Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: $3M NFT Trader Theft; Binance’s CTFC Settlement
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Ledger looked to reimburse hack victims, NFT Trader suffered a $3 million theft, the U.S. Department of Justice announced the first criminal case involving an attack on a smart contract operated by a decentralized exchange, a U.S. court approved Binance’s settlement with the Commodity Futures Trading Commission, and a Nigerian court sentenced a criminal in a pig-butchering scam.
See Also: JavaScript and Blockchain: Technologies You Can’t Ignore
Ledger
Ledger, a billion-dollar hardware wallet maker, said it will cover about $600,000 worth of assets lost by victims in a hack last week. A former employee of the Paris company clicked on a phishing link that allowed a hacker to access his GitHub account, which still had access to Ledger code. The hacker replaced the code in Ledger Connect Kit, the infrastructure that underlies the company’s decentralized applications, with a malicious version that rerouted user assets, such as non-fungible tokens and other crypto assets, to the attacker’s wallet. The malicious code was live for about five hours and affected hardware and software wallets of other providers that used the infrastructure, the company said. Ledger has removed the malicious version and looks to update its software for better security by the middle of next year.
NFT Trader
Peer-to-peer trading platform NFT Trader fell victim to a security breach on Saturday, resulting in the theft of millions of dollars in non-fungible tokens. The platform acknowledged the attack on X, formerly Twitter, revealing that hackers had targeted outdated smart contracts. The hackers stole NFTs worth nearly $3 million, Revoke.cash reported. The attacker proposed victims pay a 10% bounty in Ether to get their NFTs back. The hacker also allegedly returned a rare NFT along with nearly $70,680 in cryptocurrency to a user.
Smart Contract Hack
On Dec. 14, the U.S. attorney for the Southern District of New York announced that Shakeeb Ahmed had pleaded guilty to hacking two decentralized cryptocurrency exchanges in July 2022. One exchange is anonymous; the other is Nirvana Finance. Ahmed admitted to computer fraud and agreed to forfeit over $12.3 million, including $5.6 million in fraudulently obtained cryptocurrency. Ahmed’s guilty plea marks the first criminal case involving an attack on a smart contract operated by a decentralized exchange, as detailed in the criminal indictment.
Binance
The U.S. District Court for the Northern District of Illinois issued a $2.7 billion order against crypto exchange Binance and its former CEO, Changpeng Zhao. The court approved the settlement in response to the Commodity Futures Trading Commission’s enforcement action from November, the agency said. The court found violations of the Commodity Exchange Act and CFTC regulations and imposed a $150 million civil monetary penalty on Zhao personally. Separately, Binance is required to disgorge $1.35 billion in ill-gotten transaction fees and pay a $1.35 billion penalty to the CFTC.
Pig-Butchering Scam
A Nigerian Federal High Court sentenced Eze Harrison Arinze to three years for defrauding 34 victims of $592,000 across 13 countries in a crypto romance scam called pig butchering. The Economic and Financial Crimes Commission prosecuted Arinze, who must disgorge 11.07 Bitcoins worth more than $460,000 to victims and pay a forfeit the $46,032 he has in his bank account. Arinze, convicted for orchestrating a fictitious cryptocurrency investment platform named digitrades.net, duped victims globally, including in the United States, Germany, India and South Africa.
With reporting from Information Security Media Group’s Mihir Bagwe in Mumbai, India.