.S. Digital Response to develop a 12 week framework to review state systems, recommend policies, and train employees on AI.

Chief Justice John Kittredge will continue to abide by an interim AI policy “due to the increasing use of artificial intelligence systems in legal research,” he told the SC Daily Gazette in a statement on September 3. The policy was initially introduced in March and a news alert was issued in August. The policy prohibits judges and branch employees from using AI without the express approval of the state Supreme Court or Court Administration. 

The Brookings Institution recently published a review of state AI legislation, finding bipartisan and other approaches, major category themes, and efforts to protect citizens. A prior analysis examined hundreds of federal contracts, overwhelmingly for the Department of Defense. An international study included the ranking of over 50 countries based on the number of AI policies and strategies.

Special Guest Speakers

Matt Tatem

Topics:

TATEM CYBERSECURITY Tatem Cybersecurity works for The State Attorney 19th Judicial Circuit in South Florida (Martin, Okeechobee, and Indian River Counties). Website: https://sao19.org. We manage their online website presence and security, hosting on PCI-Compliant servers and monitoring for suspicious activity. We are CJIS Level 4 Certified and can assist with your website or cybersecurity compliance. Businesses Website: www.tatemcybersecurity.com   772-224-8118
  • Core Cybersecurity Services
    • Managed Cybersecurity Services – 24/7 protection, monitoring, and response.
    • Penetration Testing & Vulnerability Assessments – identify and remediate weaknesses.
    • Email Security & Phishing Defense – protection from spoofing, ransomware, and data loss.
    • Endpoint & Network Protection – antivirus, firewall, and intrusion prevention.
    • Cloud Security Management – AWS, Azure, and Office 365 configuration & monitoring.
    • Security Operations Center (SOC) – continuous threat detection and response.
    • Virtual CISO (vCISO) – executive-level strategy, governance, and reporting.
    • Digital Forensics & Incident Response – rapid breach containment and investigation.
  • Compliance & Risk Management
    • CMMC Level 1 & 2 Consulting – defense contractor readiness.
    • HIPAA Compliance – protect patient data and meet regulatory standards.
    • SOC 2 Audits & Readiness – demonstrate trust, security, and integrity.
    • Employee Cyber Risk Assessments & Training – human-factor defense programs.
    • Audit Support & Documentation – ensure full compliance reporting.
    • 25+ years of IT & Cybersecurity experience.

WHY CRYPTOCURRENCY BRIDGES ARE A WEAK POINT FOR HACKERS

Understanding Cross-Chain Vulnerabilities and Attack Vectors

What Are Blockchain Bridges? Blockchain bridges allow digital assets and data to move between different blockchains—for example, transferring tokens from Ethereum to Solana. These bridges are essential for multi-chain interoperability, but they introduce complex smart contract logic and cross-chain dependencies that expand the attack surface.

Why Bridges Are a Prime Target

  1. Smart Contract Complexity – Bridges rely on complex smart contracts that validate and lock tokens on one chain while minting equivalents on another. Bugs in this code can lead to catastrophic losses.
  2. Centralized Validators or Oracles – Many bridges depend on a small set of validators or oracles to confirm cross-chain transactions. If compromised, attackers can forge transfers or drain funds.
  3.  Insufficient Audits & Oversight– Bridges often operate as startups or DeFi projects with limited security budgets. Weak audits or rushed code releases lead to exploitable vulnerabilities.
  4.  Cross-Chain Message Risks – Communication between chains can be manipulated. Replay attacks, message spoofing, or signature forgery can trick systems into issuing unauthorized transactions.
  5.  Liquidity Honey Pots– Bridges hold massive token reserves to maintain liquidity—making them high-value targets for hackers seeking large payouts.
Notable Bridge Exploits
  • Ronin Bridge (2022) – $625M stolen due to compromised validator keys.
  • Wormhole Bridge (2022)– $320M lost from a smart contract exploit.
  • Nomad Bridge (2022)– $190M drained via a copycat attack exploiting a code update.
  • Harmony Horizon Bridge (2022) – $100M stolen from compromised private keys.
How to Strengthen Bridge Security
  • Implement multi-signature validation or threshold cryptography to decentralize trust.
  • Conduct frequent, independent smart contract audits.
  • Use real-time monitoring and anomaly detection for cross-chain events.
  • Employ zero-knowledge proofs (ZKPs) for transaction verification.
  • Maintain segmented liquidity pools to limit loss exposure.
  • Mandate cyber incident response plans for bridge operators.

Bridges are vital for Web3’s future — but their complexity and liquidity concentration make them the weakest link in blockchain security.

Security Digest

September 2025 had many more major DeFi hacks than in previous months, with ten incidents with losses of over $1M and a total of about $111 million stolen. These attacks primarily involved compromised private keys, which attackers used to perform unauthorized minting of various tokens to make a profit.

Attack Spotlight

The biggest hack of September 2025 targeted SwissBorg, a Swiss wealth management platform, via a supply chain attack. Malicious logic was inserted into an unstaking transaction, which, when approved, granted control over the project’s staking account with Kiln. As a result, an estimated $41.5 million was stolen from the platform.

Qubic, a Layer-1 blockchain designed to implement Proof of Work (PoW) to complete useful tasks, applied its mining pool to mining Monero in an attempted 51% attack against the protocol. In August 2025, the attack allegedly succeeded, with the mining pool performing a six-block deep reorganization of the Monero ledger and orphaning around 60 blocks.The biggest hack of September 2025 targeted SwissBorg, a Swiss wealth management platform, via a supply chain attack. Malicious logic was inserted into an unstaking transaction, which, when approved, granted control over the project’s staking account with Kiln. As a result, an estimated $41.5 million was stolen from the platform.

Additional Resources

www.bli.tools

Visit BLI.TOOLS.

www.marylandblockchainassociation.org

Visit MARYLANDBLOCKCHAINASSOCIATION.ORG.

Contact the BLI Team for details on booking CLE classes.


    Inquire For DARA Membership