What Are The Biggest Crypto Heists And Exit Scams And How Much Was Stolen? (#GotBitcoin?)
As the appeal of cryptocurrency has grown, so has the opportunity for scammers to part naive investors from their money. 2020 has been no exception, with cryptocurrency and blockchain forensics company Ciphertrace dubbing it “the year of the exit scam.” What Are The Biggest Crypto Heists And How Much Was Stolen? (#GotBitcoin?)
Exit scams are not a new phenomenon, with a 2018 report conducted by Statis Group revealing over 80% of initial coin offerings (ICOs) in that year to have been fraudulent. Here, we explain exit scams and how to spot them, as well as a look at some of the biggest scams that have been discovered by various researchers.
What Are Exit Scams?
The premise of cryptocurrency is simple, a new ICO launches, claiming to offer lucrative returns for investors. Investors can’t believe their luck and clamor to buy in. The business runs for some time on the back of the invested capital, but, sooner or later, disaster strikes and the company shuts down, often with no explanation.
After a while, it becomes obvious that the company is gone for good, along with the invested funds. The poisoned chalice of crypto’s decentralized nature often means that investors are left in the dark when trying to recoup or trace their pilfered funds.
How To Spot An Exit Scam
Many exit scams have tell-tale signs that investors should look out for. The financial content site Investopedia has a handy list of key characteristics.
First, exit scams often have inconsistent or misleading information about the team behind the project. When scouting potential investment opportunities, investors should scour for information on key members of any ICO.
It’s important to remember that online credibility can be faked by purchasing likes, profiles and followers on social media. Celebrity endorsements with verified accounts could also ring alarm bells for investors. A fake Twitter account purporting to be Elon Musk, with a supposedly verified twitter account, raised over $155,000 as part of a 2018 Bitcoin scam.
Investors should verify the credentials of backers, team leaders and promoters of cryptocurrency projects. Although individuals may seem to be legitimate at first glance, brand new social media profiles and few followers or connections should raise eyebrows.
The most significant characteristic unifying exit scams in cryptocurrency is the promise of a huge return on investment (ROI) — chances are that it’s probably too good to be true.
Investors should always look through even the smallest details of what they are required to invest and what the company purports to be able to give back to them.
ICOs usually come with a white paper, setting out the design details of the project along with a business plan and other information. Investors should pursue all available information for ICOs, as any vagueness in the white papers should signal a big red flag.
When investing in an ICO, it’s vital to get an understanding of the business model. Investopdia writes that anything powered by concept alone should be a warning to anyone tempted to buy in. Although cryptocurrency projects can and do launch off the back of technological advances, investors should be wary of projects looking to gather millions of dollars before taking a sober look at the project’s ability to return the investment from the published information.
Heavy promotion of an upcoming ICO can also be a sign of an exit scam. Past scams have employed bloggers to promote via numerous forums. Ads both online and in print media could also be suspicious.
$2.9 Billion Plustoken Scam Could Be Largest Exit Scam Ever
A 2019 report shared with Cointelegraph by the cryptocurrency and blockchain forensics company Ciphertrace dubbed 2019 the year of the exit scam and highlighted the billions of dollars stolen in multiple scams this year alone.
The report shines a light on what, if confirmed, could be the biggest crypto scam ever, with an estimated loss of around $2.9 billion after Chinese police uncovered an alleged Ponzi scheme involving the South Korean wallet provider and exchange PlusToken. Although more is being uncovered about PlusToken, mystery still surrounds the key events.
Ciphertrace reports that the platform has enshrouded several Chinese nationals, the government of Vanuatu, the Chinese police and the company’s co-founders — a South Korean man operating under the alias of “Kim Jung Un” and a Russian known only as “Leo.” The alleged PlusToken scam centers around an app with which the wallet provider claimed investors could invest in PlusToken (PLUS).
According to the report, the firm claimed that the token, based on the Ethereum blockchain, was developed by a major technology company. PlusToken is also said to have falsely stated that it could deliver wallet holders an ROI of between 8% and 16% per month, with a minimum deposit of $500 in crypto assets.
Ciphertrace also reported that no verifiable source of revenue existed other than the proceeds from new membership. Those were onboarded per the traditional method of a Ponzi scheme, which require a constant stream of new investment in order to support its semblance of growth.
Investors were incentivized to recommend new users with an invitation, which was the only way to join.
Although this was enough for some members to dismiss the legitimacy of the project outright, Leo, the company’s co-founder, published a press release that claimed he had met with Prince Charles, the future head of the English royal family, providing photos as proof. Ciphertrust reported that it had contacted the Prince Charles Foundation, which confirmed that Leo had indeed attended the event, but would not provide other information about the individual due to European Union General Data Protection Regulation, or GDPR.
PlusToken’s fate was seemingly sealed on June 28, after members of the Chinese police touched down in Vanuatu, detained six people involved with the project and extradited them back to mainland China. Ciphertrace reported that the so-called “PlusToken Six” were either Vanuatu citizens or applying for citizenship at the time of their arrest.
Soon after, PlusToken members found that they were unable to withdraw funds from their accounts. Customers were informed that withdrawals via the app were frozen due to “technical difficulties.” By June 20, the PlusToken app had ceased operations due to purported system maintenance.
For investors, there seems to be no secure lead on the final resting place of the allegedly billions of dollars of stolen funds. The Chinese government has yet to comment. A July 12 post from PlusToken stated that the six Chinese individuals were simply service users and not actually involved with the running of the company itself, stating that users should ignore the rumors and not try to log in until they receive confirmation that the servers are back online.
PlusToken Scam Selling Could Dump BTC Price For the Next Two Months
This year has yielded significant price action for Bitcoin (BTC), both to the upside and to the downside. Bitcoin’s price recently fell to around $6,500 as selling pressure continues to plague the market.
Recent data from crypto-Twitter analyst Ergo shows such selling is possibly due to further liquidation of 200,000 BTC in funds from the alleged PlusToken ponzi scheme.
Ergo Said In A Tweetstorm:
“If my numbers are correct, the 200k BTC estimates reported earlier this year were correct, and market impacts will continue for some time.”
Back in August, Cointelegraph reported on some of the funds thought to be associated with the PlusToken operation — a total movement of 22,923 BTC on August 17.
The alleged PlusToken scam is said to be one of the most sizeable exit scams the crypto space has seen thus far, Cointelegraph said in a separate report.
Crypto researcher Ergo conducted fairly extensive research on the subject, looking at various wallets thought to be associated with the alleged scam. Confirming the amount of BTC funds the scam controls might give an idea of how many Bitcoin the PlusToken crew could dump (or have dumped) on the open crypto markets, possibly accounting for past and future price action.
The analyst noted 200,000 BTC as the commonly stated amount the alleged scam might have originally controlled, citing three specific wallet addresses thought to be part of the operation.
Linking to a past article on the subject, the analyst pointed toward PlusToken’s use of Wasabi Mixer, a method of mixing coins to make tracking them more difficult, as well as a method Ergo referred to as “self-shuffling.”
“My current totals are around 187,000 BTC. This analysis is not complete yet, but roughly confirms the previous 200,000 BTC estimates.”
That tweet includes a helpful chart breaking down the numbers. Following the trail, Ergo concluded that 1,100 BTC have likely been sold each day so far in November.
“Assuming all of the mixed coins (129,000 BTC) accounted for so far have been sold over a period from early August through today will give an average of around 1,300 BTC sold per day,” the analyst said.
“Going forward we can use the daily sell estimates and the ~58,000 BTC unmixed total to estimate the duration of the remaining selling at between 1.5 and 2 months.”
But Bitcoin’s bearish pressure might instead be attributed to a lack of new retail money entering Bitcoin over the past two years, as stated by Tone Vays, or simply the ebbs and flows of the ever-volatile crypto market.
27 Key Execs At PlusToken Scam Are Reportedly Arrested
PlusToken, one of the greatest exit scams in history, defrauded investors of nearly $6 billion, according to latest reports.
The story of PlusToken, one of the largest scams in the cryptocurrency industry, takes another twist as dozens of major suspects have been arrested.
As many as 27 core PlusToken team members have been arrested by Chinese police, according to a July 30 report by local industry publication ChainNews.
According to the report, the total amount of investor losses in the PlusToken scam is estimated at 40 billion Chinese yuan or $5.7 billion.
The report also mentions that investigators have also arrested another 82 core members of the scheme.
Dovey Wan, founding partner of blockchain-based investment company Primitive Ventures, tweeted that the owner key is already burned so technically it will not be able to commit fraud.
She said, “I sincerely hope this attempt can be a good learning experience for the Chinese community to start an effective DAO [Decentralized Autonomous Organization], a bottom up governance, a real movement from the people that’s for the people.”
As reported, the PlusToken scheme has emerged as one of the largest scams in the history of crypto. The project was initially presented as a South Korea-based exchange offering high investor returns.
Eventually, the entire operation was exposed as a scam after several million participants found they were unable to withdraw their investment. As previously reported, the scam scheme was estimated to defraud investors of about $5 billion in total.
‘Anonymity Vouchers’ Could Bring Limited Privacy To CBDCs: ECB Report
The European Central Bank (ECB) is thinking through the logistics of a hypothetical central bank digital currency (CBDC).
Revealed Tuesday in an ECB report, Europe’s central bankers have developed an “anonymity voucher” to give prospective CBDC users limited privacy in their retail transactions.
The ECB’s “novel new concept” aims to bridge two clashing forces in the digitized payments landscape: Europeans’ desire for private transactions and regulators’ demand for anti-money-laundering (AML) enforcement.
“The ongoing digitalisation of the economy represents a major challenge for the payments ecosystem, requiring that a balance be struck between allowing a certain degree of privacy in electronic payments and ensuring compliance with regulations aimed at tackling money laundering and the financing of terrorism (AML/CFT regulations),” the report’s executive summary said.
The anonymity vouchers, issued to all account holders at a “regular interval” regardless of their account balances, could be redeemed on a one-to-one basis to shield their transactions, the report states.
Under the proposed system, if Alice wants to anonymously send CBDC tokens to Bob, Alice must hold the equivalent number of anonymity vouchers. The anonymized transactions would skip reviews from the ECB’s proposed AML Authority, the intermediary reviewing all transactions.
On April 9, 2018, two ICOs — iFan and Pincoin — operating under the umbrella of company Modern Tech based in Vietnam, went silent after reports outed them as scams that had scalped 32,000 investors out of an alleged $660 million in tokens, according to Tuoi Tre News.
Victims claim that the damages amount to roughly 15 trillion Vietnamese dong ($660 million) in token sales. Angered investors held a demonstration outside Modern Tech’s Ho Chi Minh City headquarters on April 8.
One of the initial characteristics that could have alarmed investors was the fact that Pincoin offered service users bonuses for successfully bringing other people on board. Pincoin did initially pay out cash until January 2018, when the company switched to iFan tokens, TechCrunch reported.
The owner of Modern Tech’s office building said that the company left its offices in March and that no one knew their current whereabouts. The firm left behind only an incomplete website that is now inactive. Modern Tech initially tried to pass itself off as a mere representative of both coins in Vietnam, prior to media reports confirming that seven of its Vietnamese executives were in fact behind the projects.
TechCrunch reported that the ambiguous mission statement from the then-functional site is typical of the vague and jargon-filled copy used by exit scammers:
“The PIN Project is about building an online collaborative consumption platform for global community, base on principles of Sharing Economy, Blockchain Technology, and Crypto Currency”
Financial scam directory Behindmlm released a report in February 2018 that found its buy-in method was typical of an ROI Ponzi scheme. Pincoin’s website is currently down, though iFan’s is still online.
QuadrigaCX — Regulators Catch On
The death of 30-year old Gerald Cotten shook the crypto world — not only because Cotten was the co-founder and CEO of Canada’s largest cryptocurrency exchange, QuadrigaCX, but also because his control of the passwords and keys to accounts rendered all the assets on the exchange forever inaccessible after his death. Cotten took over $195 million of stolen cryptocurrency with him to the grave.
Commenting on the May 9 Ernst & Young report, Ciphertrace said Cotten had played fast and loose with customer funds for many years in order to support a lavish lifestyle for both himself and his wife. Cotten allegedly exercised complete control over the exchange and used his position to perform “unsupported deposits” — i.e., fabricated transactions not represented by either fiat or cryptocurrency.
Cotten also used significant volumes of customers’ cryptocurrency via transfers from the platform into other exchanges he controlled. As per the EY report, Cotten shifted significant amounts of fiat and cryptocurrency between alias accounts, although less than 1% of these transfers was supported by documentation. Ciphertrace notes that as the admin, Cotten was in a perfect position to hide his fraudulent activities.
In a pattern that may now seem familiar, Cotten used customer funds to pay for QuadrigaCX operating costs after the company suffered liquidity issues due to his reported fraudulent use of user deposits. As QuadrigaCX began to struggle to stay afloat, EY reported that Cotten gambled customer funds in off-platform margin accounts to meet margin calls.
The report also states that Cotten traded unsupported deposits for legitimate funds thereby generating artificial trading markets, abused his position to override Know Your Customer requirements and hoarded all passwords:
“The Monitor understands passwords were held by a single individual, Mr. Cotten and it appears that Quadriga failed to ensure adequate safeguard procedures were in place to transfer passwords and other critical operating data to other Quadriga representatives should a critical event materialize (such as the death of key management personnel).”
As of April 12, EY estimated that Quadriga held around $20.8 million in assets and around $160 million in liabilities. The debts and assets are spread over three subsidiary companies, 0984750 B.C. LTD. (the “Quadriga Estate”), Quadriga Fintech Solutions and Whiteside Capital Corporation. On July 31, the Supreme Court of Nova Scotia approved over $1.6 million in fees for parties seeking remuneration from the exchange, according to court documents seen by Cointelegraph.
CFTC Action Launched After $147 Million BTC Scheme
On June 18, 2019, the United States Commodity Futures Trading Commission (CFTC) initiated a civil enforcement action against now-defunct Control-Finance Limited for a scheme involving $147 million worth in Bitcoin.
It is alleged that Control-Finance Ltd. defrauded over 1,000 investors by laundering around 22,858 Bitcoin. In mid-September 2017, its website was abruptly taken offline, payments to clients were suspended and advertising content from social media accounts was deleted.
The firm initially said that it would reimburse customers by late 2017. However, the company allegedly began transferring laundered Bitcoin by using the crypto wallet service CoinPayments. According to Ciphertrace’s Q2 2019 Anti-Money Laundering (AML) report, the CFTC complaint charges the company and its founder Benjamin Reynolds with:
“Exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22,858.22 Bitcoin from more than 1,000 customers through a classic high-yield investment (HYIP) Ponzi scheme called the Control-Finance Affiliate Program.”
Per the CFTC, the company claimed that investors who buy Bitcoin through the firm would be guaranteed daily profits thanks to their team of expert cryptocurrency traders. The complaint also stated that the firm falsely claimed market volatility would ensure funds invested through Control-Finance would result in profit.
The CFTC also alleged that Control-Finance misleadingly promised that it could earn customers a 1.5% ROI daily and 45% monthly. Control-Finance is also reported to have sent partial amounts of new clients’ BTC deposits to other customers, which were disguised as profit from trading, a tactic typical of Ponzi schemes. The legal action seeking civil monetary penalties and permanent trading bans continues.
Co-Owner Of Bitmarket Found Shot Dead After Alleged Exit Scam
On July 8, the Poland-based exchange Bitmarket shut down, citing liquidity issues. According to Ciphertrace’s Q2 2019 AML report, the shutdown cost users around 2,300 Bitcoin, approximately $23 million. Users attempting to log on to the site were met with the following message:
“We regret to inform you that due to the loss of liquidity, since 08/07/2019, Bitmarket.pl/net was forced to cease its operations. We will inform you about further steps.”
Ciphertrace reports that Bitmarket had a history of partners pulling out. In 2015, the firm lost payment processors CashBill and BlueMedia after the companies’ banks requested they end their working relationship with Bitmarket. PKO Bank Polski, Bitmarket’s own bank, also terminated its relationship with the firm only six months after Bank BPH had done so earlier in 2015.
Bitmarket’s two founders, Marcin Aszkiełowicz and Tobiasz Niemiro, have contradicting accounts about the misplaced user funds. Aszkiełowicz claimed that the exchange had been hacked for 600 BTC in 2015, an incident from which the company was unable to recover.
Niemiro, however, claimed that he was not responsible for activities on the exchange. Niemiro also purported to have been told that the company was purchased with a deficit of 600 BTC, which he allegedly repaid with his own money. Niemiro said he could not confirm that his partners had indeed used the money to purchase the 600 BTC.
Two weeks after the interview, Niemiro was found dead in a forest near his home with a gunshot wound to the head, which the police deemed to be self-inflicted. The District Attorney’s Office stated that it is not looking into the involvement of third parties in Niemiro’s death, but are still actively investigating the misappropriation of funds.
Binance: Funds ‘SAFU’ After Amazon Web Services Error Stops Withdrawals
Cryptocurrency exchange Binance has confirmed user funds are not at risk after a reported technical problem began affecting withdrawals.
According to CEO Changpeng Zhao, also known as CZ, the situation was being resolved on Aug. 23, while funds security was not compromised.
“Funds are #safu,” he wrote on Twitter, employing a now well-known catchphrase he had previously inadvertently created while confirming there was no danger to cryptocurrency holdings.
“Funds Are Safu” After AWS Error Busts Withdrawals
The issue, he explained, centered on Amazon Web Services (AWS). Problems with caching were producing error messages for a portion of Binance traders, with withdrawals also impacted.
“AWS is having an issue, mostly with caching services, affecting some users globally. We are working with them and monitoring the situation closely,” CZ wrote, adding:
“It’s causing some 500 error messages on APIs and affecting some withdrawal processing.”
Binance Shrugs Off Alleged KYC Data Leak
Binance had just recovered from a publicity scare which involved a self-proclaimed hacker alleging he had access to users’ Know Your Customer, or KYC, data.
Prior to that, a hack saw funds worth $41 million leave the platform due to a security issue — something which sparked a weeklong maintenance shutdown and payouts to affected users.
This week, Binance announced it was working on a new cryptocurrency project, Venus, as an answer to Facebook’s controversial Libra digital currency.
Crypto Exchange Upbit Confirms Theft of 342,000 Ether — $50M
Major South Korean cryptocurrency exchange — run by a subsidiary of Korean tech giant Kakao — has notified users of the theft of 342,000 Ether (ETH) from its hot wallet.
The incident was confirmed in an official statement written by Lee Seok-woo, the CEO of Upbit’s operator, Dunamu, on Nov. 27.
Upbit will use corporate funds to protect user assets
In His Statement, Lee Seok-Woo Revealed That:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
Apologizing to users for any “inconvenience” caused, the CEO outlined measures by the exchange taken after it detected the incident while stopping short of calling it a “hack.”
The exchange has pledged to protect user assets, stating that the 342,000 ETH (roughly $50 million by press time) will be covered by corporate assets. It has already moved all crypto assets held in its hot wallet to cold storage.
Deposits and withdrawals will take at least two weeks to resume, with Lee Seok-woo promising to inform users as soon as they reopen.
The CEO further indicated that all other recent large-scale transfers were not abnormal, but were related to the exchange moving assets between hot and storage facilities.
In March of this year, Upbit and local cybersecurity firm East Security alleged that a phishing scam targeting its users had been perpetrated by hackers from North Korea.
In January 2018, South Korea’s four largest crypto exchanges — Bithumb, Upbit, Coinone and Korbit — created a hotline for major exchanges to ensure suspicious transactions could be detected and frozen immediately after being disclosed.
Bithumb has to date suffered three major security breaches, most recently in March of this year.
Signs Point To Inside Job In Upbit Crypto Exchange Hack, Says Commentator
Following the theft of 342,000 Ether (ETH) ($50 million) from major South Korean crypto exchange Upbit, some commentators have suggested that the hack was actually an inside job.
As Cointelegraph contributor Joseph Young tweeted on Nov. 27:
“The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
Hacker’s Timing Was Advantageous
As Cointelegraph reported, the incident was confirmed in an official statement published earlier today, which read:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
In its statement, the exchange emphasized that it deemed the 342,000 ETH transaction to be the only irregular transaction on the ledger, alluding to a number of other large-scale transfers that it said were related to the exchange moving assets between hot and cold storage wallets.
As data published by large-scale crypto transaction tracker Whale Alert has revealed, the 342,000 ETH transaction was followed by a series of major transfers of Tron (TRX) and BitTorrent (BTT) tokens.
While the ETH, TRX and BTT transactions were transferred to an unknown wallet, subsequent Stellar (XLM), OMG and EOS transfers were made from Upbit to crypto exchange Bittrex.
aking Upbit’s statement about cold storage transfers at face value, Young has argued for the strong possibility than an exchange employee took advantage of the timing of the storage transfers to perpetrate the theft.
Upbit today pledged to cover all user assets with corporate funds and exchange deposits and withdrawals will reportedly take at least two weeks to resume.
Markets React To Exchange Hack
Cryptocurrency markets have seemingly reacted to news of the incident, with Bitcoin (BTC) falling below $7,000 once again in an already fragile market climate.
Binance CEO Changpeng Zhao has tweeted that the exchange will “work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”
As Cointelegraph previously reported, the theft of 14 billion won ($13 million) in cryptocurrency from major South Korean cryptocurrency exchange Bithumb was believed by executives to be the work of an insider.
Upbit Promises Swift Reimbursement, Theories Over Missing Funds Swell
On Nov. 27, major South Korean cryptocurrency exchange Upbit announced that 342,000 Ether (ETH), accounting for roughly $50 million, were stolen from its hot wallet earlier that day. Details remain vague, and some users are suggesting an inside job, although experts are skeptical of the theory after analyzing the incident.
The platform’s operator has promised to compensate all stolen funds shortly. UpBit is the second “Big Four” exchange in the country to experience a major security breach this year.
Upbit is one of the largest cryptocurrency exchanges in South Korea (alongside Korbit, Bithumb and Coinone) and the only major domestic platform to post a profit in 2018. It was launched in October 2017 by Dunamu Inc. — a fintech firm backed by local internet giant Kakao — after it signed “an exclusive partnership agreement” with United States cryptocurrency exchange Bittrex.
As part of the collaboration, Upbit had a shared order book arrangement, with Bittrex orders visible in its bid windows. However, in September, the South Korean trading platform ostensibly broke off its partnership with Bittrex to reorganize its ETH, Bitcoin (BTC) and Tether (USDT) markets.
Upbit has been widely considered a safe and compliant exchange overall. Recently, it was put on par with industry juggernauts like Kraken and Coinbase as one of the space’s cleanest platforms in the Blockchain Transparency Institute’s latest market surveillance report, which verifies cryptocurrency exchange volumes.
Indeed, Upbit has seemingly put a lot of effort into security measures. Last year, it reportedly became the first crypto exchange to obtain an information security management system license from the Korea Internet and Security Agency.
Further, Upbit has been following guidelines set out by the intergovernmental Anti-Money Laundering-focused body, the Financial Action Task Force. Specifically, in September this year, Upbit ceased trading support for six cryptocurrencies, including some privacy coins.
Upbit is a member of the Korean Blockchain Association — a domestic alliance comprised of 14 crypto trading platforms — which published a self-regulatory framework for its members to boost trading transparency in April 2018. It contained five key requirements, including managing clients’ coins separately from their own, holding a minimum equity of 2 billion won ($1.8 million), and publishing regular audit and financial reports.
Finally, in January 2018, Upbit partook in creating a special hotline for domestic exchanges that aims to ensure suspicious transactions being detected and frozen immediately after disclosure.
The Attack And Upbit’s Initial Response
Upbit was relatively quick to confirm the loss. Around 3 p.m. local time, the first media reports surfaced, stating that the platform had halted all trading after a large amount of cryptocurrencies was withdrawn to an anonymous wallet.
On social media, users were already discussing a number of large-scale transactions from Upbit’s wallet that had been spotted by WhaleAlert, a service dedicated to tracking sizable cryptocurrency transactions.
There was a 342,000 ETH transaction to an unknown wallet, followed by 10 identical transactions totaling 100,000,000 TRX incoming from the exchange’s vault. At around 6 p.m. local time, Lee Sirgoo, the CEO of Upbit, published an official statement on the matter:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
Apologizing to users for any inconvenience caused, Lee Sirgoo outlined the measures taken by the exchange after it detected the incident. The exchange has pledged to protect user assets, stating that the 342,000 ETH (or roughly $50 million) will be covered using corporate assets.
It had already moved all crypto assets held in its hot wallet to cold storage by the time the announcement was published, the CEO stated. Some of the funds may have been moved to Bittrex’s wallets, as data provided by WhaleAlert suggests.
Deposits and withdrawals will take at least two weeks to resume, Sirgoo added, promising to inform users as soon as they reopen. The CEO also clarified that all other recent, large-scale transfers were not abnormal, but were related to the exchange moving assets between hot and cold storage facilities.
Inside Job? Some Experts Are Skeptical
Notably, Lee Sirgoo avoided using the word “hack” in his statement, which prompted some commentators on social media to suggest that the incident was actually an inside job. As Cointelegraph contributor Joseph Young tweeted:
“The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
However, Taylor Monahan, the founder and CEO of noncustodial wallet MyCrypto, analyzed the incident in detail by studying the nature of transactions and is hesitant to confirm the theory. “Anything is possible, of course,” she told Cointelegraph. “But a lot of people are jumping to conclusions without real supporting evidence.” Monahan then elaborated:
“The biggest thing that points to it not being an inside job is how the transactions were generated and signed. UPbit seems to follow a certain method with their programmatic transactions, and the ‘hack’ transaction in question used a different method. In addition, UPbit manually signed a transaction to secure their remaining ETH, after discovering the hack, and this too was generated differently than the ‘hack’ transaction.”
If it were an inside job or a breach of Upbit’s backend systems, it would align with the exchange’s typical behavior, she added, while the way that the ETH transaction was generated “points to someone who knows very little about the Ethereum network.”
Monahan also commended Upbit on how they have been handling the aftermath, but criticized the exchange’s languid use of cold storage, “If Upbit utilized cold storage more regularly and limited the value held by their hot wallet, the loss could have been minimized.”
Upbit Is Collaborating With KISA And Police
Upbit’s CEO Lee Sirgoo Told Cointelegraph That They Are Currently Cooperating With Kisa And The National Police Agency Cyber Bureau On The Matter:
“We will be able to provide you with more information once the investigation is complete.”
Nevertheless, Sirgoo was able to answer some specific questions through email upon request by Cointelegraph. For instance, he confirmed that the exchange has contacted all major trading platforms and asked to blacklist the attacker’s wallet address, and that the cryptocurrency community “has been extremely cooperative.”
In addition, he confirmed that Dunamu and Upbit have enough funds to reimburse the lost amount. “It should be completed shortly,” Sirgoo told Cointelegraph.
Exchanges Continue To Get Hacked In 2019
2019 has witnessed a number of high-profile crypto exchange hacks, including the $42 million Binance security breach, $19 million Bithumb heist and $28 Million Bitpoint break-in, which confirms that security is still an industry-wide problem. So what could finally stop centralized exchanges from getting hacked?
Hartej Sawhney, co-founder and CEO at Zokyo cybersecurity agency, suggests that compliance standards could improve the situation. “Centralized crypto exchanges are web services, not that different from an online banking applications,” Sawhney told Cointelegraph, continuing:
“Most companies respect security either because of regulation or they already faced a security breach. The cryptocurrency industry could benefit from compliance standards such as PCI-DSS or HIPAA.”
Further, Sawhney listed a number of concrete measures that exchanges should follow to achieve higher security, including establishment of adequate infrastructure, processes, tools, security testing and education on how to avoid cyber attacks, adding that, “Regular third-party offensive security testing needs to become standard and transparent.”
Upbit has promised to keep Cointelegraph updated once it have more information. KISA has not returned Cointelegraph’s request for comment.
Crypto Exchange UpBit’s Operator Launches Custody Service With Ledger
DXM, a financial services subsidiary of South Korean fintech firm Dunamu, has worked with crypto cybersecurity firm Ledger to launch an institutional crypto asset custody service.
The Partnership And The New Custodian
Industry news outlet TheBlock reported on Dec. 4 that DXM plans to launch the custodian under the name Upbit Safe and that Ledger Vault, Ledger’s custody arm, will support the initiative with its technology. Upbit safe will reportedly use Ledger’s hardware security technology to make trading more efficient and safer for its institutional clients.
Ledger’s Head of Asia-Pacific region Glenn Woo explained that Ledger Vault offers solutions that allow institutions to customize their custody rules to better fit their needs. DXM Chief Strategy Officer Eric Yoo told the outlet that the firm plans to target UpBit’s customers first. Yoo explained the new enterprise’s outlook:
“We are a subsidiary of the largest exchange in Korea and have an advantage over our peers given that we already have a lot of assets we can bring into our custody. […] The combination of the Upbit brand, Ledger Vault’s security technology, and DXM’s own technology will give DXM an edge in the Korean market.”
Lack Of Regulation Hinders Crypto Growth
Still, Yoo admitted that institutional participation in the crypto space in South Korea is largely hampered by unclear regulation. Still, he believes that clarity should improve as soon as next year, bringing new money to the local crypto industry:
“The biggest regulatory risk in Korea is uncertainty and lack of regulations. […] It’s quite a wild wild west out there. […] Once regulations become clearer, it’d be easier for us to engage with institutional money and not take the risks from uncertainties.”
Woo also explained that Ledger Vault is still a new service in the space and is still trying to penetrate the market. He hopes that with his company’s help, DXM will be able to help his firm scale its operations:
“DMX has a reputation of being very secure… With the track record that they have in Korea, they can definitely help us scale.”
The number of custody services aiming to secure the crypto assets of institutions is steadily increasing as regulation is making the space more suitable for institutional investors. One of the last examples is the custody feature launched by institutional Bitcoin (BTC) trading platform Bakkt for its entire client base after obtaining regulatory approval in the first half of November.
US SEC Charges Shopin Founder With Orchestrating Fraudulent $42 Million ICO
The United States Securities and Exchange Commission (SEC) has charged Eran Eyal, the founder Shopin, with orchestrating a fraudulent initial coin offering (ICO).
In a press release on Dec. 11, the SEC alleged that the businessman and his company defrauded hundreds of investors in an ICO that raised more than $42 million from August 2017 to April 2018. According to the SEC, Shopin’s actions constituted an unregistered securities offering of Shopin Tokens.
Eyal told investors he would use the funds from the token sale to create blockchain-based shopper profiles. These profiles would then track customer purchase histories across online retailers and recommend products based on this information. However, Eyal never created a functional platform. Marc P. Berger, Director of the SEC’s New York Regional Office said:
“As alleged in today’s action, the SEC seeks to hold Eyal and Shopin responsible for scamming innocent investors with false claims about relationships and contracts they had secured in support of a blockchain-based universal shopper profile […] Retail investors considering an investment in a digital asset that meets the definition of a security must be afforded the same truthful disclosures as in any traditional securities offering.”
Furthermore, Eyal allegedly lied about having forged partnerships with established retail outlets when in fact no such partnerships existed.
The SEC also claims that Eyal misappropriated investor funds to pay for personal expenses. From the SEC complaint:
“Eyal used over $500,000 of investor funds for expenses such as his rent, retail shopping, entertainment, tickets to philanthropic events, and a dating service, but omitted to disclose to investors that he would use any proceeds for his own benefit.”
The commission has charged Eyal and Shopin with violating the anti-fraud and registration provisions of the federal securities laws, and is seeking injunctive relief, disgorgement with prejudgment interest and civil money penalties. The SEC also seeks a bar against Eyal and Shopin prohibiting them from participating in any future securitized token offerings.
Eyal had previously been charged with defrauding investors for $600,000 by misrepresenting the staff and clients of his previous startup, Springleap.
VeChain Loses $6.6M In VET Tokens To Hacker In Attack On Buyback Wallet
VeChain Foundation’s wallet has been compromised in a hacker attack targeting funds earmarked for the foundation’s buyback program.
Per a VeChain Foundation announcement on Dec. 13, an unknown hacker has redirected 1.1 billion VET tokens — valued at approximately $6,600,000 at press time — from the VeChain Foundation’s buyback wallet to a personal wallet address.
Security Breach Is Likely A Result Of Internal Misconduct Unnoticed Due To Human Error
In the initial update on the incident, VeChain Foundation noted that the hack is in “no way related” to the operations of the actual standard procedure or VeChain’s hardware wallet solutions.
A member of Cointelegraph Consulting also indicated that VeChain enterprise products will not be affected.
According to the statement, the VeChain’s security breach was likely due to misconduct of one of its staff members in the finance team. Specifically, the person has allegedly created the buyback account partly violating the standard procedure approved by the Foundation. The auditing team did not pick up the misconduct due to human error, the announcement notes.
Measures To Mitigate The Situation And Add More Clarity
In the same announcement, the Foundation has listed a number of measures designed to mitigate the incident and get more clarity. As such, the firm provided a link with the hacker’s address tagged on VeChainStats in order to instantly trace other addresses interacting with the hacker’s address.
As part of their efforts, the company notified all exchanges to monitor, blacklist and freeze all funds coming from the attacker as well as withdrawals from the corresponding exchanging wallets.
Additionally, VeChain has launched a security investigation on other crypto assets that are subject to the custody of the Foundation to prevent further breach. The Singapore-based firm also reported on the incident to law enforcement in Singapore and will keep monitoring the situation and working with cybersecurity and law enforcement professionals to add more clarity, the statement notes.
VET Token Slides Over 4% Amid The Hack
VeChain is a major cryptocurrency and blockchain platform designed to enhance supply chain management and business processes. VET token is ranked the 28th largest crypto asset by market capitalization of $325 million at the time of this writing. Following the news, the token dipped over 4% with the market cap dropping to a low of $320 million. The altcoin is seeing a slight recovery at press time, according to Coin360.
VeChain, which is known for providing its blockchain Thor blockchain for Walmart China’s blockchain platform, has recently partnered with Cointelegraph Consulting, a division of Cointelegraph aiming to contribute to the global adoption of blockchain technology.
Alleged Bitcoin Ponzi Scheme Assets Frozen As US Judge Grants Injunction
A United States court has granted regulators a preliminary injunction against an alleged Bitcoin (BTC) Ponzi scheme which reportedly defrauded investors of $11 million.
In a filing with the United States District Court in Nevada dated Dec. 6, Judge Jennifer A. Dorsey ruled in favor of the Commodity Futures Trading Commission (CFTC) and against Circle Society, along with its operator, David Saffron.
CFTC Wins Injunction Against CIrcle Society
“…I find that this is a proper case for granting a preliminary injunction and other equitable relief to preserve the status quo, protect customers from further loss and damage, and enable the Commission to fulfill its statutory duties,” Dorsey wrote.
Circle will now see its assets frozen, and the CFTC will be able to inspect its financial records prior to any further legal action.
The CFTC originally charged Circle Society and Saffron in late September, after investors complained that the latter fraudulently maintained an $11 million Bitcoin binary options offering. At the time, the regulator likened the company’s activities to a Ponzi scheme, stating in an October press release:
“According to the complaint, the defendants fraudulently solicited funds from at least fourteen members of the public to participate in a pool operated by Circle Society, an entity Saffron created and used to perpetrate his fraud, by making false claims of Saffron’s trading expertise and guaranteeing rates of return up to 300%.”
U.S. Goes After Crypto Sales
The events underscore the increasingly persistent line taken by both the CFTC and its fellow financial regulator, the Securities and Exchange Commission (SEC), regarding cryptocurrency activities that do not conform to the law.
As Cointelegraph previously reported, enforcement action continues to impact even legitimate companies, with regulators specifically eyeing practices related to sales of tokens via initial coin offerings, or ICOs.
These include Canadian messaging firm Kik, which almost shut down after a lengthy legal battle with the SEC over its 2017 sale.
Shopin Founder Pleads Guilty to Orchestrating Fraudulent $42 Million ICO
The New York Attorney General (NYAG) Letitia James announced the conviction of Shopin founder Eran Eyal for orchestrating a fraudulent initial coin offering (ICO) following his guilty plea.
As the NYAG announced on Dec. 12, the former CEO of Shopin pleaded guilty to felony charges for running a fraudulent initial coin offering that raised more than $42 million between August 2017 and April 2018. Eyal also pleaded guilty to defrauding investors of $600,000 by misrepresenting the staff and clients of his previous startup, Springleap.
Quick Turnaround In Court
Yesterday, the United States Securities and Exchange Commission (SEC) charged Eyal for defrauding hundreds of investors in a scam ICO. According to the SEC, Eyal’s actions constituted an unregistered securities offering of Shopin Tokens. The SEC further claimed that Eyal also misappropriated investor funds to pay for personal expenses. Attorney General James commented on the conviction:
“My office won’t allow white collar criminals to get away with their schemes to defraud innocent victims, no matter how complex […] This one individual created company after company after company just to continue cheating investors out of hundreds of thousands of dollars. Using fake product trials and nonexistent contracts with major retailers he was able to lure victims to invest in his technology schemes, including his very own cryptocurrency. We will use every available resource at our disposal to pursue all who attempt to abuse and manipulate the system, because no one is above the law.”
Despite the Attorney General’s tough talk, the court seems not to have proscribed any jail time. The court ordered Eyal to pay $125,000 in restitution and $475,000 in judgments to investors, and to surrender the remaining $450,000 in cryptocurrency to the AG’s Office. The Brooklyn resident is further required to step down as CEO of Shopin, and is banned from raising capital or serving as an officer in a business in New York for three years.
SEC Seeks To Reopen Case Against Bitcoin Fraudster
Cointelegraph recently reported that the SEC has filed to reopen a case against Bitcoin (BTC) fraudster Renwick Haddow as he has not resolved the regulator’s claims for monetary relief against him. Last year, the SEC accused Haddow of defrauding Bitcoin investors for more than $37 million. The court found him guilty in June of 2019.
QuadrigaCX Victims Request Proof of Gerald Cotten’s Death by Exhuming Body
Canadian law firm Miller Thomson has made a request to the Royal Canadian Mounted Police (RCMP) to conduct an exhumation and post-mortem autopsy on the body of Gerald Cotten, the deceased owner of the now-defunct Canadian crypto exchange QuadrigaCX.
On Dec. 13, the Miller Thomson lawyers explained in a letter to the RCMP that the request to exhume and examine Cotten’s body was appropriate given the “questionable circumstances surrounding Mr. Cotten’s death and the significant losses” sustained by users of the cryptocurrency exchange.
Victims Need Clarity On Whether Gerald Cotten Is In Fact Deceased
The law firm further points to publicly available information about the debacle surrounding the Canadian crypto exchange, which, in the firm’s view, further highlights “the need for certainty around the question of whether Mr. Cotten is in fact deceased.”
Over the past year, the exchange has been engaged in a lengthy court case with the exchange’s creditors, some of whom have speculated wildly as to the fate of the lost cryptocurrency, and with some seemingly convinced that Cotton could have faked his own death.
Cotton reportedly died in India from a fatal disease in December 2018, taking with him the private keys and password to crypto wallets, resulting in users losing about $190 million.
Widow Of Gerald Cotten Hands Over $9 Million In Assets To Disgruntled Users
In October, the widow of Gerald Cotten, Jennifer Robertson, handed over $9 million in assets to the users of the QuadrigaCX crypto exchange. Robertson announced in a personal statement, that she would be transferring the vast majority of estate assets to EY Canada, the Big Four audit firm that acted as the bankruptcy trustee of QuadrigaCX during its insolvency hearings. She said at the time:
“I have now entered into a voluntary settlement agreement where the vast majority of my assets and all of the Estate’s assets are being returned to QCX to benefit the Affected Users.”
HitBTC Scammers Face Two Years In Jail For $140K Bitcoin Twitter Fraud
Two Canadian men who defrauded a Bitcoin (BTC) investor out of $140,000 by impersonating exchange HitBTC may serve two years in prison.
According to court records on Dec. 16, brothers Jagroop Singh Khatkar and Karanjit Singh Khatkhar pled guilty to charges of conspiracy to commit wire fraud over a scam carried out via Twitter in July 2018.
HitBTC Victim: “I Feel Sorry For Them”
The case originally came to light in July this year, as per documents filed with the United States District Court in Portland, Oregon.
Posing as the support service for HitBTC, the pair convinced a user, an unnamed 63-year-old woman, to reveal the email address attached to her trading account. They then hacked into the account, stealing 23 BTC, worth around $140,000 at the time.
As per the documents, the Singh Khatkhars “did unlawfully, knowingly, and intentionally transfer, possess, and use, without lawful authority, a means of identification of another, knowing that the means of identification belonged to a real person.”
At a plea hearing on Monday, the victim took pity on the defendants, having learned she would likely win back possession of the lost funds.
“I feel sorry for them. I have a son that’s 27. I hope they can turn their smarts into something more beneficial,” she reportedly said.
The Singh Khatkhars will return for sentencing next March.
Bitcoin Scams Continue To Surface
The case highlights the persisting trend of bad actors cashing in on cryptocurrency’s increasing mainstream appeal.
As Cointelegraph reported, the previous few months alone have seen multiple instances of crime associated with the theft of assets, some of which dwarf the Singh Khatkhars’ $140,000 haul.
Earlier in December, police in New Jersey arrested three men associated with an alleged cryptocurrency Ponzi scheme which collected a whopping $722 million.
Suspicions have also surfaced over new market entrants, notably in connection with the setup and profit potential touted by the founder of altcoin HEX, which launched at the start of this month.
Bitcoin Scammers ‘Tired’ of Crypto as Focus Switches to Prepaid Cards
Bitcoin (BTC) scammers may be abandoning the cryptocurrency to focus on extorting money via prepaid debit cards, a new study suggests.
Revealing its findings in a blog post on Dec. 16, cybersecurity company Kaspersky Lab highlighted a growing trend in Brazil as an example of hackers’ growing taste for prepaid cards.
Prepaid Cards’ International Appeal
Specifically, a so-called “sextortion” scam — demanding a victim pay money to avoid compromising information about his or her private life going public — targets Acesso cards in the country.
“The debit cards in this particular sextortion scheme — Acesso cards — are sold in Brazil and work with the Mastercard system,” Kaspersky explains. As such, money gleaned from cards can be spent anywhere Mastercard is accepted, the post continues:
“One of the features of these cards is that they are usable not only in Brazil, but internationally as well. Perhaps that’s the feature that the cybercriminals in question are particularly interested in.”
Two Photos To Steal Funds
The Acesso scam works by hackers sending fake emails en masse, which tell recipients to purchase a prepaid card in a store, load it with funds and photograph both sides. Armed with a visual representation of the card, the hackers can then spend the funds.
Whether the trend could ultimately lead to a complete loss of interest in using Bitcoin among scammers, however, is open to interpretation.
“It is still too early to say if prepaid debit cards will supplant bitcoin as the new ransom currency of choice, or whether such messages are the exception rather than the rule,” Kaspersky adds.
Meanwhile, cryptocurrency-related crime remains a major threat to internet users. In its latest annual summary of new threats, Kaspersky identified a total of over 2.2 million devices targeted by mining malware alone since November 2018.
Is PlusToken Scam About to Dump ETH? $105M Moves to Unknown Wallet
Ether (ETH) price faced fresh selling pressure on Dec. 19 as a giant transaction associated with the PlusToken ponzi scheme worried traders.
Data from Twitter-based monitoring resource Whale Alert, a single movement of 789,525 ETH ($105.1 million) between a known PlusToken wallet and an unknown recipient occurred early Thursday.
Giant Transaction Turns Traders Bearish On ETH
PlusToken, which hit a high of near $350 before crashing, has earned the infamous title of being one of the world’s biggest ponzi schemes. While still operational, its Chinese operators received an estimated $3 billion in Bitcoin (BTC) and ETH from unwitting investors purchasing PlusToken coins.
Despite several arrests, subsequent activity has shown one or more individuals still have access to the scheme’s wallets.
Noting the ETH move, trader and analyst Alex Krueger warned the consequences for the Ether price could be severe.
“Heads up,” he told Twitter followers.
As Cointelegraph previously noted, suspicions had already surfaced about PlusToken’s impact on Bitcoin. In a report last month, research firm Chainalysis suggested scammers may be using over-the-counter (OTC) off-ramps to sell BTC en masse, driving down the price.
Specifically, they eyed exchange Huobi’s OTC offering as a potential venue for the illicit transactions.
“Unfortunately, because it’s not possible to distinguish between trades made by OTC brokers in possession of PlusToken funds and all other trades made on Huobi, we can’t say for sure that PlusToken cashouts caused Bitcoin’s price to drop,” the report stated.
“However, we can say that those cashouts cause increased volatility in Bitcoin’s price, and that they correlate significantly with Bitcoin price drops.”
Cointelegraph has approached Huobi for comment. A representative said the exchange was examining the situation but had not responded as of press time.
Wertheimer: Ethereum Has “Reached The Absurd”
While both BTC/USD and ETH/USD have fallen significantly in recent weeks, Ether faces added difficulties as slow progress and controversial decisions by Ethereum developers take their toll on sentiment.
This week, critics came out against a decision to implement a second hard fork on Ethereum in under a month, which they said would disillusion nodes, which could easily be jettisoned from the network.
“When your ‘decentralized’ network moves to a non-emergency schedule of one hard fork every 3 weeks, you’ve reached the absurd,” pro-Bitcoin commentator Udi Wertheimer summarized on Monday.
“You jumped the shark. There’s really no excuse to this and people should be talking about it.”
Hackers Grab Nearly $480K From Blockchain Platform Nuls
Blockchain platform Nuls has lost almost $480,000 worth of NULS tokens due to a hack, according to a security update tweeted on Dec. 22.
In its tweet, Nuls said it had detected that 2 million tokens had been transferred, of which 548,354 tokens — worth roughly $131, 600 — had entered the trading market and were now untraceable.
Mandatory hard fork upgrade to be released ASAP
In response to the theft, Nuls has decided to hard fork the blockchain at block height 87,800:
“After the hard fork, the remaining 1451645.65303905 NULS that has not entered the trading market will be destroyed in a permanent freeze to prevent continued flow into the market.”
The action should help to prevent losses to community members, the team claims. The hard fork will be released as soon as possible, with the team notifying node owners that an upgrade is mandatory and should be complied with ASAP.
Nuls revealed that hackers exploited a security vulnerability in the Nuls 2.2. version, which it says has now been fixed. It also notes that all relevant cryptocurrency exchanges have been contacted and are actively cooperating with the Nuls team.
Post-hack, Nuls token sees only mild losses
The stolen tokens represent only 2% of the circulating supply of over 73 million. The hack has seemed to have little effect on NUL’s price movement. At press time, NULS has lost 1% on the day and is trading at $0.238.
With offices in southwestern China, Singapore and teams in the United States, Australia and South Korea, Nuls is an open-source, enterprise-grade blockchain platform that provides customizable, modular blockchain infrastructure for a variety of business requirements.
The company was ranked 4th in the latest crypto rankings report from China’s Center for Information and Industry Development.
Most Significant Hacks of 2019 — New Record of Twelve in One Year
Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches.
As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s still unclear which regulatory agency has jurisdiction over the crypto markets.
Although there are no established rules regarding how cryptocurrency exchanges should safeguard customer funds, there are crypto-friendly countries and states. Canada, Malta and the American state of Wyoming have created crypto-friendly legislation that makes it easier for businesses to operate and gives them guidelines regarding security practices.
Sadly, not all countries have created guidelines or laws that help crypto businesses operate and reduce the risk for consumers. The way cryptocurrency exchanges store and protect their customer’s wealth differs from exchange to exchange; unfortunately, this makes cryptocurrency exchanges a hotbed for hacks that result in the theft of cryptocurrency or customer data. Let’s take a closer look at the cryptocurrency exchange hacks of 2019 and how much cryptocurrency, fiat and customer data was stolen in each incident.
CFTC Cannot Locate Man Responsible For Over $140 Million Crypto Ponzi
The United States Commodity Futures Trading Commission (CFTC) is having trouble locating Benjamin Reynolds, who is allegedly responsible for a cryptocurrency Ponzi scheme worth over $140 million.
Financial news outlet FinanceFeeds reported on Jan. 6 that the CFTC has filed a motion with the New York Southern District Court. More precisely, the regulator filed for the service of process on Reynolds by publication on The Daily Telegraph and extending for sixty days the time limit by which the service must be effected on him and his firm.
A Major Bitcoin Ponzi Scheme
In mid-June, the CFTC launched action against the company over an alleged $147 million Bitcoin (BTC) Ponzi. The CFTC filed against the Reynolds with the aforementioned court for allegedly defrauding over a thousand investors of at least 22,858 Bitcoin.
In a memorandum accompanying the motion, the regulator reportedly explains that it attempted to serve Reynolds at the address listed as his “service address” in the incorporation papers of Control Finance, the firm that managed the scheme. When the process server arrived at the address, he discovered that it does not actually exist.
The CFTC also tried to email Reynolds at the only known email address associated with him and his company, but got back an error message indicating that the message could not be delivered. The regulator learned from affected investors that the Ulsan District Prosecutors’ Office in South Korea is also investigating the scheme, but had similarly failed to contact Reynolds.
Scammers have long been using the speculative enthusiasm surrounding cryptocurrencies to lure in and defraud unsuspecting investors. As Cointelegraph reported, Bitcoin scam ads featuring the likeness of Martin Lewis have continued to appear on social media despite Lewis’ previous efforts to prevent such illegal practices.
One particularly famous cryptocurrency-related scam is OneCoin, which was a $4 billion pyramid scheme. The scam was first discovered in May 2015. However, proceedings are still ongoing, and OneCoin’s website shut down only at the beginning of December last year.
Lawyers Ramp Up Pressure To Exhume Quadriga CEO’s Body
Lawyers representing the former users of the QuadrigaCX platform are doubling down on a formal request to exhume the exchange’s founder’s body.
Miller Thomson, the court-appointed representative counsel for Quadriga’s former users, contacted Bill Blair, the public official responsible for overseeing the Royal Canadian Mounted Police, asking him to clarify whether the law enforcement agency investigating Quadriga’s 2019 collapse would exhume founder Gerald Cotten’s body in a letter emailed to creditors and posted to the law firm’s website Tuesday.
The law firm first requested the RCMP exhume and autopsy last month, asking the agency to both confirm Cotten’s body is indeed in his grave, as well as determine the cause of death. Cotten’s demise precipitated the exchange’s eventual transition into bankruptcy.
“Today, Representative Counsel issued a letter to the Honorable Bill Blair, Canadian Minister of Public Safety and Emergency Preparedness, requesting an update on whether the RCMP will conduct an exhumation and postmortem autopsy on the alleged body of Gerald Cotten prior to Spring 2020,” the letter reads.
The document notes users can contact the minister directly via email “if they have further questions about the RCMP’s management of this file,” while also suggesting they can contact their Members of Parliament for possible answers.
An email sent to Blair was not immediately returned.
‘Law Enforcement Activities’
Tuesday’s letter follows an update from Ernst & Young (EY), the bankruptcy trustee for Quadriga. The company, which was appointed by the Nova Scotia Supreme Court last year to consolidate Quadriga’s crypto holdings, said Monday it was requesting a court approve nearly $640,000 CAD ($484,000 USD) in expenses for cooperating with multiple federal agencies.
According to the report, EY spent $188,939 CAD between June 24, 2019, and Dec. 31, 2019, “in connection with the Law Enforcement Activities.” In addition, Stikeman Elliott and Lenczner Slaght, law firms representing EY, charged $133,618 CAD and $314,599 CAD, respectively, over the same time period.
According to EY, much of this billing comes from analyzing 750,000 documents the company compiled into an “EDiscovery Database,” which was then used to determine which documents met production demands from the various law enforcement agencies involved.
“During the process, the Trustee made various efforts to minimize costs and to streamline wherever possible the accumulation, review and production of documents,” the report said. “This included utilizing the services of contract lawyers specialized in privilege review and available at a significantly lower billing rate than other professionals managing the overall Law Enforcement Activities.”
However, the sheer volume of documents meant that “significant” effort on EY and its counsel’s part were still required, the report claimed.
A nearly 80-page breakdown details how the expenses were accrued. The report did not provide any information on how many claims were filed by creditors or how much each creditor might expect to receive.
Alleged Launderer Of $4B In BTC Vinnik Charged In France After Extradition
French authorities have charged former operator of now-shuttered crypto exchange BTC-e and Russian national Alexander Vinnik.
Bloomberg reported on Jan. 28 that Vinnik’s lawyers said that he will remain in France to face his charges following his recent extradition from Greece. According to an unspecified official at the prosecutor’s office, Vinnik was charged with extortion, aggravated money laundering, conspiracy and harming automatic data-processing systems.
The Legal Shuttle
One of his lawyers said that after his trial in France has run its course, authorities are expected to send him back to Greece so he can be extradited to the United States. After the U.S. prosecution is over, he would be finally sent to Russia. The French investigation is ongoing and no trial has been ordered. Ariane Zimra, a French lawyer for Vinnik said:
“There is no causal link between what Alexander Vinnik is being accused of and Alexander Vinnik.”
Vinnik is currently in a French hospital after going on a hunger strike for 40 days to protest his detention. Vinnik’s lawyers also recently filed a complaint that alleges a violation of his rights on behalf of his children.
Zoi Konstantopoulou, one of his lawyers, suggested that he is being persecuted because he is a blockchain genius and is seen as a threat to the banking system. He said:
“Alexander’s crime is to be Russian and a person with extraordinary technological knowledge that could liberate people economically. […] The Greek Minister of Justice has in essence decided that this person is going to spend his life being extradited, judged and then re-extradited, re-judged and yet again re-extradited and re-judged.”
An Overview Of Vinnik’s Case
Vinnik is believed to be involved in the hack of Bitcoin exchange Mt. Gox since the 300,000 BTC stolen there were allegedly not only laundered through BTC-e but were also on his personal wallet. Given those suspicions, the Mt. Gox trustee contacted the U.S. Department of Justice and requested information about him.
Vinnik was first indicted by the U.S. in July 2017. A Greek Court later ruled for his extradition to Russia in September 2018. In July 2018, however, local authorities ruled to extradite him to France, where he is now.
The matter of Vinnik’s extradition is a major diplomatic ordeal with multiple countries trying to obtain his extradition. Russia, for instance, filed multiple requests and asked for help from the United Nations High Commissioner for Human Rights in an attempt to bring him under its jurisdiction.
Alexander Vinnik Claims Injustice While Now Fighting Charges In France
After spending 30 months in detention, Greek authorities have finally extradited the Russian national and alleged Bitcoin (BTC) money launderer Alexander Vinnik to France. Prosecutors in France are charging Vinnik, operator of the defunct BTC-e crypto exchange, with multiple counts of money laundering, extortion and conspiracy.
Vinnik also has pending extradition requests from both Russia and the United States. The alleged Bitcoin criminal has previously stated his preference for extradition to his native homeland, which Greek officials have turned down.
Thus, after the conclusion of his trial in France, Vinnik will return to Greece to face another extradition to the U.S. The U.S. State Department reportedly wants to question Vinnik in connection with the Mt. Gox hack and subsequent theft of 300,000 BTC allegedly traced to Vinnik’s personal crypto wallet. Reports also suggest that Russian state agents funneled money through BTC-e to fund interference in the U.S. 2016 presidential elections.
Amid the three-way diplomatic tussle, Vinnik’s legal team said that its client has been subjected to gross human rights abuses. Vinnik’s lawyers have also accused prosecutors of working to keep their client in detention without charges or a trial while preventing him from having any contact with members of his family.
Vinnik’s defense lawyers also allude to the prosecution being sponsored by political and business interests based on their client’s involvement in crypto and blockchain technology. The former BTC-e chief is one of a few crypto personalities to have run-ins with the law, much like Silk Road creator Ross Ulbricht, who is currently serving a double life sentence for running a darknet drug market.
Alleged Human Rights Abuses Amid Vinnik’s Two-Year Detention
In a phone call with Cointelegraph, Zoe Konstantopoulou, one of Vinnik’s lawyers, leveled allegations of human rights abuses against the Greek authorities. Commenting on the scale of these infringements, Konstantopoulou revealed:
“Alexander has been subject to arbitrary detention for 30 months, which is prohibited by the Greek constitution. During this period, he has been made to suffer cruel and inhuman treatment from the authorities.”
According to Konstantopoulou, Vinnik is being held without trial or charges and in the absence of any court orders. Konstantopoulou has also claimed that the case against Vinnik has some political undertones with vested interests in Greece, France and the U.S. looking to punish the former BTC-e operator.
When asked about the effect of these alleged maltreatments on Vinnik’s health, Konstantopoulou revealed that the health status of the Russian national continues to deteriorate. “Alexander is currently on the 44th day of his hunger strike in protest of the gross human rights violations suffered at the hands of the authorities in Greece,” she revealed during a call with Cointelegraph.
Apart from the alleged maltreatment, Vinnik’s lawyer also revealed that Greek law enforcement was preventing any contact between the former BTC-e operator and his family. According to Konstantopoulou:
“Greek law enforcement isn’t allowing Alexander to see his family, even his wife who has been diagnosed with brain cancer.”
In a private note to Cointelegraph on the Vinnik case, Yusaku Senga, CEO of cross-blockchain swap platform Swingby, said crypto personalities accused of wrongdoing usually suffer harsher punishments than their counterparts in mainstream finance. According to Senga:
“If we look at the prosecution of Charlie Shrem and compare it level of prosecution brought against Goldman Sachs and its senior directors for their involvement in the huge scale of money laundering and embezzlement in the 1MDB scandal in Malaysia, it’s hard not to argue that crypto advocates and entrepreneurs are being much more harshly persecuted.”
Like Vinnik, Charlie Shrem was also associated with another crypto exchange, BitInstant. U.S. authorities arrested Shrem in 2014, charged him with money laundering and sentenced him to two years in prison.
Timeline Of Vinnik’s Prosecution
In July 2017, Greek police arrested Vinnik while on vacation with his family in the tourist village of Ouranoupoli. Thus began the over two-year legal battle that has kept the Russian national behind bars while three different nations jostle for Vinnik’s extradition so he can face criminal charges.
Shortly after his arrest, the U.S. filed an extradition request and seemed to be successful in pushing for Vinnik’s transfer stateside. By September, officials in Moscow also requested Vinnik’s extradition to Russia.
By 2018, France entered the fray, turning the case into a diplomatic three-way tussle. Greek police also revealed an assassination plot with suspected Russian criminals reportedly intent on stopping Vinnik’s return to the country.
In mid-December 2019, Greek judicial authorities finally moved to extradite Vinnik to France to await trial. At the beginning of the year, Vinnik’s case entered a new phase with his extradition to France. Authorities in the country have already leveled money laundering and conspiracy charges against him.
Vinnik’s legal troubles stem from his alleged involvement in the BTC-e crypto exchange. Launched in 2011, the defunct platform saw little in the way of crypto trading activity until Mt. Gox — the market leader at the time — fell into financial trouble following one of the biggest Bitcoin exchange hacks in history.
With Mt. Gox out of the way, BTC-e grew exponentially, accounting for about 15% of all U.S. dollar-denominated Bitcoin trading activity by late 2016. Despite being a major player in the crypto trading space at the time, BTC-e had little in the way of Know Your Customer and anti-money laundering protocols.
Thus, the platform reportedly became a popular channel for funneling “dirty money.” Mt. Gox hackers allegedly used the exchange to launder 300,000 BTC, the exact amount of which was also found in Vinnik’s wallet.
Apart from the money laundering, several law enforcement authorities say BTC-e replaced Silk Road as the channel for illicit deals with many users of the platform engaging in drug trafficking and sales of other banned or regulated goods.
Concerning Bitcoin And Criminal Activities
Crypto critics usually espouse the same rhetoric of digital currencies as being channels for online criminal activities. Many financial regulators and governments opposed to or keen on strictly regulating the cryptocurrency industry usually tout the same refrain of digital currencies enabling tax evasion, money laundering and terrorist financing, to mention a few.
The counter-argument offered by crypto proponents is that Bitcoin and other cryptocurrencies only account for a small portion of global financial crimes. A January 2020 report by blockchain analytics firm Chainalysis revealed that crypto payments on the darknet accounted for 0.08% of all digital currency transactions in 2019.
Cryptocurrency Scams Took In More Than $4 Billion In 2019
Ponzi schemes are the latest form of bitcoin fraud, with big platforms like one called PlusToken drawing the most money.
Seo Jin-ho, a travel-agency operator in South Korea, wasn’t interested in exotic investments when a colleague first introduced him to PlusToken, a platform that traded bitcoin and other cryptocurrencies. But the colleague was persistent.
“You won’t regret this,” she said, according to Mr. Seo. She visited him several times early in 2019, telling him he could earn 10% a month. Finally, his skepticism gave way, and he bought $860 of cryptocurrency on the PlusToken platform.
His investment grew at a dazzling rate. He invested more—a lot more. In less than five months, he bought $86,000 of cryptocurrencies, cashing out only $500.
“I was thinking, what’s the point of keeping money in the bank?” said Mr. Seo, who is in his late 40s. He went to PlusToken conferences. He told his friends about it. He became a convert.
In June 2019, all that changed. Chinese authorities concluded PlusToken was a scam and arrested six Chinese citizens allegedly running the platform out of the Pacific island nation of Vanuatu. The site stopped working. People couldn’t get their money out. Mr. Seo, and myriad others like him, lost access to everything.
Big Year For Crypto Fraud
Bitcoin-based frauds raised more money in 2019 than in 2017 and 2018 combined.
Authorities in China declined to comment. Authorities in Vanuatu couldn’t be reached. In October, a man called Leo, who said he was the PlusToken chief executive, said “everything is OK” in a YouTube video. Attempts to contact representatives of PlusToken weren’t successful.
PlusToken was a Ponzi scheme. That was the conclusion by Chainalysis, a New York-based firm that designs software that can analyze cryptocurrency data and help track illicit transactions.
Its clients include the Federal Bureau of Investigation, the Drug Enforcement Administration and the Internal Revenue Service. PlusToken drew investors mainly in South Korea and China in 2018 and the first half of 2019. It netted at least $2 billion, Chainalysis said.
Cryptocrime is expanding. Ponzi schemes and other frauds involving bitcoin and cryptocurrencies lured at least $4.3 billion from investors in 2019, according to Chainalysis. That was a bigger haul than the combined $3 billion in 2017 and 2018.
After a boom in dubious initial coin offerings in 2017 and a number of hacks in 2018, Ponzi schemes have become among the most popular vehicles for fraud. The biggest ones have been prolific: Just six well-orchestrated scams were responsible for about 90% of the funds stolen last year, Chainalysis said.
“There’s been huge growth in ones that mimic investing opportunities,” said Kim Grauer, head of research at Chainalysis. They are becoming more sophisticated, larger in size and they reach into the mainstream, victimizing naive investors, she said.
Cryptocurrencies have struggled to find acceptance in the 11 years since bitcoin launched. At its height in 2017, bitcoin’s price neared $20,000, and it attracted a passionate following among some investors who predicted it would upend global finance and replace the dollar.
But the hype ran ahead of the fundamentals, and the bubble burst the next year. The number of average daily transactions in 2019, about 325,000, was up about 13% from 2017’s 288,000. But the dollar value of those transactions was flat. It totaled about $3.8 trillion in 2019, according to research firm TradeBlock, versus $3.7 trillion in 2017.
Still, there are plenty of inexperienced investors who have heard stories of bitcoin riches and think they can get rich, too. Fraudsters use that naiveté against them, said Christopher Janczewski, a special agent at the Internal Revenue Service who has led criminal investigations that involved cryptocurrencies.
“A lot of it is just traditional crime dressed up,” he said. “They’re still always driven by fear, or confusion, of missing the next boom.”
Federal law-enforcement agencies including the IRS, the Securities and Exchange Commission and the Justice Department have all been involved in different investigations into cryptocurrency-based illicit activities. The IRS declined to discuss any open investigations. The Justice Department couldn’t be reached for comment.
PlusToken had a futuristic slant in the materials that the group published, including a “white paper,” but operated like a classic Ponzi, according to Chainalysis and interviews with alleged victims. People opened accounts on the PlusToken platform, investing in cryptocurrencies like bitcoin and ethereum. The platform was supposedly trading on their behalf. Users were promised dazzling returns.
The alleged perpetrators organized meetups and elaborate conferences. They introduced a blond-haired Russian known only as Leo as chief executive and attempted to market him as a celebrity. Mr. Seo said he was told Leo had been an artificial-intelligence developer at Alphabet Inc.’s Google and had secured hundreds of millions of dollars of investment from the British royal family.
To bolster that claim, a group calling itself the PlusToken Alliance posted a photo on its Facebook page that appeared to show Leo at a charity reception with Prince Charles in London in 2019. It is unclear who maintained the page.
Without more information about his identity, a spokeswoman for Alphabet said she couldn’t confirm whether Leo had ever worked for the company. The Prince Charles Foundation, which represents Prince Charles, couldn’t be reached for comment.
The aggressive marketing paid off. Chainalysis tracked about 180,000 bitcoin, 6.4 million ether and 110,000 tether that went through PlusToken wallets. Calculating the prices at the various times investors deposited funds, those investments added up to $2 billion.
Some of that money appears to have been paid out to early investors, but Chainalysis said much of it was transferred to wallets likely controlled by the operators themselves.
Although big projects like PlusToken have drawn the most money, smaller operators trawl the internet as well. Gary Condry said he was victim of one of them in November.
Mr. Condry, a 70-year-old Army veteran in Wooster, Ohio, said he started texting with a man calling himself Jason Hanley whom he found on social media. Mr. Hanley maintained pages on Instagram and Facebook, where he promoted an investment website called cryptoinvestments247 and promised weekly payouts.
“I had never really invested in anything,” said Mr. Condry, who was already in debt. “Bitcoin sounded like the quickest way to make money,” he added.
Text messages between Gary Condry and a man calling himself Jason Hanley, who promised exponential profit for trading small amounts of bitcoin.
In late November, he gave Mr. Hanley $200, followed by an additional $700 in early December. Within weeks, he was told, his account had risen to nearly $17,000.
There was a catch, though. Mr. Hanley demanded an additional $1,700 before he would pay out Mr. Condry’s “profits,” according to text messages from Mr. Hanley that were reviewed by The Wall Street Journal. This wasn’t part of their agreement, Mr. Condry said. After a number of angry text messages, he said he gave up trying to cash out his profits, or to even recoup his original investment.
“I already lost it,” Mr. Condry said. “I didn’t see it.” Mr. Condry said he called the Ohio attorney general to report the events. The attorney general’s office couldn’t be reached for comment.
When reached by the Journal, Mr. Hanley declined to discuss Mr. Condry’s investment or cryptoinvestments247.
“I’m busy, man,” he texted later. “Got no time for everything.” An hour later, the Facebook account was deleted. Soon after, the Instagram account was gone, too.
In August, Mr. Seo was among some 200 PlusToken investors who filed a complaint with prosecutors in Seoul to kick-start an investigation into the alleged scam. Others in the group are still hoping their PlusToken wallets will start working again, he said.
“That false hope is killing people,” he said.
PlusToken Scam Moves $123M In Bitcoin Just As BTC Price Regains $10K
As Bitcoin (BTC) and Ether (ETH) price rallied to new 2020 highs on Feb. 11, a large transaction totaling nearly 12,000 BTC was moved from a wallet associated with the PlusToken Ponzi scheme.
Twitter-based crypto transaction bot, WhaleAlert, noted that “12,000 #BTC (118,852,619 USD) transferred from unknown wallet to unknown wallet.” This transaction was later followed by a second transaction splitting the 12,000 BTC into smaller sums.
According to PeckShield Inc. co-founder and VP of research, Chiachih Wu, a total of 12,423 BTC ($123 million) was moved into what Wu says appear to be cold wallet addresses.
Meanwhile, Twitter users Sue Zhu and ErgoBTC allege that the group behind the PlusToken scam is covertly moving a significant amount of Bitcoin from wallet addresses associated with the group. Zhu noted:
“Plus Token coins are on the move again, but more importantly, are now being split into smaller amounts vs the single output transfers from a few hours ago.”
As previously reported by Cointelegraph, the PlusToken Ponzi scheme was one of the largest scams in existence to rock the crypto sector. Initially, the project was presented as a South Korea-based exchange offering a high-yield return on investment but eventually, the entire operation was exposed as a scam after several million participants found they were unable to withdraw their investment.
In the past, such movements were followed by suspected massive open market sales on cryptocurrency exchanges which led to sharp corrections in Bitcoin, Ether and many other altcoin prices.
In 2019, Crypto Twitter researcher Ergo estimated that a major market sell-off was possibly driven by the PlusToken scammers liquidating 200,000 BTC on the open market. Ergo explained in November:
“If my numbers are correct, the 200k BTC estimates reported earlier this year were correct, and market impacts will continue for some time.”
Many analysts also believe that PlusToken sales are one of the primary catalysts for the 7-month long market downtrend that began after Bitcoin price reached $13,800 on June 26, 2019.
Given that Bitcoin has not long escaped this 7-month downtrend when bears completely controlled the price, investors casting a wary gaze at today’s transfers are not overreacting as the move could eventually culminate with a repeat of previous bulk crypto sales.
Adding further explanation to today’s transfers, Chiachih Wu said, “it seems a programmed transaction since all 7 new utxos are split into smaller parts (100-400 BTC) in the same block…will be gone soon.”
Considering that in 2020 Bitcoin price is up by 42.9% and Ether has gained 82.89%, now seems like an opportune moment for the PlusToken scammers to capitalize on their ill-gotten gains.
At the time of writing, both transactions have been confirmed and as the event gains traction in crypto media it will be interesting to see how investors and the price react to the possibility of some or all of the $123 million in Bitcoin being sold at market rate on cryptocurrency exchanges.
Coin Ninja CEO Arrested For Allegedly Laundering $311M With Bitcoin Privacy Tools
Larry Harmon, the CEO of Bitcoin media site Coin Ninja and founder of crypto wallet provider DropBit, is facing federal charges related to his use of Bitcoin privacy tools.
United States federal prosecutors are charging Harmon with conspiracy to launder money and operating a money transmitting business without a FinCEN license.
According to an arrest warrant filed earlier this month, Harmon allegedly laundered over 354,468 Bitcoins (BTC) (worth $311 million at the time of the transactions), allowing the users of a privacy tool named Helix, and a darknet search engine named Grams, to make transactions on AlphaBay, a known dark market that was shut down in 2017.
Helix allowed users to mix the coins before spending through a CoinJoin transaction. The mixing of coins has been associated with money laundering and other illicit activities.
Harmon is facing a 30-year prison sentence for these alleged crimes.
Harmon Denied Bail
Journalist and podcaster Peter McCormack reportedly spoke to Harmon’s brother, Gary Harmon, who said that Coin Ninja’s assets have been frozen and that the FBI has removed $4,000 in Bitcoin from its Lightning Network node.
According to McGormack, Larry has been denied release on bail bond because he was deemed a flight risk, “even though they have confiscated all his assets.”
The state attorney’s motion to detain Harmon shows that the state believes that Harmon will not reasonably appear in court if permitted a release on bail as he has “significant family ties outside the United States” and is “subject to a lengthy period of incarceration if convicted.
DropBit has gained some attention among Bitcoiners, particularly because it allows the users to send BTC on-chain and over the Lightning Network using Twitter handles or phone numbers. Since DropBit’s funds have been frozen, Gary Harmon and its developers are personally funding the wallet’s operations, according to McCormack.
New Email Extortion Scam Targets Google’s AdSense, Demands Bitcoin
A new extortion scam targeting website owners serving banner ads through Google’s AdSense program has begun circulating the Internet. The malicious scheme demands Bitcoin (BTC) in exchange for preventing an attack, which would purportedly lead to the users’ AdSense account suspension.
The email-based extortion scheme was reported by security news and investigation blog KrebsOnSecurity, on Feb. 17. The blog post detailed that some site owners received a message as their site had been spotted by the malicious program as one seeking revenue from publishing an ad. The message ostensibly read:
“Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher.
More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.”
The message appears as a warning, wherein the cybercriminals demand $5,000 worth of BTC to deter the attack.
The user who shared the message with KrebsOnSecurity said that their recent AdSense traffic statistics had detected a substantially increased invalid traffic. Google ostensibly called the scam a classic threat sabotage, where a fraudster tries to trigger an enforcement action against a publisher by sending invalid traffic to their inventory.
Google’s Strict Policy Toward Ads
The news came on the heels of Google’s new policy regarding its ads, wherein the team behind AdSense said that it will stop showing ads before invalid clicks happen. “This year, we’re enhancing our defenses even more by improving the systems that identify potentially invalid traffic or high risk activities before ads are served.
These defenses allow us to limit ad serving as needed to further protect our advertisers and users,” Google explained.
Previously, Google took a hard line on decentralization and cryptocurrency. The most prominent example of hostility from Google occurred in June 2018, when the company announced that it would ban all crypto-related advertising in accordance with an update to its Financial Services policy.
Most recently, Google blacklisted keywords mentioning Ethereum (ETH) on its advertising platform, Google Ads. Google confirmed that “Ethereum” had been blacklisted as a keyword “regardless of the nature of the service that is being promoted.”
Criminals Increasingly Demand Bitcoin
The leading cryptocurrency has been gaining popularity among criminals around the world. Earlier in February, two letter bombs exploded in the Netherlands and an anonymous criminal asked for a Bitcoin payment to prevent future attacks.
In Thailand, Singaporean Mark Cheng was kidnapped and tortured for a $740,000 ransom in BTC. After transferring all his available funds of $46,000, he allegedly made a daring escape as his captors prepared to murder him.
Decentralized Lending Protocol bZx Hacked Twice In A Matter Of Days
Decentralized finance (DeFi) proponents are taking a hard hit after decentralized lending protocol bZx saw two successful hacks just days apart with losses totalling around $954,000.
According to bZx’s report, the protocol was compromised for the first time on Feb. 14, when the team was at the ETHDenver industry event. The second attack, according to industry news outlet The Block, took place on Feb. 18.
The First Attack’s Procedure
The attacker used multiple DeFi protocols to lend and swap significant quantities of Ether and wrapped Bitcoin (WBTC) — a token on the Ethereum blockchain that tracks the price of Bitcoin (BTC) — in a way that allowed him to manipulate the prices and profit off of a decentralized leveraged trade.
The attacker first took loaned 10,000 Ether (ETH) from decentralized lending protocol dYdX, then used 5,500 ETH ($1.46 million) to collateralize a 112 wrapped Bitcoin (WBTC) loan (over $1 million) on DeFi protocol Compound.
At this point, the attacker sent 1,300 ETH (over $372,000) to decentralized margin trading ETH to open a 5x leveraged position on the ETH/BTC pair on bZx’s Fulcrum trading platform and borrowed 5,637 ETH through Kyber’s Uniswap and swapped them for 51 WBTC, causing large slippage.
This, in turn, allowed the attacker to profit from swapping the 112 WBTC from Compound to 6,671 ETH, resulting in a profit of 1,193 ETH (nearly $318,000). The hacker finally paid back the 10,000 ETH loan on dYdX that he took before.
According to an in-depth analysis of the attack, the transaction with which the attacker opened the leveraged trade should have been prevented by safety checks, but those checks did not fire due to a bug in bZx’s smart contract. The team behind the protocol has announced that the bug has been patched.
The Second Attack
The nature of the second attack is still largely unclear, but a message from the project’s CVO and operations lead Kyle Kistner in the official bZx Telegram group suggests that it was an oracle manipulation attack. Oracles are usually centralized components that provide external data to on-chain applications.
The Block estimates the loss to be 2,388 ETH (nearly $636,000). Kistner said that the team can neutralize the hack and prevent the loss of user funds like they did for the first hack. Furthermore, he promised that bZx developers will switch to oracles based on the Chainlink protocol, seemingly suggesting that it would make the system safer.
Cointelegraph will update this article with further information once it is forthcoming.
The Prevalence Of Crypto In Hacks
The non-reversibility of transactions is a basic property of most cryptocurrency, or at least is strived for by most projects. While desirable for many reasons, this feature is also appreciated by cybercriminals who get to keep funds if they manage to steal them, while wire transfers could instead be reversed.
Hacker groups are also saying ahead of the curve by updating their methods. Cybersecurity firm TrendMicro recently discovered that hacking group Outlaw has been updating its toolkit for stealing enterprises’ data for nearly half a year.
Earlier this month, Cointelegraph reported that hackers compromised five United States law firms and demanded two 100 Bitcoin ransoms from each firm: one to restore access to data, and one to delete the hacker’s copy instead of selling it.
Chinese Exchange FCoin Closes Down, Still Owes Users $125 Million
Zhang Jian, founder of Chinese crypto exchange Fcoin, revealed in a post earlier today that FCoin may not be able to pay the 7,000-13,000 BTC (that’s $67 million to $125 million) that it owes users.
According to Zhang, the exchange hasn’t been hacked and isn’t an exit scam. But evidence suggests it might be exactly that.
Zhang claims that the shutdown is the result of a series of internal data errors and decisions that are too complicated to explain:
“This is a problem that is a little too complicated to be explained in a single sentence, the time span is also large, and the two story development lines are advancing and affecting each other at the same time, leading to the final outcome.”
The Beginning Of A Nightmare
After FCoin’s launch in May, the exchange’s reported trading volumes became some of the biggest in the world overnight with a new business model called “transaction mining.” Later it was reported by one Redditor that this volume was actually fake. The FCoin order book appears to be crawling with bots. “The price of FT is constantly manipulated,” wrote one Redditor, who also described the exchange as a scam.
The business model was suspicious from the get-go. There was no airdrop nor ICO at launch. FCoin distributed 51% of its native tokens to users for reimbursing transaction fees. Users were incentivized to transact as frequently as possible, since the platform reimbursed 100% of the transaction fees they paid in FT tokens. 80% of the exchange’s daily revenue from transaction fees were then paid back to users.
Binance’s CEO Changpeng Zhao has called FCoina Ponzi scheme since the middle of 2018. He also commented on Zhang’s post in a tweet:
“I rarely called out anyone, with exceptions. On Chinese social media, I called FCoin a pyramid scheme in mid-2018. Their founder calls his own plan a “better invention than #Bitcoin”. That did it for me. Who would say such a thing? About themselves? Except scammers.”
Zhang said there had been errors detected in the FCoin system ever since 2018 but did not explain why FCoin had failed to address such problems before it’s too late:
‘With the deepening of the investigation, we found a large number of existing data problems of dividends and mining returns, and these problems have existed for many days. As a result, a large number of users have already been through operations such as buying and selling various currencies and withdrawing cash, causing the pollution of assets.”
The platform was suspended a few days ago by its own account for risk-control. This caused a great deal of speculation that the project was shutting down and its operators were using it as an excuse vanish.
The Final Struggle
In the last few sentences on his blog post, Zhang claimed he would handle the users’ email requests for withdrawals personally. He also mentioned that he will compensate FCoin user losses with the profits he would make from his other projects. But then again, he did not mention what specific project he has been working on or when would he be able to pay back the money he owes to the users.
Some Chinese sites have reported that with Zhangjian’s admitting he owes users $125million debts, he might face potential civil lawsuits in the near future. Yet given that the exchange is registered overseas and Zhang has also moved out of China, it may be difficult for the FCoin case to see a domestic legal solution.
FCoin Blames Poor Auditing For Shutdown, But Others Suspect Exit Scam
Less than two years after bursting onto the scene, Chinese crypto exchange FCoin has shut down its operations. The platform, founded by Zhang Jian, also says it may be unable to pay the 7,000 to 13,000 Bitcoin (BTC) — about $67 million to $125 million — that is owed to its customers.
Jian, the former chief technology officer of Huobi, tried to explain the reasons for the platform’s insolvency, identifying poor auditing practices. Crypto pundits, however, say there is a more sinister aspect to FCoin’s demise — one that involves a cleverly orchestrated exit scam by the platform’s hierarchy.
An examination ofFCoin’s cold wallet shows numerous transfers to other cryptocurrency exchanges. The platform also destroyed a large cache of its eponymous native token, worth about $75 million.
With the platform’s crypto shortfall, it appears users will face significant difficulties in receiving their compensation from FCoin. Jian could also face legal troubles, especially seeing as authorities in Beijing are keen on extending the crypto trading ban to exchanges domiciled overseas but still providing services to Chinese citizens.
In a post published by Jian on Feb. 18, 2020, the FCoin founder attempted to set the record straight concerning the platform shutting down. As previously reported by Cointelegraph, Jian revealed that in addition to going out of business, the platform may not be able to pay back as much as 13,000 BTC owed to its customers. An excerpt from Jian’s tell-all reads:
“The internal problems and technical difficulties we face are the result of financial difficulties. It is expected that the scale of non-payment is between 7,000–13,000 BTC.”
According to Jian, FCoin’s demise was neither due to a hack or an attempted exit scam. Instead, the former Huobi CTO blamed a series of data and decision errors — specifically concerning proper auditing of the payouts of the platform’s transaction mining model.
The FCoin founder’s statement revealed that several months of the platform’s operations went by before the exchange began implementing any significant checks and balances in its back-end. This operational failure eventually led to catastrophic consequences for the crypto exchange.
A Little Bit Of History
In May 2018, FCoin entered the crypto exchange scene with a novel business model called “trans-fee mining.” This new development took the concept of exchange tokens to another level by reimbursing users with a percentage of the transaction fees received by the platform.
In FCoin’s case, this reimbursement was 100% of the trading fee for each transaction. Thus, for every crypto trade on its platform, FCoin would pay back the user the full amount of the transaction in its native FCoin Token (FT).
Data from the report at the time showed that platforms using the same model as FCoin had been accounting for 12% of the total crypto spot trading market. Traders looking to enjoy what was essentially cost-free transactions were rushing to FCoin and the likes to trade their tokens. Beyond reimbursing users with 100% of their trading fees in FT, FCoin added another layer to its trans-fee mining model by paying its users 80% of its daily revenue.
This meant users were incentivized to trade on platforms that make use of the trans-free mining model, which ultimately led to an explosion of activity. According to CryptoCompare’s December 2018 review of cryptocurrency exchanges, platforms running the trans-fee mining model were beginning to pull-in significant trading volumes.
By 2019, FCoin adjusted its trans-fee mining model, canceling the 100% FT reimbursement, deciding instead to payback transaction fees with the cryptocurrency in which the trader executed the trade. The Chinese crypto exchange also reduced its daily revenue payback to 20%, with the remaining 80% held for one year and still allowing FT holders to earn interest during the holding period.
These adjustments, made at the end of April 2019, were supposed to help the platform move toward a more sustainable operating model. However, as the narrative below will show, the move came too late to salvage what was already a crypto exchange in dire straits.
FCoin’s Trans-Fee Mining Bubble
In theory, trans-fee mining ought to incentivize users to trade frequently, thereby increasing the exchange’s transaction volume. In reality, the model encouraged dishonest activities — an influx of bots, spoofing, wash trading, etc. To earn more money per trade, rogue actors would collude to create fake transaction volumes, propping up the trading activities on these platforms.
In 2019, several reports emerged showing that the majority of volume data provided by crypto trading metrics providers such as CoinMarketCap was from wash trading. Most of the platforms singled out in a Bitwise report were running some form of a trans-fee mining protocol.
It didn’t take long after the emergence of FCoin and trans-fee mining for some crypto pundits and other stakeholders to issue multiple warnings about the model. Back in 2018, Binance CEO Changpeng Zhao called trans-fee mining a reverse initial coin offering. At the time, Zhao remarked:
“You use BTC or ETH to pay for the transaction fee to the exchange, where it pays you back 100% via the exchange tokens. Isn’t it the same with using BTC or ETH to buy the exchange tokens?”
While FCoin was pulling in large transaction volumes, the back-end architecture that ought to prevent any abuse of the system was not yet in place. With the increasing transaction volume came a spike in the price of FT.
Buoyed on by the upward trajectory of FT’s price action, platform users were increasing their transactions on the platform, earning valuable FCoin tokens that were likely sold for other cryptocurrencies like Bitcoin.
Meanwhile, poor back-end controls on the exchange meant that some users were receiving fee reimbursements in excess of the stipulated amounts prescribed by the model. Then came the crash of FT, with the price falling by about 95%.
FCoin Price Crash On Aug. 30, 2019
According to Jian, this decline and the discovery of irregular FT payments forced the team to use the exchange’s resources to buy a significant portion of the tokens back in a bid to create scarcity and engineer a return to upward price action. However, the FT buybacks ultimately failed to rescue FCoin. Instead, there seems to have been a steady outflow of funds from the platform’s Bitcoin wallets right up until the announcement of the exchange’s shutdown.
Following The Money
The flow of funds from FCoin Bitcoin wallets also provides further insight into how the trans-fee mining bubble caused the demise of the crypto exchange. Crypto forensic startup PeckShield published a report detailing cryptocurrency transfers from the platform’s wallets.
Balance of FCoin’s cold wallet, April 2018 to February 2020
According to the report, FCoin’s cold wallet held 13,272 BTC in mid-July 2018. This figure is the largest Bitcoin cache held by the exchange, and it signaled the prosperous early months of the platform’s operations.
However, over the following six weeks, FCoin’s holdings dropped 10,000 BTC, as just 3,505 BTC was left in the cold wallet by August 2019. This period — from mid-July 2019 to the end of August 2019 — lines up perfectly with the first discovery of irregular reimbursements and other data errors alluded to by Jian in his statement earlier this week. An excerpt from PeckShield’s report translated from Chinese reads:
“We speculate that FCoin’s cash flow problem may already have emerged in July 2018. Pandora’s box may have been opened at that time when it was in the limelight.”
In summary, FCoin’s cold wallet saw two major outflow streams — totaling 8,009 BTC and 11,107 BTC — and a third, smaller transfer of 55 BTC. These outgoing transactions occurred over a period spanning from June 13, 2018, and Feb. 17, 2020 — the day before Jian’s public statement.
From these two major streams, smaller BTC amounts were funneled to major crypto exchanges such as Huobi, Coinbase, Bitstamp and OKEx, to mention a few. In total, PeckShield estimates that more than 19,100 BTC was transferred out of the FCoin cold wallet. Another translated excerpt from the report reads:
“We have statistically summarized all FCoin-related address balances and found that there are about 477 BTC remaining.”
With events still unfolding, unanswered questions persist about the nature of FCoin’s demise. For one, why was there an increasing amount of net BTC outflows from the platform’s cold wallet while the price of FT was tumbling?
These outflows do not appear to be user withdrawals, given their non-random nature. Data from on-chain analysis shows that the transaction amounts were always nice, round digits such as 100 BTC or 150 BTC. Dovey Wan, a founding partner at blockchain investment firm Primitive Ventures, argued that the orderly distribution of the net outflows is proof that those transactions were not user withdrawals.
In a separate analysis by white hat crypto transaction analyst ErgoBTC, there is evidence that shows every outbound transaction from FCoin’s cold wallet is followed by a 100 BTC or 150 BTC deposit on an exchange such as Huobi or OKEx.
Another puzzling question from the FCoin debacle shows up in the absence of net outflows between April 2019 and August 2019. Why would a crypto exchange’s cold wallet, which had seen drastic changes in its balance over a period of almost one year, suddenly come to a standstill for four months?
Exit Scam, Ineptitude Or Both?
As for the question of whether FCoin’s demise was an exit scam or the product of ineptitude on the part of the platform’s hierarchy, Josh Lawler, a partner at Zuber Lawler and Del Duca LLP, told Cointelegraph:
“The story of FCoin, intentional or otherwise, is that of a Ponzi scheme. The facts and circumstances would be violations of any number of regulatory laws designed to prevent exposure of the investing public to fraud and incompetence. At best, FCoin’s story is a combination of the two. In the digital asset space, it is a cautionary tale as to what happens when undercapitalized and over-exuberant entrepreneurs try to become instant unicorns.”
In his statement, Jian promised to pay back affected users, revealing that he was personally overseeing email withdrawal requests from users of the platform. According to Jian, this process could take between one and three months, with the FCoin founder stating that profits from his next venture will also be used to compensate the victims of the crypto exchange’s insolvency.
FCoin published a statement on Feb. 20 that stated it was considering reopening the exchange. According to the letter: “At present, the social committee and Zhang Jian are discussing the restart plan, and the follow-up will be gradually disclosed to the community according to the process.”
Justin Sun, the CEO of Tron (TRX), has also pledged to help affected FCoin users, promising 1,000 BitTorrent tokens (BTT) to each FCoin customer who moves to the Poloniex exchange. Back in November 2019, Sun was reportedly part of a team of investors that acquired Poloniex from Goldman Sachs-backed fintech firm Circle.
Bitcoin Cash Faces ‘Slow Death’ After Alleged $30M Hack — Commentator
Altcoin Bitcoin Cash (BCH) has become the subject of intense speculation after a major investor claimed he lost $30 million in a wallet hack.
In a now-deleted Reddit post from Feb. 22, the investor, who appears to be Dreamhost founder Josh Jones, said the attacker also stole 1,500 Bitcoin (BTC) worth $14.4 million.
Hacker Steals Reported $45M
The hack came in the form of Jones’ SIM card being compromised. So far, he has not confirmed whether this was a so-called “SIM swap,” or whether the funds were commandeered by other means.
In the deleted post, Jones appealed to BCH miners not to validate the transactions. He wrote:
“It’s only had 3 confirmations, if any miners/the community can help somehow, I’ve got the private keys. Help help help.. Big reward obviously.”
Commenting on the events, Dovey Wan, founding partner at crypto asset fund Primitive Ventures, warned that the impact would go far beyond Jones himself.
In a series of tweets, Wan reproduced the Reddit post, criticizing Jones for keeping such a large amount of cryptocurrency in a wallet accessible simply from his smartphone. She described the attack as “really brutal.”
Wan: BCH Drama Will Result In “Slow Death”
Subsequently, Wan added that the hacker was splitting up the stolen funds, likely in an attempt to conceal their origin and make them easier to sell on exchanges.
“RIP BCH .. only a double-spent can help this poor guy now,” she wrote, continuing that Bitcoin Cash as a cryptocurrency faced a significant threat:
“No matter what, this 60000 $BCH hack, the dispute among BCH camp between Ver and Jihan, all these will mark a slow death of it.”
As Cointelegraph reported, Bitcoin Cash has seen various contentious events throughout its lifespan, including a hard fork in 2018 which resulted in the creation of another altcoin, Bitcoin SV (BSV).
It is unclear which other problems Wan was referencing when she mentioned two of its leading figures — Bitmain executive Jihan Wu and Bitcoin.com founder Roger Ver.
At press time, BCH/USD had barely reacted to the hack, slipping just 1% on the day to trade at $373. Year to date, the pair is still up over 80%.
Ex-Microsoft Employee Convicted of 18 Felonies In Digital Currency Scheme
A former employee at Microsoft has been found guilty of 18 federal felonies in connection with a complex scheme to embezzle $10 million using cryptocurrency.
The man — a 25-year old Ukrainian national, Volodymyr Kvashuk — worked as a full-time software engineer at the firm from August 2016, before being fired in June 2018.
Kvashuk was convicted in the United States District Court in Seattle, the Department of Justice revealed on Feb. 25.
“A House of Lies”
The multi-count conviction reveals the complexity of Kvashuk’s scheme, in which he hid behind accounts tied to his fellow employees and resorted to extensive fraud and cryptocurrency mixing services to cover his tracks.
The 18 felonies thus span five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud, and access to a protected computer in furtherance of fraud.
In his role at Microsoft, Kvashuk was involved in testing the corporation’s online retail sales platform. He exploited his testing access to steal “currency stored value,” such as crypto gift cards, which he then resold at a profit on the web.
Beginning with small amounts of $12,000 in value using his own account access, Kvashuk turned to using test email accounts linked to other employees as the magnitude of his thefts escalated to millions of dollars.
To further obscure his connection to the scheme, Kvashuk used a Bitcoin mixing service to muddy the digital source of the funds that ultimately were cashed into his bank account.
Over a seventh month period, roughly $2.8 million in Bitcoin was transferred into Kvashuk’s account. He also used the ill-gotten proceeds to buy luxury goods, including a $160,000 Tesla car and a $1.7 million lakefront home.
Kvashuk falsified tax return forms, falsely claiming he had received the Bitcoin as a gift from family. Assistant U.S. Attorney Siddharth Velamoor told the court Kvashuk’s “crime of greed” dripped “fraud and deceit every step of the way.”
During the five-day trial, Kvashuk claimed he had been working on a special project for Microsoft’s benefit, rather than intending to defraud the firm. Velamoor’s colleague, assistant attorney Michael Dion, characterized the testimony as “a house of lies on top of a previous house of lies.”
For his crimes, Kvashuk faces up to 20 years in prison.
The crimes were reportedly thwarted by the U.S. tax agency IRS-CI Cyber Crimes Unit. Pointing to Kvashuk’s theft from both Microsoft and the federal government, IRS-CI special agent in charge Ryan L. Korner said:
“Criminals who think they can avoid detection by using cryptocurrency and laundering through mixers are put on notice […] you will be caught and you will be held accountable.”
Strengthening Investigative Powers
Earlier this month, U.S. President Donal Trump’s proposed budget laid out a tough stance against crypto-associated financial crimes.
It included a proposal to reconsolidate the Secret Service with the Department of the Treasury to improve the efficiency of cyber and financial crime investigations.
The administration also revealed it intends to continue to invest in tools that can help the government to combat new threats, such as the use of crypto in money laundering and terrorist financing.
Crypto Exchanges OKEx and Bitfinex Suffer Simultaneous DDoS Attacks
Cryptocurrency exchanges OKEx and Bitfinex are suffering multiple denial of service attacks. It is unclear as of now if the attacks are connected, though OKEx CEO blamed competitors on his personal Weibo page.
OKEx first suffered a distributed denial of service (DDoS) attack on Feb. 27 at approximately 11:30 AM EST. CEO Jay Hao posted on his personal Weibo page as the attack was unfolding, blaming unnamed competitors in the attack. The attack routed as much as 200 gigabytes per second of traffic, which put strain on OKEx systems.
At approximately 4:30 AM EST on Feb. 28, the denial of service attacks resumed. This time Bitfinex was hit as well, as announced by the exchange’s Twitter account.
The Bitfinex status page shows that the attack lasted for an hour until 5:30 AM, severely crippling the exchange’s activity during that period as throughput fell close to zero.
In the same timeframe, OKEx was attacked again with another DDoS attack, as tweeted by Hao. The new denial attack reportedly routed 400 gigabytes per second of traffic, twice as much as the previous one.
An OKEx representative told Cointelegraph that the denials of service were “properly handled within a short period of time and no overseas client is impacted.”
The attack was conducted shortly after “temporary system maintenance” was completed, which had options and futures trading disabled during the maintenance period. The representative stated that the two events are completely unrelated.
Bitfinex representatives stated that the team implemented a “stricter protection level” as normal activity was resumed.
Bitfinex CTO Paolo Ardoino shared more information about the attack with Cointelegraph. He explained:
“The attacker tried to exploit concurrently several platform features to increase load in the infrastructure. While we use many different DDoS prevention mechanisms, the huge number of different IP addresses used and the sophisticated crafting of the requests towards our API v1 exploited an internal inefficiency in one of our non-core process queues.”
While he says that the platform was not affected in its core services and could resist the attack, he decided to enter maintenance to “quickly bring in the countermeasures and patch for all similar attacks.”
What could be the culprit?
Bitfinex CTO, Paolo Ardoino, revealed in a tweet that the attack was “very sophisticated,” with the team having “worked hard to completely annihilate it in a short period of time.”
In a follow-up tweet, he revealed that he was not aware of the OKEx attacks, but was “interested to understand similarities.” He added:
“We’ve seen a level of sophistication that means a deep preparation from the attacker. Good news: this family of attacks won’t work again against Bitfinex.”
While Hao had initially blamed competitors, this was before the next attacks. It is unclear if they are connected with each other. While DDoS attacks are highly disruptive, their short duration is unlikely to alter the competitive landscape between exchanges.
Whistleblower Outs ‘Wolf of Kyiv’ For $70 Million Bitcoin Scam
A whistleblower has revealed the existence of a 200-employee Ukrainian Bitcoin (BTC) trading scam that netted $70 million in 2019.
The whistleblower outed the scam by providing footage and internal company documents to Swedish newspaper Dagens Nyheter, which reported the news on March 1.
The scam predominantly targets investors based in Australia, New Zealand and the United Kingdom by using fake news articles advertised on Facebook and some mobile game platforms.
The stories feature interviews with celebrities who purportedly made a killing by investing in crypto — including Gordon Ramsey, Hugh Jackman and Martin Lewis.
Ukrainian Company Milton Group Accused Of Operating Scam
The whistleblower claims that the scam is being perpetrated by Ukrainian company Milton Group from two floors of an office building in Kyiv. The offices are kitted with professional telephone and client management systems.
After responding to the ads, victims would be contacted by call-center workers promising extraordinary returns from cryptocurrencies, foreign currencies and commodities. Fake account statements detailing profits are used to entice further investment from the scam’s victims.
Jacob Keselman, the CEO of Milton Group stated that the allegations against it are “incorrect” in a phone interview with Dagens Nyheter. Keselman describes himself as “the wolf of Kyiv” on his Instagram profile.
Scammers Encourage Victims To Borrow To Invest
The whistleblower claims to have been a part of the scams “retention” team, where he was expected to make 300 calls each day.
He was tasked with “squeez[ing] the money” from clients until their “last cent,” and was remunerated on a commission basis.
The operation reportedly poses under many different business titles, including contacting victims under the guise of offering scam recovery services after they have already been duped. If receptive, victims are encouraged to install software on their computer that allegedly steals their online banking information.
The scam also impersonates national tax authorities, posting letters demanding that prospective victims settle fabricated tax debts.
Some Victims Have Lost Everything
The organization reportedly netted $70 million in 2019, and Dagens Nyheter noted that many victims have been duped out of their life savings.
Internal documents reportedly show employees gleefully recounting having “f***ed” investors, including a note on a customers’ account that states, “Getting f***ed every month for at least 1,000 EUR. Gets pension on the 20th/works every Tuesday.”
The Guardian contacted 16 British victims of the scam, who recounted receiving an onslaught of phone calls after responding to ads. A victim identified as Teresa stated:
“You get bombarded by all of these different companies. I don’t know if any of them are the same. They were calling all day, every day, all through the weekends […] Sometimes you’re on the phone to one company and the phone is buzzing with a call from another.”
Dagens Nyheter spoke to one 67-year-old Swedish victim who claimed that she can no longer pay her rent or buy food. Internal documents revealed her file, which contained a note stating, “Sold her home to pay, no money, crying.”
Crypto Threat Landscape Evolves
February saw cybersecurity firm ThreatFabric identify several sophisticated Remote Access Trojans (RATs) targeting cryptocurrency wallets and exchanges.
The RATs include ‘Cerberus’, which targets Coinbase users by stealing 2-Factor Authentication (2FA) codes for the Google Authenticator app.
US Treasury Department Blacklists 20 Bitcoin Addresses Tied To Alleged North Korean Hackers
The U.S. Treasury Department’s Office of Foreign Asset Control has added 20 new bitcoin (BTC) addresses associated with two individuals to its list of sanctioned individuals.
According to an update to OFAC’s “Specially Designated Nationals” (SDN) list, Jiadong Li and Yinyin Tian are accused of being linked to the Lazarus Group, a cybercrime group possibly affiliated with the North Korean government.
The group has been accused of stealing more than half a billion dollars in crypto as far back as 2018, when cybersecurity vendor Group-IB claimed it had targeted 14 different exchange in two years. Monday’s action specifically stems from the hack of an unnamed exchange in April 2018, according to a press release by the Treasury Department.
According to a grand jury indictment unsealed Monday and flagged by George Washington University’s Seamus Hughes, the two are charged with conspiracy to launder monetary instruments and operating an unlicensed money transmission business.
A separate in rem forfeiture document unsealed Monday shows the U.S. government is trying to seize the crypto held in 113 different addresses, alleging that the two defendants (who are explicitly named on page 21) laundered “a bulk of the stolen BTC.”
According to the forfeiture document, a total of $234 million in crypto was actually stolen, including bitcoin, ether (ETH), zcash (ZEC), dogecoin (DOGE), XRP (XRP), litecoin (LTC) and ethereum classic (ETC).
Most of the proceeds from the hack were laundered through the use of “peel chains,” a term the U.S. government is using to describe the act of sending crypto from one address to another, with some portion of the funds moving to a different address than the bulk in each transaction.
The litecoin was not properly laundered, and appears to remain at the address it was sent to.
The defendants sold some of the crypto to U.S. customers and used a U.S.-based exchange for some transactions, according to the forfeiture document. A South Korean exchange is also implicated in the document.
The Agency Listed 12 Addresses Associated With Jiadong Li:
OFAC Listed Eight Addresses Affiliated With Yinyin Tian:
While thousands of bitcoin appear to have flowed through the listed addresses, the majority appeared to hold no bitcoin as of press time.
Monday’s move is the third time OFAC has listed cryptocurrency addresses on its sanctions list. In 2018, the agency tied bitcoin addresses to a pair of Iranian nationals it accused of facilitating financial transactions related to ransomware. Last year, the agency also listed a litecoin address and additional bitcoin addresses affiliated with three Chinese nationals it charged with violating money laundering and drug smuggling laws.
According to the Treasury Department’s press release, “North Korea’s malicious cyber activity is a key revenue generator” for the nation. The country uses peer-to-peer marketplaces and exchanges with “negligible” know-your-customer controls, and crypto stolen by the nation can be used in a variety of ways.
“Given the illicit finance risk that cryptocurrency and other digital assets pose, in June 2019 the Financial Action Task Force (FATF) amended its standards to require all countries to regulate and supervise such service providers, including exchangers, and to mitigate against such risks when engaging in cryptocurrency transactions,” the press release said.
“The United States is particularly concerned about platforms that provide anonymous payment and storage functionality without transaction monitoring, suspicious activity reporting, or customer due diligence, among other obligations.”
OFAC also deleted a number of Russian entities linked to the Independent Petroleum Company from its sanctions list in Monday’s action.
How To Stop The Next Quadriga: Make Exchanges Prove Their Reserves
CoinDesk columnist Nic Carter is partner at Castle Island Ventures, a public blockchain-focused venture fund based in Cambridge, Mass. He is also the cofounder of Coin Metrics, a blockchain analytics startup.
What differentiates bitcoin from its analog cousin, gold? You might respond ‘divisibility’ or ‘portability.’ You would be correct. But what really differentiates it? The answer, of course, is auditability.
Consider the set of things you can prove about a lump of gold. If you use it as a settlement medium, with the help of an XRF Spectrometer (available for sale for $13,500), you can prove that this inbound fleck of gold is genuine. Now what can I prove about your gold? Well, nothing. I have to take your word for it that it is in fact gold.
This isn’t an issue, unless you’re holding the gold on my behalf. Now I have a problem: I’ve entrusted you with my gold — perhaps you’ve issued me an IOU that represents a claim on that gold — but I have no ability to determine that you have the gold you claim you have on deposit. I cannot audit your gold from afar.
Perhaps I choose to trust you. But if you don’t go to the effort of re-verifying all the gold you receive, then you need to prove to me, your depositor, that all of your counterparties in the gold supply chain are honest. And they need to prove that their counterparties — miners, refiners, jewelers, recyclers, custodians — are honest, too. The outcome is a fully permissioned supply chain in which a single body holds each entity to account with a convoluted ruleset.
One such walled garden is governed by the London Bullion Market Association, which manages $400 billion worth of gold sitting in vaults in London. Because it’s so costly to administer a gold supply chain, link by link, and ensure that not only is the gold, well, gold, but that it’s gold stamped by the right people, LBMA gold rarely strays outside those confines.
And this is the best case scenario, believe it or not. The other outcome is that the government (or really, a single government) holds everyone’s gold and then refuses to give it back when the time comes.
So costly verification leads to concentration. The more expensive it is to verify the integrity of a monetary good, the more taking delivery of it is difficult for smaller holders, and the more it lends itself towards capture.
“One potential solution is to demand that exchanges issue periodic proofs that they actually have dominion over assets owed to depositors.”
Take bitcoin (BTC), on the other hand. How do you verify the validity of some inbound bitcoin you are receiving? For the paranoid: run a full node. Using the beefiest providers, it’ll set you back $150 per month, or you can build your own with a $35 Raspberry Pi. What about verifying the integrity of all the bitcoin ever mined?
Your full node does that by default, simply by following consensus rules. For each block, it checks that there was a sufficient cost exerted to create those new bitcoins, and that they were mined according to the predefined schedule (50 BTC per block for four years, then 25, and so on). To obtain a summary, run the gettxoutsetinfo RPC command on your full node.
Now what about you proving to me that you truly own some bitcoin that you claim you own? Thanks to public-key cryptography, this is trivial. The most convenient way in bitcoin is to use the signmessage RPC command present in software like Bitcoin Core or Electrum.
I provide you with a string of text, and you pair it with your private key to create a proof that you own some given UTXOs. This is quite powerful: trusting only cryptography, I can know for a fact that you control a specific quantity of bitcoin at a moment in time.
Some bitcoiners believe bitcoin’s auditability advantages over gold will allow it to escape the dismal fate suffered by the shiny rock. President Nixon had an easy time voiding the gold standard in 1971 because most of the relevant gold was already held in U.S.’s government vaults. Bitcoin is held by millions of people. And I count myself among those who are optimistic that bitcoin’s properties as highly auditable collateral will yield a monetary base asset which is held mostly by end users, rather than a tiny handful of intermediaries.
Despite the ease of taking ownership of one’s bitcoins, the reality is that, by my count, at least 20 percent of outstanding supply is held by intermediaries. Although those in the Rothbardian school would disagree with me, I don’t believe that fractional reserve banking is inherently fraudulent.
The fraud occurs when exchanges represent themselves as fully reserved when they are not. In theory, bitcoin’s qualities lend themselves to mitigating this risk. Even in a custodial setting, the auditable nature of bitcoin means that savers can independently verify that the liabilities of depository institutions match their assets. The problem is that some of the most prominent bitcoiners don’t share my enthusiasm for the idea. Problematically, this group includes the CEOs of the bitcoin banks, today referred to as exchanges.
These bitcoin banks are the prime beneficiaries of the existence of bitcoin. They are the largest businesses in the industry. The public has an insatiable demand for intermediated bitcoin, and has paid dearly for the privilege. Exchanges store a wonderfully auditable asset, but for the most part, they simply ask depositors to trust them not to misbehave by establishing covert fractional reserves. And the history of bitcoin banks is full of breaches of that trust.
The list is long and painful: Mt. Gox, Quadriga, FCoin, Cryptopia, Bitfinex, Cryptsy and Bitcoinica, among many others, have all suffered major hacks or insolvencies. Exchanges simply have too lousy a track record to get a pass.
Exchanges are meant, in theory, to distinguish operating capital from user deposits, and to hold those deposits equivalent on a 1:1 basis to liabilities. In practice, either through malice or incompetence, some exchanges never develop sufficiently strong controls, fail to mitigate key man risk, or simply lose track of their coins. Since redemptions rarely come all at once, these insolvencies can go undetected for years. Unknown to the unwitting buyer, Mt. Gox was most likely already insolvent when it was sold to Mark Karpeles in 2011.
For sure, depositors can find some assurances in laws and regulation: if an exchange has a Bitlicense or a license to operate Limited Purpose Trust Company in New York, it is likely subject to reasonable scrutiny over its deposit-taking activity. Even better: registering as a Wyoming Special Purpose Depository Institution. The Wyoming law stipulates specific requirements for deposit-taking “crypto banks” designed to give depositors confidence – although no institutions have received the charter just yet.
Generally speaking however, exchanges are not forthcoming with the details of the audits they may undergo, when they do exist. And many exchanges are lightly- or entirely un-regulated. Some of the deepest pools of liquidity in the crypto industry – Binance, BitMEX, Derebit, Bitfinex, among others – are not meaningfully regulated in any sense. Now bitcoiners should demand not more regulation, but rather seek to head off future regulatory power grabs by holding exchanges to a higher standard in the first place.
One potential solution is to demand that exchanges issue periodic proofs that they actually have dominion over assets owed to depositors. These “Proofs of Reserve” (PoR), if done properly, leverage bitcoin’s neat cryptographic properties and give depositors reasonably sound assurances that the exchange is not misrepresenting their solvency.
Such PoR ceremonies purport to prove that deposit-taking institutions have sufficient BTC in reserve to satisfy all liabilities owed to depositors. After a brief period of enthusiasm for the public audits in the wake of Mt. Gox in 2014, today only one exchange routinely carries out these attestations — the London-based Coinfloor.
I envision a robust, periodic PoR program not as a panacea, but as a complement to regulation in onshore exchanges, and an (inferior) substitute offshore. If some operations, formerly reliant on contracts and trust, can be formalized and expressed as code, we should embrace them.
Now the set of engagements in which software and cryptography outperform the standard trust-manufacturing processes is rather small. But proving custody of a digital asset is one case where signmessage is more convenient, and perhaps cheaper, than an auditor’s report. While implementations vary, the process as it is currently carried out entails posting an anonymized list of user deposits as well as an attestation to BTC held in the vault.
Proof of Reserve and other solvency attestations are not without their drawbacks, and exchanges have managed to trick assessors implementing the process in the past, but we shouldn’t forget the broader objective here. If we are unable to take advantage of the innate cryptographic verifiability of bitcoin, then we have scarcely innovated relative to gold. One wonders – what are we doing here, again?
YouTuber Sentenced To 50 Years For Kidnapping And Bitcoin Ransom
25-year-old Mexican YouTuber Germán Abraham Loera Acosta has been sentenced to 50 years in prison for masterminding a woman’s kidnapping in February 2018 in Chihuahua, Mexico.
Acosta is one of six men convicted for the kidnapping. The group demanded $100,000 in Bitcoin (BTC) in exchange for the release of 33-year-old lawyer Tania Denisse.
Jassiel Omar Molina Ceballos, Jesús Adrián Mendoza Pérez, Edgar René Subías Rubalcaba, Jesús Arnulfo Ochoa Martínez and Juan Alfonso Puerta Holguín were sentenced alongside Acosta.
Digital Footprint Used To Trace Kidnappers
Acosta rented a house that was used to hold the victim captive while they established communications with authorities over the internet to demand a ransom of 2 million Mexican pesos (roughly $103,000).
At the time, authorities described Acosta as “very experienced” in using internet communications anonymously. Despite his technological savvy, authorities emphasized that they were able to track the Bitcoins that were sent to the kidnappers.
All Ransom Money Was Retrieved By Authorities
After receiving the ransom, Acosta used Twitter to reach out to the founders of Mexican cryptocurrency exchange Bitso, writing: “I’d like to speak to you. We are the heads of marketing for the biggest bitcoin casinos in the world.” Bitso did not respond to the message.
Forty-eight hours after establishing communication with Acosta, the Anti-Kidnap Unit of the Chihuahua Prosecutor’s Office rescued Denisse. The kidnappers were located by the state’s cybercrime department.
All ransom money was fully recovered by law enforcement during the kidnappers’ arrest. Three vehicles, a handgun and the mobile phones used to negotiate the ransom were also seized in the operation.
Acosta is a former YouTuber with an audience of tens of thousands who claimed to be the director of a marketing company. He also reportedly participated in the World Congress of Young Leaders for Peace in Mexico during June 2017.
Swedish Foreign Minister Urges Ukraine To Investigate $70 Million Bitcoin Fraud
The Swedish government is reacting to an alleged Bitcoin fraud scheme that targeted vulnerable people in Sweden, Australia, New Zealand and the U.K.
Ukrainian officials were informed of the allegations in a meeting on March 2, according to an Organized Crime and Corruption Reporting report published on March 3.
Foreign Policy Consequences Of The Fraud
Swedish Minister of Foreign Affairs Ann Linde championed an investigation published by national newspaper Dagens Nyheter (DN). The article alleges that the Ukraine-based Milton Group, ostensibly an IT support company, defrauded victims in developed countries by proposing fake Bitcoin (BTC) investment schemes.
The group reportedly scammed victims for over $70 million, with several examples of elderly people losing their life’s savings. Milton Group operates mainly out of Kyiv, Ukraine’s capital.
Linde shared the findings with unnamed Ukrainian officials, expressing her outrage at the findings. She said:
“It is really upsetting to see how they bluff Swedish retirees who have to leave their homes and live on a minimum subsistence level. And then they sit there, laughing.”
The minister urged the Ukrainian government to take decisive action in response to the media report, adding:
“The most important thing is that [the allegations] get attention. I don’t know if this information exists in Ukrainian, otherwise it is up to DN to make sure it does.”
Government officials also criticized the lack of oversight by Facebook, which allowed Milton Group’s ads to circulate.
Details Of The Alleged Fraud
The investigation was made possible by an unidentified whistleblower who reported on the inner workings of the operation. He claims to have been part of a “retention” team and was expected to make 300 calls each day. The victims were initially hooked via Facebook ads that targeted people interested in cryptocurrency.
The callers also frequently changed their presented identities to continue “squeezing the money” from clients. After selling a victim on a phony investment scheme, they would pose as lawyers and financial advisors promising to return the money that the victim invested — for a fee.
Some victims reportedly transferred over $1,000 every month to the group, while one elderly citizen was defrauded for as much as $200,000.
The whistleblower also revealed that the “sales” staff received different commissions based on payment method. Transfers via credit card and transmission services like Moneygram were valued at 4% and 6% respectively. Transfers in cryptocurrencies compensated the “salesman” with as much as 9%.
Co-Founders of Alleged $9 Million Crypto Ponzi Scheme Plead Not Guilty
Zachary Salter, the co-founder of Zima Digital Assets alongside 28-year-old John Caruso, has pleaded not guilty to charges of money laundering and conspiracy to commit wire fraud in his arraignment in Arizona on March 4.
The criminal indictment alleges that the pair ran a purported cryptocurrency investment scheme that was used to defraud their customers of more than $9 million in a classic Ponzi scheme.
Approximately $1.9 million in deposits were cycled back to early investors as supposed investment returns. The purported profits served to validate the scheme, contributing to a further wave of deposits.
The remaining $7 million was spent lavishly — on vacations, luxury car rentals, private jets, and casino gambling. Despite flaunting their lavish lifestyle on social media, the pair claimed no taxable income.
The pair defrauded more than 90 investors, including elderly citizens and former-professional baseball players. They were arrested on Jan. 30.
Both Co-Founders Plead Not Guilty
The indictment includes allegations of false statements in investor contracts and misrepresentations in direct messages to clients.
Caruso also pleaded not guilty during his arraignment on Feb. 26. Caruso has a criminal record and was last released from prison during 2017.
Both men will now face a jury trial on July 4, 2020. If convicted of either charge, Salter and Caruso will have to forfeit all property derived through the criminal scheme.
Scammers Lose $830,000 In Investor Funds At Casinos
Following a hearing in early February, the prosecution alleged that “there is no evidence any of the investment funds that have been provided to Caruso and Salter have gone to any cryptocurrency/digital asset investment, or to any investment of any kind, as fraudulently misrepresented by both Caruso and Salter.”
It was heard that the pair used investors’ funds to rack up $830,000 in gambling losses, $670,000 in credit card expenses, $540,000 in private jet and luxury vehicle rentals, and $150,000 in rent for a 20,000-square-foot mansion.
At the time of the February hearing, Zima Digital Assets was still actively receiving investor funds.
Crypto Investment Fund Suffers Hack Exposing Data of 266,000 Users: Report
In the latest privacy breach to hit the cryptocurrency space, Malta-based Trident Crypto Fund has suffered a major data leak, Russian newspaper Izvestia reports on Thursday.
Ashot Oganesyan, chief technology officer of cybersecurity firm DeviceLock, told the publication the personal data of about 266,000 people registered with the fund was posted on a number of file-sharing websites following the breach.
The stolen database, including email addresses, cellphone numbers, encrypted passwords and IP addresses, was posted online around Feb. 20, along with the description of the website vulnerability that made the breach possible, Oganesyan said. On March 3, the unknown hackers decrypted and published a dataset of 120,000 passwords, he added.
Izvestia reached out to one of the individuals on the database who confirmed a connection to Trident Crypto Fund, though he’d only registered for a seminar hosted by the firm and didn’t invest.
The fund does not list its team members on the website and has no presence in LinkedIn. It’s unclear where the fund is registered or physically located. According to Crypto Fund Research, the fund is based in Malta. It offers clients investment in a “top 10 crypto” index calculated by the fund itself.
Ledger Wallet Warns of Fake Google Chrome Extension Stealing Crypto
Major cryptocurrency hardware wallet supplier Ledger has warned its users about another phishing attack trying to steal their crypto — this one using a Google Chrome extension.
In a March 5 tweet, the French crypto company specified that there is a fake extension on Google Chrome browser that attempts to steal users’ crypto by asking them to enter their 24-word recovery phrase to access their wallet.
Ledger Live Gets Removed From The Chrome Web Store
The phishing attack was reported by Catalin Cimpanu, a cybersecurity reporter at business technology news website ZDNet on March 4. According to Cimpanu, the malicious Chrome extension was first discovered by Harry Denley, director of security at blockchain interface platform MyCrypto.
According to the report, the fake Chrome extension is called Ledger Live. It tries to mimic the real mobile and desktop application Ledger Live that allows Ledger wallet users to approve transactions by syncing their hardware wallet with a trusted device.
As of press time, the fake Ledger Live extension had apparently been removed from the Chrome Web Store. According to the report, the phishing extension was downloaded at least 120 times before it was taken down.
Fake Extension Was Advertised By Google Ads
As reported by ZDNet, the malicious extension was trying to mislead users into thinking that it represented the Chrome version of the original Ledger Live app, which would allow them to check balances and approve transactions via Chrome. Users were apparently offered to install the extension and connect their Ledger wallet to it by entering the wallet’s seed phrase — a backup phrase or word seed used to get access to their wallets.
MyCrypto exec Denley, who first uncovered the phishing attack, reportedly ridiculed the malicious extension by claiming that it makes no sense to install and use such an extension with a hardware wallet that is meant to protect funds by storing cryptocurrency offline.
However, Denley still admitted that he would not be surprised if the fake extension has tricked people, adding that it’s a “big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline.” The malicious extension could apparently have misled some users, taking into account the fact that it was advertised by Google’s online advertising platform Google Ads, as reported by Denley.
In the warning announcement, Ledger emphasized that the platform would never ask its users for their recovery phrase, urging that to never share the 24-word seed phrase or enter it into any device connected to the Internet. This is, however, not the first time that Ledger users encountered a fake Chrome extension. As reported by Cointelegraph in early January, another malicious Chrome extension stole about $16,000 in privacy-focused cryptocurrency Zcash (ZEC).
There have been no official announcements of the data breach on the fund’s website or in its Telegram group as of Thursday morning European time – when the news was first published.
Trident has not yet responded CoinDesk’s requests for comment via email, Telegram and Facebook.
Last week, decentralized derivatives exchange Digitex also suffered a leak of user data, though it said probably only email addresses had been lost in a theft attributed to an ex-employee.
Binance, the largest crypto exchange by trading volume, also saw verification details of possibly 60,000 users allegedly made public last summer. The firm said the know-your-customer data did not match its own, however, and suggested it was not the source of the breach.
Reginald Fowler Pleads Not Guilty To New Crypto Capital Charges
Reginald Fowler has pleaded not guilty to a new charge of wire fraud during a March 6 hearing at the United States District Court for the Southern District of New York.
On Feb. 20, the U.S. government filed a superseding indictment against Fowler, adding wire fraud to existing charges of bank fraud, illegal money transfer and conspiracy stemming from Crypto Capital alleged shadow banking practices.
James McGovern, Fowler’s attorney, criticized the fresh indictment, asserting that he has “no idea what [Fowler has] been charged with,” such as when and how the alleged wire fraud took place.
“I’ve never really seen a superseding indictment when it provides less information than the one before,” McGovern told the court.
Fowler was previously offered a plea deal, with reports claiming that he had “appeared ready to plead guilty” to a single count on Jan. 15. However, by Jan. 31, the U.S. government announced that Fowler had rejected the offer, which it subsequently withdrew.
Fowler To Face Trial In January
In light of the rejected offer, U.S. attorney Jessica Fender indicated that the government wished to go to trial during April.
Fowler’s representation pushed back against the prospect of an April trial, stating: “The case is just changed dramatically by the inclusion of this new count.” McGovern claimed that there are 30,000 documents-worth of discovery that he has not yet received that require review before going to trial.
Judge Andrew Carter Jr. ruled in favor of Fowler, pushing the trial back until Jan. 11, 2021. The trial is expected to last between four and five weeks.
Crypto Capital Provided Shadow Banking Services To Cryptocurrency Exchanges
The former NFL team owner is accused of acting as an unlicensed money transmitter and deceiving financial institutions as to the purpose of his accounts held with them. Through Crypto Capital, he allegedly provided shadow banking services to numerous cryptocurrency exchanges, including Bitfinex, Binance, Cex.io, Coinapult and QuadrigaCX.
Crypto Capital reportedly began providing bank services to Bitfinex when the exchange was kicked out of Taiwan in 2017. For two years, Bitfinex customers were allegedly instructed to deposit funds to accounts held in the name of various Crypto Capital subsidiaries at financial institutions all over the world.
In October 2019, Crypto Capital executive Ivan Lee was arrested in Poland, with reports tying him to $350 million in funds that were seized by authorities from a Crypto Capital subsidiary during April 2018. The seized funds allegedly included money that the firm was laundering for a Colombian narcotics cartel.
Crypto Capital remains a centerpiece to the ongoing investigation by the New York State Office into Bitfinex’s failure to disclose the loss of $880 million customer funds and a subsequent loan from sister-company Tether.
Bitfinex and Tether claim that the funds are not lost, rather have been seized alongside the accounts of various Crypto Capital subsidiaries.
Crex24 Exchange Accused of Hiding Hack From Customers
Users are accusing Estonian cryptocurrency exchange, Crex24, of hiding the scale of a hack from its users after suspending trade for several altcoin pairings.
Crex24’s members claim that the exchange has not given an explanation for its suspension of more than sixty altcoins. The exchange has also frozen withdrawal and deposit services for many of the platform’s coins.
Despite the apparent disruption to services and calls for answers on Twitter, the exchange’s social media posts suggest that it has been more interested in trying to drum up support for new listings than addressing the concerns of its users.
Accusation Mount Over Suspicious Htmlcoin Activity
A report published by Brazilian crypto press Livecoin on March 6 cites an anonymous Crex24 user who claims to have identified suspicious movements of the alternative cryptocurrency Htmlcoin, and may suggest foul play on the part of the exchange.
The user claims that the exchange froze his funds in mid-February, leading to a loss of approximately $32,000 of cryptocurrency.
Crex would later announce that 200 million Htmlcoins, worth $11,200, were stolen from its wallets and that it would be working with the Htmlcoin team to reimburse investors.
1.3 Billion Htmlcoin Transferred From Crex24 To Hitbtc
However, the anonymous source claims to have identified 1.3 billion Htmlcoins being withdrawn from Crex’s wallet, worth $72,800, on Feb. 12. The funds were sent to cryptocurrency exchange Hitbtc.
Htmlcoin, which reportedly has a large Brazilian user base, was added to the exchange during January of this year. Less than two months later, its pairings are now offline.
Crex24 has also reportedly increased its know-your-customer verification requirements for processing withdrawals since accusations began to swirl — further inhibiting their customers’ ability to remove funds from the platform.
According to Coin360, Crex24 hosted roughly $2.62 million in trade over the past 24 hours — ranking it 137th by daily volume at the time of writing.
At press time, Crex24 had not responded to Cointelegraph’s attempts to obtain a statement regarding the accusations.
Belgian Gov’t Will Sell $125K of Seized Bitcoin In Irish Public Auction
Major United Kingdom and Ireland-based auction house Wilsons Auctions is putting $125,000 worth of Bitcoin (BTC) under the hammer later this month.
In an announcement on March 6, Wilsons revealed the auction will be hosted by Wilsons Auctions Dublin on March 24.
The Bitcoin is being sold on behalf of the Belgian Federal government, which seized the cryptocurrency in criminal cases and is now cooperating with Wilsons’ Asset Recovery Department to dispose of the Bitcoin.
The auction will be unreserved, i.e. without a minimum price set for the winning bid.
First Public Online Auction In Ireland
While Wilsons has previously sold off cryptocurrency in other auction formats, this month’s sale represents the first public online auction of crypto in Ireland.
Mark Woods, an asset recovery executive at Wilsons, said of the auction:
“The format has proven popular with our customers, who are able to bid online and purchase cryptocurrency from an established and trusted auction house instead of utilizing online exchanges, which can be a risky and daunting process.”
He added that Wilsons offers guidance to cryptocurrency novices, with the aim of enabling all investors to “participate on a level playing field.”
Woods struck a positive tone about the auction house’s recent collaborations with international experts, law enforcement and government agencies in the cryptocurrency field, noting that the strategy allows the auction house to remain “at the forefront” of developments.
Wilsons has revealed that bidders from over 90 countries world-wide participated in its auction involving crypto-assets seized by the Belgian government earlier this year.
The auction house also held a Monero (XMR) auction in January, selling off XMR seized by United Kingdom law enforcement, as well as multi-crypto asset auctions in fall of last year.
As reported, auctions have become a common means for governments and law enforcement agencies to dispose of seized crypto, as with the United States’ use of the format for assets from the Silk Road darknet marketplace.
New PlusToken Report Shows KYC May Be Smoke And Mirrors
A new report on the PlusToken Ponzi scheme shows regulated exchanges are being used to dump coins, despite stringent Know Your Customer (KYC) identify verification rules.
Investigative company OXT Research has released a second edition of their in-depth blockchain analysis on the PlusToken scam.
The report explained PlusToken funds generally moved from unmixed allotments and locations, to mixers. After mixers, the funds saw consolidation, and then finally distribution. OXT’s report said:
“Approximately 80% of coins entering mixing have been distributed while up to 33,872 BTC remain in the mixer and 3,853 BTC are in the distribution process, resulting in a total of 37,725 BTC that have entered mixing, but not yet been distributed.”
Around $1.3 billion worth has been sold off in the past seven months with the report noting that distribution increases into market strength and “pauses” with market weakness.
OXT found that nearly 70% of the total hoard has been distributed to date meaning that “most of PlusToken’s market effects have largely passed.”
A large amount of coins ended up on OKEx. “OKEx is a newly labeled and significant coin destination having received nearly 50% of February distributions,” the report stated, adding that Huobi also remains one of the most significant coin destinations.
The PlusToken Coins Were Offloaded On Regulated Exchanges
ErgoBTC, an analyst closely following developments, pointed to an important aspect of the report — the usage of regulated exchanges for offloading BTC profits, as opposed to over-the-counter (OTC) selling. ErgoBTC tweeted:
“Regulated KYC’d exchanges have been the main destination of these coins throughout the post-shutdown period. Despite the ‘right narratives’ constructed by vested business interests, ‘OTC’ has not been the preferred destination of these coins.”
Governing bodies across the globe have pushed KYC and Anti-Money Laundering (AML) requirements for years, expressing the laws as a method of fraud prevention.
OKEx requires KYC to withdraw funds from the platform and so does Huobi.
PlusToken Has Been At It For Almost A Year
For many months crypto markets have experienced the effects of the unravelling of one of the largest alleged scams in the industry’s history. The operation reportedly began in 2018, ammassing 10 million participants by 2019.
Authorities apprehended several of the scheme’s operators in June 2019, although it is uncertain how many involved parties still remain at large. Some headlines note a potential correlation between Bitcoin’s 2019 downtrend — which started around the same time as the PlusToken arrests — and apparent PlusToken dumping.
PlusToken Moved More BTC On March 6
Data from several days ago shows a significant amount of funds were moved from wallets thought to be associated with PlusToken.
ErgoBTC noted that roughly 13,000 Bitcoin were transferred to a coin mixer, according to a March 6 tweet.
Less than 24 hours later, Bitcoin’s price fell from $9,200 down to $8,850. Bitcoin’s price continued further descent, down to a press time price of $7,930.
However other experts see more of a correlation to declining mainstream markets, explaining that investors are flocking to more stable assets.
Two Japanese Men Arrested For ‘Fencing’ NEM From Coincheck Hack
Tokyo police arrested two men in connection to the Coincheck hack on March 11. The men are accused of purchasing stolen NEM (XEM) through a dark web market, in violation of a law designed to tackle organized crime.
As reported by Japan Times on March 11, Tokyo’s Metropolitan Police Department arrested a doctor from Hokkaido and a company executive from the Osaka Prefecture.
According to the police, the suspects knew the origin of the funds. They reportedly purchased the XEM at a sizeable discount in February and March 2018 from a dark web website.
The suspects were allegedly apprehended through inquiries to a cryptocurrency exchange that some of the NEM was sent to. How the police were able to pinpoint the destination of the funds is unspecified. Blockchain tracking tools were most likely employed as well.
Chasing The NEM Trail
The Coincheck hack is one of the largest in the history of cryptocurrency exchange thefts. Hackers stole over $534 million worth of XEM in January 2018, with the trail allegedly leading to Russia-based attackers. Tokyo police allocated approximately 100 investigators to the case. Authorities are continuing investigations on other alleged buyers of the stolen NEM.
The stolen tokens were reportedly exchanged for Bitcoin (BTC) or Litecoin (LTC) and dispersed over 13,000 wallets. It is unclear if the hackers were able to fully cash out their proceeds, as many exchanges have increased their security and monitoring efforts since then.
Investigators appear to have shifted their focus now as they target those who purchased the tokens. The practice of buying stolen goods to resell them at a profit is called fencing and is considered a crime in most jurisdictions.
Advocates of privacy coins often believe that “transparent” coins such as Bitcoin or NEM lack fungibility, which could result in users unwittingly becoming “fencers” of stolen coins.
After a tumultuous 2018 where it saw revenue drop by 66% over a single quarter, the exchange eventually rebounded under its new owner Monex Group, who purchased Coincheck in April 2018. In early 2019 it was one of several Japanese exchanges to be granted a license from Japan’s Financial Services Agency.
In May 2018 the exchange dropped all coins with privacy features from its offering, while in November of the same year it resumed NEM trading.
LocalBitcoins Seller Charged After Undercover ‘Human Trafficking’ Sting
A Washington state resident has been charged with money laundering after selling Bitcoin for $140,000 in cash to undercover agents.
Bothell’s Kenneth Warren Rhule, 26, met with agents from Homeland Security Investigations on numerous occasions between April to December 2018, often in Seattle-area Starbucks cafes.
According to the unsealed complaint Rhule — who traded on localbitcoins.com under the name Gimacut9 — allegedly closed at least seven deals with agents “posing as criminals” who wanted to buy untraceable Bitcoin with the proceeds of their operations.
They told Rhule they were bringing Ukranian women to the U.S. for the purposes of prostitution.
Special Agent Victor Morales From The Drug Enforcement Agency Said In The Complaint:
“Rhule conducted these transactions even after the undercover agent explained that at least a portion of the cash involved represented proceeds of human trafficking.”
Rhule made an appearance before the US District Court of Seattle on Tuesday. He was charged with conducting an unlicensed money transmitting business and five counts of laundering monetary instruments. The complaint noted that he failed to conduct any Know Your Customer ID verification checks.
The money laundering charges are punishable by up to 20 years in prison, while the marijuana charges are punishable with a minimum of five years in prison, and a maximum of 40 years.
Rhule Allegedly Boasts Of Drug Operations
On one occasion while waiting for confirmations the Bitcoin had been successfully deposited, Rhule allegedly boasted about doing “5,10 or 20,000 kilo” CBD (Cannabidiol) orders. The investigation found he was running an unlicensed marijuana products business manufacturing items including hash oil.
He documented his sophisticated growing operations with photographs uploaded to his Google, iCloud and Instagram accounts — including pictures of Rhule posing with crops of marijuana.
He was also charged with conspiracy to manufacture and distribute marijuana.
Bitcoin Dealer Extols The Virtues Of Monero
Rhule also advised the undercover agents that Bitcoin was only pseudo-anonymous and extolled the virtues of Monero which he said was a “100% anonymous cryptocurrency”:
“Rhule explained to UCA-1 that Monero operated under the same concept as any cryptocurrency and was verifiable on the blockchain with one important caveat: wallet addresses could not be tracked.”
The ‘Gimacut9’ LocalBitcoins account last made a deal on July 1 2019 and was banned from November 2019 onwards. LocalBitcoins no longer offers a cash for crypto trading option.
Alleged Deer.io Black Market Kingpin Arrested by FBI
Kirill Victorovich Firsov, the alleged owner of Russian-based anonymous marketplace Deer.io, was arrested on March 7 by Federal Bureau of Investigation (FBI) officials at John F. Kennedy Airport in New York.
Court documents allege that Firsov is the mastermind behind Deer.io — a site that offered darknet-style services in exchange for Bitcoin on the normal web. The FBI estimates it has facilitated more than $17 million worth of sales.
Firsov will be arraigned in New York court later this week, where he is expected to face charges for trafficking stolen information, and aiding and abetting trafficking.
Deer.io Hosted $17 Million In Black Market Sales Since 2013
Since 2013, Deer.io has hosted 24,000 active stores specializing in stolen information, offering a simple ‘turn-key’ solution for black-market entrepreneurs.
Vendors would pay roughly 800 Russian rubles ($12.50) to operate on Deer.io each month, with hosting offered on private Russian servers out of the reach of U.S. authorities. Fees were paid to Firsov in Bitcoin (BTC) or via the Russian payments platform WebMoney.
Of the 250 Deer.io shops reviewed by the FBI so far, not a single business dealt in legitimate wares. Items for sale on the platform included user passwords, fake social media accounts and sensitive identity data such as birth certificates and tax returns.
Troves Of Personal Data Sold Openly On Deer
During its investigations, the FBI made several purchases using the Deer platform including 999 documents containing Personally-Identifying Information (PII) from one vendor for $170 in Bitcoin, and $522 in Bitcoin for a stash of 2,650 documents from another.
For $20 worth of crypto, the FBI was able to pick up the usernames and passwords for 1,100 compromised gaming accounts.
Deer.io rose to prominence as an underground marketplace specializing in stolen goods during 2016 after infamous hacker Tessa88 used the platform to sell sensitive data hacked from social media networks LinkedIn and MySpace.
US Charges Dutch National With Running Crypto-Funded Child Porn Site
U.S. prosecutors indicated a Dutch national Thursday for allegedly spearheading a rape and child pornography website that’s made over $1.6 million worth of bitcoin selling videos since 2012.
Known as “Michael R.M.,” and “Mr. Dark,” the man allegedly ran a site called “DarkScandals” that operated on the darknet, which requires special software to access, and on the public clearnet. He allegedly sold over 2,000 videos and had ties to 303 virtual currency accounts, according to a press release from the U.S. Attorney’s Office for the District of Columbia.
Bitcoin (BTC) and ether (ETH) funded the bulk of the operation, according to the complaint against the man filed in the U.S. District Court for the District of Columbia.
Customers allegedly sent the cryptocurrencies as payment for videos or could upload their own. Their video submissions had to follow “specific rules,” though. As detailed extensively in the complaint, the videos had to be explicitly “obscene.”
“The types of crimes described in this indictment are the most disgusting I’ve encountered in 30 years of law enforcement,” said Don Fort, chief of the Internal Revenue Service’s Criminal Investigation team (IRS-CI), in a press release. “It is a special kind of evil to prey on and profit from the pain of others.”
Federal agents discovered DarkScandals while investigating the Welcome to Video case last year. That operation led to hundreds of arrests, the seizure of hundreds of thousands of videos and the dismantling of what was deemed the “largest darknet child pornography website” by investigators at the time.
It also led investigators straight to DarkScandals, the complaint said. “A subsequent review of a Washington, D.C.-based ‘Welcome to Video’ customer’s virtual currency records lead to the discovery of the DarkScandals sites.”
The case serves as another reminder that cryptocurrencies are a double-edged sword for criminals. On the one hand, transactions cannot be blocked by a regulated third party like a bank or payment processor; on the other hand, they leave a trail of crumbs for investigators that is difficult to obscure.
Agents with IRS and Homeland Security Investigations traced 303 digital currency transactions in the course of this latest investigation. The IRS used Chainalysis’ transaction tracing software in that investigation; a spokesperson for Chainalysis did not immediately respond to requests for comment.
“If you thought you were anonymous, think again,” Fort said.
U.S. investigators worked in partnership with the Dutch National Police, Europol and the German Federal Criminal Police in parallel investigations, according to DOJ.
Prosecutors are seeking to charge the man on nine counts and seize the operation’s digital currency holdings. It was not immediately clear if he is in custody. A spokesperson for the U.S Attorney’s office did not immediately respond to a request for comment.
Two Canadians Sentenced To Prison Time In US For Bitcoin Theft
Two Canadian nationals have been sentenced to two years in a United States federal prison for stealing 23.2 Bitcoin (BTC) through a scam on Twitter in 2017.
According to the U.S. Department of Justice, on March 17, 23-year-old Karanjit Khatar and 24-year-olds Jagroop Khatkar were formally sentenced to 24 months in prison and three years supervised release for money laundering and conspiracy to commit wire fraud.
Scammers Impersonate HitBTC Support Staff On Twitter
Beginning in October 2017, the British Columbia-residents were found to have impersonated customer service representatives from the Hong Kong-based cryptocurrency exchange HitBTC.
Acting under the handle “@HitBTCAssist,” the pair responded to a request posted to the real HitBTC’s Twitter account concerning cryptocurrency withdrawal processes.
The Khatkars were able to convince the Oregon resident to forward sensitive information relating to their email, HitBTC, and Kraken accounts — which the scammers used to transfer 23.2 Bitcoins to Karanjit’s wallet.
Worth $119,000 today, the stolen Bitcoin had a value of roughly $130,000 at the time of the theft.
Stolen Proceeds Spent On A Lavish Lifestyle
The scammers divided the stolen proceeds equally, quickly selling the Bitcoins to fund an exorbitant lifestyle including casino gambling and luxury vehicles.
Within two days of the theft, Karanjit Khatkar purchased a Mercedes-Benz for nearly $40,000. He also gambled with tens of thousands of dollars while visiting high-end casinos in Las Vegas.
Karanjit was arrested at the McCarran International Airport in Las Vegas on July 18, 2019, while Jagroop later appeared at his arraignment voluntarily.
The pair pleaded guilty on Dec. 16, 2019, and were ordered to pay total restitution of $184,511.
Crypto Scams Capitalize On Coronavirus Panic
A number of government regulators have warned of a recent uptick of scams seeking to capitalize on the widespread fears relating to COVID-19.
On March 11, the United Kingdom Financial Conduct Authority warned that coronavirus scams may “take many forms and could be about insurance policies, pensions transfers or high-return investment opportunities, including investments in cryptoassets.”
Earlier this month, cybersecurity threat researcher DomainTools identified the coronavirus-themed ransomware “CovidLock.” DomainTools found that the website coronavirusapp.site installs ransomware on a users’ device under the guise of providing a thermal map showing the spread of the coronavirus nearby.
Once granted permission to access a device’s screen settings, the ransomware changes the lock screen password and demands $100 in Bitcoin in exchange for restored access to the phone.
Woman Arrested For Stealing $480,000 From Crypto Exchange She Co-Founded
A woman was arrested in Bengaluru, India on March 17 for allegedly stealing 63.5 Bitcoins (BTC) from Bitcipher Labs — a cryptocurrency exchange that she had previously co-founded.
The thefts took place on January 11 and March 11 respectively, resulting in $480,000 worth of BTC being stolen from Bitcipher.
Bitcipher Co-Founder Steals $480,000 In BTC
Ayushi Jain, the 26-year-old former-employee, was found to have stolen 63.5 BTC from hardware wallets owned by the exchange.
Indian police acted in response to a complaint filed by Bitcipher Labs’ CEO, Ashish Singhal, who had identified the two unauthorized transactions.
The Bengaluru Investigation Department stated that an “investigation revealed the complainant had hardware wallets in which Bitcoins were stored, and a 24-word passphrase (password) was written on a piece of paper.”
Police suspected that the thief was “someone proficient in using this technology, and who was closely associated with the firm”, due to the fact that the culprit was able to operate a cryptocurrency hardware wallet and access the funds using the wallet’s corresponding passphrase.
Stolen Funds Were Recovered
After preparing a list of the exchange’s former employees, Ayushi was identified as a likely suspect, as she had quit the company on Dec. 16, 2019, despite having co-founded the firm alongside Singhal in 2017.
After being detained, Ayushi confessed to the theft. The stolen funds were recovered by police. A senior police officer stated:
“On Wednesday, we took Ayushi into custody and searched her house. We seized a laptop which contained the history, showing how Ayushi used the passphrase and stole money in installments between January and March. She confessed to the crime. By Thursday afternoon, we recovered the entire amount.”
Police seized Ayushi’s laptop, and all stolen funds have been returned to the exchange.
Crypto Exchanges Rush To Enter Indian Market
India has become a renewed focus of the cryptocurrency community. Recently, the Supreme Court reversed the Reserve Bank of India’s ban on financial institutions, and are now providing services to businesses operating with cryptocurrencies.
Despite several cryptocurrencies rushing to enter the Indian market, a recent parliamentary investigation has revealed that only two cryptocurrency exchanges are licensed with the country’s Ministry of Corporate Affairs.
SEC Charges Former State Senator Over Digital Asset ‘Scam’
The Securities and Exchange Commission (SEC) has pressed charges against a former state senator for his role in a $4.3 million token sale that promised outlandishly high returns.
The SEC confirmed Friday it had filed a complaint against David Schmidt, a former Republican state senator for Washington State, as well as two other people for their role promoting the sale of “Meta 1 Coins.”
Filed in the Western District of Texas on March 16, the complaint accuses Robert Dunlap and Nicole Bowdler, as well as Schmidt, of violating antifraud and securities regulations when promising investors returns of nearly 225,000 percent. They also claimed the coin was risk-free and would never lose value.
The SEC said defendants made “numerous false and misleading statements,” including that Meta 1 Coin was backed by an art collection valued at $1 billion, or a gold deposit valued at $2 billion, that was regularly audited by an accounting firm.
“The defendants made audacious claims about the Meta 1 Coin and would say almost anything to separate investors from their money,” said David Peavler, the SEC’s regional director at the Fort Worth Regional Office. “Investors should always look skeptically at promoters who claim that their investment cannot lose value or that investors will receive massive returns.”
In total, Meta 1 Coin raised $4.3 million from around 150 investors, some based in the U.S. The digital assets were never distributed to investors, however. Some of the proceeds were funneled to a Chicago-based fund, Pramana Capital, as well as to another individual, Peter Shamoun. The SEC claims defendants used investors’ money to fund lavish lifestyles, including the purchase of a $215,000 Ferrari.
Launched in 2018, Meta 1 Coin’s website doesn’t include a description of what the purpose of the coin is. Its Twitter page is filled with pictures and short clips of physical Meta 1 Coins, talking about the disruptive potential of blockchain technology.
“The only participants of META 1 Coin Trust and the named websites are for Live Natural Man and Women, flesh-and-blood Almighty God-created private Humans sui juris sentient being; and an Ambassador of God Almighty Domiciled in the ARIZONA Republic and on religious sojourn through the UNITED STATES.”
Schmidt, a moderate Republican, was initially elected as a representative for Washington State back in 1994. After serving four terms, he became a state senator in 2002, before losing his re-election bid in 2006. Now based in Arizona, he works as a consultant, writer and radio program host, according to his LinkedIn page.
In 2012, Washington’s electoral watchdog, the Public Disclosure Commission (PDC), fined Schmidt $10,000 for improperly using more than $41,000 in donations to reimburse himself for lost wages between 2003-2006, as well as mortgage repayments and personal travel costs.
Schmidt denied misusing campaign dollars, claiming in 2011 that campaign funding rules were “very open to interpretation.”
Schmidt could not be reached for comment on the SEC complaint.
The SEC is seeking civil penalties and permanent injunctions against Schmidt and the other two defendants, as well as for investors to be refunded. The regulator also wants Pramana Capital and Shamoun to hand over any funds received from the Meta 1 Coin Trust sale.
CoinDesk reached out to both Meta 1 Coin Trust and Pramana Capital for comment, but had not received a response by press time.
YouTube Scam Impersonates Ripple CEO Garlinghouse For Fake XRP Airdrop
Despite YouTube’s many aggressive actions against cryptocurrency-related content, the world’s most popular video-hosting website is apparently having trouble discovering a major scam account involving crypto.
On March 23, the crypto community spotted a bogus YouTube account impersonating Brad Garlinghouse, CEO of major blockchain company Ripple, in order to promote a fake airdrop scam.
Video Containing Fake XRP Airdrop Description Was Uploaded On Youtube On March 19
The apparent scam account has around 277,000 subscribers and contains only one video, which promotes a fake giveaway in the third-biggest cryptocurrency, XRP. Uploaded on YouTube on March 19, the video description promotes a nonexistent airdrop of 50 million XRP tokens and has amassed over 85,000 views as of press time.
While the video itself is not fake and is a real interview that Garlinghouse gave in February 2020, the scam lies in the video description. The Ripple exec hasn’t yet reacted to the scam alert on Twitter so far despite reports mentioning him.
Specifically, the video description presents users with a bogus airdrop contest taking place from March 20 till March 25, according to the video description. The YouTube scammer asks users to send between 2,000 XRP to 500,000 XRP in order to “participate” in exchange for immediate airdrop of 20,000 to 5 million XRP. For example, the fraudster promises to send 2.5 million XRP back in exchange for sending 250,000 XRP ($40,000) to his/her crypto address. As of press time, the address has 5,135 XRP ($800).
Scammers Purchasing Youtube Channels With Large Numbers Of Subscribers Could Be A Reason
A co-founder of crypto podcast SPQR Media, who first reported on the YouTube scam on his Twitter account on March 23, emphasized in a recent tweet that the scam channel is still up and running and is receiving funding for promotion on YouTube. Twitter user @Andy_SPQR told Cointelegraph that he noticed the scam page last night as an ad popped up on his YouTube feed.
The SPQR co-founder highlighted that he immediately tweeted to report on the apparent scam as the YouTube account had a “huge number of subs but only one video,” while the description promised a free XRP airdrop scam. According to the executive, the reason for the scam is that YouTube allows users to purchase channels from each other. He said:
“In my opinion I think what’s happening is these scammers are purchasing YouTube channels with large numbers of subscribers and then deleting all content and uploading that video. I think that’s how they are able to maintain a presence on YouTube.”
YouTube Started An Apparent Crypto War In Late 2019
The news comes on the heels of YouTube continuing its apparent war against crypto content makers on the platform.
As Cointelegraph reported on March 10, YouTube deleted another batch of crypto-related videos from two separate crypto channels. In late 2019, YouTube was also aggressively deleting crypto content from some of the biggest players in the industry. As reported by Cointelegraph, YouTube subsequently admitted that some of its deletions were a mistake, while a lot of crypto YouTubers expressed intention to move to blockchain-based video hosting platforms to share their content.
Fake Ledger Live Chrome Extension Stole 1.4M XRP, Researchers Claim
A fraudulent Google Chrome extension has allegedly stolen as much 1.4 million XRP from users this month alone.
In a series of tweets published on March 24, the research team “xrplorer forensics” claimed that fake Ledger Live extensions are being used to collect user backup passphrases:
“They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone.”
Revising this initial figure, xrplorer forensics later amended its estimate to “close to 1.4M.”
The Fraudulent Extension Is Still Available On Google Store
According to the researchers, most of the stolen XRP appears to still be held in accounts, with a proportion cashed out via the crypto exchange HitBTC.
Sharing a screenshot of a post request from the alleged scam, xrplorer forensics warned the community against downloading tools for their hardware wallets from any developer other than the vendor directly — in this case, French crypto hardware wallet manufacturer, Ledger.
As of press time, two “Ledger Live” extensions appear on the Google store for the Chrome browser, both of which include multiple user reviews that appear to corroborate xrplorer forensics’ warnings against the scam.
Exchanges Should Be On The Alert
In a series of parallel tweets between March 20 and March 25, xrplorer forensics claimed that close to 300 million XRP currently residing in XRP accounts is flagged as fraudulent.
The vast majority of it, they claim, comes from the PlusToken exit scam. 13 million XRP is, in their estimation, derived from other thefts and scams.
In a tweet today addressed to crypto exchange bithunter.io, the researchers asked why AML (anti-money-laundering) alerts were not observed for a series of large and allegedly suspicious transactions. They contend that one-third of all XRP bithunter has received is from suspect accounts on their advisory list.
As of March 20, the researchers said they had been noticing a “consolidation of funds from various scams happening right now,” appealing to exchanges to stay alert to the nature of incoming payments.
At the start of this month, Ledger had itself cautioned its users against the fake Ledger Live extension — first discovered by Harry Denley, director of security at blockchain interface platform MyCrypto. Denley, like xrplorer forensics, had identified that the fake extension was being propagated by a GoogleAds campaign.
Network of Fake Bitcoin QR Code Generators Stole $45,000 In March
A network of malicious QR code generators has stolen more than $40,000 from Bitcoin (BTC) users in one month.
At least nine fake Bitcoin-to-QR code generators have been spotted in recent weeks, with security researcher, Harry Denley, first tweeting that he had identified two domains hosting fake QR code applications on March 22.
Denley later identified seven other domains sharing the same interface — suggesting that they are all created by the same developer.
Fake Bitcoin QR Code Generators Steal Over 7 BTC
The malicious programs promise to convert a user’s Bitcoin address into a QR code, claiming to eliminate the risk of the user losing their funds as a result of typos when entering or sharing their address — a service offered by every popular block explorer and most mobile wallet applications.
However, the QR code generated by the programs is always the same address — diverting the victims’ funds to the malicious program’s developers. The supposed QR generators correspond to five different wallets, which have absorbed more than seven BTC, likely from the apps’ victims.
The malicious websites are bitcoin-barcode-generator.com, bitcoinaddresstoqrcode.com, bitcoins-qr-code.com, btc-to-qr.com, create-bitcoin-qr-code.com, free-bitcoin-qr-codes.com, freebitcoinqrcodes.com, qr-code-bitcoin.com, and qrcodebtc.com.
‘Bitcoin Transaction Accelerators’ Accumulate 17.6 BTC
The websites are hosted by three different servers that collectively host roughly 450 other websites that appear sketchy — with the sites featuring keywords related to coronavirus, Gmail, and various cryptocurrencies.
Among the sites are several purported “Bitcoin transaction accelerators,” which claim to speed up BTC transfers in exchange for a 0.001 BTC. The BTC addresses associated with the supposed ‘accelerators’ have absorbed more than 17.6 BTC — taking in nearly $110,000.
Crypto Scams Capitalize On Coronavirus Fears
Opportunistic scammers have sought to capitalize on the COVID-19 pandemic — with UK county regulators, the Texas State Securities Board, and the US Commodity Futures Trade Commission issuing warnings about the proliferation of coronavirus crypto scams over the past week.
Recent scams have also impersonated the World Health Organization in an attempt to siphon donations, and taken the form of apps purporting to track the spread of coronavirus.
CFTC Requests Default After Failing To Find $147M Bitcoin Ponzi Operator
The United States Commodity Futures Trading Commission (CFTC) has requested that the alleged founder of the crypto $147 million Ponzi scheme Control-Finance be declared a default.
On April 3, the CFTC filed for a ruling of default after Control-Finance’s alleged founder and director, Benjamin Reynolds, did not respond to the regulator’s complaint.
CFTC Unable To Locate Reynolds After 10 Months
The CFTC’s complaint was filed during June 2019 — alleging that Reynolds misappropriated at least 22,858 BTC from more than 1,000 customers from May 1, 2017.
In January 2020, the SEC requested additional time to locate Reynolds amid an ongoing investigation in South Korea.
During July 2019 the regulator had attempted to serve Reynolds at two addresses associated with the scheme’s director, later learning from Control-Finance investors that the accused may be situated in Korea.
The CFTC simultaneously filed a notice of voluntary dismissal without prejudice against Control-Finance.
Ponzi Scheme Does Away With $147 Million
The CFTC’s complaint alleges that Control-Finance claimed to divert customer funds to the trading operations of its expert employees while diverting new depositors’ funds to the scheme’s previous investors to create the illusion of profits and build hype.
The firm constructed a pyramid scheme around a purported affiliate program, which was promoted on Twitter, Facebook, and YouTube. In September 2017, Control-Finance removed its website, ceased making affiliate payouts, and deleted advertising content from social media.
While claiming that customer funds would be returned during the following two months, the pair were the scheme was liquidating the 22,858 BTC in its possession for roughly $147 million.
Control-Finance sought to launder the funds through thousands of transactions, with the BTC ultimately arriving at wallets held with Canadian crypto exchange CoinPayments.
Q3 Crypto Ponzi Victims File Class Action Lawsuit Against Wells Fargo
Q3 Investment Recovery Vehicle (Q3IRV), an entity representing the more than 100 victims of the alleged $35 million Q3 Ponzi scheme, has filed a class-action lawsuit against Wells Fargo Advisors.
The suit accuses Wells Fargo of failing to inquire into the activities of an employee accused of co-masterminding the scam.
The plaintiffs assert that the Wells Fargo subsidiary failed to make appropriate inquiries into its financial advisor James Seijas — as per the firm’s policy mandating employees to regularly report activities relating to outside interests.
Crypto Ponzi Victims Sue Wells Fargo For Vicarious Liability
Q3IRV is seeking damages and interest for vicarious liability for the actions and omissions of Seijas.
The plaintiffs assert that Wells Fargo did not inquire into Siejas’ role at Q3 while he operated the scheme, despite the firm’s policies for employees:
“Wells Fargo Advisors’s policies and procedure required employees to regularly report to Wells Fargo Advisors concerning work they did outside the scope of their employment…”
The lawsuit emphasizes that as Seijas touted himself as an investor working on behalf of Wells Fargo while he was an employee of the firm, “the acts and omissions described herein were committed in his capacity as an agent for Wells Fargo Advisors.”
The lawsuit also names Wells Fargo Advisors in counts of unjust enrichment, negligence and fraud.
Seijas Worked At Wells Fargo Advisors For Five Years
The lawsuit alleges that Siejas, alongside fellow co-founders Quan Tran — a certified general surgeon, and Michael Ackerman — a former UBS securities employee, formed the Q3 Trading Club in 2017.
Q3 purported to pool investors funds to trade crypto assets using a proprietary algorithm, promoting the scheme to physicians on social media, including a Facebook group called “Physicians Dads’ Group.”
The suit alleged that, after raising upwards of $1 million, Q3 became a limited partnership and expanded to take in $33 million from 150 investors across the United States.
Q3IRV claims that only $10 million the funds raised were invested in virtual currencies, with over $10 million being diverted to the trio:
“Despite Defendants’ representation to potential and existing Q3 Investors that their virtual currency trading was highly successful and that Q3 Investors were free to withdraw the profits earned in their accounts after one year, Defendants did not trade virtual currencies successfully and most of Q3 Investors’ money was misappropriated or lost in trading.”
Q3’s operators also diverted $4 million in purported licensing fees for access to their proprietary algorithm into their personal bank accounts, according to the plaintiffs.
Camarillo Man And Two Others Arrested In Alleged $722-Million Cryptocurrency Fraud Scheme
Three men, including one from Camarillo, have been arrested in connection with an alleged cryptocurrency mining scheme that authorities say defrauded investors out of hundreds of millions of dollars from April 2014 through December 2019. The Department of Justice announced charges Tuesday.
Matthew Brent Goettsche, 37, of Lafayette, Colo.; Jobadiah Sinclair Weeks, 38, of Arvada, Colo.; and Joseph Frank Abel, 49, of Camarillo, were indicted on charges of conspiracy to offer and sell unregistered securities. Goettsche and Weeks were also charged with conspiracy to commit wire fraud.
U.S. Atty. Craig Carpenito described the alleged fraud as a “modern, high-tech Ponzi scheme” that amounted to $722 million. Two other suspects remain at large.
“Those arrested today are accused of deploying elaborate tactics to lure thousands of victims with promises of large returns on their investments in a bitcoin mining pool, an advanced method of profiting on cryptocurrency,” said Paul Delacourt, the assistant director in charge of the FBI’s Los Angeles Field Office. “The defendants allegedly made hundreds of millions of dollars by continuing to recruit new investors over several years while spending victims’ money lavishly.”
The defendants operated BitClub Network, providing false and misleading figures that investors were told were “bitcoin mining earnings” in exchange for money, Carpenito said.
According to court documents, officials said that Goettsche referred to investors as “dumb” and said he was “building this whole model on the backs of idiots.” On at least three occasions, the illegality of the alleged scheme was referenced to Goettsche. Additionally, he, Weeks, Abel, and others conspired to sell BitClub Network shares when they were unregistered securities, authorities said.
The maximum penalty for wire fraud conspiracy is 20 years in prison and a fine of up to $250,000. Conspiracy to sell unregistered securities carrie a maximum penalty of five years in prison and a fine up to $250,000.
High Court Delivers Judgement On User Assets At Hacked Exchange Cryptopia
Hacked cryptocurrency exchange Cryptopia today informed its users that the High Court of New Zealand has delivered its judgment on the status of their compromised assets.
In a tweet thread published on April 8, the exchange shared the 74-page court document detailing the judgment, summarizing:
“Today, 8 April 2020, Justice Gendall delivered his judgment finding firstly, cryptocurrencies are “property” […] and secondly, that account holders’ cryptocurrency were held on multiple trusts, separated by individual crypto-asset type. This means that the cryptocurrencies are beneficially owned by the account holders and are not assets of the company.”
Some Creditors To Get Less Than 50% Of Claims
As previously reported, the now-defunct Cryptopia was the target of a security breach in January 2019, which continued for two weeks after its detection until the exchange managed to regain control of its wallets.
In today’s judgment, Justice Grendall revealed that users’ assets on the exchange had been held in multiple trusts, each of which grouped together account holders holding a particular type of digital asset.
The result is that account holders within each specific group are treated as the co-beneficiaries of the same trust.
As to whether crypto assets qualify under New Zealand’s trust law, Justice Grendall firmly concluded that crypto is “a species of intangible personal property and clearly an identifiable thing of value.”
As property, crypto assets are therefore, “without question […] capable of being the subject matter of a trust.” Should the liquidators succeed to recover the stolen assets, the judgment therefore holds that:
“They are to be dealt with pro rata within each specific trust for the digital asset concerned according to the amounts recovered assessed against the amounts stolen.”
While account holders will be reimbursed, Justice Grendall determined that the pool of liquidated assets available to creditors is likely to be around NZD 5.4 million [$3.22 million].
This amounts to less than 50% of the value of their claims, given that the total value of all creditors’ claims is an estimated NZD 12.7 million [$7.57 million], NZD 5 million ($2.9 million) of which is being sought by the tax authorities.
A further detail in the judgment refers to cases where the assigned liquidator, Grant Thornton, might be unable to ascertain the identity of a particular account holder. In such instances, the affected digital assets are to be dealt with pursuant to New Zealand’s Trustee Act.
This is particularly relevant in light of a revelation from Grant Thornton in August 2019. The firm then explained that some Cryptopia customers did not have individual wallets and their funds were pooled together, as the exchange kept details of customer holdings in its database.
As a consequence, the firm said it was impossible to determine individual ownership by relying on wallet keys.
At the time, Grant Thornton assured users that it was working to “reconcile the accounts of over 900,000 customers, many holding multiple crypto-assets, millions of transactions and over 400 different crypto-assets […] one-by-one.”
In December, Grant Thornton revealed it had recovered almost $11 million and disbursed $2.46 million to certain preferential creditors. However, the firm said it was still “not practicable to estimate a completion date for the liquidation,” adding that “no detailed reconciliation” process between customer databases and crypto assets held in wallets “had ever been completed.”
US State Regulators Order ‘Fraudulent’ Crypto Mining Scheme To Shut Down
The Texas State Securities Board (TSSB) and Alabama Securities Commission (ASC) ordered Ultra Mining to cease and desist, alleging it promised to double investments in a cloud mining scheme.
The state securities regulators filed an emergency action against Ultra BTC Mining and Laura Branch on Wednesday, alleging the firm promised to double investors’ funds, touted a massive bitcoin price rise, offered affiliate and partner programs and claimed to donate to COVID-19 charity efforts without proof.
Ultra Mining allegedly raised $18 million.
According to the order, the investments in hash power appear to be securities. The TSSB is alleging that the respondents failed to register before selling these securities, and “are engaging in fraud” by making misleading statements about the returns.
“The company is promising eye-opening returns. According to the order, they are telling potential investors that a $10,000 investment in computing power will return nearly $10,500 per year. A $50,000 investment will return nearly $52,000 per year,” a press release said.
The respondents claim that “bitcoin is still in a bull market,” and expect the price to reach nearly $23,000, and letting investors who deposit at least $10,000 receive a greater share of the mining power, the order said.
Ultra Mining’s website describes it as a “cryptocurrency bitcoin cloud mining company.”
“The company provides modern, high-efficiency platform rental services for Bitcoin mining.
We guarantee an instant connection, access 24/7, operation without any interruptions, real-time mining monitoring, easy-to-use and secure platform as well daily mining outputs,” the company’s website reads.
While the website links a Facebook page, the Twitter and Telegram icons on the site link to Twitter.com and Telegram.com, rather than actual social media profiles. (Note: Telegram.com is the local newspaper for Worcester, Mass., while Telegram.org leads to the messaging app.)
Ultra Mining is also claiming to have donated at least $100,000 to Unicef to fight COVID-19, and claims it will donate again.
However, “respondents … are expressly refusing to provide any information that verifies the donation, that potential investors can rely upon to independently verify the donation or that demonstrates their financial ability to donate the money,” the order said.
Ultra Mining did not immediately return a request for comment.
Bitcoin Trading Scam Claims To Involve Prince Harry And Meghan Markle
A Bitcoin (BTC) trading scam has claimed the involvement of the Duke and Duchess of Sussex Prince Harry Charles Albert David and his wife Meghan Markle.
According to an April 9 report by the Mirror, the royal couple was featured in a fake BBC article where they praised a Bitcoin trading scheme.
The fake news piece claimed that the pair talked during a television show about a “wealth loophole” that can “transform anyone into a millionaire within three to four months.”
According to the fake article, the scheme would play a role in the couple’s very real intentions to step back as senior Royal Family members and become financially independent. The report praises the well-known Bitcoin scam Bitcoin Evolution:
“What’s made us successful is jumping into new opportunities quickly and without hesitation, and right now our number one money-make is a new cryptocurrency auto-trading program called Bitcoin Evolution. […] It’s the single biggest opportunity we’ve seen in our entire lifetimes to build a small fortune fast. […] We urge everyone to check this out before the banks shut it down.”
Too Good To Be True
The article leads potential victims to the scam’s website, which features a red banner and a countdown clock, warning that registration will close soon because of high demand. As the Mirror explains, this is a strategy meant to motivate potential investors to fall for the scam. The website also claimed that members usually earn at least $1,300 daily while working an average of 20 minutes per day, adding:
“Your profits are unlimited within The Bitcoin Evolution. Some members earned their first million within just 61 days.”
Bitcoin Scam Impersonations
In order to gain credibility, promoters of cryptocurrency scams often claim to involve well-known public figures. As Cointelegraph reported in late March, Janet Jackson’s billionaire ex-husband, Wissam Al Mana, was also featured in such a scam promotion on Facebook. He later demanded that the social media platform reveal the identity of the promoter.
Also in March, the cryptocurrency community spotted a bogus YouTube account impersonating Brad Garlinghouse, the CEO of the firm behind XRP Ripple.
$2M Crypto Scam Allegedly Funded Man’s Lavish Lifestyle
A trust has sued businessman, Brock Flagstad, over allegedly misappropriating over $2 million in funds that were purportedly designated for cryptocurrency trading.
Despite Flagstad soliciting the funds for the purpose of digital asset trading, the James Streibich Revocable Trust accuses the businessman of siphoning money from the investment to fuel an exorbitant lifestyle involving private jets and luxury vehicles.
Businessman Accused Of Misappropriating Over $2M
The complaint has been brought against both Flagstad individually, and against seven companies operated by the businessman — levying allegations of fraud, theft, conspiracy, breach of contract, and breach of fiduciary duty.
The trust asserts that Flagstad reached out to its trustee, James Streibich, in May 2018 to pitch an investment that would be used by his firm Folding Light’s “proprietary financial trading platform.”
In exchange for a $2 million investment, Streibich claims the trust was assured a preferred interest in Folding Light and informed by Flagstad’s attorney that the funds would exclusively be used for trading.
However, the trust claims that within just weeks of its investment, Flagstad began “siphoning trading capital the trust invested with Folding Light to outside banking accounts and his other ventures.”
Flagstad Allegedly Requested $200K Loan And Fled To Georgia
After Folding Light’s trading team left the firm in 2018 to start a new company, the trust states it accepted a request from Flagstad for a $200,000 line of credit.
In the Summer of 2019, the trust claims that Flagstad stopped making interest payments on the loan, moved to the state of Georgia, and became “increasingly unavailable.”
Flagstad allegedly operates 17 companies from the same address in Chicago, with the plaintiffs accusing him of perpetrating similar schemes targeting other Chicago-based investors.
“Flagstad has solicited millions of dollars in private equity funds for Flagstad companies from numerous prominent Chicago-area investors,” the complaint reads.
Investment Capital Possibly Used To Fund Lavish Lifestyle
Streibich claims to possess banking documents showing at least $849,000 that had been wired from Folding Light to his personal bank account.
The trust insinuates that some of the funds it invested may have been used to support exorbitant purchases, with the claim asserting that “Flagstad has a rapacious personal need for cash to support his lavish lifestyle of private jets and expensive cars.”
The trust is seeking injunctive relief and compensation for damages.
Flagstad Denies Allegations
The businessman’s attorney, Stan Sneeringer, told Law360 that the allegations against Flagstad are false and they intend to defend the case “vigorously.”
“Anyone can allege anything they want in a complaint, particularly where, as here, the allegations are made ‘on information and belief.’ It is another matter to prove those allegations in a court of law,” he added.
The Federal Bureau Of Investigations (Fbi) Expects A Rise In The Number Of Crypto Scams Related To The Coronavirus Pandemic
In a April 13 press release, the FBI warned that the increase of “cryptocurrency-related fraud schemes” would only be facilitated by more people getting on board with crypto. The elderly are particularly vulnerable, but the agency is reporting people of all ages could be victimized by such scams.
“There are not only numerous virtual asset service providers online but also thousands of cryptocurrency kiosks located throughout the world which are exploited by criminals to facilitate their schemes. Many traditional financial crimes and money laundering schemes are now orchestrated via cryptocurrencies.”
In particular, the agency warned Americans to be on the lookout for blackmail attempts, work from home scams, fake COVID-19 treatments or preventative measures, and somewhat more traditional investment scams.
Among the more egregious scams the FBI mentions is an email or letter in which the author threatens to infect the victim or their family with the coronavirus unless a payment is made to a provided Bitcoin wallet address.
How To Spot A Fake Charity
As reported by Cointelegraph, some online perpetrators have even attempted to steal cryptocurrency by misleading people into thinking they are sending Bitcoin donations to the World Health Organization (WHO) to fight the COVID-19 pandemic.
According to the FBI, anyone who suspects they are being targeted by a scammer should verify that such charities are legitimate and accept crypto for donations. Even if the organization is legitimate, “pressure to use a virtual currency should be considered a significant red flag.”
Scams In The Time Of Coronavirus
The FBI warning is consistent with the data published on April 10 by blockchain forensics firm Chainalysis. The firm noted while the average value of transactions received by the wallets of known scammers fell 30% during March, the number of scams involving blackmail and fake email narratives have surged.
DForce Hacker Attempts To Negotiate After Allegedly Leaking His Identity
The hacker behind the recent theft of $25 million from DeFi platform Lendf.me has leaked important data about himself, and is already signaling for peace.
The world of decentralized finance (DeFi) suffered yet another incident on April 19 as Chinese lending platform Lendf.me, part of the dForce network, was drained of almost all of its funds.
The hack is shaping up to be different from others, as the hacker seems to be negotiating with the founders of the protocol.
As reported by Cointelegraph yesterday, the attack occurred at 8:45 AM Chinese time on April 19, which corresponds to 8:45 PM Eastern time on April 18. The attacker leveraged a well-known vulnerability in the expanded ERC-777 token standard called reentrancy attack.
How Did The Hack Work?
The hacker used the imBTC token as the Trojan horse of the attack. It is one of many Ethereum (ETH) wrappers for Bitcoin (BTC), which was written according to ERC-777 specification. This is considered a more advanced but also more vulnerable version of the common ERC-20 standard — especially when used in a DeFi context.
The hack exploited this by combining it with a crucial flaw in Lendf.me’s contracts and how they updated the user’s balance.
As an analyst going by the pseudonym of Frank Topbottom explained on Twitter, the hacker executed many iterations of a simple attack.
In every single transaction, the hacker deposited imBTC on the Lendf.me platform, which was registered on his account’s balance. A second deposit from the same transaction would add a minuscule amount of imBTC, which would allow using a “reentrancy” to withdraw the previously deposited tokens.
Crucially, the contract failed to update the hacker’s balance when withdrawing money. He was thus free to deposit the BTC again, doubling his balance each time.
Eventually, the hacker siphoned almost the entirety of the imBTC present on the platform, amounting to some 291 imBTC ($2 million), according to the analyst.
He then continued to perform the same attack, which at this point simply inflated his balance until its value covered the entirety of the funds held by the protocol.
Finally, he used the fake balance as collateral to borrow almost every single token available on the Lendf.me platform, carrying off about $25 million in various cryptocurrencies and stablecoins.
The Hacker Already Got Partially Busted
Shortly after the attack, an interesting exchange of on-chain messages occurred.
The hacker sent three transactions of PAX tokens summing up to $250,000 to 1inch.exchange, ParaSwap and an account identified as “Lendf.me admin.” This is most likely a symbolic gesture, as pax means “peace” in Latin.
Lendf.me replied with an email address to contact and then signaled that it had responded to the hacker’s inquiry. Later he returned Huobi-issued assets to Lendf.me, worth about $2.6 million.
Lendf.me finally sent a message with a mildly threatening tone, saying “Contact us, for your better future.”
Sergej Kunz, the CEO of 1inch.exchange — a decentralized exchange aggregator that the hacker used to exchange some of the funds — explained to Cointelegraph that the cybercriminal leaked important metadata about himself by directly using its web-based content delivery network, instead of the IPFS-based frontend.
Specifically, all three exchange requests came from a single Chinese IP address, which suggests that the hacker did not use a decentralized network like Tor. Kunz theorized that this is a VPN or a proxy server, which may be liable to subpoenas.
The hacker is also known to have been using a Mac, revealing his screen’s resolution and system language, which was set to “en-us.”
It is worth noting that this data is trivial to obfuscate, but the high amount of uncommon details in this metadata suggested to 1inch that it was simply an oversight. He concluded:
“He seems to be a good programmer, but an inexperienced hacker.”
As police investigations are already underway, according to Kunz, it appears likely that the hacker will be forced to return the money in hopes of lenient treatment.
Crypto Staking Wallet Offers 1.5% Daily Returns: Ponzi In Progress?
A cryptocurrency staking app which offers 1.5% daily returns might be a Ponzi scheme related to one that exit-scammed two years ago.
A cryptocurrency staking wallet that offers users as much as 1.5% daily returns is bearing striking resemblance to a Ponzi scheme.
That’s according to a Medium article published on April 19 by Jan Kowalski which warns readers to steer clear of an app known as StakedWallet. The website offers Proof-of-Stake “investment opportunities” wherein the user’s daily payout increases the longer they keep their funds staked.
Staking payouts begin at 0.6% per day, and increase to 1.5% after nine months. Seemingly effortless daily returns such as these have been a hallmark of almost all well-known cryptocurrency scams in the past, including the infamous BitConnect.
At first glance the app appears to have overwhelmingly positive reviews on both Google Play and the App Store, as well as Trustpilot. However, closer inspection of the reviews shows them to be either incredibly vague, or lacking in logic.
One Gabriel Cătălin Baltac wrote on Trustpilot on April 19 that he had already made “millions of bitcoins” using the app:
“Great app i’ve made millions of bitcoins using this thank you!”
As of press time, total supply of BTC is roughly 18.34 million.
Return of Westland Storage?
Of the 945 reviews left on Trustpilot, just 4% fall under the ‘bad’ category, while 93% are either ‘excellent’ or ‘great’. However, many of the bad reviews echo a similar sentiment – and they also make mention of ‘Westland Storage’:
“All of you should be arrested. I am following and you will see the result. I will see all of you under arrest. Only way is you refund me. Pay my money back scammer. You thieves from westland storage and now stakedwallet.io have rubbed my 10 LTC. Pay it back…”
Kowalski’s article also mentions Westland Storage — a defunct cryptocurrency Ponzi scheme that exit-scammed in late 2018. Indeed, Kowalski claims that the operators of Westland Storage are the same people running StakedWallet today.
His article draws attention to similarities between StakedWallet’s website and that of Westland Storage, seen below. Kowalksi also notes similarities in the user interface of both mobile apps, while the in-app token, SWL, is a slight rearrangement of Westland Storage’s WSL token.
Kowalski — a victim of Westland Storage’s exit-scam two years ago — is well-placed to compare the two projects. He says he registered for StakedWallet and noticed the similarities straight-away:
“I knew what it is. Same bounty system, suspiciously similar in-app currency called SWL (Westland Storage had WLS), literally the same part of UI in StakedWallet as in Westland Storage mobile app. The similarities are just too huge.”
The StakedWallet website links to documents displaying the project’s status as a legally registered company in Australia, however, as Kowalski notes, Westland Storage was also a registered company.
The website’s traffic jumped from 72 clicks per month, to 437,000 clicks, within the last three months, according to data from a free SEO plugin tool. No ownership information is present on the website. Attempts were made to reach the site owners, but no reply has been forthcoming thus far.
Chinese Cosmic Cryptocurrency Ponzi Absorbs $11 Million in Three Weeks
A new Chinese Bitcoin Ponzi scheme has absorbed roughly $11 million in Bitcoin in less than one month of operating.
Antimatter Kingdom (AK), a new Chinese crypto Ponzi scheme, appears to have netted $11 million worth of Bitcoin (BTC) in less than one month of operating.
Upon launching at the start of April, AntiMatter Kingdom described itself as “a super mining application group” operating on the CXC chain.
The press release boasts that AK reduces its supply by 18% every 90 days, urging investors to capitalize on the “huge opportunity.”
CXC claims to comprise a “revolutionary blockchain business structure” allowing it to “compete with the cruel cosmic entropy law and make the development of commercial civilization lasting and orderly.”
Investors are supposedly allowed to tap into AK’s cosmic capabilities through a variety of cloud mining schemes in exchange for BTC — promising exponential returns in the form of “continuously transmit[ting] the growth force for the source ecology.”
AK Garners Eight-Figures In Three Weeks
While AK claims to have absorbed 180,000 Bitcoins, it appears that the scheme has netted closer to $11 million in BTC — with a wallet that blockchain analysis Ergo has associated with the scheme having received 1,607 Bitcoins as of this writing.
The scheme follows the enormous PlusToken scam, which absorbed $1.4 billion in Bitcoin during 2019.
PlusToken reached heights unprecedented by a crypto scam, sponging 200,000 or approximately 1% of Bitcoin’s total supply.
As a consequence of its success, blockchain forensics firm Chainalysis believes that attempts from PlusToken’s operators to liquidate their stash impacts the price of Bitcoin.
Judge Orders Arrest of Former GOP State Senator Involved with Crypto Scam
A Texas federal judge issued a bench warrant in response to a contempt motion brought by the SEC against former Rep. Senator David Schmidt.
A Texas federal judge issued warrants for the arrest of an ex-Washington state senator and the leaders behind an alleged cryptocurrency scam involving the Meta 1 coin.
At an April 21 hearing with the U.S. Securities and Exchange Commission, Judge Robert Pitman ordered bench warrants for former Republican senator David Schmidt and cohort Robert Dunlap after they failed to appear. This was despite the fact the proceedings were being convened over video conference in light of COVID-19 prevention measures.
Nicole Bowdler, the third defendant named in the judge’s ruling, was not targeted in a bench warrant, but given one final opportunity to comply by April 24.
SEC Motion Targeting Crypto Scammers
The arrest warrants are part of an ongoing case from the SEC regarding the Meta 1 coin, an alleged crypto scam backed by Schmidt that promised investors the coins were backed with “$1 billion in fine art or $2 billion of gold holdings” without having any actual tokens. The SEC froze the cryptocurrency’s assets on March 16 and charged the firm’s operators with fraud.
However, that apparently did not stop Schmidt and Dunlap from continuing to tout Meta 1. According to the SEC’s contempt motion, the three defendants had already raised over $4.3 million from Meta 1 “investors” and were continuing to sell the tokens.
Arrests Over Fines
Judge Pitman chose an arrest warrant for Schmidt and Dunlap over a fine, citing that the latter would “neither be especially burdensome nor particularly effective” in light of the assets at their disposal:
“If incarcerated, Dunlap and Schmidt will be unable to continue Meta 1’s operations, create marketing videos, or email their putative investors.”
The bench warrant to be carried out by the U.S. Marshals Service will have the crypto scammers delivered into federal custody in the Western District of Texas.
Republican Senator And “Earth Angel” Scammers
None of the defendants in the SEC case is a stranger to controversy. Schmidt lost a re-election campaign for his seat in Washington in 2006, after which he faced investigation for misspending over $40,000 in campaign funds. He subsequently paid a $10,000 fine.
However, despite his propensity for illicit activities, Schmidt wasn’t the origin of the purported crypto scam. That honor goes to Dunlap, who launched the Meta 1 token with Bowdler in April 2018.
Bowdler is considered to have played a lesser role in the scheme, which may explain why Judge Pitman did not issue an arrest warrant for her like Schmidt and Dunlap. In one of the SEC’s March filings, the commission said she used some rather unique methods to attract investors in the cryptocurrency:
“Bowdler claims to use her ‘psychic expertise’ to provide investment guidance to listeners who share her beliefs, encouraging them to invest in Meta1. In particular, Bowdler claims to be an ‘Earth Angel incarnated to help humanity,’ and purports to regularly channel and commune with angels, including the mythical angel, Metatron, who frequently teaches her about ‘the realities of our world.'”
Miners Trick Stablecoin Protocol PegNet, Turning $11 Into Almost $7M Hoard
Rogue miners submitted phony price data that tricked decentralized stablecoin network PegNet into turning a small wallet balance into a $6.7 million stash.
At approximately 05:00 UTC Tuesday morning, four mining entities – which together comprised as much as 70 percent of the PegNet hashrate – submitted data that artificially inflated the price of a “pJPY,” a stablecoin pegged to the price of Japanese yen, according to a core developer going by the username “WhoSoup.”
Beginning initially with a wallet balance of $11, the group pushed the price of pJPY up to $6.7 million and then transferred it into pUSD – PegNet’s USD-linked stablecoin. They then tried (unsuccessfully) to liquidate as much as possible on spot exchanges and distribute the remainder in hundreds of different wallet addresses.
PegNet is a decentralized network, built on top of the Factom protocol, where users can trade stablecoins pegged to 42 assets. Besides fiat currencies, there are also digital assets pegged to commodities, such as gold, and other cryptocurrencies including bitcoin and ether.
The network relies on miners to submit price data collected from a series of oracles and APIs to keep stablecoin prices pegged to their fiat equivalents. Each block requires up to 50 data points, and the protocol discards the 25 submissions furthest away from the total average. Most use the third to fourth default sources, but miners are also able to submit their own arbitrary values.
“WhoSoup” told CoinDesk this isn’t normally a problem as the system works to incentivize miners – with a block reward – to submit price data in line with those of other submissions.
Over Discord, the developer explained the miners essentially performed a form of 51 percent attack by submitting 35 of the top 50 price submissions, skewing the average in their favor and meaning that the remaining 15 price submissions were discarded as outliers.
With the fake exchange rate, the miners converted the inflated pJPY into pUSD so the overall wallet balance rose from $11 worth of pJPY tokens to well over 6.7 million pUSD which, assuming accurate price data, should be worth $6.7 million.
Tuesday’s attack lasted about 20 minutes and apparently did not affect other users’ funds.
David Johnston, who as well as being Factom Inc. chairman is also one of the main figures behind PegNet, told CoinDesk that group had no control over transactions and conversion of other users, but could only confirm price data. “This attacker seems to have only affected their own wallet,” he said.
Johnston added that the attacker had not been able to transfer much of the pUSD into the PegNET’s native PEG cryptocurrency, as the protocol’s software doesn’t allow quick conversions. “This person was able to generate a bunch of pAssets, but not able to convert them into PEG and dump on the market,” he said.
The way PegNet is configured means the identity of individuals controlling the mining entities cannot be known. While there were four mining entities that worked in unison, it isn’t clear whether these were all controlled by the same person or whether this was the work of a group.
But there are still some unanswered questions. The attacker has since reached out to PegNet and claimed they were only trying to “pentest [penetration test] the network and code logic,” to identify potential vulnerabilities and notify core developers.
They have also destroyed all the stablecoins in question, sending them all to the PegNet burn address at roughly 14:00 UTC Tuesday.
Both Who and Johnston refused to be drawn on the motives behind the attack. “I can’t speak to intent of this person just their actions,” Johnston said. “Their actions were to generate the pAssets and then destroy those pAssets. [It] seems like more of a stunt than an attack given the short time it lasted and their actions since.”
The attacker’s decision to burn the assets seems to mirror the actions of the hacker who drained dForce of $25 million at the weekend and then handed back stolen assets after learning Singaporean authorities had their IP address.
Johnston said PegNet would now review some of its oracle mechanisms, to ensure they are robust enough to withstand these sorts of attacks again in the future.
“I fully expect more sophisticated attacks over time. As values in DeFi networks rise there is ever more reason to attack them,” he said. “The key is building systems like PegNet where individual users are not affected by the actions of others in the system. So because PegNet has no reserve or collateral held in a pool, there were no common user funds to drain.”
PegNet isn’t certain yet whether the miners were able to offload any of the pUSD on to cryptocurrency exchanges.
Crypto Sextortion Scams Prove to Be Alarmingly Successful
An investigation provided in-depth info regarding how sextortion scams remain profitable for cybercriminals.
A study carried out by SophosLabs in conjunction with cryptocurrency intelligence company, CipherTrace, revealed that sextortion scams are a profitable business. Between September 1, 2019, and January 31, 2020, nearly $500,000 in profits we gained by cybercriminals engaging in sextortion.
According to the report, the modus operandi is that the scammers told victims through email that their computers were hacked and that they allegedly obtained information on their history of visits to pornographic pages.
They then proceeded to extort the recipient of the message, asking for $800 worth of Bitcoin (BTC) as payment.
Bigger Criminal Enterprises Could Be Behind The Sextortion Scams
The investigation revealed that many of the cybercriminals behind these scams are connected to a large and organized network. The wallets investigated by SophosLabs and CipherTrace were found to be connected to other criminal enterprises.
SophosLabs Highlighted The Following In The Report Regarding Such Wallets:
“Tracking where physically in the world the money went from these sextortion scams is a difficult endeavor. Out of the 328 addresses provided, CipherTrace determined that 20 of the addresses had IP data associated with them, but those addresses were connected to VPNs or Tor exit nodes — so they were not useful in geo-locating their owners.”
Some of the wallets traced back to dark web markets such as WallStreetMarket, Hydra Market, and FeShop.
The Study Also Revealed The Following:
“As with many spam campaigns, the sextortion messages were launched from botnets using compromised personal computers all around the world, with PCs in Vietnam providing the greatest single share (7%). Some of the messages demonstrated some new methods being used by sophisticated spammers to evade filtering software.”
Compared to the revenue earned by ransomware attacks, SophosLabs claims that the profits from spam sextortion are relatively small. Even so, they still represent a significant source of revenue for cybercriminals.
Overall Growth In Crypto-Related Scams Amid The Coronavirus Pandemic
Amid the COVID-19 crisis, the number of crypto scams has increased, as reported by Cointelegraph, citing an FBI press release published on April 13. These include (but are not limited to) fake charities and work from home scams.
US Authorities Freeze COVID-19 Website Alleged Scammer Tried To Sell For Bitcoin
The U.S. Departments of Justice (DOJ) and Homeland Security (DHS) have seized coronaprevention.org, alleging its owner tried to sell the domain for bitcoin after posting about it in a “hacker’s forum.”
Announced late Friday, the unidentified owner of the site tried to sell the domain to an undercover agent with the Department of Homeland Security’s Criminal Investigations unit, who said they wanted to use the site to sell fake COVID-19 testing kits, a plan the owner reportedly said was “genius.”
According to a warrant attached to the press release, the owner of coronaprevention.org, referred to as “Subject A,” listed the domain for sale on a forum “known to focus on content related to, and populated by users interested in, hacking and hijacking online accounts” a day after U.S. President Donald Trump declared a national emergency due to the virus.
The undercover agent reached out, and Subject A allegedly said they were charging $500 payable in bitcoin for the domain (according to the warrant, such domains are usually closer to $20). The agent ultimately sent a partial payment to an undisclosed bitcoin address.
The news comes on the heels of the DOJ’s announcement that it had “disrupted” hundreds of domains that were being used to shill scams related to COVID-19.
A list of the domains seized was not available, and it is unclear whether Friday’s seizure was related. However, earlier this week a DOJ spokesperson told CoinDesk, “The department is aware of the reported increase in COVID-19-related fraud involving various virtual payment platforms and appreciates the proactive assistance of many in the cryptocurrency community to thwart those schemes.”
The spokesperson did not respond to a follow up question about which entities it was working with.
Google Keeps Promoting Crypto Scams Despite Strict Crypto Policies
CoinCorner reports that Google Ads is running a phishing ad despite the firm being unable to use its service.
While Google’s subsidiary, YouTube, is facing a lawsuit for promoting cryptocurrency scams, Google’s advertising platform continues to display fraudulent crypto ads through its advertising network.
According to a report by Bitcoin (BTC) crypto exchange, CoinCorner, Google Ads was running an ad for CoinCorner’s phishing clone website, CoinCornerr.com. The issue was reported by CoinCorner’s marketing manager, Molly Spiers, on April 30.
Google Ads Promotes A Crypto Scam But Doesn’t Want To Promote A Real Firm
Spiers told Cointelegraph that CoinCorner’s team first noticed the fraudulent ad on Thursday morning after searching for “CoinCorner” on Google.com and Google.co.uk. According to the executive, the phishing ad was promoted by Google.
CoinCorner has struggled to place ads on Google Ads for years.
The Isle of Man-based crypto exchange has been restricted from advertising on Google Ads since Google put a blanket ban on crypto ads back in 2018, Spiers said. Although Google subsequently announced a partial reverse of the ban, CoinCorner is still among the crypto firms that are not allowed to use Google Ads. Prior to 2018, CoinCorner was a loyal user of Google Ads.
“We have previously had full access to the GoogleAds platform – we were loyal customers for 4 years, from when we launched CoinCorner in June 2014 to when Google updated their Financial Services policy in June 2018 […] We have contacted Google a number of times to ask for updates on the UK, but to date, GoogleAds is still not available to us.”
The fraudulent CoinCornerr.com website is currently unavailable. Its Google Ad has purportedly been taken down at the time of publication. According to domain registration data, the fraudulent domain was created on April 29.
Does Google Actually Allow Crypto Ads?
According to Google’s advertising policies, the platform does allow some crypto ads. Specifically, Google Ads service accepts ads for crypto hardware products and crypto exchanges.
However, crypto exchanges are subject to specific requirements and purportedly only allowed to be promoted in the United States and Japan to date. Cointelegraph tried to reach out to Google for comment and will update if we hear back.
According to Spiers, the fraudulent website successfully bypassed Google Ads’ restrictions by not mentioning Bitcoin or cryptocurrency in their advert at all. The executive elaborated that any adverts that contain crypto-related keywords, like Bitcoin or crypto, are automatically disapproved. “They’ve used the same text as us but removed any mention of Bitcoin, which, at a quick glance, could easily be mistaken for our site,” Spiers explained.
Crypto Scam Issues Intensify On Google And Youtube
CoinCorner’s case is not the first time users have caught Google advertising a crypto scam. In March 2020, Google Ads was promoting a fake Ledger Wallet extension designed to steal crypto from users. To Google’s credit, we reported in mid-April that the company removed 49 Google Chrome web browser extensions after receiving reports of phishing activity.
Meanwhile, Google’s video giant subsidiary, YouTube, has also been burdened with crypto scams. On April 21, Ripple Labs and its CEO, Brad Garlinghouse, filed a lawsuit against YouTube after the platform promoted a fake airdrop from an account impersonating Garlinghouse. Less than a week later, Ripple CTO, David Schwartz, had his YouTube channel suspended on April 29.
Belgium Losing $3.2M To Crypto Fraud In 2019 Is ‘Tip of the Iceberg’
Belgium’s economic inspectorate reported $3.2 million in losses due to cryptocurrency fraud in 2019.
Global losses from cryptocurrency fraud and theft surged massively in 2019, doubling from 2018. Despite multiple efforts to tackle fraudulent crypto schemes, countries like Belgium continued to suffer losses to crypto fraudsters.
According to a May 8 report by Belgian newspaper De Tijd, Belgium’s economic inspectorate reported 2.94 million euros ($3.2 million) in losses due to cryptocurrency fraud in 2019.
Figures Continue To Grow, But Real Numbers Are Apparently Unreported
The recent figures show that the number of crypto fraud cases in Belgium has been growing in recent years. In 2018, Belgian’s Federal Public Service, known as FPS Economy, reported $2.5 million losses to crypto scams in the country.
What’s more, these growing numbers are apparently “just the tip of the iceberg” as the majority of fraud cases remain unreported.
Nathalie Muylle, Belgium’s minister of economy and consumer affairs, said that real losses were apparently higher than $3.2 million.
“The amounts are not always communicated by reporters,” Muylle noted.
As previously reported, Belgian authorities estimate that local investors lose more than $150 million to scam schemes each year.
Belgium Has Taken Multiple Preventive Measures To Tackle Crypto Scams
According to Muylle, Belgium has mainly taken a preventive approach to fight crypto scams so far while prosecution measures are still undecided. In 2019, the economic inspectorate reportedly sent a related query to the public prosecutor’s office for fraud and is still waiting for a decision.
Belgian authorities have indeed taken multiple preventive measures to tackle the problem in recent years. In February 2020, Belgium’s Financial Services and Markets Authority, or FSMA, blacklisted a bunch of crypto-related fraudulent websites.
Previously, FPS Economy rolled out a website to raise awareness of the risks associated with investments in crypto.
Meanwhile, the cryptocurrency industry apparently remains largely unregulated in Belgium to date. In February 2020, FSMA chairman Jean-Paul Servais urged the Senate to establish a “legal framework for the sale, purchase, and use of virtual currencies and all related financial products.” The official pointed out that fraudulent activities in the market will continue to impact investors if the industry remains unregulated.
17,000 Creditors Hope To Recover Assets Lost To Defunct Exchange QuadrigaCX
QuadrigaCX trustee Ernst & Young has received close to 17,000 proofs of claim from creditors, denominated in various fiat and cryptocurrencies.
Close to 17,000 creditors of the now-shuttered Canadian crypto exchange QuadrigaCX have filed to reclaim their lost assets.
Details of the claims were revealed in an interim status report published on May 12 by Ernst & Young (EY), the trustee for QuadrigaCX’s ongoing bankruptcy proceedings.
Details Of Submitted Claims So Far
The report reveals that as of May 6, EY had received 16,959 proofs of claim denominated in various fiat and cryptocurrencies, many of which included multiple currency components. The currencies span United States dollars and Canadian dollars, as well as Bitcoin (BTC), Bitcoin SV (BSV), Bitcoin Cash (BCH), Bitcoin Gold (BTG), Litecoin (LTC) and Ether (ETH).
The report indicates that the trustee anticipates that all claims will be converted to Canadian dollars, although respective currency conversion rates have not yet been decided upon.
Neither has EY yet finalized its review of all proofs of claim. The firm has, however, already found a number of proofs that contain technical deficiencies, such as being unsigned. In other cases, it is following up with certain claimants whose submitted proofs diverge from the amounts recorded in QuadrigaCX’s records.
EY has overridden a previous deadline of August 31, 2019 for claimants to submit their proofs and continues to process new submissions, although the report notes that the volume of new claim submissions has “slowed considerably.”
QuadrigaCX’s Corporate Tax Liabilities
EY lastly notes that QuadrigaCX failed to file its tax returns in the ordinary course of business prior to the onset of bankruptcy proceedings and that, therefore, the outstanding amount of its corporate tax liabilities is currently unknown.
Resolving outstanding liabilities with the Canadian tax authorities will be “necessary prior to the Trustee declaring any distribution to Affected Users or creditors generally as tax claims rank [on equal footing] with the unsecured claims of Affected Users,” EY indicates.
Crypto Users Doubt The Official Story Of QuadrigaCX’s Demise
As Cointelegraph reported yesterday, a new survey of cryptocurrency users has revealed the depths of suspicion surrounding the history of QuadrigaCX’s closure. The exchange’s founder and CEO Gerald Cotten — purportedly the sole individual with access to the exchange’s wallets and keys — was reported to have died while doing volunteer work at an orphanage in India.
Some 60% of respondents to the new survey believe Cotten is definitely still alive, while 90% agree that the body reported to be his should be exhumed and autopsied.
Last year, an EY report indicated that QuadrigaCX had around $20.8 million in assets, and around $160 million in liabilities as of April 12, 2019.
Crypto Scams Targeting Pacific Communities On The Rise, Say New Zealand Regulators
Cryptocurrency-related investment scams targeting Pacific communities are on the increase, New Zealand’s Financial Markets Authority (FMA) and Commerce Commission have warned.
Concerns over various crypto-related frauds alongside coronavirus-related scams have prompted the two regulators to launch an awareness campaign aimed at keeping communities safe from criminal schemes.
According to the FMA, there has been a “steady increase in complaints” relating to a variety of different frauds since March. Social media bitcoin scams that fake celebrity endorsements and news articles were identified as being the most widely reported among the different types.
The FMA’s director of regulation, Liam Mason, warned in a press release that some scams have been aimed specifically at Pacific communities. New Zealand has sizable populations of Pacific Island ethnic groups living in cities including Auckland and Wellington.
“We saw the OneCoin pyramid scheme proliferate through Pacific social and community groups. Last year the FMA also reiterated its warning that Skyway Group (or SWIG) may be involved in a scam and was targeting Pacific groups,” Mason said.
“At the very least, check if they [investment firms] are on the online Financial Services Providers Register, which by law they should be,” Mason said. “Or check if they’re named on the FMA’s Warnings webpage.”
The awareness campaign includes bilingual webpages and resources as well as radio ads that will play on popular Pacific radio stations in the Samoan and Tongan languages, the two most widely spoken Pacific languages in the region.
“Our advice is pretty simple: Don’t just trust, check it out. Even if someone you love and trust tells you a money-making scheme is OK, don’t just trust. There are lots of resources you can use for simple research, like Netsafe and the Scamwatch website,” said Joseph Liava’a, associate commissioner at the Commerce Commission, the consumer and competition watchdog.
OneCoin was called a multi-billion dollar pyramid scheme based on “lies” by U.S. prosecutors in March of last year when they indicted its leaders, Ruja Ignatova and Konstantin Ignatov. The central bank of Samoa launched an investigation into the alleged fraud in 2018 after reports promoters had been targeting local investors on the islands.
Upbit Hack’s $50M Funds Continue Moving After Hitting Binance
Millions of dollars in ETH stolen from Upbit in 2019 continues to move on unknown wallets, OKEx, and a little-known exchange.
Crypto funds associated with Upbit’s $50 million hack in November 2019 have continued to move. Soon after hitting the world’s biggest crypto exchange, Binance, large sums of the stolen funds continued to be transferred to a little-known crypto exchange as well as major exchanges like OKEx.
On May 14, Whale Alert — a service dedicated to tracking major crypto transactions — reported on a series of new transactions involving funds from Upbit’s 2019 hack. According to Whale Alert, a large portion of the stolen Ether (ETH) has also hit a number of unknown wallets.
Addresses Of Little-Known Exchange Byex.Com Receive Over $100,000 Worth Of Stolen ETH
In a series of May 14 tweets, Whale Alert reported on at least six transactions moving Upbit’s stolen ETH to Byex.com exchange. The transactions involved batches from around $15,000 to $30,000, with Whale Alert marking them as “stolen funds transferred from Upbit Hack Nov 2019 to BYEX.”
The New Transactions Came Some Time After Whale Alert First Reported In A May 13 Tweet:
“We were able to confirm just now that a significant portion of the #Upbit hacks are being deposited into an exchange called #BYEX.”
Whale Alert confirmed to Cointelegraph that the funds were transferred to the exchange with the domain Byex.com. “We are certain that we have the correct hotwallet for that exchange,” Whale Alert noted.
Byex.com Exchange Claims They Didn’t Receive The Funds Reported By Whale Alert
Byex.com exchange subsequently specified on their Telegram channel that the platform has not been able to detect the reported transactions. “I have checked on the backend and did not see such transactions in any of BYEX accounts,” Byex.com’s project manager told Cointelegraph.
The Byex rep also pointed out that the funds were apparently moved to addresses originating from another exchange, Byex.io, which is now defunct. The project manager said:
“Whale Alert traces the “old” byex.io address which led to such confusion. We did come across BYEX’s previous news when we bought the .com domain but did not pay much attention to it. We do not know any of the byex.io team. We are a new team who just started last year around September. I would like to distinguish our official name as with our domain — Byex.com.”
Over $3 Million Worth Of Stolen Ether Was Moved In Recent Days
Byex.com’s transactions came alongside a number of other transfers involving Upbit’s $50 million hack. On May 14, Whale Alert reported that over $1.3 million worth of ETH was moved to unknown wallets in a series of transactions. Previously, at least 9,000 ETH ($1.8 million) deriving from Upbit’s $50 million hack were sent to unknown wallets in three 3,000 ETH batches, Whale Alert tweeted on May 13.
Whale Alert also reported on a $55,000 batch being deposited onto major crypto exchange, OKEx, on May 14. Cointelegraph reached out to OKEx for comment, but did not receive an immediate response. This story will be updated should they respond.
On May 13, Binance exchange froze $27,000 worth of stolen Ether on its platform immediately after Whale Alert reported on the suspicious transaction.
COVID-19 Defense Fails Once More For Co-Founder Of Alleged $9M Crypto Ponzi
In the case against an alleged crypto Ponzi scheme founder, judges are not convinced that the risk of COVID-19 is enough to allow posting a bail bond for release.
One of the persons behind an alleged cryptocurrency Ponzi scheme has once again been denied bail. The accused, John Caruso, continues to be considered an extreme flight risk despite pleading not guilty earlier in 2020.
As filed by Judge John Tuchi on May 14, Caruso requested another emergency motion asking to be released from prison, after a similar request was denied in April by Judge Michelle Burns.
Caruso’s legal team attempted a COVID-19 defense, arguing that the spread of the virus puts the defendant at risk of infection while he stays in prison.
Both of the judges reviewing the motion did not cede to this tactic, stating that the spread of COVID-19 has no effect on Caruso’s flight risk.
In the earlier denial, Judge Michelle Burns had also noted that the 28-year-old Caruso is in excellent health condition and is unlikely to be strongly affected by the coronavirus. Furthermore, Judge Tuchi argued that Caruso would be potentially more at risk of infection in the outside world, summarizing that the issues of flight risk and personal health “are apples and oranges.”
The judges appear to be adamant in their wish to detain Caruso due to his troubled history, which includes seven prior felony convictions and multiple counts of violated probation. He was released from prison in November 2017, while the alleged Ponzi scheme was launched in June 2018.
A compounding factor is that investigators appear to have been unable to trace the location of all proceeds from the scheme, leading them to believe that he could use the money to disappear.
John Caruso is accused, together with his partner Zachary Salter, of creating Zima Digital Assets, a cryptocurrency investment scheme that failed to invest the funds it received into cryptocurrency.
Instead, the pair are believed to have used customer funds, amounting to approximately $9 million, to finance their lavish lifestyle.
The pair was rumored to have racked up $830,000 in gambling losses following 30 trips to Las Vegas, in addition to accumulating $670,000 in credit card expenses, $540,000 in private jet and luxury vehicle rentals, and $150,000 in rent for a 20,000-square-foot mansion.
Of the $9 million collected, about $1.9 million seems to have been paid out to early participants to make the scheme appear more trustworthy.
Caruso’s trial is scheduled for July 2020, facing charges that could result in five years in prison.
PlusToken Scammer Implicated In China’s Second Ten-Figure Crypto Ponzi
Local police have busted Wotoken, China’s second ten-figure crypto Ponzi.
The scam, Wotoken, took in roughly $1 billion worth of crypto at current prices from over 715,000 victims.
One of the scam’s core operators is purportedly linked to PlusToken — a multi-billion Ponzi that is believed to have impacted the price trajectory of Bitcoin (BTC) on numerous occasions throughout 2019.
China’s Second Ten-Figure Ponzi Busted
Earlier today, Chinese media outlet, Qianba, reported that a case surrounding “super large MLM network” Wotoken had opened for trial on May 14 in Yancheng City.
The scam claimed to generate returns for users through employing algorithmic trading bots, offering referral commissions to affiliates. However, as with most MLM scams, the advertised proprietary trading software did not exist.
In total, 715,249 registered users fell for the scam, resulting in Wotoken accumulating 46,000 BTC, over 2 million Ethereum (ETH), 292,000 Litecoin (LTC), 56,000 Bitcoin Cash (BCH), and 684,00 Eos (EOS) — worth nearly $1 billion at the time of the arrest.
Wotoken was active from July 2018 through October 2019.
Wotoken Operator Associated With PlusToken
Six defendants faced trial for operating Wotoken, including one individual with ties to the notorious PlusToken Ponzi.
All six defendants pleaded guilty, with the court recommending prison terms of between six months and 11 years.
US FinCEN Awards Secret Service For Seizing $22 M In Crypto
An investigation that involved several U.S. federal agencies led to the bust of the darknet operators and seizure of $22M in cryptocurrency.
May 19, the Financial Crimes Enforcement Network (FinCEN) awarded several federal agencies in the United States, whose joint probe led to the seizure of $22 million worth of cryptocurrency from the darkenet operators.
12-16% Cashout Fee
This is an annual award whereby FinCEN recognizes law enforcement agencies for using Bank Secrecy Act reporting to successfully pursue and prosecute criminal investigations. The investigation involved Immigration and Customs Enforcement-Homeland Security Investigations, United States Postal Inspection Service, and United States Secret Service:
“Investigative results identified dark web vendors sending illicitly earned Bitcoin with a physical receiving address via an encrypted email to conduct this cash-out scheme. This cash-out vendor charged anywhere from 12-16 percent depending on the amount of digital currency being cashed out.”
Everything Is Big In Texas
The investigators used the information they subpoenaed from a “well-known cryptocurrency exchanger.” This massive joint investigation effort:
“Concluded after the arrest of 42 individuals, the seizure of $22 million in various digital currencies, $3.5 million in cash, 120 firearms, 15 pill press machines, and a wide range of controlled substances. The United States Attorney’s Office, Northern District of Texas prosecuted this case.”
Cryptocurrency-related crime is a multibillion dollar industry, although only a small percentage of crypto transactions involve illicit activity.
BlockFi’s Data Breach May Allow Criminals To Extort Rich Clients
BlockFi disclosed a data breach that potentially leaked the physical addresses and account activity of its customers, highlighting the risks of KYC finance platforms.
Crypto lending provider BlockFi reported on Tuesday that it suffered a data breach that may put some of its clients in physical danger.
According to its incident report, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees.
The attackers successfully stole the email account and phone number used for the employee’s account verification procedure, which allowed them to access BlockFi’s records.
SIM swapping attacks are the result of network operator vulnerabilities and are usually performed through co-conspirators with access to the phone network’s equipment — though external intrusion techniques are also possible. This type of attack was the culprit behind several high-profile exchange thefts, but they usually target the clients themselves.
The attackers allegedly attempted to withdraw customer funds directly, but the attempts were unsuccessful, BlockFi says.
Nevertheless, the attackers had full access to customer data used as part of BlockFi’s marketing efforts.
The company stressed that no “non-public identification information” was leaked, which would include bank account numbers, passwords or social security numbers.
However, the hackers did obtain access to the customers’ full names, email addresses, dates of birth and notably, activity information and physical addresses.
Can The Victims Be Physically Extorted?
BlockFi asserts that no threat to customers’ BlockFi funds exists, writing, “Due to the nature of the information that was leaked, we do not believe there is any immediate risk to BlockFi clients or company funds.”
However, home address and activity data may expose the affected users to extortion and physical theft.
BlockFi did not disclose what kind of activity data was included in these databases and has declined to answer Cointelegraph’s query on the subject, referring to the incident report for all information.
An unnamed spokesperson only added that “we have not received further indications that the unauthorized third party has tampered with the information that was accessed at this time.”
Nevertheless, it is easy to believe that simply reading the activity data would allow attackers to know the size of the client’s account and collateral pledges. This kind of data is crucial for any directed marketing campaign.
“We may use your personal information and information about how your use our services to send promotional and other information to you. We also may use your personal information to conduct analysis regarding your usage of our services and products and the effectiveness of our marketing initiatives.”
The connection between the home address, the customers’ activity on the platform and their identification data could allow criminals to precisely target the victims of this attack to extort them out of their cryptocurrency.
This kind of theft is not unheard of, as a Singaporean man was reportedly kidnapped in January and forced to transfer the cryptocurrency in his possession.
Similar cases were reported in 2017, notably the kidnapping of the director of the crypto exchange Exmo in Ukraine. India was also reported to have several such cases that year.
The Case For Anonymous Finance
An Ethereum core developer used the occasion to praise the anonymity of blockchain-based decentralized finance, saying “will naysayers finally start to understand the point of DeFi on Ethereum?”
While DeFi carries a different set of risks, the consequences of data breaches on centralized platforms that hold Know Your Customer data could be catastrophic.
BlockFi Says Hacker SIM-Swapped Employee’s Phone, No Funds Were Lost
BlockFi said an attacker got hold of users’ data by compromising an employee’s phone and taking control of the person’s phone number through a SIM swap attack.
The New York-based crypto lending platform announced in a memo to users on Tuesday that a hacker – whose identity remains unknown – gained access to some of its retail marketing systems for just over an hour early on May 14.
“On May 14, there was a data incident at BlockFi that exposed certain client account information for a brief period of time. While no information was accessed that would enable the intruder to access your account or your funds, we believe it is in the interest of transparency to share the following details with you, and all of our other clients who were potentially affected,” reads the memo, which was shared with CoinDesk.
BlockFi said the hacker accessed confidential data, such as names, dates of birth, postal addresses and activity histories. Other sensitive account information including bank account details, social security and tax identification numbers, passport and driver’s license numbers and photo scans, were not affected in the data breach, the company said.
User funds were also not affected.
In an incident report, also published Tuesday, BlockFi said the hacker had accessed through an employee’s phone. By tricking the mobile phone operator into activating the employee’s phone number on another device, the hacker was able to access some parts of the company’s internal systems.
“A BlockFi employee’s phone number was breached and utilized by an unauthorized third party to access a portion of BlockFi’s encrypted back-office system,” the incident report reads. “The unauthorized third party was able to access BlockFi client information typically used by BlockFi for retail marketing purposes throughout the duration of this incident.”
The report adds the hacker tried, unsuccessfully, to make withdrawals of user funds, before BlockFi was finally able to remove them from the internal system.
In a statement, a BlockFi spokesperson said: “A sole intruder gained minimal access for a short period of time to select internal marketing systems. The BlockFi team immediately mitigated the impact of the breach through a number of standing policies and safeguards in place to protect client assets and data.”
“The issue has since been resolved and BlockFi’s products and services are fully operational and secure,” the spokesperson added.
The spokesperson did not specify which mobile network the employee used.
Ukraine Arrests Hacker Accused of Selling Personal Data, Crypto Wallet Info
A national law enforcement agency in Ukraine has detained a hacker it claims is responsible for the country’s largest known theft of personal data, cryptocurrency wallets and other information.
The Security Service of Ukraine (SSU) reported detaining a hacker, known as Sanix, allegedly for selling a database with 773 million email addresses and 21 million unique passwords on various online forums in recent years.
In addition to email logins and passwords, the database contained “PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, information about computers hacked for further use in botnets and for organizing DDoS attacks,” the SSU said in its press release. The stolen data belonged to people from different countries, including the European Union and the U.S., the agency claimed.
The agency seized “computer equipment with two terabytes of stolen information, phones with evidence of illegal activities and cash from illegal transactions,” including about $10,000 in Ukrainian hryvnias and U.S. dollars, the release said.
The seizures happened after SSU received a tip that Sanix is “probably a Ukrainian, a resident of [the] Ivano-Frankivsk region” and searched his home.
Sanix now faces criminal charges for unauthorized interference with computers and unauthorized sale or dissemination of information with limited access. According to the Ukrainian criminal code, a combination of these two can lead up to eight years of prison time.
The breach was first reported in January 2019 by cybersecurity researcher Troy Hunt. Wired called it “a breach of breaches,” saying the 87-gigabyte database “claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked.”
The first batch of stolen data had been followed by several more “collections,” offered by Sanix as well as another hacker named Oxa, Forbes wrote at the time. The hackers offered “lifetime” access to the databases for modest amounts from $45 to $65.
Hackers Target Enterprise Blockchains
Private blockchains that have been specifically designed for enterprise use could be highly desirable targets for hackers’ attacks.
When blockchain technology was first brought to the public’s attention, it was lauded on many fronts as “unhackable.” While there are many benefits to blockchain worth noting already, we probably still haven’t seen what its ultimate potential will be. One thing is certain though: It is not unhackable. That reality has been illustrated with increasing clarity to the tune of around $2 billion in cryptocurrency stolen by hackers since 2017.
Recent attacks have seen a shift in focus from public networks, such as the Bitcoin and Ethereum blockchains, to private networks built for the use of large corporations. In theory, the latter should be a more difficult target for a hacker due to their nature as smaller ecosystems where everyone knows one another and intruders have a harder time hiding.
The reality has been a different matter. As more private enterprise blockchain networks come online, cybercriminals have focused intently on proving that the technology is, in fact, quite hackable. Here’s what they’re doing and how to keep them from getting into yours.
Before we dive into the particulars of recent attacks on private blockchain networks, let’s make sure our terminology is straight. A blockchain simply means a decentralized cryptographic database that exists on linked computers called nodes. Each node keeps an up-to-date copy of the entire database. All nodes have to verify and approve a transaction before it is added to the database.
Thanks to a design based on cryptography, economics and game theory, node owners have a financial incentive through a process called mining to play a straight game rather than try to subvert the system. A correctly designed blockchain database is easy to verify and add transactions to but hard and, more importantly, expensive in computing resources to defraud.
Companies engaged in a variety of activities such as cross-border transactions, digital record storage, and tracking goods and information have had their eye on blockchain for a while now. Blockchain application-building has been a high priority project for some truly massive operations, such as Fidelity Investments and the New York Stock Exchange to name a couple.
What sometimes goes overlooked in the rush to take advantage of the allure of blockchain security and ease of use is that they are essentially trying to tame a Wild West technology and make it play nice in the most corporate of environments.
Easing into the real world
While it is true that one would be hard pressed to recall a single private blockchain network hack that resulted in a real loss, there are reasons for this, and these reasons are in the process of changing. First of all, enterprise-level blockchain apps have been under feverish development the past few years, and only now are a few starting to be rolled out for public use.
In some cases, blockchain has allowed developers to put a new twist on an old idea. The Ethereum-backed security app called Orchid is in the process of taking the traditional idea of a virtual private network, throwing it on top of a blockchain and presto, you’re looking at the next generation of privacy technology.
Expect to see an increasing pace of familiar products and services receiving a similar blockchain boost.
To the average hacker, there was previously nothing on these networks worth stealing, but that is changing. New apps are moving from the research and development stage into production, which means there is now a profit motive. Like detestable flies, hackers are attracted to this new prey. They see it as both a challenge to their skills and an opportunity for easy money.
As time has passed, a few strategies have arisen that allow the unhackable blockchain protocol to be penetrated.
Control 51% and you control the game
The 51% Rule is an inherent drawback to most blockchain networks. The feature that allows this kind of attack is based on the proof-of-work concept in which a transaction must be approved by a majority of nodes, or 51%, in order to be approved and added to the database. If a single entity, in this case an entity with a propensity toward fraud, could somehow summon the computing resources that gave it control of 51% of the nodes, then it’s simply a matter of sending payments and then creating an alternate version of the database in which the payments did not happen.
This type of divergence is called a “fork” in blockchain terminology. Continuing with our assumption that a single hacker controls a majority of the nodes, they could designate the fork as the legitimate database version and continue to spend the same cryptocurrency again and again. As mentioned, collecting together the computing power needed to take over a major currency such as Bitcoin (BTC) or Ether (ETC) works out to a cost of thousands of dollars per hour, according to the site Crypto51.
However, if a hacker decides to go after a smaller, more lightly traded coin, the cost to take over the network drops considerably.
Corporate Insider Attacks
When it comes to private networks of the kind currently being deployed by major corporations, the most severe danger posed is from those already within the system. In other words, employees, vendors or others that have been invited to the network immediately have access to all the confidential data stored there. This is one design flaw when compared with public networks that needs to change.
On the public side, such as with Bitcoin, developers deploy zero-trust and other security tools to keep sensitive data from falling into the wrong hands and often off the chain entirely. As with traditional private networks, too many companies delving into their first blockchain project think that the main threat is from the outside. Their energy and focus go toward keeping outsiders on the outside, forgetting that insiders can be a threat too.
Philosophical action tip for blockchain design: Trust no one, especially those on the inside. A disgruntled ex-employee with an ax to grind and knowledge of where the nodes are could sell out your network to the highest dark web bidder. One denial-of-service attack and it’s all over. Design for safety from the outside and inside.
Perhaps the biggest danger posed to private blockchain networks is the fact that they don’t have a dedicated community full of members from all over the world that spend their days and nights testing, tweaking and improving the network. By its very nature of being smaller and private, there is no equivalent process in place for vigorous testing. There’s no easy solution here. It’s hard for a single company to generate the same kind of enthusiasm and support as a massively popular cryptocurrency such as Bitcoin.
One current approach is to take advantage of a company such as Kaspersky, which has developed a process for conducting blockchain security audits. Since Kaspersky is Russian-owned, some companies are understandably cautious about letting it take a look behind the curtain, but the idea is still sound. As time goes on and more corporate blockchains come online, expect the auditing and support industry to become more robust.
Plus Token Leadership Faces Criminal Prosecution In China
PlusToken main criminal suspect is facing public prosecution.
One of the ringleaders of Plus Token is now facing criminal charges in China. Plus Token is one of the largest apparent scams in the cryptocurrency industry’s history.
According to local media, Zhou will face public prosecutors in the Court of Jianhu County, Yancheng City, Jiangsu Province. As the local government only supplied Zhou’s family name, at press time we can’t confirm exactly which Zhou this refers to.
Zhou reportedly publicized and promoted the PlusToken wallet App, a so-called crypto currency financial management application, through Wechat and other avenues over the internet.
By registering four different accounts with SIM cards in the wallet, he allegedly lured more than 1.9 million people into the pyramid scam.
A Pyramid Ponzi Scheme
According to local authorities, the PlusToken wallet disguises itself as a cryptocurrency financial management app, but allows criminals to recruit members by promising high returns baked on the amount of other investors they can pull in.
Local Police Said That They Received Reports From The Public Regarding The Scam As Early As Last Year, Explaining:
“In the name of providing a cryptocurrency appreciation service, the platform falsely claims that it has the function of mining cryptos, and requires members to pay certain value of cryptocurrencies such as Bitcoin, Ethereum, EOS, etc., so as to obtain high static income.”
Other Criminals Involved
As Cointelegraph reported previously, members of the Chinese police touched down in Vanuatu and detained six people involved with the PlusToken project and extradited them back to mainland China last year. It could be the biggest crypto scam ever, with an estimated loss of around $2.9 billion.
Hacker Sells Tens of Thousands of Ledger, Trezor, And Keepkey Users’ Info
The customer databases of Trezor, Ledger, and Keepkay have allegedly been listed for sale by the perpetrating hacker.
The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey.
Both of which obtained from a @Shopify exploit.
(suggesting there are many more underground leaks).
— Under the Breach (@underthebreach) May 24, 2020
The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts.
The hacker has also recently listed the SQL database for online investment platform, BnkToTheFuture.
Ledger And Trezor Databases Reportedly Compromised
On May 24, cyber crime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers.
The hacker claims to be in possession of account information corresponding to nearly 41,500 Ledger users, over 27,100 Trezor users, and KeepKey’s 14,000 customers.
Chat logs posted to Twitter indicate that the data was stolen through exploiting a vulnerability to the popular e-commerce website platform Shopify.
Trezor and Ledger Denies Data Breach
Following the release of the information, both Ledger and Trezor have published an update in denial of the data breach, albeit revealing that their respective teams are still investigating the situation.
Rumors pretend our Shopify database has been hacked through a Shopify exploit. Our ecommerce team is currently checking these allegations by analyzing the so-called hacked db, and so far it doesn’t match our real db. We continue investigations and are taking the matter seriously.
— Ledger (@Ledger) May 24, 2020
There are rumors spreading that our eshop database has been hacked thru a Shopify exploit. Our eshop does not use Shopify, but we are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.
— Trezor (@Trezor) May 24, 2020
Ledger uses Shopify for its eCommerce sales, and although Trezor doesn’t, any of its large resellers using the eCommerce solution may as well leave users to the possibility of data theft.
In a similar recent development, Coinfomania reported an email address leak that affected traders on popular cryptocurrency derivatives exchange, BitMEX.
Hacker Adds To Bazaar Of Crypto Account Info
The hacker is now advertising the databases of 18 virtual currency exchanges and forums, in addition to the email lists of two crypto tax platforms.
The databases include the full SQL for Korean exchange Korbit spanning 4,500 users, three databases for Mexcican trading platform Bitso, and the complete account information including passwords for blockchain platforms Blockcypher, Nimirum, and Plutus.
The hacker specifies he is only interested in premium bids, stating: “Don’t offer me low dolar, only big money allowed.”
KYC Platforms Comprise Honeypot For Hackers
Last week, BlockFi reported a data breach resulting from a Sim-swap attack. Customers’ full names, email address, date of birth, and physical addresses were leaked. Client funds were not impacted.
At the end of April, Etana, a custody firm that provides services to Kraken, also suffered a data breach that did not see any customer funds lost.
Stolen Trezor, Ledger and KeepKey Databases Are a ‘Scam,’ Says SatoshiLabs
What if this scammer is just pretending to be a hacker?
The hacker claiming to be selling user databases from top hardware wallet manufacturers Ledger, Trezor, and KeepKey appears to actually be peddling bunk, according to SatoshiLabs.
On May 24, cybercrime monitoring blog Under the Breach reported that a hacker had begun advertising the customer databases of popular hardware wallet companies for sale. The data purportedly included the full names and physical addresses for over 80,000 user accounts.
Under the Breach tweeted screenshots suggesting that the hacker obtained the databases by exploiting a vulnerability of popular e-commerce platform Shopify.
“Don’t offer me low dolar, only big money allowed,” the hacker warns prospective bidders.
Trezor Refutes Hacker’s Claims
SatoshiLabs is the team behind Trezor, and a company rep told Cointelegraph that Trezor had gotten ahold of sample data for the supposed database and found “no Trezor customer data included in the offered database.”
Trezor’s initial investigation concluded that “the content and structure of the leaked data does not correspond to the data from the Trezor e-shop and looks more likely to be fabricated.” The spokesperson added that “the whole incident seems like a scam.”
Slush, the pseudonymous chief executive of SatoshiLabs, said, “We take data privacy very seriously at SatoshiLabs. By anonymizing the data in our e-shop after 90 days, we minimize the impact of such a breach. I would like to assure our customers that their data is being treated as highly sensitive.“
A spokesperson for Shopify also told Cointelegraph that an investigation into the purported vulnerability found “no evidence of any compromise of Shopify’s systems.”
Scammer Poses As Hacker
After adding the popular hardware wallets to his advertisement for stolen data, the hacker now claims to offer customer databases of 18 total virtual currency firms, having first posted the ad on May 17.
But based on investigations carried out by the companies whose databases are supposedly available for purchase, the hacker’s entire bazaar of stolen account information is probably fabricated.
Mexican crypto trading platform Bitso, one of the companies previously named in the hacker’s list, has also refuted the validity of the cybercriminal’s claims, asserting that its investigations “have not found evidence that a third party has sufficient information to access our customers’ accounts.”
Trezor E-Shop Breach Is A Hoax
An unknown hacker listed supposedly leaked data of customers from the Trezor e-shop for bidding recently. We have thoroughly analyzed the data sample and we can confirm that it does not match our customer records from the e-shop. We can also assure our Trezor Wallet users, that their data has not been affected. We have evaluated the information as a hoax mainly due to the following facts:
* The content and structure of the leaked data does not correspond to the data from the Trezor e-shop and looks fabricated.
* Trezor has strong protocols on data protection that include anonymization of the e-shop data after a period of 90 days from the purchase.
* Trezor e-shop is not and was historically not running on the Shopify platform, which was mentioned as a source of the leaked data.
How Does The Trezor Anonymization Protocol Work?
The Trezor e-shop collects solely the necessary data needed for the delivery of the product. This data is used for logistic purposes only. After collecting the data, we treat it as highly sensitive. We know that, in the bitcoin industry, data privacy is extremely important. After 90 days of placing your order, we remove all the sensitive data from our online systems. This minimizes the impact of potential breaches.
Pro Tips For Data Privacy Handling
Even though this information is a hoax, there is always something to learn from it. We treat your data with the utmost privacy.
Ideally we would like not having your real personal information at all. But we understand your parcel has to be delivered somewhere, so here are some tips on how you can minimize the data leakage also on your side:
* If possible order your goods using the address of the company you are working for and have it delivered there.
* You can even tell your reception desk that you will be using a pseudonym.
* If you can not have goods delivered to your office, consider using a P.O. box.
* Always use a special purpose email in which you avoid your real name.
* If you really need to share your phone number, share the work one preferably.
Ledger, Trezor And Others: Hack Allegations Are Baseless, Lack Proof
Representatives of companies that were allegedly hacked strongly deny the allegations, stating that the exploit had been fixed years ago.
According to a report by an online monitoring web portal, Under the Breach, a hacker was able to penetrate the privacy protocols of major firms such as Trezor, Ledger and Bnktothefuture on May 24 and walk away with a host of sensitive customer data, including email addresses, home addresses and phone numbers.
The documents posted by Under the Breach claimed that the hacker was in possession of three large databases that allegedly contained the details of more than 80,000 customers. In this regard, it was also rumored that the hacker was able to procure the above-stated information via an exploit that was linked to Shopify, an e-commerce firm that provides its services to a number of major crypto firms.
It now appears as though this so-called data breach has been a major false-flag, since many of the companies linked with the hack have come forth to say that Under the Breach’s claims are not grounded in any factual evidence. For example, a spokesperson for Shopify told Cointelegraph: “We have investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s systems.”
Similarly, Ledger’s security team moved to allay customer fears that their funds may potentially be in jeopardy. The firm released a detailed blog post stating that the rumor about the leaked customer data being from Ledger’s e-shop was a hoax and that the company’s security team had investigated the sample data and confirmed that it did not match its native client information.
Lastly, in addressing concerns regarding the hacker’s claim that they were able to gain access to Ledger’s client database through a 2016 Shopify exploit, the hardware wallet manufacturer’s security team stated that while Ledger currently employs Shopify as a third-party provider for its e-commerce operations, the same was not the case back in 2016.
Companies debunk the breach
To get a better overview of all that transpired since the hacking rumor went viral online, Cointelegraph reached out to Matthieu Riou, chief technical officer and co-founder of BlockCypher, a cloud-optimized platform powering blockchain applications that allegedly had its data compromised. Riou claimed that after performing a thorough analysis of the matter, his team reached a conclusion that the leak in question was more than four years old and is simply being recirculated. He further clarified:
“For example the number of records as reported by the hacker (2358 users) is particularly telling. We thankfully now have quite a few more users than that. But this number is consistent with a March 2016 data leak we had on an older system and acknowledged at the time.”
Not only that, Riou also pointed out that since the 2016 leak, his firm’s developer team has completely rewritten its user and API token management web application from scratch — as a result of which, users have had to re-register on the new platform with a different password. He added: “We’ve now been running on the new improved platform for several years and have had no issues. We can’t speak as to the severity or recentness of the data dumps originating from other firms.”
This sentiment was echoed by Peter Vecchiarelli, operations manager for Augur, a decentralized betting protocol that the hacker claimed to have compromised and stolen customer data from. Vecchiarelli stated that the “leaked” list associated with Augur was the same one allegedly acquired by hackers back in 2016. He pointed out that upon conducting a cross-reference test, his team found that the leaked list did not match any of Augur’s private email lists for marketing or crowd sale, and was merely a downloaded list of all the individuals who had set their email addresses to “publicly viewable” from a previous Slack channel operated by the company.
Lastly, Marek Palatinus, CEO of SatoshiLabs — the company behind Trezor’s various hardware wallets — told Cointelegraph that it is important for people to understand that the “data breach is not legit” and consists primarily of information that is fabricated. For example, he pointed out that Trezor’s e-shop does not run on Shopify and that the firm makes use of a niche anonymization protocol to minimize the impact of potential data breaches such as this one. Furthermore, Palantus stated:
“Even if the data was leaked from any of the mentioned party e-shops, the hardware wallet secret keys were not exposed, therefore the hacker or any other potential person that gets hold of the database won’t get access to your secret keys stored on a hardware wallet. Trezor does not collect any data from your hardware wallet or Trezor Wallet app.”
Crypto Exchanges’ Rubbish Hack Claims
Another aspect of this recent data breach is that the hacker claimed to have obtained a host of customer information from prominent crypto exchanges and investment platforms such as Coinigy, BitSo and Plutus.
Cointelegraph spoke with Coinigy co-founder William Kehl, who stated that one of Coinigy’s third-party Stripe accounts was compromised back in 2016, and as a result, an attacker was able to access info related to more than 500 customers. This data included the last four digits of customers’ credit card numbers, their names and their addresses along with associated emails. However, as part of the above-stated breach, Kehl maintains that none of Coinigy’s internal databases — including user accounts, passwords or API keys — were compromised. He added:
“We were immediately alerted to the incident when it occurred, and we immediately locked these accounts and our entire platform down, required all users to perform a complete security audit including but not limited to new passwords and API keys before they were able to log back into the platform. Again, what you see offered by the ‘hacker’ was not acquired from our database, but through gaining momentary access to some third party services we used.”
Similarly, addressing the rumors surrounding the hack, a spokesperson for Mexican cryptocurrency exchange Bitso told Cointelegraph that having investigated this alleged threat, the company’s security team has not found anything out of the ordinary. He added:
“We activated the pre-established protocols to review this potential event, and we will be informing users. At this time, we have not found evidence that a third party has sufficient information to access our customers’ accounts.”
The same thoughts were mirrored by David Morrison, community manager for Plutus, a crypto-fintech firm. Morrison stated that after having investigated several possible attack vectors, his company’s security team was not able to find any evidence of a hacking attempt. He said, “So far we have not found any solid evidence of successful hacking attempts. Regardless, we are taking all precautions possible and informing our customers appropriately.”
Jumping The Gun
On May 19, BlockFi reported a data breach that arose due to a sim-swap attack, resulting in compromised customer data held by the company, such as full names, email addresses, date of birth and physical addresses. Similarly, Etana, a custody firm that services the crypto exchange Kraken, also fell victim to a similar data breach last month.
While customer funds were reportedly not affected in any way throughout the aforementioned cases, whenever a story about some platform being compromised, people tend to jump to the worst conclusion right away.
Analyst Is ‘Surprised’ There Hasn’t Been A Large-Scale Attack On Bitcoin Cash Yet
A cryptocurrency analyst recently said that he is surprised that Bitcoin Cash did not yet fall victim to an attack, given the fall in its hashrate.
Yassine Elmandjra, a crypto asset analyst at ARK Invest, said in a May 24 tweet that the Bitcoin Cash (BCH) hashrate fell by 30% since its halving event, and only accounts for about 2% of the SHA-256 hashrate. Elmandjra now thinks it’s only a question of time before somebody takes advantage of the network:
“Surprised we haven’t seen a large scale attack yet.”
According to data from BitInfoCharts, the Bitcoin Cash average daily hashrate fell by nearly 25.6% since its April 8 halving. Still, Elmandjra presumably did his calculations based on May 23 data, where the hashrate was down by about 33.52%. It is worth noting that the hashrate is currently much higher than where it initially was, after falling by over 61%.
As Cointelegraph reported earlier this month, Bitcoin’s hashrate has shed around 25%-40%, new blocks are generated remarkably slowly speed and fees significantly higher since the halving.
Hayden Otto is a Bitcoin Cash event organizer and founder of BitcoinBCH, a BCH-based development firm. Otto argues that Elmandjra was misled by the Bitcoin (BTC) narrative that Bitcoin Cash can be easily hacked by a 51% attack.
According to Otto, “the formulas they use to determine the cost of a 51% attack does not consider important factors such as the incentives of miners.” He believes that such an attack could not be executed as easily as many suggest, and this is why no such attack took place on the Bitcoin Cash network.
Attacking Bitcoin Cash Is Easier Said Than Done
Otto added that Bitcoin Cash’s hashrate is currently about 3.5% of Bitcoin’s and has remained there for years. According to Cointelegraph’s calculations using CoinMetrics hashrate comparison chart data, BCH’s hashrate is currently equivalent to 3% of BTC’s. Furthermore, BCH’s hashrate was equivalent to about 4% on May 20, 2019. This data seems to generally back Otto’s point of view. He claims that an attack on Bitcoin Cash isn’t realistic:
“Bitcoin Cash is currently about 3.5% of BTC’s hashrate and has been around this level for more than a year. Despite this there has been no attack because miners are profit-seeking and there is no incentive to attack. Any attacker will be challenged by honest miners defending the chain, and the 10-block reorg protection neuters any attempt to secretly mine a longer chain. The risk of losing money far outweighs any potential reward, which ultimately makes any attempt to 51% attack Bitcoin Cash unviable.”
Still, as Otto himself pointed out Bitcoin Cash’s hash rate is usually just about 3.5% of what Bitcoin’s hashrate is. Because of this, BCH arguably needs such block reorganization prevention measures more than Bitcoin, where the computing power needed to attempt such an attack would be prohibitively expensive.
Hacker Steals Database of the Largest Hosting Provider on the Dark Web
Sensitive data from darknet websites hosted in Daniel’s Hosting have been leaked by a hacker who claims ties to Anonymous.
Reports emerged on May 31 about a hacker that stole and leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider in the darknet, and the home of several crypto-related forums and stores.
The hacker —under the pseudonym “KingNull”— also claims to be part of the Anonymous collective and reportedly got the information after the second hacking suffered by DH on March 10, which resulted in 7,600 dark websites taken down.
The fact forced the hosting provider to shut down its service and urged the users to migrate their sites to new ones on the dark web.
Leaked Info Could Help To Trace The ID Of People Running Illegal Darknet Sites
According to reports, the leaked data includes 3,671 email addresses, 7,205 passwords, and 8,850 private keys of the domains attached to the dark web sites.
Threat intelligence firm, Under the Beach, confirmed this finding to ZDNet and commented on the following:
“This information could substantially help law enforcement track the individuals running or taking part in illegal activities on these darknet sites.”
DH warned its affected users that they should immediately change the password that the hacker leaked, as they could be used to hijack new accounts that site owners create with other providers.
Although DH is reportedly the home of illegal cybercrime-related sites, it also hosts many owners of dissident and political sites, who could have their identity revealed to the authorities, according to the hosting provider.
Hacker’s Alleged Ties With Anonymous
The report clarifies that the suspected hacker did not steal the IP addresses. For now, Daniel Winzen, head of DH, said there is no set date for relaunching the service.
The fact that the hacker is allegedly related to Anonymous would not be a surprise. The collective launched an anti-child pornography “Operation Darknet” against Freedom Hosting in 2013, which was the largest Tor web hosting at that time.
Recent figures unveiled by Crystal Blockchain Analytics showed that the total USD value of Bitcoin (BTC) transferred on the dark web rose by 65% in Q1 2020, drawing authorities’ attention to illicit transactions through the darknet.
$1.4B in Crypto Stolen In First Five Months of 2020, Says CipherTrace
Researchers say 2020 is on track to become a record-breaking year for cryptocurrency-related thefts, hacks and fraud.
Digital asset intelligence firm CipherTrace released a report on Tuesday revealing that in the first five months of this year so far, the value of ill-gotten funds siphoned through cryptocurrency crimes has reached almost $1.4 billion.
This makes it possible that the amount of funds lost to bad actors in 2020 will outstrip the $4.5 billion lost in 2019, which CipherTrace then attributed to an uptick of “insider jobs” at businesses such as crypto exchanges.
This year, CipherTrace notes that criminals are capitalizing on the coronavirus crisis to target more victims and are propagating new crypto-related phishing campaigns, ransomware and darknet marketplace fraud.
The COVID-19 Crypto Crime Scene In 2020
CipherTrace has identified multiple scams this year involving email campaigns that impersonate coronavirus-related official groups in order to solicit personal information and/or payments in cryptocurrency.
Mimicked entities have included the World Health Organization, the Red Cross and the Centers for Disease Control and Prevention.
Other COVID-19-related applications and sites include purported virus trackers for smartphones, which enable criminals to spy on users or to install ransomware and later demand payment in cryptocurrency to decrypt users’ files.
New darknet markets have also emerged requesting payment in crypto for COVID-19 diagnostic tests, ostensible vaccines and “cures,” or sought-after personal protective equipment.
Of the $1.36 billion in crypto stolen so far this year, 98% of the total value ($1.3 billion) was accounted for by fraud and misappropriation, rather than by hacks and direct thefts.
Money Laundering Risks Remain
CipherTrace notes that evolving Anti-Money Laundering measures have proved reasonably effective, causing the global average of illicit funds received by exchanges to drop by 47% in 2019.
Challenges remain, however, with “regulatory arbitrage” — i.e., high-risk crypto firms relocating to less regulated jurisdictions. This, the report claims, is still prevalent ahead of the forthcoming enforcement of the Financial Action Task Force’s travel rule in June.
CipherTrace indicates that 74% of the Bitcoin (BTC) moved in exchange-to-exchange transactions was cross-border, a fact that points to the urgency of establishing global AML and counterterrorism standards such as those set out by the FATF.
The report further points to the amplifying effect of the global public health and economic crisis, noting that “in the rush to institute government programs, there will inevitably be corruption and misallocated funds, creating a ripe environment for money laundering.”
Another striking finding in the report involves the “exponential” rise of funds being sent to high-risk exchanges from United States Bitcoin ATMs in 2019 rather than to lower-risk entities, prompting CipherTrace to predict that ATMs could be the next target for financial regulators.
Crypto Crime On The Rise — Good Odds Of 2020 Becoming A Record-Breaker
Experts believe that a more holistic crypto ecosystem, especially one that is more AML-centric, is needed to help prevent the spread of crypto scams in 2020.
Per a new report released by digital-asset intelligence firm CipherTrace on June 2, the value of ill-gotten funds siphoned through cryptocurrency crimes over the first five months of the year stands at a whopping $1.4 billion, thus making 2020 a potentially active year in regard to cryptocurrency-related thefts, hacks and fraud.
The report goes on to state that if things continue at the same rate, the total volume of stolen crypto for 2020 has the potential to get close to reaching the $4.5-billion mark set in 2019. Criminals appear to be capitalizing on the ongoing COVID-19 pandemic to target unsuspecting individuals by luring them in via a variety of crypto-related phishing campaigns, ransomware and darknet marketplace fraud.
Additionally, out of the multiple scams that have been accounted for this year, many of them have reportedly made use of email campaigns impersonating various coronavirus-related official groups — such as the World Health Organization, the Red Cross and the Centers for Disease Control and Prevention — to solicit payments and donations in the form of cryptocurrency.
Lastly, CipherTrace officials claim that of the $1.36 billion in crypto stolen so far this year, 98% of the total value — nearly $1.3 billion — can be attributed to fraud and misappropriation rather than to hacks and direct thefts.
Scammers Have Continued To Evolve Their Methodologies
To gain a better understanding of where the market seems to be heading in the coming months and years, particularly when it comes to crypto crime, Cointelegraph spoke to John Jefferies, the chief marketing officer and chief financial analyst at CipherTrace.
In his view, while it is nearly impossible to predict with any certainty how trends related to cryptocurrency theft and fraud will evolve this year, it is possible that by the time the year comes to a close, the amount of funds netted by criminals may exceed the expectations of the report, betting 2019’s $4.5 billion figure.
Further elaborating on the subject, Jefferies stated that the largest contributor to this year’s crypto crime total has been Wotoken’s alleged billion-dollar Ponzi scheme that emerged from China. Furthermore, he is concerned in the coming months about exit scams by smaller virtual asset service providers, or VASPs, that that are struggling financially, adding:
“Retail investors should be wary of any company that uses hyperbolic statements and promises of extraordinary returns to lure them into participating. If WoToken had been required by regulatory agencies to provide detailed investment prospectus and audited financial statements, they wouldn’t have been able to launch their scheme and fool more than 700,000 victims. Many VASPs have dramatically improved their security posture, making it harder for hackers to steal from the platforms themselves.”
An even bleaker picture was painted by Pawel Aleksander, the co-founder and chief information officer of CoinFirm — a blockchain analytics company. He told Cointelegraph that as per his company’s own research and analysis, the volume of crypto funds stolen within the first quarter of 2020 may actually be closer to the $2 billion mark, highlighting:
“Knowing the amounts related to the various fraud happening as a whole has its importance but the most important aspect is addressing how to solve them and providing entities with the tools and solutions to do so.”
The Pandemic Has Made Things Worse
As a result of the ongoing coronavirus situation, an increasing number of people have started to spend more time in front of their computer and smartphone screens. Naturally, scammers have recognized this fact and are trying to seize this opportunity by devising novel ploys — promising high returns on various crypto-related offerings such as binary options, trust trading, etc. — to lure in unsuspecting individuals.
Commenting on the issue of how companies can best limit the spread of crypto-related scams, Aleksander stated that despite most social media platforms and messengers attempting to come down more seriously and limit such nefarious schemes, there are still many challenges that have yet to be tackled successfully. In his view, a balanced ecosystem is required, in which Anti-Money Laundering procedures can be democratized and users are given a voice:
“This can happen by achieving a synergy between AML, fraud investigations and an open data ecosystem that takes the security of crypto financial markets to a level never seen before or even thought possible in traditional finance.”
In this regard, he believes that a threefold solution is needed — i.e., one that is based on an AML technological platform that enables institutions to verify the risk of blockchain transaction counterparties and meet their regulatory obligations.
Not only that, but the platform should also have the capability to facilitate end-to-end investigations in cases where funds are reported missing as well as incentivize the reporting of suspicious activities. Aleksander closed out by saying: “If the industry collectively adopts such solutions and processes, the capability of such scams of not only being successful but being able to take advantage of the stolen funds will become severely limited.”
A similar point of view is shared by Jefferies, who also believes that banks, VASPs and other money service businesses can safeguard themselves against bad actors that are utilizing their platforms and payment networks to launder money as well as engage in other illegal activities by deploying effective AML measures.
How Do Bitcoin ATMs Fit Into All Of This?
A striking aspect of CipherTrace’s above-mentioned report involves the “exponential” rise of funds being sent to high-risk exchanges from United States-based Bitcoin ATMs rather than lower-risk entities such as established crypto exchanges. This has prompted experts to believe that BATMs may be at a greater risk of being used to launder money, especially given the preponderance of funds sent from them overseas, potentially to jurisdictions with lax AML and Know Your Customer policies.
Providing his insights on the matter, Jefferies stated that part of the reason for the increasing use of BATMs by money launderers, such as in the Kunal Kalra case, is their increasing ubiquity across the U.S. He added:
“Even in spite of the growing availability of privacy coins like Monero and Zcash, criminals continue to use Bitcoin because of the abundance of Bitcoin-to-fiat offramps. Banks and money service businesses should pay attention to high-risk transactions originating from BATMs that lack proper AML compliance.”
Bitcoin Cleaner Than Fiat?
Even though the crypto sector is still routinely maligned by members of the mainstream media that claim that digital currencies are still, by and large, being used by bad actors for nefarious reasons — such as terrorist financing, drug trade, etc. — Jefferies told Cointelegraph that as per his company’s latest research, cryptocurrencies are considerably cleaner than their reputation would suggest:
“The reality is that criminal use of Bitcoin and other cryptocurrencies is very low, less than 0.2% of the funds accepted by exchanges is directly from criminal sources.”
Law Enforcement Is Starting to Make Criminals Doubt the Dark Web
Trend Micro reveals dwindling confidence among darknet users in marketplaces due to security concerns.
A new study revealed that the dark web marketplace users are starting to lose trust due to the authorities’ crackdown and “current volatility” within the landscape, which results in instability for the darknet sites to establish a fixed presence.
According to cybersecurity company Trend Micro on June 7, crackdowns on marketplaces Dream Market, Wall Street Market, Valhalla and DeepDotweb have generated uncertainty among users regarding the unstable security infrastructure that dark web sites have been providing.
Fears Of “Exit Scams”
The report detailed that after March 2019, when law enforcement shut down darknet sites, sales activity experienced a considerable slowdown.
Doubts began to increase among users about their anonymity when making transactions as well as a surge in exit scams — sites that shut down suddenly and steal money from the customers — and undercover actions by the authorities within the marketplaces.
Lack of confidence in the darknet marketplaces led to the creation of a site called DarkNet Trust, which was created to verify vendors’ reputations by searching through usernames and PGP fingerprints.
Darknet Marketplaces Shifting To Additional Security Measures
Trend Micro explains that a walletless market is a method where payment is directly made between the buyer to the vendor, with the marketplace getting a monthly commission as opposed to transaction fees.
The report also notes that new encrypted email services like Sonar and Elude “suddenly” emerged, as users accused Protonmail of helping law enforcement.
Recent months have, consequently, seen increased all-around user skepticism.
Cointelegraph reported on May 31 that a hacker stole and leaked the database of Daniel’s Hosting (DH), the largest free web hosting provider on the darknet and the home of several crypto-related forums and stores.
Bitcoin Options Open Interest Rises 50% In A Month To Hit $1.5 Billion
Just over a month since open interest in Bitcoin options hit a record high of $1 billion, the latest figures show that it has increased 50% to break $1.5 billion.
According to the latest data from market analysis company Skew, total open interest in Bitcoin (BTC) options passed $1.5 billion on June 9. This comes barely a month after open interest crossed $1 billion for the first time, marking a 50% increase in just 33 days.
50% Rise In A Month Led By Two Players
Total Bitcoin options open interest hit $1 billion for the first time ever on May 7. Just over a month later, Deribit alone has open interest of $1.1 billion, and the total open interest has broken through $1.5 billion.
Deribit’s 20% increase from $903 million over the course of the month has not been the biggest story though.
Chicago Mercantile Exchange (CME) has increased its Bitcoin options open interest by over 850% in this time. On May 7 this stood at $38 million, but by June 9 CME recorded $368 million of open interest.
CME Aiming For The Options Crown?
As Cointelegraph reported, in the first half of May alone, open interest on CME Bitcoin options soared a massive 1,000% from $12 million to $142 million.
While unable to sustain quite that level of growth, the latest figures show that CME’s options momentum is far from running out of steam.
Of the other major players in the BTC options market, LedgerX open interest remained roughly the same since May 7 at $52 million while OKEx saw a 15% fall to $65 million.
An outlier in the field, Bakkt also saw a fall in open interest, from $80,000 to $68,000.
Despite this, the performance of both Deribit and CME shows that Bitcoin options is a rapidly growing market sector.
Deceased Quadriga Founder Committed Fraud
The Ontario Securities Commission says that the Vancouver-based crypto exchange was a fraud.
The Ontario Securities Commission, or OSC, claims that the crypto exchange Quadriga collapsed in 2018 because of fraud committed by its late founder, Gerald Cotten, who passed away on his honeymoon in India.
The report released on June 11, revealed by CBC Canada, says Cotten opened several accounts under aliases and credited himself with “fictitious currency,”. He traded this currency with unsuspecting clients of his Vancouver-based crypto exchange.
The deceased Quadriga founder was unable to meet his client’s withdrawal requests when the price of crypto assets fell. He then created a Ponzi scheme, covering the demand using funds from other Quadriga clients.
As detailed by the OSC, the organization attributed about $115 million of the $169 million clients lost to Cotten’s fraudulent trading, which helped him finance his millionaire lifestyle.
Due to Cotten’s death, the OSC says it will not seek to bring legal action against Quadriga, as “it’s not practical.”
Japanese Judge Upholds Charges Against Mt Gox’s Mark Karpeles
A Japanese judge ruled in support of the data tampering charges moved against the CEO of now-defunct crypto exchange Mt. Gox.
A Japanese judge ruled in support of data tampering charges moved against Mark Karpeles — the CEO of now-defunct crypto exchange, Mt. Gox.
At the end of March, Karpeles appealed his conviction on charges of having tampered with financial record data to harm his clients. Now, local news outlet Nikkei reported on June 11 that Tokyo District Court Judge Mariko Goto decided to uphold the previous ruling.
Karpeles Sentenced To Over 2 Years In Jail
The previous ruling sentenced Karpeles to two and a half years in jail for tampering with Mt. Gox data for February-September 2013 and depositing $33.5 million into his account. He will not have to serve this sentence unless he commits another offense within four years.
Karpeles claimed that increasing his account’s balance was not a crime. The Judge, on the other hand, ruled that this action violated the terms and conditions of the firm and added that the account balance was doctored in order to conceal fake Bitcoin (BTC) by the firm.
Mt. Gox was once the largest and most successful cryptocurrency exchange in the world. At the time of its closure, it was the biggest cryptocurrency exchange to disappear following a hack. In February 2014, the firm stated that almost 750,000 of its customers’ Bitcoins, as well as 100,000 of the firm’s own Bitcoins were stolen.
500 Estonian Crypto Companies Lose Permits After $220B Scandal
Estonia is withdrawing permits from hundreds of crypto companies following Europe’s biggest money laundering scandal.
Estonia, one of the European Union’s most crypto-friendly countries, is cracking down on hundreds of licensed crypto companies in response to a $220 billion money laundering scandal, according to Bloomberg.
Estonia was among the first EU countries to license crypto companies but has been forced to clamp down after hundreds of billions of dollars of dirty money was detected in the Estonian unit of Denmark’s largest lender Danske Bank A/S. It’s put the country at the center of Europe’s biggest money laundering scandal.
License To Ill
Madis Reimand, Head of the Baltic country’s Financial Intelligence Unit revealed that regulators suspect that licensed crypto firms are abusing their Estonian credentials to commit fraud elsewhere.
Hence, more than 500 companies — about a third of the total — which had failed to start operations in Estonia within six months of being licensed, have seen their permits withdrawn. He explained that:
“This is a first step in tidying up the market, allowing us to take care of the most urgent issues by permitting operations only for companies that can be subjected to Estonian supervision and coercive measures.”
The Purge Isn’t Over
Reimand indicated that more strict licensing measures will come. More than a half of the country’s remaining crypto companies may also lose their licenses as they too have no operations in Estonia and their managers are outside the country.
15 People Plead Guilty In Bitcoin-Powered Fake Auctions Case
The U.S. Department of Justice received two more guilty pleas from Romanian nationals involved in a crypto-fuelled transnational cyber fraud ring on June 11.
Fifteen people have pleaded guilty to involvement in an international syndicate that used fraudulent online auctions to dupe victims out of Bitcoin (BTC) according to the United States Department of Justice (DoJ).
From at least December 2013, the syndicate used listings for non-existent goods on auction and sales websites to defraud victims, with the group laundering the funds through a Romanian crypto exchange Coinflux in recent years.
According to the DoJ’s announcement, four of the guilty pleas were made by Romanian nationals in the past 24 days before U.S. Magistrate Judge Matthew A. Stinnett, with two taking place in the last 24 hours.
International Cyber Fraud Ring Busted
On June 11, 30-year-old Bogdan-Stefan Popescu and 34-year-old Liviu-Sorin Nedelcu entered guilty pleas for one count of RICO conspiracy each.
The complaint states that Nedelcu collaborated with other fraudsters to post advertisements on auction websites for goods that did not exist, most commonly vehicles. “Upon receiving payment, Nedelcu and his co-conspirators engaged in a sophisticated money laundering scheme to convert the victim payment into Bitcoin,” said the DoJ.
The DoJ asserts that Popescu oversaw “an operation whereby he knowingly negotiated fraudulently obtained Bitcoin” through online fraud, in addition to providing money laundering services and distributing tools used to defraud U.S.-based victims.
Romanian Exchange Coinflux Laundered Funds
The funds generated by the syndicate were laundered through the Romanian cryptocurrency exchange Coinflux.
33-year-old Vlad-Călin Nistor, the founder and operator Coinflux, pleaded guilty to one count of RICO conspiracy on May 19. Nistor would convert the criminals’ crypto assets into local fiat currency on behalf of Romanian-members of the group.“
The DoJ asserts that Nistor laundered the funds despite “knowing that the Bitcoin represented the proceeds of illegal activity,” with plea documents noting that Nistor exchanged over $1.8 million worth of Bitcoin for Popescu.
30-year-old Beniamin-Filip Ologeanu also pleaded guilty to RICO conspiracy on May 19, having worked in conjunction with the syndicate to post fraudulent ads on auction and sales websites. Olegeanu also purchased the fraudulent proceeds from his co-conspirators in the form of prepaid debit cards to be laundered in the United States.
“Through the use of digital currencies and trans-border organizational strategies, this criminal syndicate believed they were beyond the reach of law enforcement,” said U.S. Secret Service assistant director Michael D’Ambrosio.
“However, as this successful investigation clearly illustrates, with sustained, international cooperation, we can effectively hold cyber criminals accountable for their actions, no matter where they reside.”
Coinflux Founder Arrested In 2018
In December 2018, Romanian media reported that Nistor had been arrested in Romania at the behest of U.S-based prosecutors for alleged money laundering and fraudulent activity. Less than one month later, it was announced that Nistor would be extradited to the United States.
South Korean Police On The Hunt For Ethereum Crime Ring Masterminds
The Seoul Metropolitan Police seize two unnamed local crypto exchanges in an effort to dismantle an ETH-related crime ring.
The Seoul Metropolitan Police Agency launched a criminal investigation on June 12, leading to the search and seizure of two unnamed cryptocurrency exchanges. These efforts were enacted with the hope of dismantling an Ethereum (ETH) crime ring worth $41.5M.
According to Joongang Ilbo, the alleged crime network promoted its business model as a multi-level marketing scheme, or MLM. More than 1,500 people are believed to have sent their crypto assets to the scammers.
“Huge Returns” Promised With ETH Investments
Reports indicate that the company’s CEO, identified by the name “Mr. Shin,” was investigated and received a court order prohibiting him from leaving the country while authorities conduct their investigation. Police indicate Mr. Shin is one of at least 100 individuals being watched by authorities.
Another suspect, known as “Mr. A,” is also being monitored. As an executive of one of the exchanges, he allegedly promised “huge returns” for ETH investments.
Number Of Victims May Exceed 1,500
As of press time, 433 investors have filed complaints with the police, alleging that they were unable to withdraw their funds from the scheme. Attorneys speaking on behalf of the victims have said that there could be 1,000 more individuals who have yet to approach the police.
Cointelegraph reported on June 2 that the value of ill-gotten funds siphoned through cryptocurrency crimes over the first five months of the year stands at a whopping $1.4 billion.
Examining the Status of Stablecoin Minting and Burning Activities
We selectively analyzed six stablecoins — USDT, GUSD, HUSD, PAX, TUSD and USDC — to uncover their minting and burning activities so far in 2020.
As of June 4, six stablecoins — Tether (USDT), Gemini Dollar (GUSD), HUSD (HUSD), PAX Gold (PAXG), TrueUSD (TUSD) and USD Coin (USDC) — have had a total of more than 10,000 minting transactions so far in 2020, totaling $8 billion, with USDT issued on the Ethereum blockchain dominating the stablecoin landscape. The major stablecoin began to explode in early March and drove the market cap of the entire stablecoin market higher. By the end of the April, it was ranked third in size behind Bitcoin (BTC) and Ether (ETH). Its current market capitalization accounts for about 85% of the total stablecoin market capitalization.
During the most volatile session, in March 2020, the number of minting and burning activities was at a peak, and the dollar value of newly issued tokens also reached its highest point.
In terms of burning activities, there have been nearly 5,600 burning events reported so far in 2020, with the total value of destruction exceeding $3 billion.
We looked at the quarterly stablecoin minting and burning records from early 2017. The dollar value of burning and minting in the third quarter of 2019 was at a historical high, and the volume of burning and minting activities reached a historical high in the first quarter of 2020.
Based on the data, we believe that if the trend continues, the number of minting and burning activities for Q2 2020 will be at least equal to the number in Q1 2020.
Stablecoins Minting And Burning Historical Record
Significant Differences In The Number Of Minting Activities
The following figure shows the number of minting activities and the dollar value of stablecoins minted in the first five months of 2020.
Total Value Of Stablecoins Minted And Minting Transaction Volume
Among the stablecoins shown, HUSD initiated 5,280 minting transactions, increasing the overall market value by about $101 million, with an average of $200,000 per minting transaction. USDT only initiated 74 minting transactions, but the overall market value increased by approximately $5.5 billion as a result, with an average of $74 million per minting transaction — 370 times the average value of HUSD minting per transaction.
We also looked at data around stablecoin minting in dollar value and transaction activities. Minting activity reached its peak in March, which was also the month with the largest dollar value minted so far in 2020.
In addition, We found that the dollar value of different stablecoins being minted varies. As shown in the figure below, there are significant differences in the number of minting activities for different stablecoins.
Up to the $10 million range, there are 1,800 minting activities per month on average in 2020 so far, while for larger values, there are less than 30 minting activities on average per month.
HUSD is the most frequently issued stablecoin in the $10 million section, followed by TUSD.
USDT is vastly different from the other five stablecoins and is the one that has minted more than $40 million in a single transaction, these transactions have also mostly concentrated in the $40 million bucket with a total of more than 56 minting transactions so far in 2020. There were only six minting transactions in total in the $10 million to $40 million bucket.
Stablecoin Burning Transactions Rarely Occur In Significant Value And Is Mostly Concentrated Within The $10 Million Range
The data on the number of burning transactions and the total dollar value of destruction of each stablecoin are shown in the following figure. HUSD ranks first in the number of burning transactions and the dollar value of destruction. In addition, although USDT has the least number of burning transactions, the value of destruction ranks second.
In addition, we have observed that if we exclude the USDT data, the frequency and dollar value of stablecoin destruction per month are relatively average, around 1,000 times and $500 million, respectively.
USDT destruction is characterized by a lower frequency of burning transactions but each being high in value. The value of USDT destruction reached 50% of the total burn value during February 2020.
The destruction events are concentrated in the $10 million range and was rarely of high value. Only USDT and USDC made the cut to being greater than or equal to the $40 million bucket per burning transaction.
It is worth noting that burning activities in March only capped at $10 million per transaction, with the highest number of burning transactions occurring so far in 2020.
The rise of stablecoins is inevitable. The sector creates endless possibilities in this volatile parallel financial universe. They are not only bringing liquidity to the ecosystem but also driving significant innovations and creating many other use cases to drive the cryptocurrency industry further. However, the industry has much to address, such as the risks and issues in the stablecoin sector. It is without a doubt that the crypto industry will see continued strong growth of the stablecoin sector, thereby driving meaningful adoption.
Karpeles Says Mt Gox Verdict May Set ‘Dangerous’ Precedent
A day after a Tokyo court upheld charges against him, Mark Karpeles, the former owner and CEO of Mt. Gox, spoke to Cointelegraph.
A day after a Tokyo court upheld charges against him, Mark Karpeles, the former owner and CEO of the now-defunct exchange Mt. Gox, spoke to Cointelegraph regarding the verdict.
On June 11, Tokyo District Court Judge Mariko Goto struck down Karpeles’ appeal to a previous charge of tampering with financial data. Karpeles was first convicted in March 2019 and received a two-and-a-half year jail sentence. He began the appeals process that same month. The former CEO will have to serve time should he commit another offense within four years.
Speaking to Cointelegraph, Karpeles said he hadn’t decided whether to appeal again and was currently consulting with his legal counsel on how to proceed:
“The verdict, in this case, relies on the concept brought by the prosecution that the company has its own ‘will’ that can differ from management’s and/or shareholders’. I believe this can be dangerous as it means when a company fails management can be later prosecuted for taking actions that go against what the prosecution decided was the company’s will at a given time.”
On June 11, Judge Goto explained the reason for the charge as “an action that goes against terms of services which the company indicated as its own will.”
Tokyo-based Mt. Gox was the biggest exchange in the world where nearly 70% of all BItcoin (BTC) transactions were conducted at one point. In February 2014, the company lost track of almost 750,000 BTC belonging to the customers and 100,000 BTC of its own.
Mt. Gox entered bankruptcy proceedings in 2014 but has since undergone civil rehabilitation processes to enable it to pay back creditors.
The rehabilitation plan is set to be submitted by July 1.
Five Wanted For Indian Crypto Scam Operating Since 2017
Five individuals have been identified by Indian police as likely involved with a crypto investment scam that has operated since 2017.
Indian police have registered a case against five individuals suspected of involvement in a cryptocurrency scam that has defrauded investors since 2017.
Despite operating for several years, the scammers are only believed to have made away with a modest bounty of roughly $34,200.
The group is believed to have solely operated in the Maharashtra state’s district of Palghar.
Indian Police Target Multi-Year Scam
On June 13, media outlet New Indian Express reported that five people had been booked for allegedly defrauding investors under the guise of cryptocurrency investment.
The group promised exorbitant returns to those who invested in crypto assets from them, soliciting payments in the form of cash and cheques. However, after the funds were received, the scammers became increasingly evasive in their interactions with investors, local police said.
None of the accused fraudsters have been arrested so far.
Last month, the case concerning Amrit Bhardwaj and Vivek Bhardwaj — two brothers who operated India’s notorious multi-level marketing crypto scam GainBitcoin — was transferred from the Cyber Cell to local police’s Crime Branch.
India Ramps Up Darknet Crackdown
Indian police have recently expanded efforts to crack down on darknet crime, recently announcing plans to build an AI-powered web portal for deep web policing, and teaming up with international regulators to bust anonymous free market vendors peddling unlicensed pharmaceuticals or narcotics.
Perceptions that crypto assets may comprise a tool for illicit activities could prove highly damaging for India’s digital asset sector, with the Indian Ministry of Finance proposing a new ban on cryptocurrencies on June 12 — only three months after the Supreme Court’s ruling that lifted the country’s prohibition on banks providing financial services to firms operating with crypto.
Fraudulent Site Impersonates Encrypted Messaging Service To Steal Bitcoins
A new Bitcoin-related scam emerged through a phishing site that impersonates a self-destructing encrypted notes service.
Cybercriminals have reportedly created a fake site version of the legitimate encrypted self-destructing notes service privnote.com. The fake version can be shared with other users to steal Bitcoin.
According to a June 14 report from KrebsOnSecurity, the creators of the encrypted notes service complained about a fake clone site, privnotes.com, whose scam scheme consists of the following:
“Any messages containing Bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.”
Privnote.com said in the report that the phishing site does not apply encryption systems. Instead, the cybercriminals can read and/or modify all messages sent by users, in addition to using an automated script that scours messages for Bitcoin (BTC) addresses, and replaces them with scammers’ wallet address.
A ”Smart” Scam
On the fake site, Allison Nixon, chief research officer at cybersecurity firm Unit 221B, said the scam is “pretty smart,” explaining:
“Because of the design of the site, the sender won’t be able to view the message because it self destructs after one open, and the type of people using privnote aren’t the type of people who are going to send that bitcoin wallet any other way for verification purposes.”
One of the factors that alert the company is the fact that because both URLs are similar, when doing a Google search with the term “privnotes,” the user will see the first shot of a Google’s paid aid, which is the phishing site. The second result is the legit website.
Recent Bitcoin-Related Scams
In May, Harry Denley, a crypto-security researcher, discovered almost 22 Google Chrome web browser extensions built to steal their users’ cryptocurrencies. The extensions he found impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask, and Jaxx.
Cointelegraph reached out to privnote.com but received no reply as of press time. This article will be updated should a response come in.
SIM Swap Hackers Target Crypto Investors — Cell Services Not Available
Civil lawsuits against telecom providers such as AT&T are becoming commonplace as the number of SIM swap hacking scandals rises.
On June 11, it came to light that California resident Richard Yuan Li had been charged with conspiracy to commit wire fraud for his role in a number of SIM swap attacks that targeted at least 20 individuals. Not only that, but as part of his elaborate money swindling scheme he also attempted to extort 100 Bitcoin (BTC) from an unknown physician in exchange for keeping their private, sensitive information from being released online.
According to numerous reports, Li’s nefarious deeds can be traced all the way back to 2018 — and lasting until around mid-2019 — when he along with a group of co-conspirators tried to defraud many unsuspecting individuals of their hard-earned savings using SIM swap attacks. In this regard, a SIM swapping involves the rerouting of a person’s SIM card to a phone that is in possession of a hacker, thus allowing them to gain access to an individual’s personal information such as emails, bank account details, cryptocurrency wallet, etc.
Furthermore, over the course of the past few years, SIM swap attacks have seen a dramatic spike. For example, back in May 2018, crypto investor Michael Terpin fell victim to a $23.8 million SIM swap attack that was perpetrated by 18-year-old Ellis Pinsky of Irvington, New York. Similarly, investor and two-time Emmy award winner Seth Shapiro filed a lawsuit against American telecom giant AT&T, alleging that the firm’s employees had masterminded a nefarious SIM swap scheme that resulted in him losing $1.8 million in various crypto assets.
Sim Swapping Due To Poor ID Verification Protocols?
SIM swapping has become a significant threat for users of major networks in the United States, especially as more and more individuals are starting to rely on their mobile devices to work remotely. In this regard, a large number of Americans are having their lifetime savings and invaluable data stolen from under their eyes solely because mobile operators are seemingly failing to take reasonable steps to prevent their employees from repeatedly conspiring with criminal hackers.
In this regard, John Pierce, a trial lawyer and the global managing partner of Pierce Bainbridge, told Cointelegraph that while criminal prosecutions are starting to take place, accountability in civil cases is absolutely crucial to deter this kind of misconduct. Not only that, he also believes that a major reform in data security practices is needed from the side of most cellphone service providers.
To gain a more in-depth understanding of why SIM-swap-related incidents have been increasing sharply over the past three to four years, Cointelegraph reached out to Mark Grabowski, an associate professor of cyberlaw at Adelphi University as well as a regular columnist for the Washington Examiner. In his view, the reason is that people are now using their smartphones to facilitate their everyday digital activities rather than personal computers, which are considerably more secure. He added:
“In addition to infecting smartphones with malware, criminals are illegally spoofing users’ phone numbers (faking the number that an incoming call is from), porting their numbers (moving the number from a user’s phone to another phone controlled by the criminal) and even cloning SIM cards, the computer chips that identify a phone, to access users’ data and steal money.”
While the federal Wireless Telephone Protection Act of 1998 protects customers from their personal data being shared with third-party sources, Grabowski opined that the lax ID verification protocols that are being used by most cell phone carriers these days make customers vulnerable to a variety of different hack attempts.
Earlier this year, several members of Congress sent a letter to the Federal Communications Commission urging it to mandate that wireless carriers provide stronger protections for customers to truly lock down their accounts, such as requiring an in-person visit to a store before a phone number can be ported to another device or carrier.
Cell Phone Providers Should Step Up?
Cybersecurity is an ever-evolving domain wherein attackers continually seek to modify their gameplans in order to keep up with the latest trends. For example, hackers at one point were using SMS messages to gain access to people’s cell phones by attacking the Signaling System No. 7, or SS7, communications protocol. Now, hackers have become more sophisticated in their ways and have learned how to crack passwords using a variety of different means. As a result, many companies have responded by adding two-factor authentication protocols to bolster their security.
Talking about how easy it is for miscreants to carry out a SIM swap attack, Mark Herschberg, an instructor at the Massachusetts Institute of Technology as well as chief technology officer of cybersecurity company Averon, told Cointelegraph that while initiating such an attack is certainly not easy, if the wallet has enough value in it then it’s worth it for the hackers, adding: “Attackers are very efficient in finding the optimal effort to reward approaches.”
Additionally, talking about ways in which this rising issue can be combated successfully, Herschberg pointed out that there are newer technologies that allow for silent 2FA authentication to take place with no action on the part of the user. In his view, this method is more secure and can help detect SIM swaps more efficiently — thus allowing a transaction to be flagged by a network operator if one’s SIM has been changed recently.
Battle With AT&T Rages On
In perhaps one of the most widely covered SIM swap court cases, a U.S. district judge released an order on May 20 rejecting AT&T’s bid to dismiss Shapiro’s lawsuit in which he claims that the company acted in an extremely negligent manner and failed to prevent miscreants from making their way with $1.8 million worth of crypto. In a conversation with Cointelegraph, Shapiro stated:
“We’re not simply alleging that AT&T employees were involved in my theft: they were named in an indictment by the Department of Justice, from a case built by the Department of Homeland Security (US v Freeman). So the federal government has already proven that AT&T employees are stealing from its customers.”
Furthermore, it is worth mentioning that in the past, AT&T has been handed a number of major defeats in cases quite similar to Shapiro’s. Back in 2018, for example, California resident Robert Ross lost $1 million worth of crypto after a hacker was able to gain control of his AT&T phone. Similarly, North Carolina resident Jason Williams was also at the receiving end of a major SIM swap attack in which he lost a bulk of his crypto savings.
Elaborating on how network operators have been trying to deflect responsibility when it comes to such SIM swap incidents, Shapiro added that for years, big-name players such as AT&T have allowed its employees to destroy the lives of its customers — subjecting them to theft, extortion and other major crimes — instead of taking action to solve such problems: “The Department of Justice indicted two AT&T employees in my case. In that month alone, one of those AT&T employees committed 29 illegal SIM swaps; the other committed at least 12 and AT&T did nothing to stop them.”
Commenting on the subject, Pierce said that AT&T has sought to focus the blame on the hackers that collaborated with AT&T employees to carry out attacks and downplay the relationship between the control of a victim’s cellphone number and the ability to gain access to the victim’s accounts through two-factor authentication:
“AT&T’s motion to dismiss Mr. Shapiro’s lawsuit argued that Mr. Shapiro’s allegations did not meet various technical legal requirements to establish legally cognizable claims against it — most of which the court resolutely rejected. Mr. Shapiro’s court now joins a growing chorus of other federal courts that have allowed civil lawsuits by SIM swap victims to proceed against AT&T.”
Making The Call
While some suggest that this recent increase in SIM swapping incidents could be directly linked with the desire of the masses to adopt cryptocurrencies, it appears as though there is not enough evidence available to support this correlation. For example, as with ransomware attacks, SIM swapping simply provides hackers with another avenue to strike a large payday.
However, what should be understood is that in order to prevent SIM swap attacks from becoming commonplace, cellphone users need to become more technically savvy and adopt privacy protocols such as “offline two-factor codes” that can allow users to perform verification checks without them having to rely on their cell phone carrier. An even better alternative could be making use of a physical security key, which would make it nearly impossible for miscreants to gain access to an individual’s personal data.
Cybercrime Up 75% During COVID-19, Congressional Hearing Details
A recent U.S. government hearing showed a significant uptick in online crime since COVID-19 took over in 2020.
Giving the opening remarks during a U.S. House meeting on illegal digital activities, Representative and subcommittee chair Emanuel Cleaver (D-MO) noted a major jump for online crime in 2020.
“We are seeing a 75% spike in daily cybercrimes, reported by the FBI since the start of the pandemic,” Cleavor said in his opening statements of the June 16 virtual hearing before the Subcommittee on National Security, International Development, and Monetary Policy.
Speaker Dials Into Specific Attacks And Sectors
After COVID-19 prevention measures caused business closures and shelter-in-place orders in mid-March, many companies looked to remote work. As droves of people increased their web activity, hackers saw more opportunities. Amid newfound need for online meetings, for example, popular video meeting platform Zoom suffered widespread data leaks.
Called on for comment as a witness in the meeting, VMware’s head of cybersecurity strategy, Tom Kellermann, singled out the finance industry, noting a 238% uptick in related digital crime between January and May 2020. “This is compounded by the 900% increase in ransomware attacks,” he added.
Kellermann Mentions A Crypto Connection
After noting a number of ways nefarious parties have preyed on victims, Kellerman mentioned an uptick in crypto exchange hacks and leaks. He also explained that parties use these venues as a means of laundering money, in tandem with the dark web and anonymous digital assets.
“Dark web forums enabled by anonymous virtual currencies have created a bazaar for criminals and organized crime to reach a global market,” Kellerman said, also mentioning “extremist organizations.”
The VMware Cybersecurity Head Added:
“Many of these payment systems and cryptocurrencies offer true or relative anonymity. This raises the necessity of increased regulation of digital money.”
In combination with a number of other points, Kellermann posited increased regulation as a possible solution, mentioning several proposed regulatory actions.
Bitcoin maintains a level of pseudonymity, depending on its purchase origin. In most cases, however, the public can track Bitcoin more easily than cash. Although Kellermann called out digital assets for their anonymity, many assets yield traceability. Anonymous coins, such as Monero and Zcash, tout additional privacy-focused features, but are often misunderstood. Recent research shows criminals’ lack of proper anonymous usage.
Alleged Ponzi Scheme Sent The $5 Million In Ether Gas Fees
The origin of the abnormal Ether transactions that paid more than $5 million in gas fees seems to be Korean “exchange” GoodCycle.
After a week of searches, it appears that the culprit behind at least two of the anomalous high fee transactions on Ether (ETH) was found.
As reported by Chinese blockchain analytics company PeckShield on June 16, the originating address appears to be coming from Korean platform GoodCycle, a recently launched peer-to-peer exchange that provides “investment” opportunities to its users.
According to PeckShield, this platform shows all the signs of a Ponzi scheme, which would explain its rapid rise in popularity.
The analysts conducted a thorough blockchain analysis and found that a wallet beginning with “0xcdd6a2b” was the origin of the first two transactions. The team was able to make a deposit on the GoodCycle platform and conclusively proved that it went to that address.
Ransomware Theory More Likely
The analysts argue that due to GoodCycle relying on a pyramid scheme, it makes sense why it has not come forward to claim the money, as that would erode trust in the platform from its users and subsequently collapse the venture.
Jeff Liu, a co-founder of PeckShield, told Cointelegraph that GoodCycle is likely to be the victim of an attack, though he added that “there are still other possibilities, such [as] internal operation errors.”
The report from PeckShield notes that the exchange does not even use the encrypted HTTPS protocol, which would make it trivial to hack the exchange through “man-in-the-middle” attacks.
A communication from GoodCycle itself seems to confirm that the platform is suffering a hack, subsequently blocking withdrawals and performing a “security upgrade.”
Victim Got In Contact With The Mining Pools
Two transactions sent today to SparkPool and Ethermine from the wallet that was identified as GoodCycle’s are signed with a message stating “I am the sender.”
It appears likely that the team finally regained control back, as it is unlikely that the hackers would have been able to make the transaction.
When asked why the exchange did not move sooner in shutting itself down, which was one of the criticisms of the blackmail theory, Liu replied:
“In my opinion, they are not very experienced exchange operators, and may need some professional help on how to deal with these operation issues.”
However, Ethermine has already decided to distribute the funds to miners, while SparkPool pledged to begin the process today as well.
The PlusToken Connection
Anonymous researcher Frank Topbottom was able to identify that several addresses connected to the massive PlusToken Ponzi scheme were interacting with the address later associated with GoodCycle. Specifically, funds from a known PlusToken sent ETH to the same deposit address used for some transactions on the GoodCycle address.
It is unclear whether the association runs deeper. It is possible that GoodCycle was simply another venue used by the scammers to launder their proceeds.
F2Pool Returns $500K of Abnormal ETH Transaction Fee To Sender
F2Pool returns about $500,000 in abnormal ETH transaction fee to its sender after encountering the issue on June 11.
F2Pool, a Chinese mining pool that recently mined an Ether (ETH) transaction with an abnormal transaction fee of 2,310 ETH, has returned 90% of the fee to its sender.
Announcing the news on June 18, F2Pool said that the MiningPoolHub, the original owner of the address behind the transaction, has received back 2,079 ETH, or about $480,000. The mining pool specified the transaction ID showing that F2Pool has returned the amount to its original owner.
In order to complete the reimbursement transaction, the original address holder had to sign the new address using the private key of the original address. This is because the original address is now controlled by a hacker, F2Pool noted.
“Out of our humanitarian spirit, F2Pool has decided to return the transaction fee component of the transaction. It’s not feasible to return the fee back to the original sender address as the address is also now controlled by the hacker. Therefore, we agreed to send the fee to a new address provided by the original address owner after full verification of the address and owner.”
According to the statement from F2Pool, the rest 10% of the transaction fee, or 231 ETH ($53,000) will be distributed to miners. The amount will be used as compensation for zero-fee ETH mining during a seven day period from June 20 to June 26.
The Transaction Is Part Of A Series Of Other Abnormal ETH Transactions
F2Pool’s decision to return 90% of the abnormal transaction fee comes soon after the mining pool reported on the troubled transaction on June 12. The suspicious transaction took place on June 11, involving an original 3,221 ETH transaction with an abnormal 2,310 transaction fee. On June 12, the original owner of the address behind the transaction reached out to F2Pool and explained that they became a victim of a malicious attack on their node wallet, causing them to lose combined 5,531 ETH, or $1.2 million.
The latest news is another twist in a series of recent abnormal ETH transactions involving two other mining pools — Etherchain and Sparkpool. As reported by Cointelegraph, the two mining pools consecutively encountered similar abnormal transactions, with both of them involving an incredible $2.6 million transaction fee.
In contrast to the recent F2Pool’s decision, Etherchain and Sparkpool decided to distribute the millions of dollars in gas fees they received from the strange transactions. Both pools emphasized that they have given sufficient time for the sender to get in touch with them. Sparkpool’s transaction took place on June 10, while Etherchain’s one followed on June 11.
This is not the first time when F2Pool returned the abnormal gas fee amount to the sender. In March 2019, the Chinese mining pool returned an abnormal transaction fee worth 2,100 ETH. The amount, worth around $300,000 at the time, was returned to the sender in full, F2Pool’s global business director, Thomas Heller, tweeted on June 10.
Major Crypto Debit Card Issuer Reportedly Missing $2.1B in Cash
A German fintech company responsible for several crypto debit cards, including Crypto.com’s, allegedly misrepresented over $2 billion in cash reserves.
Major fintech company Wirecard, which issues Crypto.com’s debit cards, has fallen into controversy as some of its employees appear to have defrauded the company.
As reported by the Financial Times on June 18, auditors from Big Four accounting company EY “could not confirm the existence of €1.9bn in cash,” or about $2.1 billion.
According to a statement from the company, a trustee of Wirecard’s bank accounts attempted to deceive the auditor and falsely indicate the existence of the cash balance.
The company’s stock price plummeted by almost 50% on Thursday after the issue came to light.
According to earlier reporting by the Financial Times, Wirecard staff in Dubai and Dublin appear to have conspired to falsely inflate sales and profits for almost a decade.
Are Crypto Cards In Jeopardy?
Crypto.com’s popular debit cards are issued by WireCard, which could prove to be a problem for the company.
While it is unlikely that user funds are directly threatened, the hole in the reserves could result in service disruptions on cards issued by WireCard. Cointelegraph reached out to Crypto.com for comment, but did not immediately receive a response.
However, Crypto.com is not the only provider that could be affected by this. WireCard is currently the debit card issuer for Wirex, TenX and CryptoPay.
A notable exception in this group is Coinbase Card, which is currently issued by PaySafe Financial Services. Furthermore, Coinbase became a principal Visa issuer in February, which would put it at the same level of WireCard and PaySafe. However, the company has not yet directly issued its own debit card.
There are few providers willing to work with cryptocurrency companies, and the crypto debit card industry largely remains vulnerable to struggling principal issuers. In January 2018, the sudden collapse of WaveCrest left virtually all crypto debit card companies without a product.
It is unclear whether WireCard’s issues will result in a similar phenomenon, though this is different from the WaveCrest example, which simply had its Visa license revoked.
Germany-based Wirecard, one of the biggest and fastest-growing European fintech companies, delayed publication of its annual report and said its management board was working with auditor Ernst & Young GmbH to clarify the situation. The revelation shook investors, and the company’s shares dropped by nearly two-thirds, wiping out $9 billion in market value in a matter of hours.
The company said the auditor informed it that “no sufficient audit evidence could be obtained” on the €1.9 billion belonging to the company that was supposed to be held in trust accounts. The amount equals about one-quarter of the value of Wirecard’s balance sheet.
Wirecard is a leader among companies that have boomed as commerce shifted online and away from cash payments. It processes electronic payments for retailers, gambling sites, travel companies and others, especially online, and provides related services and loans. It was seen as a great success in Germany’s corporate scene, with high exposure to rapid growth in Asian markets. In 2018, Wirecard’s market value eclipsed that of Deutsche Bank AG , the country’s largest lender.
The €1.9 billion is meant to be held in accounts looked after by a trustee on behalf of Wirecard and payment-processing partners in some countries. Problems obtaining evidence about these balances were raised by KPMG in a recent special report into allegations about Wirecard’s accounting practices, published in April.
“There are indications that spurious balance confirmations had been provided,” Wirecard said Thursday. This was done to “deceive the auditor and create a wrong perception of the existence of such cash balances,” it said.
The German company has been a battleground stock among investors. Wirecard posted steadily rapid sales growth and hit earnings targets for years. Yet skeptical investors who bet against its shares have made it one of the most shorted stocks in Europe. Some allege the company used third parties and shell companies to generate fake revenue, or that cash it claimed to hold wasn’t really there.
Wirecard has consistently denied these allegations. Its chief executive, Markus Braun, on Thursday cast Wirecard as a possible victim. “It is currently unclear whether fraudulent transactions to the detriment of Wirecard AG have occurred,” he said. “Wirecard AG will file a complaint against unknown persons.”
He said that the €1.9 billion in deposits were held in investment-grade-rated banks and managed by a reputable trustee.
Ernst & Young had demanded that the banks holding the deposits issue new confirmations that they had the money before it would sign off on Wirecard’s accounts for 2019. But the two banks, which are based in Asia, refused to do so, according to a Wirecard spokesman.
Troubles for the company intensified in early 2019 when the Financial Times reported about a whistleblower in the company’s Singapore operations, who alleged manipulation of the company’s accounts. Police in Singapore are investigating those allegations.
At first, German regulators appeared to rally round Wirecard. The country’s financial watchdog, BaFin, banned new bets against the company’s shares for three months and said it would investigate claims of market manipulation by short sellers and the Financial Times.
Wirecard also appeared to win support from Japanese technology investment giant SoftBank Group Corp. In April 2019, Wirecard announced a $1 billion investment from an affiliate of SoftBank just before the short selling ban was due to expire.
It later turned out that SoftBank Group never invested any funds in the Wirecard deal. Instead, some SoftBank employees using personal money and Abu Dhabi sovereign-wealth fund Mubadala had put up a fraction of the funding before selling their interests through structured products arranged and sold by Credit Suisse.
Those structured notes collapsed Thursday, losing three quarters of their value, trading at 18 cents in the dollar. Credit Suisse and Mubadala didn’t immediately comment. SoftBank declined to comment.
After initially targeting Wirecard’s critics, German regulators more recently turned their gaze on the company. Members of Wirecard’s management are currently under investigation by the Munich prosecutor after BaFin filed a criminal complaint of market manipulation against them.
A person familiar with the BaFin case said it had examined statements Wirecard had made ahead of the April publication of the special investigation by KPMG. The statements misled investors to believe the report would disprove allegations against it, which it didn’t, according to the person.
KPMG was commissioned by Wirecard to perform a special audit last October in response to a string of allegations about fake revenues, falsified accounting and other matters, including some made in an unsigned report posted on the internet.
KPMG’s report complained of a lack of cooperation from Wirecard and its third-party partners. It said it wasn’t given many documents, or was only given them very late and that many were electronic copies that weren’t verifiable.
The accounting issues could prompt Visa Inc. and Mastercard Inc. to withdraw Wirecard’s licenses to operate, according to Neil Campling, head of telecoms, media and technology research at Mirabaud Securities. Mr. Campling expects Wirecard’s share price to keep falling.
“The only thing likely to go higher related to Wirecard are the bidding rights for the inevitable movie about the company,” he said.
Mastercard declined to comment. Visa didn’t make any immediate comment.
Europe has faced a string of corporate accounting scandals over the years. One that looms large was Parmalat, the Italian dairy giant that falsified more than $4 billion in cash holdings and overstated sales and profits for over a decade. Another was Lernout & Hauspie Speech Products, a Belgian company whose founders were given five-year jail sentences for fraud in 2010.
John Hempton of Bronte Capital, an Australia-based short seller who has been betting against the Wirecard shares for more than a decade, said it had been one his most costly trades ever. The stock had kept rising despite numerous allegations against the company.
“Nothing surprised us except how long the stock went up and how gullible the median European large cap manager was,” he said. “Intellectual satisfaction is nice—I would prefer a refund.”
The company will announce a new date for publication of its 2019 report. It said that if certified annual statements can’t be made available by Friday, then Wirecard’s lenders could terminate €2 billion of existing loans made to the company.
A Wirecard bond plunged Thursday, trading for 37 cents on the dollar from 80 cents yesterday, according to Tradeweb.
Wirecard has a €1.75 billion credit facility split among more than 10 banks including its long-term lender, Commerzbank of Germany, as well as ABN Amro and ING of the Netherlands. The lenders will meet to discuss what to do next, according to a person familiar with the financing.
Late Thursday, the company said it had suspended a long-serving executive, Jan Marsalek, on a revocable basis. It gave no reason for the suspension. It also said James Freis Jr. had been put in charge of compliance immediately. Mr. Fries, formerly a compliance executive at Deutsche Börse Group, was due to join Wirecard in July. Mr. Marsalek didn’t respond to a request for comment.
Markus Braun: Storyteller Behind Wirecard’s Rise and Fall
Evangelist for payments company acknowledges investor confidence is now ‘deeply shaken’.
Markus Braun was the self-styled visionary behind German payments giant Wirecard.
An instantly recognizable fixture at tech conferences, recently adopting Steve Jobs-style black turtlenecks, Mr. Braun became known for grand predictions about the future of payments, big data and artificial intelligence.
His resignation Friday after Wirecard said its auditors couldn’t locate €1.9 billion ($2.1 billion) of the company’s cash raises serious questions about his legacy. Long the company’s face and most passionate advocate, as well as its largest shareholder, Mr. Braun said Friday that “responsibility for all business transactions lies” with the chief executive.
A tall 50-year-old computer scientist from Vienna with an intense manner of speaking, Mr. Braun had been Wirecard’s CEO and chief technology officer since 2002. He was educated at the University of Vienna and previously worked for KPMG LLP’s consulting business.
A former Wirecard employee said Mr. Braun made a formidable double act with the company’s chief operating officer, Jan Marsalek, who was suspended Thursday.
“Markus was the one who spoke to investors, he was the storyteller,” the employee said. “Jan went around the world doing deals.” Others say Mr. Braun lived a quiet, unflashy life in the suburbs of Munich, where Wirecard is based.
He controlled around 7% of the company’s shares, according to FactSet, which were worth $1 billion until earlier this week. With the stock cratering over the past two days, those shares are now worth around $200 million.
“The confidence of the capital market in the company I have been managing for 18 years has been deeply shaken,” Mr. Braun said in a statement.
Mr. Braun presided over Wirecard as it grew into one of Europe’s highest-profile fintech companies. It processes electronic payments for retailers and others and provides related services and loans, and has high exposure to rapid growth in Asian markets.
He would evangelize for the company’s products, hitting on the point that different from its rivals Wirecard offered a single interface to the company’s payments platform. He was proud that Wirecard was a rare European tech success, but also saw it as a global force. “We’re active on all five continents,” he said in a 2019 company video.
Mr. Braun attracted an ardent bunch of detractors who said the company’s uncanny consistency in growing its sales from year to year was too perfect to be true. When the Financial Times published a series of stories on the company’s accounting, Mr. Braun was the chief rebutter, dismissing the allegations and assuring investors the scrutiny would soon be over.
Wirecard initially called the reporting “inaccurate, misleading and defamatory,” although it acknowledged in subsequent days that an internal investigation had been commissioned.
In November, after agreeing to have KPMG conduct an outside audit of the firm, Mr. Braun told investors that nothing would be found. “We can totally confirm today that all of these allegations are unfounded.”
Activist investor Christopher Hohn, who bet the company’s shares would fall, tried to get Mr. Braun fired in April after the audit looking into the company’s accounting practices couldn’t get answers to certain questions.
Mr. Hohn said in an interview Friday that his team had met with Mr. Braun in Germany earlier this year, and that Mr. Braun couldn’t satisfactorily answer questions raised by allegations of fraud at the company.
A tweet posted to Mr. Braun’s Twitter account Friday said the company has “excellent employees, a strong business model, outstanding technology and abundant resources to ensure a great future.”
North Korean Hackers To Launch A Global COVID-19 Phishing Campaign
North Korea-backed hackers are reportedly preparing a massive phishing campaign to take advantage of the COVID-19 crisis.
A study by cybersecurity vendor, Cyfirma, warned about a massive phishing campaign that will be launched by the North Korean hacker group, Lazarus, on June 21. The campaign will allegedly target six nations and over 5 million businesses and individuals.
According to the report published on June 18, Lazarus will subject Singapore, Japan, India, the United Kingdom, South Korea, and the United States to a massive phishing campaign. Hackers will reportedly attempt to take advantage of people receiving payments established by several countries in an attempt to mitigate the COVID-19 crisis.
A Campaign To Collect Cryptocurrencies?
Lazarus seems to be impersonating government accounts using fake emails. They ask recipients to visit fraudulent websites which ask for money and save their personal data. In the past, the North Korean hackers have preferred to be paid in cryptocurrencies.
There are no additional details about the specific methods Lazarus group will use to gather money from their victims.
A Cyfirma’s Spokesperson Told Cointelegraph:
“On June 1, the platform picked up an early indicator from Korean-speaking community discussing a folder called ‘Health-Problem-2020’ and that was when we uncovered the entire campaign targeting the USA, UK, Japan, South Korea, India and Singapore.
This global phishing campaign is well-planned across all fronts, leveraging social engineering to lure individuals and businesses into divulging personal and financial information. Citizens and business owners are in desperate need of these government fiscal support packages and chances of them falling prey to this phishing attack is very high.”
Governments Already Aware Of The Threat
The cybersecurity firm clarifies that they have not yet seen URLs for the phishing sites found in the email templates gathered during their research, but expect that such information will be revealed soon. They also state that the governments of the targeted countries have been warned about the upcoming Lazarus campaign.
Recently, North Korean leader, Kim Jong-un, reportedly encouraged Lazarus to steal cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts to prevent a financial meltdown during the COVID-19 crisis.
NZ Authorities Seize $90M From Alleged Bitcoin Launderer Alexander Vinnik
The New Zealand police have recovered $90 million in assets reportedly belonging to the alleged $4 billion launderer Alexander Vinnik.
According to Jared Savage at the New Zealand Herald, the police Asset Recovery Unit have frozen roughly 140 million NZD ($90 million) controlled by a company in connection to the investigation of Vinnik.
Police Commissioner Andrew Coster told the publication that local authorities had been coordinating with the United States Internal Revenue Service to address the lost funds.
The money recovered is “likely to reflect the profit gained from the victimisation of thousands, if not hundreds of thousands, of people globally as a result of cybercrime and organised crime,” according to Coster.
Money Laundering And Arrest
Vinnik was accused of laundering 300,000 Bitcoin (BTC)—roughly $4 billion—over the course of six years through BTC-e, one of the world’s largest crypto exchanges at the time. Some of the ill-gotten funds may even have come from the infamous hack of Japan-based crypto exchange Mt. Gox.
The Russian national known as “Mr. Bitcoin” was arrested during a vacation in Greece in 2017 and extradited to France earlier this year. As of press time, Vinnik is still in France awaiting charges of money laundering, extortion and conspiracy, but could be extradited to the United States or his native Russia.
PlusToken Moves $67 Million To Unknown Wallet, Signalling A Potential EOS Dump
We only need to look to recent history for what this transaction means.
A wallet associated with alleged crypto Ponzi scheme PlusToken has moved 26,316,339 EOS tokens (worth over $67 million as of press time) to an anonymous crypto wallet created less than 24 hours ago. The transaction was spotted by tracking service Whale Alert earlier today.
PlusToken is believed to be one of the largest scams in the cryptocurrency history, as it reportedly held almost $3 billion worth of assets including Bitcoin (BTC), Ethereum (ETH) and EOS when it went bust in June last year.
Launched in May 2018, PlusToken acted as a crypto wallet service and investment program promising high monthly returns. It was primarily marketed in China and South Korea.
In July 2019, six Chinese nationals were arrested in Vanuatu and extradited to China as part of the investigation regarding PlusToken. At the time, PlusToken claimed that the arrested individuals were regular users and not the company’s co-founders.
Next month, PlusToken reportedly started to move its funds to exchanges in an apparent attempt to cash out.
The scam wasn’t widely discussed in the Western crypto community until August 2019, when blockchain analytics firm Ciphertrace reported on the suspicious project. According to Ciphertrace, PlusToken netted around $2.9 billion from some 3 million people.
Suspicious market moves
As observed by Cointelegraph, similar movements in the past from wallets associated with PlusToken have been followed by suspected massive open market sales on cryptocurrency exchanges. In turn, this led to noticeable spikes in BTC, ETH and altcoin prices.
In November 2019, pseudonymous crypto researcher Ergo suggested that a major market selloff was possibly driven by the PlusToken scammers liquidating 200,000 BTC on the open market. Similarly, research firm Chainalysis suggested in its December 2019 report that PlusToken scammers may be using over-the-counter (OTC) off-ramps to sell BTC, driving down the price.
However, EOS remains unshaken as of press time. It currently trades around $2.56, up 1.26% on the day.
Resigned Wirecard CEO Detained By Police As $2.1B Fraud Threatens Company
The CEO of Wirecard, who resigned recently, was arrested by German police under accusations of conspiring to inflate assets and revenue to entice investors.
The former chief executive officer of Wirecard, a German fintech company, has been detained by Munich police after being charged with misrepresenting the company’s balances.
As reported by Reuters and many others, Markus Braun, who led the company for the better part of two decades, has been arrested by police in Munich, Germany. According to a statement issued by the prosecutor’s office, he is accused of having conspired to inflate assets and total revenue through false transactions with “third-party acquirers.” This was done to make the company appear more attractive to investors, the prosecutors say.
The misrepresented funds in question, amounting to 1.9 billion euros, or $2.1 billion, are supposed to be held in a trust account in two unspecified banks in the Philippines. Between June 21 and 22, Wirecard board of directors issued a statement saying that “with a high degree of probability” the funds do not exist.
The money represents more than 32% of Wirecard’s claimed assets of 5.8 billion euros ($6.5 billion). Since the issue finally came to light last week, Braun resigned from his role.
A judge is set to deliberate whether to continue detention today.
Company In Dire Straits
The hole in the budget and the ongoing turmoil raises questions on whether the company will be able to recover and survive in the long-term. As Cointelegraph mentioned previously, Wirecard is the principal issuer for many crypto debit card companies, like Crypto.com and Wirex’s Asia-Pacific offering.
The CEO of Crypto.com, Kris Marszalek, noted that its debit cards are fully pre-funded, and the reserves are held in a separate U.K. bank distinct from Wirecard.
Meanwhile, Wirecard’s stock price has fallen about 84% to $16 as the news became known.
The longer term fate of the company remains unknown, but Wirecard-issued cards continue operating normally so far.
Plus Token Money Launderers Stopped Short By Congestion
One of the largest ponzi schemes in crypto history is still trying to launder its proceeds, but Ethereum congestion is making that difficult.
Funds from the infamous Chinese-based PlusToken ponzi scheme are moving once again, but they’re being blocked by Ethereum’s block congestion.
According to Whale Alert, funds from a known PlusToken Ether (ETH) stash were seen moving to a fresh address. The fraudsters transferred 789,500 ETH, worth about $186 million, in what appears to be an effort to launder their funds.
The incoming wallet has since signed more than 50 transactions to split the funds across dozens of wallets, but only one of those appears to have been confirmed.
The remaining transactions have been hanging in the mempool for more than 30 minutes as of press time, largely due to their relatively low gas fee.
The transactions are bidding between 25 and 30 Gwei, which is significantly below the current average of 50 Gwei, according to EthGasStation.
Just two days earlier on June 22, PlusToken moved $67 million of its ill-gotten proceeds.
Someone Has Been On A $200M Crypto Exchange Hacking Spree
CryptoCore reportedly launched a phishing campaign against several crypto exchanges and managed to steal $200 million in two years.
A cybercriminal group has allegedly stolen around $200 million from cryptocurrency exchanges over the past two years. In total, they are believed to have hit 10 – 20 victims across the United States, the Middle East, and Asia.
According to research by the cybersecurity firm ClearSky, the gang named “CryptoCore,” known with other pseudonyms like “Dangerous Password” and “Leery Turtle,” has been actively targeting crypto firms since 2018 — specifically exchanges.
They confirmed that CryptoCore stole $200 million from at least five victims, several of whom were located in Japan.
Between 10-20 Additional Companies Could Be Affected
The names of targeted crypto exchanges were not revealed due to non-disclosure agreements with the victims. It is believed that the total number of targets could be as high as 20 in total.
The cybersecurity firm believes CryptoCore may have links to the Eastern European region, Ukraine, Russia, or Romania.
Phishing Attacks Launched Against The Exchanges
The hackers used spear-phishing attacks to gain access to crypto exchanges’ wallets. In some cases, they may have targeted executives’ personal email accounts.
The report details that spear-phishing attacks are “typically” carried out by impersonating employees, mostly those who have a high-ranking role within the company or from another organization like the advisory board.
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, provided some comments regarding spear-phishing attacks like CryptoCore did:
“Some phishing campaigns consist of non-targeted mass emails sent to a large number of people. Others, however, are crafted to target specific individuals – a company executive, for example. This known as spear phishing and, because the actor may have spent time collecting information about the individual being targeted, the emails can be extremely convincing.”
Callow Also Adds:
“Many security incidents and data breaches start with phishing emails. Phishing campaigns are typically designed to either collect logins – for example, by directing the recipient to a fake banking site – or to deliver malware via malicious attachments. In either case, the end result can be the same: a compromised network.”
Cryptocore Is Not The Only Headache For The Exchanges
North Korean hacking team, Lazarus Group, targeted several crypto exchanges last year, as per a Chainalysis report. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of the DragonEx exchange.
Recently, Cointelegraph reported on a study that warned of a massive phishing campaign that could be launched by Lazarus soon. This could allegedly target six nations and over 5 million businesses and individuals.
A Hacker Named “Fxmsp” Managed Built A Million Dollar Cybercriminal Business Over Three Years
A new report shows that a Kazakhstani hacker built a million dollar fortune by breaching private networks and selling their data.
Researchers at threat intelligence company, Group-IB, said that the hacker, who operates under the pseudonym “Fxmsp,” began promoting their services across darknet. They posted data for sale on hacking-related forums, offering valuable resources stolen from private corporate networks. Some customers have taken to calling the hacker “The invisible god of networks.”
Millionaire Profits For Fxmsp
According to the report, the magnitude of Fxmsp’s cybercriminal business is enormous. They reportedly accumulated $1.5 million in profits over three years by targeting 135 companies from 44 countries.
Fxmsp allegedly began promoting cryptojacking services through a Russian forum, selling corporate network data access. Their services allowed purchasers to mine cryptocurrencies using stolen computer power, though it is unknown whether these services were used to specifically mine Bitcoin (BTC).
The Study Revealed A Number Of Instances Where The Hacker Managed To Expand Their Target Capacity:
“During the time that he was active on [removed link], from early October 2017 to July 31, 2018, Fxmsp put access to 51 companies in 21 countries up for sale. The cybercriminal shared the price in only 30% of cases. By that time, after 9 months of activity, the minimum average price for all visible accesses that I’ve advertised was $ 268,000 (without including the sales I’ve made through private messages).”
Were They Really Acting Alone?
Yelisey Boguslavskiy, AdvIntel’s director of security research, believes that Fxmsp was not acting alone, but rather as part of a cybercriminal team named “GPTitan”. This group is made up of numerous hackers who access various financial environments to steal high-profile network data.
An article published by BleepingComputer, citing an independent source, claimed that “the invisible god of networks” had expanded into a team with an undetermined number of members.
Fxmsp is known to have worked with a sales manager operating under the pseudonym “Lampeduza”.
Fxmsp disappeared from the forums in May 2019, effectively ending the relationship, however.
The report states that Fxmsp and Lampeduza may still be operating privately.
Cointelegraph recently reported that the total USD value of Bitcoin transferred on the dark web rose by 65% in Q1 2020, despite a decline in transactions during the same period in 2019.
Cybercriminals Use The Blockchain To Relay Secret Messages
SophosLabs published a study that revealed hackers use the blockchain network to share secret messages.
A group of researchers from SophosLabs state that hackers operating the cryptojacking malware, Glupteba, have been using the Bitcoin blockchain network to communicate in secret.
According to the report published on June 24, cybercriminals rely on a command and control center where they send encrypted secret messages that require a 256-bit AES decryption key.
Encrypted Messages Used To Update Malware
The purpose of the communication channel is for hackers to receive updated configuration information for the malware. This data is used by attackers to obtain precise instructions and thus update the malicious software.
Glupteba is what’s known as a zombie or software robot that can be controlled remotely. It has various functions such as a rootkit, security suppressor, virus, router attack tool, browser stealer, and as a cryptojacking tool.
Sophoslabs Explains In Detail About The Curious Feature:
“Glupteba uses the fact that the Bitcoin transactions are recorded on the Bitcoin blockchain, which is a public record of transactions available from a multitude of sources that are unexceptionably accessible from most networks. Bitcoin’ transactions’ don’t actually have to be about money – they can include a field called RETURN, also known as OP_RETURN, that is effectively a comment of up to 80 characters.”
Future malware-delivery-as-a-service provider?
However, the cybersecurity firm warns that the malware could take advantage of this feature as an added value to commercialize it.
Andrew Brandt, A Principal Researcher At Sophoslabs, Told ZDNet:
“I’d say the Glupteba attackers are angling to market themselves as a malware-delivery-as-a-service provider to other malware makers who value longevity and stealth over the noisy quick endgame of, for instance, a ransomware payload.”
But this is not the first case in which the blockchain network is used to send messages in the crypto sphere. On May 25, a message signed by 145 wallets containing Bitcoin (BTC) from a number of early blocks called Craig Wright a “liar and a fraud.”
Crypto Cards Affected As UK Regulator Suspends Wirecard Subsidiary
Wirecard’s subsidiary that is responsible for issuing debit cards has been suspended as the company can no longer access customer funds.
Wirecard’s subsidiary responsible for issuing debit cards, Wirecard Card Solutions Ltd., has been suspended by the United Kingdom’s Financial Conduct Authority, or FCA.
According to a statement issued on June 26 by the regulator, Wirecard’s subsidiary is required to not dispose of any of its funds, stop conducting any of its regulated activity, and it must communicate on its website and to its customers that it is no longer permitted to conduct regulated activity.
As of press time, however, such statements are not present on any of Wirecard’s websites, including the subsidiary’s dedicated domain.
The FCA explained that following the news of the 1.9 billion euros shortfall in Wirecard, it began working with the card issuing subsidiary to ensure that customer funds are protected. On Friday, the regulator took “additional measures” and forced the firm to stop all regulated activities. “This now means customers money cannot be accessed,” the statement concludes.
That suggests that customers may be barred from using any of the debit cards issued by the company. That includes crypto debit cards from Crypto.com, TenX and others.
The CEO of Crypto.com, Kris Marszalek, reassured his customers that funds are secure and are owned by the company. Speaking with Cointelegraph, Marszalek added:
“As of this moment the cards are working fine. As per our statement yesterday, in case of a disruption, we will rapidly proceed to credit the funds back to our users crypto wallets. Given the announcement made by the FCA today, this is highly likely.”
He added that the company is looking for alternative solutions to ensure customers can continue using their cards.
In a subsequent update by Crypto.com, the company said that it was asked to cease operations for its EU and U.K. cards, which means that customers will not be able to use them “later today.” The company promised that within 48 hours, all funds on the debit cards will be returned to customers on their crypto wallets.
Cointelegraph reached out to TenX as well, but did not receive an immediate response.
Wirecard’s woes began when the company admitted to lacking over 32% of its claimed assets, worth $2.1 billion.
The CEO, Markus Braun, resigned and was subsequently arrested by German authorities. Prosecutors believe that the company’s management was involved in a long-running fraud to misrepresent the company’s earnings and assets.
On Thursday, the company filed for insolvency due to the sudden shortfall, which can be the first step to bankruptcy. The disruption to its business at the hands of the FCA is likely to worsen its already tenuous financial situation.
Crypto.com To Refund Clients As Wirecard’s Card Issuer Told To Cease Operations
Crypto.com has confirmed to CoinDesk it is moving to refund customers as the U.K. regulator orders Wirecard’s card issuer to cease all operations immediately.
Crypto.com CEO Kris Marszalek told CoinDesk the company is refunding 100% of customer funds after the Financial Conduct Authority (FCA) suspended the activities of Wirecard Card Solutions, a subsidiary of the Wirecard Group, which filed for insolvency on Thursday after admitting last week to be missing $2.1 billion.
“We will rapidly proceed to credit the funds back to our users’ crypto wallets,” Marszalek said.
All funds will be refunded in the next 48 hours.
The FCA ordered Wirecard Card Solutions to cease all regulated activities on Friday. The financial watchdog said it had stepped in to protect customer funds and would prevent the company from accepting or disposing of any more revenue.
While Wirecard Group is headquartered in Munich and is outside the FCA’s jurisdiction, Wirecard Card Solutions has its offices in Newcastle, in the north of England. Friday’s announcement affects all cards issued by Wirecard Card Solutions, including those belonging to Crypto.com and TenX users. Although it still isn’t clear what could happen, one possibility is that all Wirecard cards stop working.
Users will not be able to top up or transact with Crypto.com cards as of later today.
Both Crypto.com and TenX kept quiet after Wirecard admitted last Thursday its $2.1 billion accounting hole may have come from employees purposefully inflating company revenue.
Both companies assured customers their funds were safe because they were held by a separate financial institution, but representatives refused to say whether they were looking for another card issuer.
But Friday’s news has now forced their hands.
“We’ve been working on alternative solutions with our partners to make sure our customers can continue their cards, and will provide an update on this in due course,” Marszalek said.
In a statement, Crypto.com said it was in the process of transferring its card program to a new provider.
TenX did not immediately respond to requests for comment.
Investors Fear Ethereum Price Sell-Off After PlusToken Transfers 789K ETH
PlusToken recently moved $186 million worth of Ethereum, leading investors to fear a dump in ETH price.
Earlier this week PlusToken, one of the largest scams in the cryptocurrency world, tried to move 789,500 Ether (ETH), but the movement of these stolen funds were temporarily held up by congestion issues within the Ethereum network.
The $186 million transfer came from a known Ethereum address and was later split into 50 different transactions, possibly as an attempt to disguise the activity. Whale Alert first spotted the transactions which have since been processed but little information on the funds’ destination has been reported.
Just two days before this latest development, PlusToken also moved $67 million worth of stolen EOS.
PlusToken Sales Lead To ETH And BTC Corrections
Despite being dismantled last year, PlusToken is still causing damage to the crypto industry by liquidating holdings and holding large amounts of Bitcoin (BTC) and other assets like Ether and EOS.
PlusToken still holds a significant amount of stolen crypto-assets and these funds continue to pose a threat to spot markets as large market sales can impact Bitcoin and Ether’s price across various exchanges.
While some believe that the March 12 crash was caused by PlusToken dumping Bitcoin on spot markets, this theory was quickly dispelled by data from blockchain analysis firm, Chainalysis.
According to Chainalysis, BTC movements from PlusToken to exchanges slowed down heavily before the Black Thursday crash, which shows the two events were not related.
While this particular crash was not related to PlusToken, many still believe the group is responsible for some of the accentuated drops in the Bitcoin price, namely in December 2019.
As crypto options and futures continue to grow in popularity, the danger of an accentuated drop caused by a large sell-off becomes bigger as it could potentially trigger a long squeeze for Ether.
Chainalysis head of research Kim Grauer agrees that a PlusToken triggered sell-off is a real risk. Grauer previously told Cointelegraph:
“We found in the past that large inflows to exchanges, such as those from PlusToken last year, tend to increase the price volatility on exchanges. This problem can potentially be exacerbated by trading bots that pick up on those on-chain movements and execute trades, not to mention the highly leveraged positions on derivatives exchanges that can get liquidated rather quickly. But overall, prices tend to bounce back quickly from those one-off events.”
Exchanges Raise Security To Ward Off Scammers
In this instance the Ethereum network acted as a temporary bottleneck for the scammers as the transaction was stalled due to network congestion, which is ironically a very small silver lining in the current scalability issues being faced by the second biggest blockchain network.
However, the biggest deterrent for the liquidation of PlusToken funds should be exchanges’ KYC (know-your-customer) standards.
KYC requires users to divulge their identity which, if done right, could lead to the arrest of the person or people selling the assets. As previously reported, a large portion of the BTC sell-offs conducted by PlusToken took place in the Huobi and Okex exchanges where the KYC and AML policies were not sufficient enough to stop the scammers.
To be fair, Huobi has worked to improve its security standards since the last wave of PlusToken BTC sales. The exchange recently launched an on-chain monitoring tool called Star Atlas in order to identify “crimes like fraud, money laundering and other problematic activities” on their platform.
Peer-to-peer exchange Paxful also recently partnered with Chainalysis to increase monitoring around illicit transactions.
While it’s hard to tell what the PlusToken scammers will do next, traders will be keeping close watch on the upcoming Ether options expiry and the spot price at exchanges to see if the scammers try to dump on open markets after the expiry.
Transnational Cybercrime Group Co-Founder Who Amassed $568M Pleads Guilty
The co-founder of the Infraud Organization pleaded guilty to racketeering charges before a U.S. District Court in the District of Nevada.
A Russian national behind the cybercriminal enterprise Infraud Organization has pleaded guilty on June 26 to racketeering conspiracy, due to his role as a co-founder and admin of the dark web-based carding portal which generated profits over $568 million.
According to the announcement made by the U.S. Department of Justice, or DOJ, 33-year-old Sergey Medvedev, also known under the pseudonyms “Stells,” “segmed,” and “serjbear,” claimed responsibility for his role in the organization created in October 2010 by a Ukraine national, Svyatoslav Bondarenko.
Medvedev pleaded guilty before U.S. District Court Judge James C. Mahan in the District of Nevada.
What Is RICO?
The Racketeer Influenced and Corrupt Organizations Act, or RICO, provides robust criminal penalties for persons who engage in a “pattern of racketeering activity” or “collection of an unlawful debt” and who have a specified relationship to an “enterprise” that affects interstate or foreign commerce.
The DOJ accuses the Infraud Organization of being the “premier destination” for people who want to buy retail items with counterfeit or stolen credit card information, whose transactions were made via cryptocurrencies.
Escrow Service Provided To Facilitate Illegal Crypto Transactions
The cybercriminal cartel also promoted the selling of malware, banking information, and illegal goods.
It provided an escrow service to facilitate illicit digital currency transactions among its members and employed screening protocols that purported to ensure only high-quality vendors were permitted to advertise to members.
The latest figures revealed by the authorities’ investigation assure that the Infraud Organization had around 10,901 registered members.
During its seven-year tenure, the group inflicted approximately $2.2 billion in intended losses, and more than $568 million in actual damages, on a wide swath of financial institutions, merchants, and private individuals, DOJ said.
Medvedev was arrested in 2018 in Bangkok, Thailand, with over 100,000 Bitcoin (BTC), worth $822 million at the time. In the same year, U.S. authorities indicted 36 individuals for allegedly held roles in the cybercriminal enterprise.
Another Russian National Involved In An Ongoing Cybercriminal Case In The U.S.
In a non-related case, a Russian hacker was sentenced to nine years in prison by a U.S. court on June 26.
The hacker, Aleksei Burkov, was accused of running a website called “Cardplanet” which sold payment card information as well.
He was previously considered to be of personal interest by Russian President, Vladimir Putin.
Shareholders File Criminal Complaint Against EY For Alleged Role In Wirecard Scandal
Shareholders in German fintech Wirecard are taking legal action against Big Four auditor EY in the fallout from the scandal now engulfing the company.
Shareholders in German fintech Wirecard are taking legal action against Big Four auditor EY in the fallout from the scandal now engulfing the company.
Earlier this month, the auditor had refused to sign off the fintech’s 2019 financial report after discovering a shortfall of €1.9 billion (roughly $2.1 billion) on its books.
Following EY’s discovery, German authorities arrested Wirecard’s (now-former) CEO, Markus Braun, who had been at the helm of the fintech for almost two decades.
Braun has been accused of conspiring to inflate the company’s assets and misrepresent what amounted to over 32% of Wirecard’s assets — $2.1 billion of a claimed $6.5 billion.
According to CNBC on June 26, EY said that there are “clear indications that this was an elaborate and sophisticated fraud, involving multiple parties around the world in different institutions, with a deliberate aim of deception.”
The auditor defended its position, claiming that “even the most robust and extended audit procedures” would not be able to derail a “collusive fraud” of this nature.
The German shareholders’ association, Schutzgemeinschaft der Kapitalanleger e. V. (SdK), has nonetheless filed a criminal complaint against three EY auditors — two current and one former — for their alleged role in the accounting scandal.
Crypto Debit Cards Impacted By Wirecard Controversy
On June 25, Wirecard filed to open insolvency proceedings. As the extent of the alleged fraud became apparent, regulators moved to suspend its subsidiary, Wirecard Card Solutions Ltd., which is responsible for issuing the firm’s debit cards.
The incident has sparked concern in the cryptocurrency industry, as debit cards from Wirex, TenX and CryptoPay, are among the cards issued by Wirecard.
Following regulators’ action, Crypto.com was asked to cease operations for its EU and U.K. cards, but returned all funds on the affected debit cards to customers’ crypto wallets.
The company is now reportedly working to transfer its card program to a new provider.
Hacker Steals Balancer’s COMP Allowance In Second Attack Within 24 Hours
Balancer hacked twice within 24 hours, though this time the sum is relatively small.
We recently reported that the Balancer DeFit protocol suffered a $500,000 attack. Less than 24 hours later, a second attack claimed about $2,300 worth of Compound tokens (COMP).
Hao, an engineer at DeBank, tweeted that an attacker was able to fool the Balancer system into thinking he was owed a significant portion of the COMP tokens stored in the decentralized exchange’s pool.
The attack involved flash loans from both dYdX and Uniswap. The hacker loaned more than $33 million that was used to generate cTokens representing ownership in a Compound pool.
The attacker then transferred the cTokens to a Balancer pool. This triggered Compound into distributing the COMP accrued by the pool during its normal operation.
The hacker then forced Balancer to update the pool’s balance, which at this point included all of the flash loaned money. The system thus believed that the hacker was entitled to a significant share of the pool’s COMP, despite not having held any money previously.
A call to withdraw the COMP and exchange it to ETH completed the hack, which netted a relatively small sum of about 10 COMP, worth $2,300.
Hao noted that the attack is similar to the $500,000 loss from earlier in the day. Like the first, this second attack relies on the peculiar way that Balancer manages its internal state.
The team has since pledged to make affected users whole. They will also compensate a researcher who reported on the vulnerability in May.
DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About
A spat between the Balancer and STA team following the $500,000 hack suggests that the DeFi protocol was aware of the weakness.
The Balancer automated market maker protocol has been hacked for over $500,000 in a single Ether (ETH) transaction, facilitated once again by a dYdX flash loan.
As analyzed by the 1inch.exchange team a few hours after the incident, a carefully crafted transaction taking more than 8 million gas, or about two thirds of an Ethereum block, stole over $500,000 in Ether, Wrapped Bitcoin (WBTC), Chainlink (LINK) and Synthetix (SNX) tokens.
Taking Advantage Of Programmed Burn
Timestamped at 6 PM UTC on Sunday, the transaction begins with a flash loan from dYdX for 104,000 ETH, or about $23 million.
The exploit relied on Statera (STA), a deflationary token where 1% of every transaction is automatically burned. Balancer’s smart contracts seem to have failed to account for this, thus expecting that each transaction would be for the full amount.
The hacker exploited this by exchanging back and forth between Statera and Ether 24 times. At each step, the STA balance available to the contract diminished by 1%, but the smart contract did not account for this. Thus, the price of STA remained stable despite the dwindling supply.
As noted by Balancer’s disclosure, at the end of this procedure the attacker called a function that updated the price based on the effective pool balance. Since the STA side was empty, it was suddenly priced at a huge premium.
The hacker used a “weiSTA,” or one billionth of a token, to swap for other assets on the platform, including ETH, BTC, LINK and SNX. Due to the burn mechanism, the weiSTA was never actually exchanged, which allowed the hacker to perform the transfer multiple times until all STA pools were dried.
They then exchanged the remainder of the STA to Balancer Pool tokens and cashed them out to Ether with Uniswap.
Security Practices Called Into Question
The Balancer team is being accused by a security researcher and the STA team for ignoring a bug report submitted almost two months before. Balancer’s CTO, Mike McDonald, confirmed the existence of the report, claiming that the issue outlined in it was essentially unexploitable and blaming flash loans for the incident. It is worth noting that any exploit made possible by a flash loan is also vulnerable to hackers with significant funds.
In a subsequently deleted tweet, McDonald appears to have taken responsibility for the bug.
Cointelegraph obtained screenshots from the STA team that further suggest that Balancer was keenly aware of the issue with transfer-fee tokens like Statera just days before the incident.
While Balancer took precautions with the STA pool by not including it in the liquidity mining program, it is unclear why the issue was not fixed at a smart contract level. At the same time, the protocol is permissionless and anyone can add new pools at their own risk. This would be similar to an incident that occurred on Uniswap during the dForce hack, where a pool created against the team’s advice was simultaneously hacked.
The Statera team nevertheless believes the risks were not adequately disclosed, with a representative saying:
“The only warning they have is on their website which suggests that the project is in beta and all funds are at risk.”
While Balancer documentation does mention risks for Statera-like tokens, they only involve “arbitrage opportunities.” The Statera representative said that “[we] wouldn’t have gone with Balancer if we knew we were at risk for such an attack.”
Cointelegraph reached out to Balancer to learn more, but did not immediately receive a response.
Digital Currency Guru Commits Cyber Fraud Amounting To $568 million
Sergey Medvedev, a Russian national who operated a digital currency escrow service for the $568 million payment card fraud forum he founded in 2010, pleaded guilty to racketeering charges in what the U.S. government called its largest ever cyber fraud case.
Medvedev, 33, admitted in his June 26 plea before the U.S. District Court for Nevada that he founded and ran the Infraud Organization, an international cybercrime enterprise that facilitated the sale of credit card and equipment theft, malware and stolen account information during its eight year reign.
He also acknowledged running a “digital currency” exchange and escrow service for Infraud’s 10,901 members. A 2018 indictment stated Infraud members used the now-defunct Liberty Reserve and bitcoin, among other “digital currencies,” to launder their funds.
The June plea does not mention the extent to which Medvedev’s exchange service transacted in bitcoin or other cryptocurrencies. It states that Medvedev accrued $1.04 million in Liberty Reserve digital currency through May 2013.
In total, Infraud facilitated the sale of 4 million compromised payment card numbers and caused an actual loss of $568 million dollars to its victims, American Express, Visa, MasterCard and others, Medvedev admitted.
The Department of Justice shut down Infraud in February 2018 and subsequently indicted 36 members of the organization as part of Operation Shadow Web.
At the time of his arrest in Thailand in 2018, Medvedev was estimated to be in possession of more than 100,000 bitcoin, according to the Bangkok Post.
Medvedev’s sentencing hearing is scheduled for December 9.
Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw
Ledger’s chief technology officer Charles Guillemet said that the recently revealed vulnerability is nothing more than a user experience flaw.
Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability.
According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph:
“It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever schemes. […] It’s just a UX issue that could be used by a dishonest product buyer. ”
The Claims Are Not New
ZenGo’s claims are closely related to those released by Bitcoin Cash (BCH)-focused firm BitcoinBCH at the end of 2019. At the time, the firm’s CEO Hayden Otto explained in a video how a Bitcoin (BTC) point-of-sale solution misled merchants into believing non-confirmed transactions were final and accepting them.
Like BitcoinBCH, ZenGo noted that Bitcoin’s replace-by-fee (RBF) feature can easily allow users to replace an unconfirmed transaction with a new one with a different target address that has a higher fee. It is worth noting that this feature only makes it easier to leverage the non-finality of unconfirmed transactions, a thing that is harder, but still possible without RBF.
Furthermore, ZenGo’s report also points out that RBF “does not introduce any new vulnerabilities in itself” and instead “it explicitly puts the responsibility on wallet applications and users’ to identify unconfirmed transactions as unsafe.” This is confirmed by Guillemet:
“We want to thank ZenGo for having responsibly disclosed this issue to us. […] We do want to prevent anyone from falling victim to these kinds of clever schemes. A way to prevent this is of course to make sure that any transaction is first confirmed. Ledger Live is releasing an update on July 2nd. A warning is now displayed on pending transactions.”
ZenGo said that it was awarded a bug bounty for bringing attention to the issue.
Kraken Discovers Supply Chain Attacks Against Ledger Wallets
Hardware wallet Ledger is allegedly vulnerable to two new attacks, Kraken exchange warned.
Kraken, a major United States-based cryptocurrency exchange, has identified new potential attacks against the popular hardware wallet, Ledger.
Kraken Security Labs, the exchange’s cyber security division, has discovered two new attack vectors that could compromise the security of Ledger Nano X wallets. The exchange announced the news in a July 8 blog post.
Both Attacks Can Be Exploited Before Users Launch The Wallet For The First Time
According to the post, both attacks can affect Ledger Nano X wallets if exploited prior to the user receiving the wallet. This can happen if the wallet was disturbed during the shipment or obtained from a malicious reseller, Kraken noted.
As a result, the attacks could enable hackers to take control of computers connected to the Ledger wallets and install malware. This could ultimately lead to the loss of funds stored on the wallet.
“Bad Ledger” Attack Turns Ledger Wallets Into A Malicious Keyboard
In the post, Kraken Security Labs described both potential attack vectors. The first one, dubbed “Bad Ledger” attack, is able to infect a Ledger Nano X wallet by modifying its debugging protocol to act as an input device, like a keyboard.
Using keyboard shortcuts, it is capable of opening a browser and navigating to Kraken exchange’s domain, the experts found.
This type of attack is similar to the so-called “Rubber Ducky” and “BadUSB” attacks, which can reflash a device with malicious firmware to compromise the computer, Kraken noted.
“Blind Ledger” Approves Malicious Transactions Through Turned-Off Display
The second attack, described as “Blind Ledger”, is capable of resetting the wallet’s display and convincing users to press a series of buttons to approve a malicious transaction. Once the malicious code is running on their computer, it can alert the user of a fake error and turn off the wallet’s display.
Possible alerts may sound like “your Ledger Nano X stopped responding, please hold both buttons to restart the device,” Kraken noted. With the display disabled, users can not see what is actually happening on their hardware wallet. Blindly following these instructions actually leads to the verification of a malicious transaction, the security group explained.
Ledger’s official response
In response to Kraken’s warning, Ledger issued a security bulletin, confirming that the vulnerability can lead to supply chain attack scenarios. In the post, Ledger said that the latest firmware update protects wallet holders from these attacks by switching off debugging capabilities.
“Debugging capabilities are permanently switched off as soon as an application is installed […] These attacks cannot be performed once an application has been installed on the device.”
The Ledger Nano X is the latest crypto wallet designed by major hardware wallet manufacturer, Ledger. Released in 2019, the product is the only Ledger wallet that is rechargeable and works wirelessly via Bluetooth. On July 6, Cointelegraph reported on Ledger’s CTO, Charles Guillemet, denying Ledger’s alleged double-spend vulnerability.
Fake Tokens on Uniswap Are Trying To Cash In On DeFi Hype
Uniswap appears to be plagued with scam tokens claiming affiliation with popular DeFi projects.
Scam tokens are a growing problem on the decentralized exchange and liquidity pool Uniswap — owing to the protocol’s open listing policy.
In recent days warnings have been issued about scam tokens targeting four of the most buzz-worthy decentralized finance (DeFi) projects including Curve Finance, 1inchExchange, Tornado.Cash, and dYdX.
With any token able to be listed on the platform’s drop-down menu simply by making a GitHub request, the platform’s users are increasingly calling for more stringent vetting to be introduced.
Open Listing Policy Leads To Scam Tokens
Decentralized derivatives project Opium took to Twitter on July 7 to warn users that a scam token called Opium and trading under the ticker OPM had been listed on Uniswap despite the project not having a native token.
The same day the Defiprime Twitter account noted a ‘DYDX’ token pool purporting association with the similarly tokenless DeFi protocol dYdX, along with a fake ‘Uniswap Community Token.’
A day earlier Tornado.Cash had reported that scammers were selling a fraudulent ‘TC’ token claiming affiliation to the project. Curve Finance and 1inch.Exchange reported fake coins impersonating their yet-to-be-released native tokens on July 5 and July 4 respectively.
A similar scam token impersonating Balancer Labs’ then-forthcoming BAL was also identified last month.
Uniswap Attracts Liquidity
Since its ‘V2’ overhaul in May, Uniswap has emerged as a cornerstone of the nascent DeFi ecosystem, with data published by Dune Analytics indicating that Uniswap comprises DeFi’s top pool by total users with 92,000.
V2 also preceded a dramatic spike in Uniswap volume, with trade activity on the platform exceeding $20 million on July 2 — roughly six weeks after Uniswap’s volume broke above $2 million for the first time.
Anonymous Crypto Hacker’s Identity Revealed by US Authorities
The U.S. Department of Justice unveiled the identity of the hacker behind the pseudonym “fxmsp” after charging him with federal crimes.
The U.S. Department of Justice, or DoJ, indicted Andrey Turchin, known under the pseudonym “fxmsp,” with various federal crimes. Turchin allegedly founded a cybercrime group that targeted the computer networks of several companies. After stealing each company’s data, Turchin’s group allegedly sold the data on the dark web.
Turchin, a 37 year old Kazakhstan national, is affectionately known on the dark web as “the invisible god of networks.” He allegedly sold access to thousands of networks breached with his malware attacks, amassing a million dollar crypto fortune over the course of three years.
The Western District of Washington is now conducting criminal indictment procedures against Turchin, who is accused of attacking companies based in over 40 countries.
No Arrests Yet
The Kazakhstan and British authorities also assisted the U.S. to unseal the indictment against “fxmsp.” U.S. Attorney, Brian T. Moran, said:
“Cybercrime knows no international borders, and stopping these crimes requires cooperation between an array of international partners. I commend Kazakhstan for its assistance in this investigation. I am hopeful these critical international partnerships between cybercrime investigators will lead to holding Andrey Turchin accountable in a court of law.”
Although the DoJ’s announcement didn’t specify that the Kazakhstan police had already arrested Turchin, an unknown number of alleged co-conspirators were also identified by the FBI. The indictment does not mention their identities.
Fxmsp’s Cybercriminal Structure
U.S. Law Enforcement Detailed The Cybercriminal Operations Allegedly Led By “fxmsp” And How They Managed To Process The Transactions:
“Prices typically ranged from a couple thousand dollars to, in some cases, over a hundred thousand dollars, depending on the victim and the degree of system access and controls. Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access.”
Cointelegraph recently reported that the total USD value of Bitcoin (BTC) transferred on the dark web rose by 65% in Q1 2020, despite a decline in transactions during the same period in 2019.
Accomplice In Alleged $722M Bitcoin Ponzi Scheme Pleads Guilty To Charges
One of four men charged with defrauding investors of over $722 million through a long-running cryptomining scheme has pleaded guilty to charges against him.
One of four men charged with defrauding investors of more than $722 million through a long-running cryptocurrency mining scheme has pleaded guilty to charges against him.
The man, a 35-year-old Romanian programmer called Silviu Catalin Bacali, was arrested in Germany in December 2019.
He was charged with one count of conspiracy to commit wire fraud as well as a conspiracy to offer and sell unregistered securities. He faces a maximum of five years in prison and a fine of $250,000.
Three others — Matthew Brent Goettsche, Russ Albert Medlin, Jobadiah Sinclair Weeks and Joseph Frank Abel — were charged in connection with the scheme in the United States that same month.
Prosecutors allege that the scheme — operational between April 2014 and December 2019 — solicited money from investors in exchange for shares in purported cryptocurrency mining pools. Investors were awarded bonuses for recruiting further investors into the network.
The indictment cites correspondence between Goettsche and Balaci, in which they allegedly discussed how to fake mining earnings and referred to their investors as “sheep.”
While the other defendants allegedly offered investors the choice of investing in three separate Bitcoin (BTC) mining pools, Bacali admitted that he himself was unaware that the BitClub Network operated more than one pool.
Further correspondence between the programmer and Goettsche from 2015 apparently revealed that Bacali was asked to “bump up the daily mining earnings starting today by 60%,” which he objected to as being “not sustainable” and “ponzi teritori.”
He is nonetheless charged with changing figures to mislead investors at his accomplice’s urging. Bacali has also confirmed prosecutors’ allegation that the scheme fleeced at least $722 million worth of BTC from investors.
Early Warning Signs
In March 2017, Cointelegraph reported on allegations that BitClub had launched a malleability attack on the Bitcoin network. The scheme had also been flagged as suspicious by crypto media news outlet 99Bitcoins as early as 2016.
Crypto ‘Giveaway’ Scams Continue To Flourish On YouTube
Crypto scams on video hosting platform YouTube are continuing to prey on unsuspecting victims.
* In scam videos seen this week, the identities of Ethereum founder Vitalik Buterin and Tyler and Cameron Winklevoss, founders of the U.S.-based Gemini exchange, have been used to lure people into giving up cryptocurrencies like bitcoin and ether.
* The “giveaway” scams are based on the promise of doubling one’s funds after send an initial amount to a wallet address via QR code.
* Victims, in fact, receive nothing in return and lose the crypto they sent.
* In separate videos, which have since been removed by YouTube, both Buterin and the Winklevoss twins can be seen talking on stage, praising the benefits of their projects.
* The video grabbed for one of the scams featuring Buterin appears to be taken from an Ethereum event held in London earlier this year.
* YouTube has been under fire from Ripple Labs and CEO Brad Garlinghouse, who are suing over allegations the social media giant fails to police its platform against fake XRP giveaway scams.
* YouTube frequently blocks cryptocurrency-focused accounts that are not scams. The firm has previously said errors occur because of the sheer volume of content it has to monitor.
* YouTube, Gemini Exchange and the Ethereum Foundation did not return requests for comment by press time.
Apple Co-Founder Steve Wozniak Sues YouTube Over Bitcoin Giveaway Scams
Apple co-founder Steve Wozniak is suing video-sharing giant YouTube and its parent company Google for allegedly allowing bitcoin giveaway scams that use his likeness to thrive on its platform.
Wozniak was one of 18 plaintiffs that filed the lawsuit on Tuesday, which seeks punitive damages, a trial by jury and demands YouTube remove all bitcoin giveaway scams and promotions using Wozniak’s name and likeness.
The suit praised Twitter for acting “swiftly and decisively” to shut down malicious accounts and “protect its users from the scam” referencing the platform’s response to last week’s coordinated cyberattack that gained access to a host of verified Twitter accounts and posted a crypto giveaway message.
“In stark contrast, for months now, Defendant YOUTUBE has been unapologetically hosting, promoting, and directly profiting from similar scams,” the suit said.
Wozniak is not the first to take action against YouTube over crypto scams. Earlier this year, Ripple Labs, along with CEO Brad Garlinghouse, sued the platform for allegedly failing to effectively police fake XRP giveaway scams that were causing monetary and reputational harm to the company.
According to the new complaint filed with the Superior Court of the State of California in the county of San Mateo, YouTube has “featured a steady stream of scam videos and promotions that falsely use images and videos of Plaintiff Steve Wozniak, and other famous tech entrepreneurs, and that have defrauded YouTube users out of millions of dollars.”
The suit alleged that the image and likeness of other well-known entrepreneurs including Bill Gates, Elon Musk and Michael Dell were also being exploited in these scams.
According to screenshots attached in the complaint, the scams involving Wozniak uses images and videos that tell users that the entrepreneur is hosting a live bitcoin or “BTC” giveaway event. The suit alleges that the posts “convince” users to transfer their cryptocurrency promising that, for a limited time, they “will receive twice as much back”.
“YOUTUBE and GOOGLE took the further step of promoting and profiting from these scams by providing paid advertising that targeted users who were most likely to be harmed,” the suit said.
Wozniak is accusing defendants YouTube and Google of violating his right of publicity, misappropriating his name and likeness, as well as aiding and abetting fraud, and negligent failure to warn users.
“Defendants’ failure to warn was willful, malicious, oppressive, fraudulent, and/or in reckless disregard of the Plaintiffs’ rights, thereby entitling Plaintiffs to punitive damages,” the suit said.
The suit demands a trial by jury on all issues triable, and damages that include legal expenses, and any “gains, profits, or advantages wrongfully obtained by Defendants.”
The lawsuit was filed by Cotchett, Pitre & McCarthy, LLP.
YouTube Seeks to Dismiss Ripple Lawsuit Over XRP Giveaway Scams
In a motion to dismiss a lawsuit brought by Ripple, YouTube argues it isn’t liable for crypto scammers using its platform.
The motion filed on Monday in the U.S. District Court for the Northern District of California, argues that under Section 230 of the Communications Decency Act, “interactive computer services,” like YouTube, cannot be treated as publishers of third-party content and hence aren’t liable for it.
* Ripple had sued YouTube in April, alleging that the video sharing platform did not sufficiently control XRP giveaway scams on its platform that caused monetary loss for users and hurt Ripple’s reputation. The crypto firm’s lawsuit alleged that scammers have defrauded “millions of XRP valued at hundreds of thousands of dollars” from victims and cited at least one instance where a scammer apparently received $15,000 in XRP from a victim.
* In its motion to dismiss the lawsuit, YouTube argues that Ripple’s claims run up against immunity provided against such lawsuits to online publishers under Section 230. The motion said that Ripple has filed the lawsuit “even though YouTube itself is a victim of the scam,” since the attackers took over user accounts on the platform.
* YouTube’s motion to dismiss the allegations boils down to the idea that the video-sharing giant did not willingly or knowingly engage in any of the scams or copyright infringement, and cannot be held liable for any third party content on its website. The firm’s motion also adds that it shut down such scams whenever it was alerted to them.
* Responding to allegations that YouTube also helped scammers advertise their schemes by running paid ads for them, the video sharing giant’s motion to dismiss maintained that it could not be held liable for third-party content.
“And whether YouTube ‘approved’ or ‘endorsed’ the ads by allowing them to be published is immaterial,” the motion noted.
* YouTube argues that Section 230 protects the video-sharing giant from Ripple’s allegations and therefore the case should be dismissed. A Ripple representative did not immediately respond to a request for comment on YouTube’s motion to dismiss.
* In another lawsuit filed against YouTube yesterday, Apple’s co-founder Steve Wozniak alleged that the firm had allowed bitcoin giveaway scams that use his likeness to thrive on its platform. Wozniak, along with 18 other plaintiffs, is seeking punitive damages and demanding that Youtube take down all such scams as well.
Inside A Crypto ‘Ponzi’: How The $6.5M Banana.Fund Fraud Unravelled
U.S. prosecutors are seeking to return $6.5 million in allegedly scammed bitcoin to victims of the “Banana.Fund” crowdfunding project, which the government described in court papers as a Ponzi scheme.
In a forfeiture suit against the cryptocurrency account storing the funds, prosecutors allege Banana.Fund’s unnamed administrator admitted to investors his project had flopped, promised to return $1.7 million to them and then failed to do so.
The operator then pivoted to a laundering and refund scheme that ultimately resulted in the U.S. Secret Service’s (USSS) seizure of 482 bitcoin (BTC) and 1,721,868 tether (USDT).
The lawsuit, filed July 29 in the U.S. District Court for the District of Columbia, seeks to grant the federal government formal ownership of the assets so it can return them to the victims.
The suit did not identify the operator of Banana.fund. But several victims of the alleged scam, and documents reviewed by CoinDesk, show the outfit was run by a British national named Richard Matthew John O’Neill aka “Jo Cook.”
One of the victims, Mike Koenen, told CoinDesk that since at least May 2018 he has been pushing the USSS to investigate Banana.Fund and O’Neill.
Documents reviewed by CoinDesk show that by November 2019, agents with the USSS San Francisco field office were email-canvassing likely victims for information on Richard O’Neill. Law enforcement had frozen O’Neill’s Poloniex account over a year before.
Neither O’Neill nor the Department of Justice responded to requests for comment.
The forfeiture suit represents perhaps the most substantial development yet in a little-known scheme that ran through the height of bitcoin’s historic late-2017 price pump and apparently went belly-up within months of the market’s pop, the documents reveal.
Peeling Back The Fraud
Banana.Fund’s white paper describes a crowdfunded business development company that shepherds fledgling startups through their earliest stages while offering operational transparency to their seed investors.
O’Neill told CoinTelegraph in January 2017 that Banana.Fund would “use blockchain for what it is good for: implementing transparent and irreversible global transactions.” In his view, he was “creating a level playing field for all users to pursue their business ideas, free of charge.”
Investing in O’Neill’s own business idea was not free of charge, however.
The buy-in started at 0.02 BTC, said Telegram user Dutch_Giant, who heard about Banana.Fund on the now-defunct message board MoneyMakersforum.
“The bigger deposit you made, the bigger part of the business you got,” Dutch_Giant said. He put in 0.024 bitcoin – “about $60 at the time.”
Other investors went even bigger on O’Neill’s crowdfunding darling, internal documents show. One user invested 82 bitcoin and nine others contributed 10 bitcoin or more. In all, 417 investors claim to have lost a combined 481 bitcoin, worth almost $5.5 million today, to Banana.Fund.
Those figures come from a spreadsheet of “verified refund claims” that O’Neill began compiling on Jan. 2, 2018, when he emailed Banana.Fund investors that they could be refunded nearly three times the dollar value of their original investment – but not their value in bitcoin.
“Banana.Fund is a failed project,” O’Neill said in a project announcement whose text was shared with CoinDesk and referenced in the criminal complaint. He claimed that while Banana.Fund had already spent around a third of investors’ $600,000 pie on overhead, he had ridden the remaining bitcoin through late 2017’s heights and could now refund them triple their original investment in USDT, a stablecoin that usually trades 1-for-1 with the dollar.
“We’ve failed up!” he said. He claimed to have $1,730,000 in USDT for refunds. “Pure dumb luck.”
His investors would have been far luckier had they never locked their bitcoin up in Banana.Fund, the DOJ points out. Banana.Fund’s founder, referred to in the suit only as “Person 1,” only “stated that due to the increased value of bitcoin, investors would receive more than their initial investment in U.S. dollars, although, realistically, they would all still lose money because of the increased value of bitcoin.”
A Calculated Risk
Prosecutors allege that “Person 1” had an account balance of $11 million and could therefore easily pay back even Banana.Fund’s biggest investors. They further allege that “Person 1” spent the weeks leading up to his USDT conversion “buying and selling multiple coins for personal gain” and attempted one withdrawal to buy a house.
O’Neill “literally gambled with our BTC on Poloniex and he had few good trades,” said another victim of the alleged scam, Kris Zelisko, who invested 1.01 bitcoin in Banana.Fund. “Also, BTC went up in the meantime.”
Prosecutors also allege “Person 1” engaged in a year-long bitcoin laundering scheme that spanned over 40,000 trades and seven different cryptos, and in a two-week spree generated $540,000 in profit from the Banana.Fund pot.
“Person 1” never paid the vast majority of investors back, the prosecutors alleged.
Dutch_Giant said that a number of Banana.Fund users were well aware of the risks involved with “Jo Cook” enterprises. “Cook,” he said, had a track record of operating crowdfunded-oriented website scams that nonetheless paid some investors out.
“It was a reasonably calculated bet,” he said.
Judge Orders Trial In France For Alleged BTC Launderer Alexander Vinnik
Alexander Vinnik, the Russian national accused of laundering 300K Bitcoin through crypto exchange BTC-e, may now face trial in France.
Also awaiting charges in the United States and Russia, suspected Bitcoin money launderer Alexander Vinnik could be facing a trial in France first.
According to news agency Agence France-Presse (AFP), a Paris judge has ordered the Russian national to stand trial for extortion, money laundering, criminal association, and fraudulently accessing and modifying data in data processing systems.
The AFP stated French authorities have accused Vinnik of defrauding more than 100 people out of $160 million between 2016 and 2018.
Vinnik, also known as “Mr. Bitcoin,” is accused of laundering 300,000 Bitcoin (BTC) — roughly $3.4 billion at press time — over the course of six years through crypto exchange BTC-e. He was arrested during a vacation to Greece in 2017 on an indictment from the United States and subsequently extradited to France in January.
A Russian national, Vinnik previously requested he be extradited to his home country, where he would reportedly face lesser charges involving defrauding victims out of $11,000.
After his trial in France concludes, Vinnik could be returned to Greece to face extradition to the United States, where authorities reportedly want to question him regarding his connection to the infamous hack of Mt. Gox. Some of the Bitcoin from BTC-e may have come from the now defunct Japanese crypto exchange.
German Police Seize $30M In Crypto From Streaming Site Operator
One of the main operators of the now-shuttered streaming site movie2k.to has forfeited over $30 million worth of crypto to German police.
After a lengthy joint investigation with the American FBI, German police have seized over 25 millions euros worth of cryptocurrency associated with the illegal movie streaming site movie2k.to.
Shuttered in spring 2013 due to copyright infringement concerns, the site’s two main operators are accused of having distributed over 880,000 pirated copies of films, together with their accomplices, via the site between fall 2018 and spring 2013. They have been charged with operating an illegal streaming service, which enabled users to watch pirated films without downloading them.
One of the two, who worked as the site’s programmer, has been in police custody since November 2019.
Streaming site revenue was used to acquire Bitcoin and real estate
On Aug. 3, the Dresden Public Prosecutor’s Office, supported by the State Criminal Police Office in Saxony and the Leipzig Tax Investigation Department announced that the programmer had cooperated in forfeiting over 25 million euros ($29.6 million) worth of Bitcoin (BTC) and Bitcoin Cash (BCH).
Since mid-2012, the two main operators are alleged to have used profits from advertising fees on movie2k.to and subscription revenue to buy large amounts of Bitcoin.
The site’s programmer is alleged to have acquired in excess of 22,000 BTC from this, later using the crypto primarily to acquire various properties via a Berlin real estate firm.
He is also reportedly under suspicion of commercial money laundering in connection with his activities as a real estate entrepreneur in Berlin.
Tracing and identifying the associated Bitcoin was reportedly carried out through joint investigative work between the German Federal Criminal Police Office and the FBI.
The forfeited Bitcoin has been seized as damage reparation by the public prosecutor after their voluntary release by the defendant.
The programmer has now comprehensively confessed to the charges and is reported to be supporting law enforcement authorities in their further investigations into the second main operator, who remains on the run.
As German newspaper Der Spiegel has reported, movie2k.to was — alongside kino.to and neu.to — one of the world’s leading platforms for the distribution of illegal pirated movies for years.
In 2012, the main founder and operator of kino.to was sentenced to a prison term of up to four and a half years.
One Month On, Forsage Continues Despite SEC’s Ponzi Warnings
Forsage members are courting a high risk with the Philippines’ securities regulator.
A full month after the Philippines’ Securities and Exchange Commission flagged Forsage as a likely Ponzi, it remains the second-most popular Ethereum DApp on internet rankings.
As of Aug. 6, Forsage has 390,000 users and a turnover of $3.11 million per 24 hours — despite being marked in dappstat.com rankings as “high risk.”
Speaking to Cointelegraph in July — weeks after the SEC’s official warning — Miguel Cuneta, the co-founder of Phillipine fintech Satoshi Citadel Industries — wrote:
“I received numerous inquiries from friends and family about Forsage and ‘investing’ in Ethereum just within the last month or so. People are posting screenshots of their wallets turning a small amount of money into a large amount of money in a short time.”
“It’s the run-of-the-mill Ponzi scheme using Ethereum, or in the case of the earlier ones that were already busted, Bitcoin, as the ‘product’ they are selling,” Cuneta noted.
“Join by paying X amount of money, and then either do nothing and earn in ETH, or if you want to earn more, recruit three people and let them do the same thing. They use the rising BTC and ETH prices to prove that the investment is really earning. It’s the same formula every single time. Sadly, people are desperate to earn extra income in this pandemic crisis and fall for these schemes more easily,” he said.
Forsage’s Pandemic Tactics
In one recruitment post that remains online as of the time of publication, the author capitalizes on the pandemic crisis to pitch Forsage as a “work from home” smart contract crypto earnings program, which offers investors the chance to “earn a long term residual income” just by recruiting three others.
The pitch attributes the program’s alleged reliability to the inherent properties of smart contracts, citing their automated and “almost unbreakable and unchangeable” qualities.
This purportedly “means that no human being can ever interfere or prevent the intended functioning of the prescribed process, either by bad intention or incompetence.”
Blockchain as a technology designed for decentralized and trustless interactions is thus apparently being exploited to provide an innovative aura for older, fustier forms of investment recruitment schemes.
Cuneta said he believes that “most of these people” involved in propagating the program “are not aware it is a Ponzi scheme and are victims as well.”
Courting A High Penalty
Victims or otherwise, the Philippines’ SEC told Cointelegraph that any of Forsage’s “members and/or representatives that are still actively offering, endorsing, selling and recruiting others to join said illegal scheme despite our prevailing Advisory will be dealt with accordingly.”
Oliver Leonardo, Officer-in-Charge of the SEC’s Enforcement and Investor Protection Department, told Cointelegraph, “We are in the process of gathering information on these representatives to formally file a complaint.”
In the Commission’s view, there is no ambiguity about whether or not Forsage is a violation of national securities laws:
“Forsage’s scheme partakes of the nature of securities through an investment contract which is absolutely within the purview of the SRC [Securities Regulation Code]. That being the case, being decentralized or foreign in nature, as claimed by FORSAGE and its members, does not necessarily imply that its activities are not within the Commission’s jurisdiction considering that it is engaged in investment-taking operations within our country.”
Activities or postings that are intended to recruit others to join a program or invest money are considered as a public offering of investment, requiring prior registration with the SEC, Leonardo wrote.
Any person or entity using Forsage as an “income-generating tool” within the country is therefore within the SEC’s authority and is subject to taxation as well as other applicable laws, notably the Philippines’ 2017 central bank circular containing guidelines for Virtual Currency Exchanges.
The circular is intended to provide a solid framework to regulate the sale or offering of securities “on a limited scale to help raise capital and resources for micro, small and medium-sized local enterprises.”
Forsage, which “appears to offer perpetual or unlimited securities through its smart contract or program, is certainly not exempted” under the central bank’s circular, Leonardo said.
Under Philippine law, a maximum fine of 5 million pesos ($100,000) or imprisonment of 21 years — or both — can be dealt to anyone who acts as salesmen, broker, dealers or agents of entities engaged in unauthorized investment schemes.
“Just A ‘Decentralized’ Financial Fraud”
While appearing to offer securities brings Forsage under registration obligations, as a minimum, the Commission went further in its characterization of the program.
“Based on the foregoing, we wish to make it clear that Forsage is just a ‘decentralized’ financial fraud which depends solely on new investments lured to its referral system for its continuous operation,” Leonardo wrote.
Within what Cuneta characterized as the country’s “very proactive regulatory environment ” for crypto, the SEC has followed up the central bank’s regulatory framework by issuing draft regulations for Digital Asset and Token Offerings as well as proposed Rules for Digital Asset Exchanges.
The Commision has made several interventions by warning the investing public about crypto scams in recent years. It has also issued cease and desist orders and cooperated with the Philippine National Police on arrest warrants for the heads of similar operations.
Despite these precedents and what would appear to be ample deterrents, Cuneta observed that the public health crisis has amplified the existing challenges for taking enforcement action on blockchain scams:
“The issue is that besides the fact that this is supposedly a decentralized platform, the pandemic isn’t making it easy for them to enforce physical action. A lot of movement has been put on hold because priority is on the pandemic on all fronts.”
US DoJ Seizes Millions In Crypto Funds From Al-Qaeda And ISIS Networks
Justice Department announces the largest ever seizure of terrorist-bound crypto assets today in Washington, DC.
Per an Aug. 13 announcement from the United States Department of Justice, the authorities have seized millions of dollars worth of cryptocurrency from over 300 accounts.
The announcement does not specify the specific amount, but does identify the operation as the largest to target terrorist funding in cryptocurrency.
A wide range of agencies including the Department of Homeland Security, the FBI, and the IRS were involved in the campaign. The campaign shut down several websites and Facebook pages that either overtly or, in the case of one fraudulent site selling medical masks, covertly gathered funds for terrorist operations.
According to chief of criminal investigation Don Fort, the IRS used its new crypto tracking capabilities to locate the funds involved:
“IRS-CI’s ability to trace funds used by terrorist groups to their source and dismantle these radical group’s communication and financial networks directly prevents them from wreaking havoc throughout the world.”
It was just over a month ago that the IRS was asking for new tools to monitor privacy coin transactions.
Given that at least one of the images in the DoJ that featured a Bitcoin address belonging to an ISIS affiliate has been floating around government channels for over a year, these are clearly long-term capabilities that the agencies involved have worked to build out.
The U.S. said it seized millions of dollars in cryptocurrency assets and a fake website purporting to sell protective gear in an operation targeting the financial underpinnings of three terrorist groups.
The coordinated law-enforcement action targets the donation networks of al Qaeda and the al-Qassam Brigades, Hamas’s military wing, as well as a scheme to sell N95 respirator masks to U.S. health-care providers by Islamic State in Iraq and the Levant, the U.S. Justice Department said.
The action comes as the U.S. Treasury Department and other federal agencies consider new regulations for the cryptocurrency industry meant to counter terror financing and money laundering and that could mean exchanges and other companies would face steep fines if their platforms are used for illicit finance.
The Justice Department on Thursday unsealed three civil asset-forfeiture complaints in the U.S. District Court for the District of Columbia, which officials said represented the seizure of about 300 cryptocurrency wallets holding about $2 million in assets. Authorities also blacklisted several millions of dollars in other virtual currency assets identified in the investigation that weren’t immediately obtainable, officials said.
One unsealed complaint targets the website FaceMaskCenter.com, which officials said was part of a scheme by an ISIS facilitator to sell fake N95 masks to customers across the globe, including to a customer in the U.S. who sought to purchase the masks and other protective gear for hospitals, nursing homes and fire departments.
Federal prosecutors said they also seized four Facebook pages and four websites used to facilitate the various schemes. Facebook didn’t immediately return a request for comment.
The operation, the largest ever seizure of terrorist organizations’ cryptocurrency accounts, officials said, shows the extent to which terrorist groups have come to rely on cybertools such as virtual currencies to solicit donations to fund their operations.
“These terrorist organizations are no different—apart from their ideology—from other organizations whose main goal is profit,” U.S. Immigration and Customs Enforcement Deputy Director Matthew Albence said Thursday during a conference call with reporters. “Anytime there is a new avenue they can exploit to move money or make money through their criminal enterprises, they are going to utilize it.”
The operation was a coordinated effort by the U.S. attorney’s office in Washington, the Federal Bureau of Investigation, the Internal Revenue Service and the Department of Homeland Security, officials said.
It was sparked in part by public social-media posts by the terrorist groups, they said. In one instance cited by federal prosecutors, a Twitter account identifying itself as the official account of the al-Qassam Brigades asked supporters to “Donate for Palestinian Resistance via Bitcoin.” The group claimed the donations were untraceable.
The Justice Department on Thursday unsealed a criminal complaint against two Turkish nationals whom it said acted as money launderers in the Al-Qassam Brigades scheme by operating an unlicensed money-transmitting business.
Officials also said they are investigating a number of people, including some in the U.S., who donated to the social-media campaigns.
The case could help justify a push by the U.S. Treasury Department and other agencies for tougher regulation of the cryptocurrency sector, including rules meant to counter anonymity and require exchanges and other firms to shoulder the same know-your-customer requirements as the banking industry.
The assets targeted in the complaints unsealed Thursday were seized from numerous virtual currency exchanges. The exchanges cooperated with the U.S. government investigation, officials said.
Researchers Detect Crypto-Mining Worm To Steal AWS Credentials
Cybersecurity researchers now expect future cryptojackers to mimic this worm’s ability to hack Amazon Web Services credentials.
Cybersecurity researchers have detected what they believe to be the first ever stealth crypto mining campaign to steal Amazon Web Services (AWS) credentials.
The mining campaign was described as being relatively unsophisticated by Cado Security in their report on Aug. 17. In total, it seems so far to have only resulted in the attackers — who operate under the name TeamTNT — pocketing a paltry $300 in illicit profits.
What struck the researchers’ attention was the crypto-mining worm’s specific functionality for stealing AWS credentials.
Cado Security understands this as part of a wider trend, showing that hackers and attackers are adapting fast to the rising number of organizations that are migrating their computing resources to cloud and container environments.
Hacking the AWS credentials is relatively simple, the report indicates. TeamTNT’s campaign has moreover recycled some of its code from another worm dubbed “Kinsing,” which is designed to suspend Alibaba Cloud Security tools.
Based on these recycling patterns, the Cado report notes that researchers now expect to see future crypto-mining worms copying and pasting TeamTNT’s code to hack AWS credentials in future.
As is frequently the case with stealth crypto mining campaigns TeamTNT’s worm deploys the XMRig mining tool to mine Monero (XMR) for the attackers’ profit.
Cado Security investigated MoneroOcean, one of the mining pools used by the attackers, and used it to compile a list of 119 compromised systems successfully targeted by the worm.
Stealth cryptocurrency mining attacks are alternately referred to as cryptojacking — an industry term for the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
This March, Singapore-based unicorn startup Acronis published the results of its latest cybersecurity survey, which revealed that 86% of IT professionals professed concern about the risks posed to their organizations by these attacks.
Ethereum Classic Labs Airs New Plan To Stop Future 51% Attacks
The leading organization supporting the Ethereum Classic network hopes to better safeguard against future 51% attacks by going after platforms that rent out hashing power.
* In a Medium post on Tuesday, Ethereum Classic Labs singled out crypto-mining marketplace NiceHash for allegedly facilitating multiple attacks against the network.
* The firm said it would take “all steps necessary to secure the Ethereum Classic network,” including pursuing “legal action against those who conduct or facilitate malicious attacks.”
* It also plans to bring in law enforcement and engage global regulators to provide “accountability” and “transparency” for hash rentals.
* Malicious actors are claimed to have repeatedly purchased hashrate (computer processing power on the network) from the NiceHash marketplace to execute the so-called 51% attacks.
* A 51% attack on a proof-of-work blockchain occurs when an actor manages to take control of the majority of the network’s hashrate (that is, 51% or more) enabling that person to reorganize (or rewrite) transactions.
* Ethereum Classic has been hit by three such attacks in the last month, resulting in millions of dollars’ worth of its cryptocurrency (ETC) being double spent.
* ETC Labs said is already working with authorities in “relevant jurisdictions,” adding that it will share more information as it becomes available.
* NiceHash is no stranger to controversy, with its former chief financial officer and co-founder Matjaz Skorjanec having been arrested in Germany in late 2019 following U.S. charges that he ran the cybercrime forum Darkode.
* After the first two of the recent attacks caused hashrate to plummet, ETC Labs said in late August it was implementing “a defensive mining strategy” to try and keep levels more consistent.
* While the exact details of the strategy were not revealed at the time due to confidentiality, the initiative failed to stop the third attack.
* The lower the hashrate of a network, the more easy (and affordable) it is to attack.
* ETC’s hashrate has now dropped to its lowest point in over three years – around 1.56 TH/s, according to Ethereum Classic Explorer.
* CoinDesk reached out to ETC Labs for more information on its new legal plan, but had not had a reply by press time.
Electrum Bitcoin Wallet Still Plagued By Known Crypto Phishing Attack
Two new Bitcoin hacks have surfaced recently, showing the Electrum wallet still appears to be troubled by phishing efforts.
Two Electrum software wallet users have recently reported the loss of large sums of Bitcoin (BTC). One victim described the disappearance of 1,400 BTC, totaling $14,595,000 at press time, while another claimed 36.5 BTC, worth $380,512, as stolen. The events appear connected to a long-standing phishing scam affecting Electrum users since 2018.
“Users need to be careful when dealing with their own keys, particularly when they are holding the keys to a wallet with a large amount of cryptocurrency as it makes them attractive to hackers,” Jason Lau, the chief operating officer of crypto exchange OKCoin, told Cointelegraph in response to the 1,400-BTC hack, adding:
“In this incident, it appears that a phishing attack led to the user installing an update that gave the hacker access to the private keys and the funds. Phishing scams are very common across all types of financial applications, and they continue to evolve in levels of sophistication.”
A search through the past
Initial news of a phishing scam impacting the Electrum wallet first hit headlines on Dec. 27, 2018, with nearly $1 million reported stolen. “The hacker setup a whole bunch of malicious servers,” said a Reddit user publicizing the hack.
Essentially, the hacker led users to a malicious webpage via the servers, prompting them to input private data, which, in turn, submitted control of their assets to the nefarious party behind the scheme. The scam also involved a fake wallet update that downloaded malware onto the victims’ devices, a separate Reddit post detailed.
At the time of Cointelegraph reporting in December 2018, the wallet address associated with the scam held 243 BTC. Viewing the address today reveals that 637.44 BTC visited and exited the now-empty wallet.
In the months after the Electrum phishing effort went public, wallet difficulties have continued, including a separate denial-of-service attack that looked very similar to the mentioned 2018 phishing con, also leading victims astray with phony software updates.
Decoding The $14.6-Million Bitcoin Heist
In recent weeks, two additional Electrum wallet users have reported their Bitcoin holdings as stolen. One of the wallet users reportedly suffered a 1,400 BTC loss. “I had 1,400 BTC in a wallet that I had not accessed since 2017,” the victim said in an Aug. 30, 2020, post on GitHub, adding:
“I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update which immediately triggered the transfer of my entire balance to a scammers address.”
Blockchain tracking by Cointelegraph staff showed a likely link between the 1,400 BTC thief, or thieves, and a Binance exchange account, according to a specific transaction ID. The transaction ID, however, involved more than 75 different wallet addresses, a Binance representative told Cointelegraph.
The representative also stated difficulties and gray areas associated with tracking and pegging transactions to foul play due to the nature of crypto and the many parties transacting on a daily basis. “It should not be assumed that flows into a malicious cluster are from an individual/group associated with the campaign, especially if it is a cluster used for receiving funds directly from victims,” the representative added.
Referring to Cointelegraph’s initial reporting on the stolen 1,400 BTC, the representative said: “The account that is the centerpiece for this article was reviewed and no suspicious indicators were found.” Previous Cointelegraph reporting also tracked some of the stolen BTC to Russia, although potential VPN usage voided any definitive conclusion.
“Binance address is upstream of scammer, probably just another victim,” Electrum’s Twitter account posted on Sept. 1 in response to Cointelegraph’s reporting. The tweet also posited the attack as correlated to the 2018 phishing con, adding: “No need to involve Russian Hackers.”
“The peer-to-peer discovery system adopted by Electrum is a design choice to keep the system decentralized, but in this case, it played a part in enabling the hacker to broadcast a fake ‘update your software’ message,” Lau said of the 1,400-BTC hack, adding: “Users should always double-check the authenticity of any wallet client software and take extra vigilance in verifying the source of all updates.”
Revealing Another 36.5-BTC Theft
Shortly after the 1,400-BTC robbery went public, another GitHubber responded to the discussion thread with a similar case they suffered two months prior, as a malicious actor reportedly looted 36.5 BTC from the wallet. Known as Cryptbtcaly on GitHub, the victim tracked the stolen funds to five separate addresses after the heist. “Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return,” Cryptbtcaly said on GitHub.
One controversial point in the recent Electrum hacks was that victims were storing large amounts of funds on a software wallet.
A guide from online educational source BitDegree noted software wallets carry the risk of malware and keylogging attacks: “They aren’t as secure as hardware wallets, but they are more convenient to use. This makes them perfect for day to day spending but not ideal for storing large sums of money for a long period of time.”
General industry best practices often steer users toward hardware wallets, such as those provided by Ledger or Trezor. Both companies recently also faced various challenges, although hardware wallets still seemingly appear as the preferred method of crypto storage, all things considered.
Harvest Finance: $24M Attack Triggers $570M ‘Bank Run’ In Latest DeFi Exploit
An arbitrage trade exploiting weak points in decentralized finance (DeFi) protocol Harvest Finance led to some $24 million in stablecoins being siphoned away from the project’s pools on Monday, according to CoinGecko.
According to reports, an attacker used a flash loan – a technique that allows a trader to take on massive leverage without any downside – to manipulate DeFi prices for profit.
The exploit sent the platform’s native token, FARM, tumbling by 65% in less than an hour, followed by the project’s total value locked (TVL), which dropped from over $1 billion before the exploit to $430 million as of press time.
The funds were eventually swapped for bitcoin (BTC), but not before being swept through Ethereum mixing service Tornado Cash.
Mixing the coins didn’t keep the Harvest Finance team in the dark for long. The person behind the exploit “is well-known in the crypto community” after leaving “a significant amount of personally identifiable information,” according to the project’s Discord. All seven bitcoin wallets holding the attacker’s funds are also known.
The anonymous developers behind the project do not want to doxx the party but are instead offering a $100,000 bounty for convincing the attacker to send back the funds.
“For the attacker: you’ve proven your point, if you can return the funds to the users, it would be greatly appreciated by the community, including many bystanders,” the team said via Discord.
Flash Loans Strike Again
The exploit itself was executed by a series of arbitrage trades between DeFi protocols Uniswap, Curve Finance and Harvest Finance, according to Etherscan. The attacker began by taking out a $50 million USDC flash loan from Uniswap.
Then they began swapping between USDC and tether (USDT) to cause the two tokens’ prices to swing wildly.
The price of USDT began to drop on Harvest Finance as the attacker swapped tokens back and forth. The attacker then swapped discounted USDT for stablecoins taken out in the flash loan. The attacker performed the act multiple times. Each successful swap was then turned into ether (ETH) then tokenized bitcoin (WBTC and renBTC, in that order) and then finally BTC, according to Zerion.
Interestingly, some $2.5 million was sent back to the Harvest Finance contract. The developer team said the funds would be distributed pro rata to affected users. The token’s price has slightly rebounded, down 49% in 24 hours to $126.82, according to CoinGecko.
The exploit joins a grouping of similar flash loan–based arbitrage trades conducted against DeFi applications in 2020. For example, lending platform bZx was the first to be hit by a flash loan exploit in February 2020.
Report: Blockchain-Related Hacks Have Declined In 2020
Analysts state that blockchain hacks should remain on the decline.
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims.
According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28.
According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31.
Per the report, 2019 as a whole saw 133 successful attacks on blockchain networks.
Using the historical data, Atlas VPN’s analysts suggested that blockchain hacks will remain on the decline, stating:
“Since 2020 is not over, we can expect more blockchain-related breaches to happen before the end of the year. Nevertheless, based on the historical data, it seems that 2020 will not reach the record heights of last year, and blockchain hacks will remain on the decline.”
According to the report, hackers have stolen $13.6 billion through 330 blockchain-related hacks since 2009. Atlas VPN found that attacks targeting EOS-based decentralized apps, or DApps, were the most successful in terms of the number of breaches. EOS DApps are followed by cryptocurrency exchanges, blockchain wallets and Ethereum blockchain-based DApps, the report noted.
As previously reported, the total volume of cryptocurrency-related fraud and theft resulted in $4.4 billion losses in 2019. In comparison, hackers reportedly stole about $1.7 billion through crypto thefts and scams in 2018.
Bitcoin Theft Is Likely To Surge In Meager Post-COVID Economy: Report
Cybercriminals may favor a different cryptocurrency in the coming months, however.
Cryptocurrency-related fraud and theft are likely to grow in the post-COVID-19 world, according to a new report by cybersecurity and anti-virus provider, Kaspersky Lab.
Securelist, Kaspersky’s cyberthreat research arm, published a report on cyberthreats to financial organizations, forecasting some specific types of financial attacks that are likely to surge in 2021.
Securelist has predicted that a wave of poverty fueled by the COVID-19 pandemic will inevitably lead to “more people resorting to crime including cybercrime.” That could also mean a rise in crimes related to Bitcoin (BTC).
According to Kaspersky’s research arm, Bitcoin is likely to be the most attractive asset for cybercrime because it is the most popular digital asset. The report reads:
“We might see certain economies crashing and local currencies plummeting, which would make Bitcoin theft a lot more attractive. We should expect more fraud, targeting mostly BTC, due to this cryptocurrency being the most popular one.”
Securelist’s researchers also suggested that online perpetrators could switch to more privacy-focused digital assets like Monero (XMR). According to the company, this switch would happen due to increasing “technical capabilities of monitoring, deanonymization and seizing of BTC.” Securelist’s post reads:
“ […] We should expect cybercriminals to switch to transit cryptocurrencies for charging victims. There is a reason to believe they might switch to other privacy-enhanced currencies, such as Monero, to use these first as a transition currency and then convert the funds to any other cryptocurrency of choice including BTC.”
As previously reported by Cointelegraph, crypto-related crimes slowed significantly in 2020, though some crypto sectors (like DeFi) have become new hotbeds for criminal activity. According to a report by VPN firm Atlas VPN, crypto and blockchain-related hacks are likely to continue declining in 2021.
Someone Just Moved $5M In BTC From The 2016 Bitfinex Hack
The exchange’s pilfered funds are on the move once again.
Back in 2016, 119,756 Bitcoin were stolen from the Bitfinex crypto exchange. Some of these coins have continued to move between wallets over the years, including as recently as Monday.
Blockchain data shows that an unknown crypto user has moved 270.97974 Bitcoin (BTC) from a wallet associated with the hack. The sum is worth roughly $5.2 million at time of publication.
The address 1GytseWXyzGpmHkcv9uDzkU9D8pLaGyR5x, which is believed to be associated with the hack, shows less than 0.001 BTC remaining. The BTC were sent to a previously unknown bitcoin address — 3MyXrfSg7JFXLa7bD6YF1GnomEr8EXYRnx, which holds only the transacted amount.
The hackers responsible for the breach have moved only 1-2% of the stolen funds during the four-year interim since the theft took place. Their HODLing strategy appears to be paying off — the haul was worth a mere $72 million at the time, but is now valued at around $2.3 billion.
In June, the thieves transferred 736 BTC from the hack to the Russian darknet marketplace Hydra, with some coins actually ending up back at Bitfinex. Likewise, someone transferred 3,503 BTC from addresses associated with the 2016 Bitfinex hack back in July as well. Coins also moved in October, with 2,900 BTC changing wallets. Various amounts of Bitcoin from the hack have also moved on multiple other occasions.
98% of the stolen funds have remained untouched for four years, however. This may suggest that the hackers have faced difficulties laundering the digital assets as authorities enforce stricter regulations.
CipherTrace Warns Of Surge In Funds Lost To Metamask Phishers
Phishers are coming after MetaMask users in increasingly clever ways.
Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of users funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask.
The warning was issued under the headline “ALERT: Malicious Crypto Browser Extension—Masked MetaMask” and reported the company had seen “an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen.”
In response to online criticism that MetaMask is not doing enough to steer its users away from potentially harmful websites and downloads, MetaMask’s Chief Product Officer Jacob Cantele asked Twitter what more the company should do?
“How can we improve? Currently we’re warning in multiple places within the product, we maintain a phishing detector that warns about tens of thousands of malicious sites, we do regular security marketing campaigns, and we have legal resources to trying to get these sites removed.”
Links to fake MetaMask sites are being inadvertently reposted by cryptocurrency projects and reportedly show up frequently as Google Ads above the first result in Google searches for the term “metamask.”
Phishing warning? @Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links! pic.twitter.com/Fx4WArcH80
— MetaMask (@metamask_io) December 2, 2020
The scam works like this: After arriving at a phishing website that looks just like the real MetaMask site or downloading a malicious browser extension, users are directed to enter their 12 word seed to connect their wallet. The seed is captured by the phisher and the wallet drained of funds.
A friend of mine got his account drained. He googled “metamask”, clicked on the 1st link (ad) that came up which prompted him to download the fake metamask plugin. As soon as he installed it everything from his account was drained. Share Retweet! pic.twitter.com/OO9tkq1N6k
— Value-Trader (@AbizMind) November 29, 2020
MetaMask stated that the best way to avoid being phished is to download the software only from its official site, or from inside the Google Chrome store, but never by clicking links on other websites.
For those who already have the MetaMask Chrome extension installed, MetaMask will display a warning in bright red if a user attempts to visit a website previously reported as a phishing site.
MetaMask users who are unsure if a website has been reported as malicious are encouraged to visit CryptoScamDB and enter the website URL or IP address where it will be cross-referenced against a database of reported scam and phishing websites.
In October, MetaMask announced that it had surpassed one million active users on a monthly basis, largely thanks to the acceleration of the DeFi trend over the summer and fall. Rising Ether prices and a large user base suggest this type of phishing attack won’t be going away anytime soon.
Paris Court Sentences Alexander Vinnik To Five Years In Prison
Years after his initial arrest, Vinnik has finally been sentenced.
After years of extradition debates, Bitcoin (BTC) launderer Alexander Vinnik has finally been sentenced by a French court.
According to a report on Monday by Novaya Gazeta, Vinnik has been sentenced to five years in prison for “money laundering as part of an organized criminal group and providing false information about the origin of the proceeds” in addition to a fine of 100,000 euro ($121,000).
According to the BBC, the court partially dropped charges related to the ransomware known as Locky. As of publishing time, online reports do not specify whether Vinnik’s sentence is related to his alleged senior role at now-defunct crypto exchange BTC-e.
Vinnik previously denied his involvement at BTC-e, reportedly claiming that he was just an employee. He said that his monthly salary at BTC-e amounted to 10,000 euro.
As previously reported, Vinnik is allegedly the mastermind behind an international money-laundering scheme that processed over $4 billion worth of capital flows through BTC-e.
Colloquially known as “Mr. Bitcoin,” Vinnik was first arrested in Greece in July 2017 for allegedly taking part in the operations of BTC-e. Since the arrest, a number of jurisdictions have sought Vinnik’s extradition, including the United States and Russia, where Vinnik is a citizen. Vinnik was extradited to France in 2018 on charges of fraud and money laundering.
In June, the New Zealand police reportedly recovered $90 million connected to the case against Vinnik.
How Hackers Bled 118 Bitcoins Out of Covid Researchers In U.S.
Transcripts reveal University of California at San Francisco’s weeklong negotiation to free its ransomware-locked servers. The haggling worked, sort of.
The negotiator entered the chatroom four days after the attack. Hackers had locked down several servers used by the epidemiology and biostatistics department at the University of California at San Francisco, and wanted a $3 million ransom to give them the keys. On Friday, June 5, at 6:50 p.m., they directed a UCSF negotiator to a webpage on the dark web—meaning beyond the realm of Google—that listed a dozen or so sets of apparent victims and demands.
The whole thing looked oddly like a customer service portal. Just below the university’s entry was a flashing red timer counting down to a payment deadline. It read: 2 days, 23 hours, 0 minutes. If the counter reached zero, the ransom message said, the price would double.
In a secure chat that the hackers set up with a digital key, the UCSF negotiator said the attack couldn’t have come at a worse time. The department was racing to try to help develop some kind of treatment or vaccine for Covid-19, the negotiator said, and hinted that the researchers hadn’t taken the time to duly back up their data.
“We’ve poured almost all funds into COVID-19 research to help cure this disease,” the anonymous negotiator typed in the chat, pleading something between poverty and force majeure. “That on top of all the cuts due to classes being canceled has put a serious strain on the whole school.”
The hackers’ representative, who went by the handle Operator, said a school that collects more than $7 billion in revenue each year, one with negotiators, lawyers, and security consultants on hand, should be good for a few mil. “You need to understand, for you as a big university, our price is shit,” Operator said.
“You can collect that money in a couple of hours. You need to take us seriously. If we’ll release on our blog student records/data, I’m 100% sure you will lose more than our price what we ask.” By that time, the hackers had shared a sample of data from the stolen servers indicating that they did indeed have sensitive material.
Bloomberg Businessweek received a complete transcript of the chat between Operator and the UCSF negotiator from a person with access to the chat’s digital key. Such keys tend to be distributed to members of the internal crisis response team, law enforcement, and private consultants. The university confirmed the breach but said the transcript shouldn’t be taken at face value because “the statements and claims made by either party were in the context of a negotiation.”
Whatever its exaggerations, the transcript provides a rare look into the kinds of secretive ransomware attacks usually portrayed impersonally through FBI statistics, regulatory filings, and official statements. (Victims don’t usually like to admit that hackers beat their security, or that they paid off the crooks.)
With the affect of a used-car salesman, Operator—probably based somewhere safely out of reach of U.S. law enforcement—led a negotiation that bore a lot of similarities to an old-school, flesh-and-blood kidnapping. The main difference was that the hackers he represented had swiped data, not people.
In some ways, Covid-19 has turbocharged the ransomware business that has proliferated, especially in Russia and Eastern Europe, over the past several years.
The pandemic has made high-value targets out of universities, hospitals, and labs with access to data that are used to analyze new potential treatments or document the safety of vaccine candidates. ( Recent victims include Hammersmith Medicines Research, which conducts clinical trials for new medicines, and antibodies researcher 10X Genomics Inc., though Hammersmith says it repelled the attack and 10X says its business suffered no substantive impact.)
It has also offered a bit of a coming-out party for some of the many ransomware groups that spent 2019 trying to professionalize their operations with a faux-corporate business model, complete with press releases, public websites, and even statements laying out ethical standards.
There’s more at stake in this calculus than just garden-variety scams, too. The U.S. Department of Justice has said that Chinese state-sponsored hackers are targeting global institutions conducting coronavirus research in order steal data that might lead their country more quickly to a vaccine.
The DOJ investigation resulted in the July indictment of two hackers linked to Chinese state security for attacking computer systems connected to Covid-19 research. In the U.K., the National Cyber Security Centre documented a surge in state-sponsored attacks on British research institutions focused on Covid-19, and attributed much of that increase to Russia, Iran, and China.
UCSF hasn’t linked the attackers—whose English was littered with grammatical tics common among native Russian speakers—to any foreign state actors. The university said in a statement following the hack that the attack didn’t hurt its Covid-19 work, although the lost data were “important to some of the academic work we pursue as a university serving the public good.” (The FBI, which typically handles U.S. ransomware cases, referred questions about the hack to the university.)
During the standoff, the negotiator told the hackers that the university didn’t know what was on the locked computers. Yet the transcript suggests that whatever the data were, the university was desperate to account for it.
According to the hackers’ dark web blog, the ransomware used to attack UCSF came from Netwalker, a hacking operation that has boomed since last fall. Netwalker malware can be leased by would-be attackers as a kind of franchise program. In March, the group posted a dark web want ad to recruit new affiliates.
The qualifications included: “Russian-speaking network intruders—not spammers—with a preference for immediate, consistent work.” In June, a further ad prohibited English speakers from applying, according to Cynet, a digital security company in Tel Aviv.
Although ransomware gangs have seized the pandemic as an opportunity, they tend to play a certain amount of Good Cop, too. In a March 18 press release, a big ransomware group known as Maze offered victims in the medical industry “exclusive discounts” on ransoms.
In a blog post the following month, the group declared, “We are living in the same economic reality as you are. That’s why we prefer to work under the arrangements and we are ready to compromise.” (There’s no evidence that Maze ever provided any such discounts.)
UCSF had no way of knowing with any certainly whether the hackers would deliver on their promise to restore the locked-down computers upon payment, a risk inherent in ransomware attacks. Some corporate victims hire professional negotiators in the hope that they’ll be better able to guarantee a happy ending while saving a few bucks. Others try to work it out themselves.
UCSF said in its statement that it chose to retain a private consultant to support the “interaction with the intruders,” but declined to identify a company or individual.
With 2 days, 22 hours, and 31 minutes on the clock, the UCSF negotiator asked for a two-day extension so that “the university committee that makes all the decisions” could meet again. This is a common tactic for victims exploring their options before resorting to payment, but somewhat surprisingly given the school’s lack of leverage, the hackers agreed—on the condition that the school double its payoff to $6 million.
“I expected Operator to say, ‘You know you’re under attack, right?’ There are no weekends off in a cyberattack,” says Moty Cristal, an experienced ransomware negotiator in Tel Aviv who reviewed the transcript. “But in this case, the bad guys were almost enjoying the conversation. It was part of the game.”
Playing for time can help ransomware victims better evaluate the threats to their networks and data. Kevin Jessiman, chief information officer for Price Industries, a Canadian air ventilation manufacturer, says the negotiator his company hired last year enabled his team to diagnose the hack they’d suffered and explore their options.
“Once we were confident that enough of our system could be restored, we ceased correspondence,” says Jessiman, adding that Price stopped talking to the attackers in about 36 hours. Even though the cost of restoring and updating its security system was millions of dollars greater than the ransom demand, he says, Price declined to pay the crooks.
UCSF figured out that its hackers had managed to encrypt data on as few as seven servers, according to a person familiar with the investigation, who spoke on condition of anonymity for fear of retaliation. The attackers had copied at least 20 gigabytes of data from the machines, and so had some idea what they contained.
Throughout the negotiations, the university representative was careful to ply Operator with compliments. Experts say that while this is a transparent, 101-level negotiating strategy, it also works. “I’m willing to work this out with you, but there has to be mutual respect.
Don’t you agree?” said the negotiator, according to the transcript. “I have read about you on the internet and know that you are a famous ransomware hacker group and very professional. I know you will honor your word when we agree on a price, right?”
These appeared to be magic words. “We are 100% about respect, never we will disrespect a client who talk to us with respect,” said Operator. “Do not offer anything ridiculous.” So naturally, the negotiator’s first offer was something close to ridiculous. The committee “said that I can submit a request for the max amount of $780,000, but I’d be lucky if I got even half of it.”
The hacker scoffed at $390,000. This was such an insulting offer, Operator said, that the hacking group threatened to blow the whistle on UCSF’s loss of student and faculty data to the Federal Trade Commission. “I suggest you re-consider another offer and this time, a serious one.”
It was an empty threat, and the negotiator called Operator’s bluff. “The FTC is not a concern for us. We would just like to unlock our computers to get our data back. I know you want to make a lot of money here, I get it, but you need to understand that we don’t have this much cash sitting around,” the negotiator said.
It was 10:46 p.m. on June 9 in San Francisco, and the two had been talking for four days.
Dragging out the negotiations might have been helpful to the hackers, too, says Cristal, the ransomware negotiator, who adds that in Covid-era attacks, there’s more at stake than money. Time to examine their bounty might have allowed Operator’s team to identify lucrative research or intellectual property worth auctioning off. Attackers affiliated with a large-scale criminal enterprise such as Netwalker may also have their own bureaucracy to wade through, Cristal says.
After standing pat at $390,000 for a day, the UCSF negotiator came back with an offer of $780,000. Operator wasn’t impressed. “Keep that $780k to buy Mc Donalds for all employees. Is very small amount for us. I am sorry,” the hacker said.
“How can I accept $780,000? Is like, I worked for nothing.”
At this point, the negotiations became highly emotional, even personal. “I hope you know that this is not a joke for me,” the negotiator replied. “I haven’t slept in a couple of days because I’m trying to figure this out for you. I am being viewed as a failure by everyone here and this is all my fault this is happening.”
“The longer this goes on, the more I hate myself and wish this were to end one way or another,” the negotiator added. “Please sir, what can we work out?”
There’s no real evidence that this was anything more than a negotiating tactic. For that matter, it’s unclear whether either party was really a single person; both could just as easily be several people working in shifts. Still, Operator played along: “My friend, your team needs to understand this is not your failure. Every device on the internet is vulnerable.”
The UCSF representative responded, “I hear you and thank you for thinking I’m [not] a failure. I wish others here would see the same thing.”
The next morning, June 9, UCSF offered just over $1 million. Operator countered with $1.5 million. With both sides perhaps sensing that a deal was close, the university’s negotiator played one last card: “The good news that I wanted to share is that a close friend of the school knows what’s going on and has offered to help and donate $120k to help us.
We normally can’t accept these donations, but we’re willing to make it work only if you agree to end this quickly. Can we please end this so we both can finally get some good sleep?”
That was good enough for Operator, who responded, “When can you pay?” The two had been talking for almost six days.
The negotiator and Operator had an agreement: $1.14 million, worth about 116 Bitcoin. UCSF would spend another day and a half clearing the deal on its side and buying the Bitcoin.
Along with access to the decryption key, the deal included a commitment by the hackers to transmit all the data they had stolen from the university’s network, presumably so UCSF could determine what data the hackers had in their possession and could possibly sell. It would take the attackers almost two nerve-wracking days to decrypt, transmit, and show they’d deleted their copies of the files, but they would deliver at 2:48 a.m. on June 14.
With the deal done, Operator indulged a little professional curiosity about who had really been sitting at the other keyboard, asking, “Which recovery company are you?” The negotiator didn’t answer.
Vinnik’s Attorney Appeals Against 5-Year Prison Sentence
Lawyers of the alleged $4 billion Bitcoin launderer appeal to the court, arguing that Alexander Vinnik was just an employee at BTC-e.
The defense team of Alexander Vinnik, an alleged Bitcoin launderer who was sentenced to a five-year prison term, disagrees with the court’s decision.
According to a Dec. 18 report by Russian news agency Kommersant, Vinnik’s attorney Frederic Belot has appealed the French court’s judgement, arguing that the defendant was not involved in any money laundering operations.
Citing a Dec. 6 judgement charging Vinnik for “money laundering as part of an organized criminal group,” Belot emphasized that no “criminal group” consists of one person. “The court did not name a single name even supposedly belonging to this group,” Belot reportedly said.
According to Belot, Vinnik was rather a victim of his anonymous “employers” at now-defunct crypto exchange BTC-e, as his involvement in managing the platform has not been proved: “Vinnik was just a full-time trader and he did not participate, at least consciously, in any money laundering operations,” Belot declared.
Vinnik’s defense expects the court to hear the appeal in four months, Belot noted. Lawyers also argued that the judgement by the Paris court was based on an investigation subject to interference from United States intelligence agencies. According to the report, Vinnik faces a 50-year prison term in the U.S. in the event of potential extradition.
Colloquially known as “Mr. Bitcoin,” Vinnik is the convicted creator of a global illegal scheme that laundered over $4 billion worth of capital flows through BTC-e. More than three years after his arrest in Greece, Vinnik’s trial finally happened in early December 2020. Vinnik previously denied his involvement at BTC-e, claiming that he was just an employee at the firm.
Notorious Crypto Figures Arrested In 2020
Despite the crypto industry experiencing a major rise in mainstream interest in 2020, the year also saw many prominent crypto personnel apprehended by regulators.
Over the past year, many prominent and colorful crypto personalities have been apprehended and arrested. From the jailing of antivirus pioneer John McAfee to the laying of charges against executives from one of the world’s largest exchanges, 2020 didn’t exactly shake off crypto’s reputation as a honeypot for criminals.
Over the first ten months of 2020, blockchain forensics company CipherTrace estimates that losses from thefts, hacks, and frauds totalled a whopping $1.8 billion, a figure fueled in part by the rise of various DeFi platforms.
The report suggests that 2020 is on track to record the second-highest value in losses linked to cryptocurrency crimes, trailing 2019, when proceeds of those crimes exceeded $4.5 billion.
Let’s take a closer look at some of the highest-profile figures embroiled in legal issues this year.
Arthur Hayes Goes Missing Following DoJ Charges
On Oct. 1, the United States Department of Justice (DoJ) filed criminal charges against BitMEX founder Arthur Hayes as well as three of his associates for violating the Bank Secrecy Act. Compounding their problems, the US Commodity Futures Trading (CFTC) filed a civil enforcement action against Hayes and his company for flouting AML regulations.
The Hong Kong resident has been MIA in public since and is yet to resurface. But in a stroke of good fortune for Hayes, he might not be compelled to face the music anytime soon, as the United States and Hong Kong have suspended their extradition agreements in light of the recent political turmoil there.
The DoJ alleged that BitMEX had been engaged in a variety of shady activities and had weak Anti-Money Laundering (AML) and Know Your Customer (KYC) policies that could easily be misused by third-party actors.
BitMEX was also accused of operating a complex international corporate structure with offices in premium international destinations such as New York, Hong Kong while claiming to be registered and based out of Seychelles.
After the news broke BitMEX announced the departure of Hayes as the company CEO, along with chief technical officer Samuel Reed and the head of business development Greg Dwyer.
‘Star’ Xu’s Mysterious Absence Explained
Prominent cryptocurrency exchange OKEx copped a lot of flak after it suspended crypto withdrawals on Oct. 16, effectively barring customers from taking out their crypto holdings.
Reports surfaced that the suspension was related to the exchange’s Chinese co-founder Mingxing “Star” Xu being arrested by local authorities — although the exchange vigorously denied that was the issue.
After being unreachable for more than thirty days, Xu finally made a media appearance on WeChat on Nov. 19. He revealed that he’d been assisting relevant authorities investigating OK Group’s “backdoor listing in 2017” in which the exchange had sought to partner with an “undisclosed third party entity” so as to make its offerings available to clients all over the world.
Xu indicated that after having looked at his prior business engagements, investigators had finally clarified the matter and given him the all clear.
After a month, OKEx finally re-enabled crypto withdrawals on Nov 27.
John Mcafee’s Spanish Cruise Comes To An Abrupt End
Tech savant, crypto evangelist, and eccentric millionaire John McAfee has been leading the crypto hype train for what feels like time immemorial now. In 2017, he famously proclaimed that within 36 months, Bitcoin would hit a price of $1 million or he’d “eat my d**k on national television.” He retracted his statement earlier this year to the relief of most people.
McAfee was detained in Barcelona by local authorities in October in regard to tax evasion charges levied by the US government against him. He was also charged over fraudulently promoting a series of questionable cryptocurrency projects, from which he allegedly profited millions of dollars.
Prosecutors claim that McAfee failed to file his tax returns for four years running, even while he raked in millions of dollars from his consulting work, speaking engagements, digital currency investments, etc.
According to a statement released by the US Justice Department, McAfee illegally siphoned his income from various bank accounts and cryptocurrency exchange accounts in the names of different nominees. He is also accused of not declaring a number of expensive assets including a yacht and real estate.
This is not the first time McAfee has been in trouble with the law. Back in 2012, he was questioned by police after his name was linked with the death of his neighbor, Florida businessman Gregory Faull. In 2019 he was ordered to pay $25 million in a wrongful death lawsuit filed by the estate, but refused, saying:
“I have not responded to a single one of my 37 lawsuits in the past 11 years.”
If convicted of the new charges, he could face up to 30 years in prison.
Santiago Fuentes’ Billion-Dollar Scheme Collapses
Spanish national, Santiago Fuentes, was the operator of a cryptocurrency arbitrage firm called Arbistar which had tens of thousands of users investing Bitcoin into its arbitrage trading bot. Blockchain investigations firm Tulip Research reported that since its inception, the firm had raised more than $1 billion in Bitcoin.
Suspicions arose in September when Fuentes claimed that due to a “digital error”, Arbistar’s native trading module had been somehow disabled, wiping out more than a quarter of the company’s funds overnight.
In the course of their investigations, Spanish authorities determined that Fuentes had been making use of his crypto outfit to allegedly facilitate various financial frauds and to launder money. Tulip Research traced back some of Arbistar’s withdrawal activity to a deep web marketplace called ‘Hydra’.
Fuentes was arrested in October and has been charged with financial fraud and money laundering. On Dec. 13 lawyers representing 130 former clients said they’d lost 4 million euros ($4.86M) between them, with Spanish media suggesting that in total, 32,000 people had lost 93.4 million euros ($113.5M).
Matthew Piercey’s Daring Sea Scooter Escape
The 44-year-old Shasta County, California man was arrested by the FBI on Nov 16. while trying to flee from authorities using a sea scooter.
Local media outlets reported that Piercey was able to evade agents for over an hour by first speeding off in a truck and then abandoning the vehicle on the edge of Lake Shasta where he used a sea scooter — an underwater mobile device that can typically reach a maximum speed of 5mph — to continue to evade police underwater for 25 minutes. He was arrested when he emerged.
Police allege that Piercey solicited $35 million for crypto mining and other investments through Family Wealth Legacy LLC and Zolla Financial LLC.
The two firms reportedly targeted wealthy investors, obtaining a minimum of $50,000 from each client. However Piercey reportedly admitted that he had little to no understanding of cryptocurrencies.
He reportedly spent $2.5 million obtained via his schemes, renovating two of his homes and paying off his credit card bills. He is now currently facing multiple charges of wire fraud, mail fraud, money laundering and witness-tampering. If found guilty, Matthew could face life in prison.
Harpreet Singh Sahni Is Brought Down By Indian Sleuths
Over the years, Sydney-based socialite and concert promoter Harpreet Sahni built a reputation as a man who regularly rubbed shoulders with Australia’s elites including ex-Prime Minsters such as Tony Abbott and Julia Gillard, the former Premier of New South Wales Mike Baird, and former cricketer Glenn McGrath.
But in October, Indian police authorities claimed that Sahni and his close aides had allegedly swindled around $50 million from clients. He was promoting a scheme called “Plus Gold Union Coin” (PGUC), which promised to deliver profits ranging between $5,000 to $8,000 per day to backers.
Investors who tipped around $7,000 in PGUC, were told they could potentially rake in more than $100,000 within a year. Investors had to lock into a 12-month contract during which they couldn’t cash out their crypto holdings. However, as PGUC’s popularity grew, token holders began to grow suspicious.
The PGUC website would go offline for weeks at a time and when the currency plummeted, there was no way for investors to minimize their losses or withdraw their assets. The invested money — estimated to be around $50 million — disappeared, with all correspondence stopped with clients.
Sanhi now faces roughly 24 years in prison and is awaiting his sentencing.
Conor Freeman’s Million-Dollar Bitcoin Ploy
The US Department of Homeland Security identified Dublin-based IT professional Conor Freeman as the man behind a theft involving more than $2 million worth of crypto. He was arrested by Homeland Security officials on Nov. 16 and forced to hand over more than 142 Bitcoin.
Freeman was reportedly working with a group able to gain access to the email addresses and phone numbers of victims via various social media platforms. They also had contacts inside the telecom industry, enabling them to initiate sophisticated SIM-swap attacks.
That’s where a scam artist is able to obtain a SIM card that is directly linked to their victim’s mobile number, enabling them to gain access to an individual’s 2FA messages and One Time Passwords that are used to validate identities and approve larger financial transactions.
Freeman pleaded guilty to stealing cryptocurrencies worth $1.92 million from Emmy award-winner Seth Shapiro — producer of The Game Changers, The Chosen One — as well as illegally obtaining an additional $250,000 from two other victims, Michael Templeman and Darran Marble.
The Entire Plustoken Team
Earlier this year in July, Chinese police took 109 people into custody in connection with the Plustoken Ponzi scheme. Twenty seven of them — including Chen Bo, Luu Jianghua, Lu Jianghua, Lu Qinghai, Jin Xinghai, Wang Yin, and Zhang Qin — were allegedly the scheme’s masterminds, while the remaining 82 people arrested held smaller roles within the organization.
The Plustoken scam raked in an estimated $5.7 billion from more than two million investors. Based out of China, the project presented itself as being a cryptocurrency wallet that provided high returns if users purchased PLUS tokens with either BTC or ETH.
In 2019, key members moved large amounts of crypto out of the platform, with 25,000 BTC sent to various addresses including Bitcoin mixers between Feb and March and in June, 789,534 ETH was transferred from the firm’s coffers.
However, by the end of the year, the entire scheme had been exposed, and by July 2020, the project had been taken down by Chinese police.
In November the Jiangsu Yancheng Intermediate People’s Court revealed that authorities had confiscated 194,775 BTC, 833,083 ETH, 487 million XRP, 79,581 BCH, 1.4 million LTC, 27.6 million EOS, 74,167 DASH, 6 billion DOGE and 213,724 USDT — estimated to be worth $4 billion. Earlier this month Chen Bo and 13 of his co-conspirators were sentenced to jail terms ranging between two and 11 years.
Cover Protocol Suffers Infinite Minting Attack, Price Tanks 97%
Cover, the peer-to-peer coverage market, is the latest DeFi project to suffer an attack.
A suspected hacker has exploited the Cover staking protocol, inflating the token supply by printing over 40 quintillion “coins”
However, in a surprising move, the suspected attacker returned the funds with a note saying: “Next time, take care of your own shit.”
In the initial exploit, the attacker liquidated over 11,700 coins on the 1inch decentralized exchange aggregator after inflating the token supply according to data from the Ethereum wallet explorer Nansen. In total, the rogue actor drained more than $5 million from the project as of press time.
Cover Protocol Released Addressed The Incident In A Message Posted On Its Discord Group, Stating:
“The Blacksmith farming contract has been exploited to mint infinite $COVER tokens. We have restricted minting access to the farming contract in order to stop the attacker. If you are providing liquidity for $COVER token (uniswap or sushiswap) please remove it immediately.”
According to the Cover Protocol team, the issue only affected the token supply with funds held in “claim/noclaim” pools still safe. The project says it is investigating the incident.
The attack caused a massive decline in the COVER token price, falling by more than 97% while also eliciting negative comments from a cross-section of the crypto community on social media. Back in November, Cover was one of the DeFi protocols to merge with Yearn.Finance.
Monday’s incident makes the Cover the latest DeFi project to suffer a malicious exploit in a year ridden with opportunistic profiteering attacks against numerous protocols.
As previously reported by Cointelegraph, the spate of DeFi hacks throughout the year stand out as one of the major disappointments in the crypto space for 2020 with data manipulation deemed as being easy to accomplish on many projects.
A Crypto Kid Had A $23,000-A-Month Condo. Then The Feds Came
Stefan Qin was just 19 when he claimed to have the secret to cryptocurrency trading.
Buoyed with youthful confidence, Qin, a self-proclaimed math prodigy from Australia, dropped out of college in 2016 to start a hedge fund in New York he called Virgil Capital.
He told potential clients he had developed an algorithm called Tenjin to monitor cryptocurrency exchanges around the world to seize on price fluctuations. A little more than a year after it started, he bragged the fund had returned 500%, a claim that produced a flurry of new money from investors.
He became so flush with cash, Qin signed a lease in September 2019 for a $23,000-a-month apartment in 50 West, a 64-story luxury condo building in the financial district with expansive views of lower Manhattan as well as a pool, sauna, steam room, hot tub and golf simulator.
In reality, federal prosecutors said, the operation was a lie, essentially a Ponzi scheme that stole about $90 million from more than 100 investors to help pay for Qin’s lavish lifestyle and personal investments in such high-risk bets as initial coin offerings.
At one point, facing client demands for their money, he variously blamed “poor cash flow management” and “loan sharks in China” for his troubles. Last week, Qin, now 24 and expressing remorse, pleaded guilty in federal court in Manhattan to a single count of securities fraud.
“I knew that what I was doing was wrong and illegal,” he told U.S. District Judge Valerie E. Caproni, who could sentence him to more than 15 years in prison. “I deeply regret my actions and will spend the rest of my life atoning for what I did. I am profoundly sorry for the harm my selfish behavior has caused to my investors who trusted in me, my employees and my family.”
The case echoes similar cryptocurrency frauds, such as that of BitConnect, promising people double-and triple-digit returns and costing investors billions. Ponzi schemes like that show how investors eager to cash in on a hot market can easily be led astray by promises of large returns. Canadian exchange QuadrigaCX collapsed in 2019 as a result of fraud, causing at least $125 million in losses for 76,000 investors.
While regulatory oversight of the cryptocurrency industry is tightening, the sector is littered with inexperienced participants. A number of the 800 or so crypto funds worldwide are run by people with no knowledge of Wall Street or finance, including some college students and recent graduates who launched funds a few years ago.
Qin’s path started in college, too. He had been a math whiz who planned on becoming a physicist, he told a website, DigFin, in a profile published in December, just a week before regulators closed in on him. He described himself on his LinkedIn page as a “quant with a deep interest and understanding in blockchain technology.”
In 2016, he won acceptance into a program for high-potential entrepreneurs at the University of New South Wales in Sydney with a proposal to use blockchain technology to speed up foreign exchange transactions. He also attended the Minerva Schools, a mostly online college based in San Francisco, from August 2016 through December 2017, the school confirmed.
He got the crypto bug after an internship with a firm in China, he told DigFin. His task had been to build a platform between two venues, one in China and the other in the U.S., to allow the firm to arbitrage cryptocurrencies.
Convinced he had happened upon a business, Qin moved to New York to found Virgil Capital. His strategy, he told investors, would be to exploit the tendency of cryptocurrencies to trade at different prices at various exchanges. He would be “market-neutral,” meaning that the firm’s funds wouldn’t be exposed to price movements.
And unlike other hedge funds, he told DigFin, Virgil wouldn’t charge management fees, taking only fees based on the firm’s performance. “We never try to make easy money,” Qin said.
By his telling, Virgil got off to a fast start, claiming 500% returns in 2017, which brought in more investors eager to participate. A marketing brochure boasted of 10% monthly returns — or 2,811% over a three-year period ending in August 2019, legal filings show.
His assets got an extra jolt after the Wall Street Journal profiled him in a February 2018 story that touted his skill at arbitraging cryptocurrency. Virgil “experienced substantial growth as new investors flocked to the fund,” prosecutors said.
The first cracks appeared last summer. Some investors were becoming “increasingly upset” about missing assets and incomplete transfers, the former head of investor relations, Melissa Fox Murphy, said in a court declaration. (She left the firm in December.) The complaints grew.
“It is now MID DECEMBER and my MILLION DOLLARS IS NOWHERE TO BE SEEN,” wrote one investor, whose name was blacked out in court documents. “It’s a disgrace the way you guys are treating one of your earliest and largest investors.”
Around the same time, nine investors with $3.5 million in funds asked for redemptions from the firm’s flagship Virgil Sigma Fund LP, according to prosecutors. But there was no money to transfer. Qin had drained the Sigma Fund of its assets. The fund’s balances were fabricated.
Instead of trading at 39 exchanges around the world, as he had claimed, Qin spent investor money on personal expenses and to invest in other undisclosed high-risk investments, including initial coin offerings, prosecutors said.
So Qin tried to stall. He convinced investors instead to transfer their interests into his VQR Multistrategy Fund, another cryptocurrency fund he started in February 2020 that used a variety of trading strategies — and still had assets.
He also sought to withdraw $1.7 million from the VQR fund, but that aroused suspicions from the head trader, Antonio Hallak. In a phone call Hallak recorded in December, Qin said he needed the money to repay “loan sharks in China” that he had borrowed from to start his business, according to court filings in a lawsuit filed by the Securities and Exchange Commission.
He said the loan sharks “might do anything to collect on the debt” and that he had a “liquidity issue” that prevented him from repaying them.
“I just had such poor cash flow management to be honest with you,” Qin told Hallak. “I don’t have money right now dude. It’s so sad.”
When the trader balked at the withdrawal, Qin attempted to take over the reins of VQR’s accounts. But by now the SEC was involved. It got cryptocurrency exchanges to put a hold on VQR’s remaining assets and, a week later, filed suit.
By the end, Qin had drained virtually all of the money that was in the Sigma Fund. A court-appointed receiver who is overseeing the fund is looking to recover assets for investors, said Nicholas Biase, a spokesman for Manhattan U.S. Attorney Audrey Strauss. About $24 million in assets in the VQR fund was frozen and should be available to disperse, he said.
“Stefan He Qin drained almost all of the assets from the $90 million cryptocurrency fund he owned, stealing investors’ money, spending it on indulgences and speculative personal investments, and lying to investors about the performance of the fund and what he had done with their money,” Strauss said in a statement.
In South Korea when he learned of the probe, Qin agreed to fly back to the U.S., prosecutors said. He surrendered to authorities on Feb. 4, pleaded guilty the same day before Caproni, and was freed on a $50,000 bond pending his sentencing, scheduled for May 20.
While the maximum statutory penalty calls for 20 years in prison, as part of a plea deal, prosecutors agreed that he should get 151 to 188 months behind bars under federal sentencing guidelines and a fine of up to $350,000.
That fate is a far cry from the career his parents had envisioned for him — a physicist, he had told DigFin. “They weren’t too happy when I told them I had quit uni to do this crypto thing. Who knows, maybe someday I’ll complete my degree. But what I really want to do is trade crypto.”
The case is U.S. v Qin, 21-cr-75, U.S. District Court, Southern District of New York (Manhattan)
T-Mobile Sued By Victim Who Lost $450K In Bitcoin In SIM Swap Attack
The wireless carrier is accused of failing to protect its customers from SIM swappers’ lucrative heists.
Telecoms provider T-Mobile has become the latest corporate name to come under fire for its alleged negligence and failure to protect customer information, which indirectly enabled a “SIM swap attack” that led to the successful theft of $450,000, or 15 Bitcoin (BTC).
A SIM swap attack — also referred to as a port-out scam — has proved to be a popular tactic with criminals in recent years. Such an attack involves the theft of a victim’s cell phone number, which can then be used to hijack the victim’s online financial and social media accounts by intercepting automated messages or phone calls that are used for two-factor authentication security measures.
The lawsuit filed against T-Mobile on Feb. 8 in the Southern District of New York by plaintiff Calvin Cheng — the victim who alleges he lost $450,000 in Bitcoin following such an attack — explains exactly how it is that telecoms firms come to play such a crucial role in this particular kind of fraud:
“A criminal third-party convinces a wireless carrier like T-Mobile to transfer access to one of its legitimate customers’ cellular phone number from the legitimate customer’s registered SIM-card […] to a SIM-card controlled by the criminal third party […] This sort of account takeover is not an isolated criminal act, per se, as it requires the wireless carrier’s active involvement to swap the SIM to an unauthorized person’s phone.”
The incident at issue in the lawsuit occurred, according to Cheng, after a SIM-swap was successfully carried out in May 2020 against a T-Mobile customer and co-founder of crypto-focused investment fund Iterative Capital, Brandon Buchanan.
Cheng had conducted several successful transactions with Iterative to purchase Bitcoin in the months prior to the incident, communicating with Buchanan and others in Iterative via Telegram and using a crypto exchange administered by the fund.
After the SIM-swap, the perpetrators allegedly impersonated Buchanan on a Telegram chat with Cheng, reaching out to him asking him whether or not he wanted to sell Bitcoin for an Iterative client at an attractive premium.
Having been lulled into thinking the communications were from Buchanan, Cheng agreed to the deal and transferred the Bitcoin to a digital wallet he believed to be controlled by Buchanan and/or Iterative — a mistaken belief, as it soon turned out.
A couple of days later, Buchanan reached out to Iterative’s exchange clients to inform them that several of his accounts had been compromised by SIM-swappers, who had falsely assumed his identity and used it to initiate trades on Iterative’s supposed behalf.
The rest of the complaint details Cheng’s appeal to the FBI, which is investigating the incident and attempting to identify the perpetrators. Buchanan has also attempted to intercede directly with T-Mobile on behalf of Cheng, but has failed to secure a refund on his behalf.
As the lawsuit underscores, SIM-swapping is hardly a new phenomenon and has been actively discussed by federal agencies since 2016 at the latest. Nor is this the first time T-Mobile has been embroiled in SIM swap-related lawsuits involving cryptocurrency investors.
The lawsuit accuses T-Mobile of failing implement to adequate security policies to prevent unauthorized access to its customers’ accounts, failing to train or supervise its employees to prevent successful fraud, and of wrongful conduct in its “reckless disregard” for various obligations and duties under federal and state law.
The carrier is thus accused of knowingly violating the Federal Communications Act the Computer Fraud and Abuse Act, the New York Protection Act, as well as two counts of negligence.
Austria Finance Regulator Sees Frauds Rising Amid Crypto ‘Hype’
Austria’s Financial Market Authority has seen a record in whistle-blower reports of potential fraud in 2020, with crypto currencies being a focus.
Two thirds of the investment fraud reports were related to crypto- and digital currencies trading products, while the rest was, among others, related to stocks and gold, FMA said in a statement. The regulator said it saw a rise in scam offerings for digital currencies on “dubious” platforms, which were often advertised on social media such as Facebook, WhatsApp, TikTok or Telegram.
“We see a great need for stricter regulation,” FMA spokesman Klaus Grubelnik said on Friday, adding that prosecution of crypto-related fraud was even more difficult as investigations usually have to be conducted across borders. “Fake offerings for stocks and gold have been around forever and these scams are now shifting to digital assets because of the hype,” Grubelnik said.
Despite recent trading booms, the world’s top banks have so far mostly shied away from offering crypto-related services as high volatility and security concerns prevailed.
McAfee Faces Crypto-Related Fraud Charges From NY Court
Meanwhile, the anti-virus mogul is still imprisoned in Spain.
Crypto advocate and internet security pioneer John McAfee faces a number of different criminal charges, based on a new statement from the United States Department of Justice, or DoJ.
The department accused McAfee of “conspiracy to commit commodities and securities fraud, conspiracy to commit securities and touting fraud, wire fraud conspiracy and substantive wire fraud, and money laundering conspiracy offenses stemming from two schemes relating to the fraudulent promotion to investors of cryptocurrencies qualifying under federal law as commodities or securities,” the DoJ’s statement from the Southern District of New York said on Friday.
Jimmy Watson Jr. is also listed under the offenses for his role on the “McAfee Team,” which operated in the digital asset industry. Authorities took Watson into custody in Texas on Thursday, the statement said.
Prior to today’s news, McAfee already faced charges from U.S. governing bodies for tax evasion and initial coin offerings, or ICOs, which he allegedly advertised for compensation without properly informing the public. After going on the run from the U.S. government in 2019, McAfee was arrested in Spain in October 2020.
McAfee remains imprisoned as of the DoJ’s statement. “MCAFEE is currently detained in Spain on separate criminal charges filed by the United States Department of Justice’s Tax Division,” the DoJ said on Friday.
“As alleged, McAfee and Watson exploited a widely used social media platform and enthusiasm among investors in the emerging cryptocurrency market to make millions through lies and deception,” Audrey Strauss, a Southern District of New York attorney, said in the DoJ statement, adding:
“The defendants allegedly used McAfee’s Twitter account to publish messages to hundreds of thousands of his Twitter followers touting various cryptocurrencies through false and misleading statements to conceal their true, self-interested motives. McAfee, Watson, and other members of McAfee’s cryptocurrency team allegedly raked in more than $13 million from investors they victimized with their fraudulent schemes.”
William Sweeney Jr., an assistant director for the Federal Bureau of Investigation, or FBI, referred to some of McAfee’s and Watson’s alleged efforts as “pump-and-dump” tactics. He also mentioned alleged paid ICO promotion, of which the pair did not provide public notice.
The DoJ notice also explained that, “In separate parallel enforcement actions, the United States Securities and Exchange Commission (the “SEC”) and Commodity Futures Trading Commission (“CFTC”) have filed civil charges against MCAFEE and WATSON.”
What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,