US Claws Back Stolen Crypto

Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, U.S. government recovered stolen crypto, Truth Terminal founder social media hack, TeamTNT resurfaced, former FTX exec Nishad Singh avoided prison, the SEC’s X account hacker may get a plea deal, Tether reported to be under investigation, a notable increase in digital assets enforcement and pending Dutch crypto legislation.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

A hacker allegedly stole around $20 million in cryptocurrency from U.S. government wallets, said Arkham Intelligence. The hacker moved the money from seized accounts related to Bitfinex hackers, distributing them to non-custodial platforms, suggesting an attempt at laundering. Crypto analyst ZachXBT reportedly told The Block that the U.S. government was unlikely to use typical crypto exchanges for legitimate transfers, reinforcing suspicions of theft. The government retrieved $19.3 million of the funds within 24 hours of the security incident, Arkham said.

Bad actors hacked Truth Terminal founder Andy Ayrey’s social media account to promote a fraudulent token “IB.” The hacker posted a contract address for IB, which gained traction to boost the token’s market cap to $25 million, netting the hacker over $600,000. After the hacker sold holdings, the token’s market cap plummeted by 98%, although a “community takeover” has since led to some price recovery.

Aqua Nautilus researchers discovered a new campaign by hacking group TeamTNT aiming to launch a large-scale assault on cloud-native environments. The group is exploiting exposed Docker daemons to distribute Sliver malware, a cyber worm, and cryptominers. This campaign includes TeamTNT targeting Docker Swarm environments and utilizing Docker Hub as a primary channel for storing and distributing malicious payloads. TeamTNT appends compromised Docker instances to Docker Swarm. They rent victims’ computational resources to third parties, monetizing through indirect cryptomining. The group has upgraded its tactics, switching from the Tsunami backdoor to the more discreet Sliver malware. Indicators of the campaign include unique naming conventions and the reactivation of the “teamtnt.red” domain previously retired in 2022.

Former FTX executive Nishad Singh, 29, avoided prison time during Wednesday sentencing in Manhattan federal court. Singh joined the famously corrupt cryptocurrency trading platform as a software engineer and rose to become a top adviser to crypto wunderkind Sam Bankman-Fried. Singh pleaded guilty in February 2023 to six criminal counts including breaking campaign finance laws by making illegal political contributions.

U.S. District of the Southern District of New York Judge Lewis Kaplan praised Sing’s cooperation with federal investigators. “I’m not foolish enough to think there was no self-interest involved,” Kaplan said of Singh’s cooperation with investigators. “But you did the right thing.” Kaplan contrasted Singh with Caroline Ellison, another top FTX executive who cooperated extensively and for who Kaplan in September handed down a 24-month sentence. Singh’s attorneys say he did not become aware of the fraud that drained billions from customer accounts until two months before FTX collapsed. “Your case is not the case that Ms. Ellison’s was,” Kaplan said. “She was involved from the beginning.”

U.S. prosecutors are preparing a plea offer for Eric Council Jr., accused of hacking the SEC’s X account in January to post a fake announcement regarding bitcoin ETFs. Assistant U.S. Attorney Kevin Rosenberg reportedly said that while a plea deal is in the works, it’s uncertain if Council will accept it. Charged with conspiracy to commit identity theft and fraud, Council allegedly used stolen identity information to obtain a SIM card, accessing the SEC’s X account to tweet the false announcement. This post temporarily boosted bitcoin’s price by over $1,000. U.S. District Court for the District of Columbia Judge Amy Berman Jackson, who also presides over the SEC’s case against Binance, will review plea documents if an agreement is reached by Dec. 4.

U.S. authorities are investigating Tether for potential violations of anti-money laundering rules and sanctions, reported The Wall Street Journal. Manhattan federal prosecutors are examining whether third parties used the largest stablecoin for illicit activities, including terrorism, drug trading and hacking. The Department of Treasury is also assessing possible sanctions against Tether, which would prevent Americans from conducting business with the company if applied, the report said. Tether CEO Paolo Ardoino on social media platform X denied knowledge of an investigation, stating that the WSJ report was rehashing “old noise.”

The U.S. securities regulators saw an increase in cases tied to digital assets and technology in 2023, said a report from the North American Securities Administrators Association. New investigations focused on digital assets in 343 cases, staking in 144 cases and social media fraud in 205 cases, marking a “significant increase” rise from the previous year, the association said in a statement. The jump in enforcement action appears to be connected to an increase in complaints and “enforcement matters involving pig butchering and other scams.”

The Dutch tax authority launched a public consultation on a draft bill mandating crypto firms to report user transaction data. The proposal, part of the European Union’s DAC8 directive, seeks greater transparency in crypto ownership and would require crypto firms to share customer data with EU tax agencies. The public consultation runs until Nov. 21, with plans to present the bill to lawmakers by mid-2025. The bill aims to curb tax evasion and close gaps in oversight on crypto assets, ensuring that taxes apply as they would to other forms of wealth, according to Dutch officials.

With reporting from Information Security Media Group’s David Perera in Washington, D.C.