Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: Binance Ex-CEO’s Wealth Up $25B; Coinbase Refutes Senate Claims; $3M Scam
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Thunder Terminal successfully prevented a hack, Changpeng Zhao ranked 34th on a list of billionaires, Coinbase refuted a senator’s allegations of subverting crypto regulations, and scammers stole $3 million in 24 hours using fake ads.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Thunder Terminal
Thunder Terminal, an on-chain trading platform, said that it thwarted an exploit that had targeted 114 wallets on its platform, preventing a $240,000 loss. In an incident report Wednesday, Thunder said no private keys or wallets had been compromised and attributed the exploit to an attacker who had gained access to a “MongoDB connection URL” that enabled unauthorized withdrawals. The breach occurred eight days before MongoDB was exploited.
Thunder assured users that the hack had affected a small fraction of some 14,000 wallets, and the company promised full refunds, 0% fees and $100,000 in platform credits for affected users. But the hacker who allegedly infiltrated the system disputed the claims on Etherscan, calling the company’s assurances “all lies” and demanding a $110,000 ransom for the compromised data. Thunder said it was open to negotiating with the hacker for the return of stolen funds.
Etherscan data revealed that the hacker had transferred funds to the Railgun protocol for transaction anonymization.
Changpeng Zhao
The personal assets of Changpeng Zhao, who recently pleaded guilty to U.S. criminal charges and stepped down as CEO of Binance, soared by almost $25 billion in 2023, according to the Bloomberg Billionaires Index. With assets estimated at over $37 billion, Zhao ranks as the 34th richest person globally. A majority of his wealth is attributed to his controlling stake in Binance, but this does not include his holdings in bitcoin and Binance’s BNB coin.
In November, both Zhao and Binance pleaded guilty to anti-money laundering and sanctions violations, resulting in a historic settlement with the U.S., including a $4.3 billion fine for Binance and a $50 million personal fine for Zhao. Zhao faces a potential prison term of up to 18 months, and his sentencing is scheduled for Feb. 23. Court restrictions prevent him from returning to the United Arab Emirates (see: How Sam Bankman-Fried and Changpeng Zhao Will Shape Crypto).
Coinbase Responds to Sen. Warren
Cryptocurrency exchange Coinbase has refuted Sen. Elizabeth Warren’s accusations that it employed former government officials to obstruct the regulation of digital assets. In a letter dated Dec. 22, Faryar Shirzad, Coinbase’s chief policy officer, rejected Warren’s claims.
Shirzad said the move had been part of the exchange’s ongoing efforts to advocate responsibly for crypto industry regulations. He said that recruiting government personnel is part of a broader initiative to safeguard the well-being of crypto users in the United States.
The letter responded to Warren’s implication that government officials might use public service as a platform to secure lobbying positions in the digital asset industry, citing Coinbase’s Global Advisory Council, which includes four national security experts, as an example.
Crypto Scam
Scammers reportedly pilfered $3 million worth of cryptocurrencies within 24 hours by employing Google Ads to promote malevolent fake websites equipped with wallet-draining software. The scammers used MS Drainer to steal $59 million in cryptocurrency throughout 2023, according to a Dune Analytics dashboard set up to track it, Cointelegraph reported.
Web3 security firm Scam Sniffer identified instances of scammers deploying Google Ads to deceive crypto users into interacting with counterfeit versions of web3 websites, including prominent platforms such as Zapper, Lido, Stargate, DefiLlama, Orbiter Finance and Radient. Fresh incidents of phishing sites associated with the same attackers emerged on Monday, resulting in the loss of around $3 million that day alone.
Scam Sniffer said it had alerted Google Ads security to the fraudulent sites and wallet-draining software in April 2023 but received no response.