Cryptohack Roundup: Authorities Shutter Cryptomixer

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, authorities shutter Cryptomixer, Anthropic warns about autonomous AI exploits, U.K. plans ban on crypto political donations, Do Kwon seeks leniency, Lazarus Group suspected in Upbit theft, Balancer’s post-exploit plans and Yearn recovers some hacked amount.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Swiss and German authorities with support from Europol dismantled illicit cryptocurrency mixing service Cryptomixer, seizing three servers in Switzerland. They also took control of the cryptomixer.io domain, and confiscated more than 12 terabytes of data and over 25 million euros in bitcoin. Authorities replaced the site with a seizure banner after shutting down the service.

Cryptomixer operated on both the clear web and darkweb, and was widely used by ransomware groups, darkweb markets and cybercriminal forums to hide the origins of illicit funds. The platform mixed more than 1.3 billion euros in bitcoin since 2016, using pooled deposits and randomized redistribution to obstruct blockchain tracing.

Anthropic says its advanced AI agents have demonstrated the ability to autonomously exploit vulnerabilities in smart contracts. The company tested models including Claude Opus 4.5 and Claude Sonnet 4.5 in a mock blockchain environment using smart contracts previously exploited after March. The agents successfully breached 17 of 34 contracts, siphoning $4.5 million in simulated funds.

Across a broader benchmark of 405 contracts deployed between 2020 and 2025 on ethereum, BNB Smart Chain and Base, AI models exploited 207 contracts and generated $550 million in mock revenue. When Anthropic tasked Sonnet 4.5 and GPT-5 with scanning more than 2,800 recently deployed contracts, the agents uncovered two zero-day vulnerabilities worth an estimated $3,694 in potential exploits – although at an API cost of $3,476.

The British Labour government is preparing to outlaw political donations made in cryptocurrency, reported The Guardian. Officials said the measure will not be ready in time for the upcoming elections bill. The government views crypto-based contributions as a growing threat to electoral integrity because their origins can be difficult to verify, but the technical and legal complexity of regulating digital assets has slowed progress.

A ban would hit right-wing populist party Reform U.K., which this year became the first party to accept cryptocurrency donations and has already received contributions through a newly launched crypto portal. The government fears such donations could mask money from foreign actors or criminal networks.

The Electoral Commission initially suggested the risks were manageable, comparing crypto to other non-traditional assets, but has since grown more skeptical. Chief executive Vijay Rangarajan told lawmakers that tracing ownership, especially across foreign wallets, is resource-intensive and often inconclusive. Campaign groups say any ban must be backed by stronger laws to block foreign money from entering British politics.

Terraform Labs founder Do Kwon has reportedly urged a U.S. federal judge to limit his prison sentence to no more than five years after pleading guilty to fraud charges tied to the $40 billion collapse of Terra-Luna. In the 23-page filing submitted to the U.S. District for the Southern District of New York, his lawyers argued that a shorter sentence would adequately address his conduct, pushing back against the government’s preferred sentence of up to 12 years.

Kwon admitted to two fraud-related counts stemming from the May 2022 failure of TerraUSD and Luna. His filing attributes the crash partly to coordinated trading by third-party firms, but acknowledges he misled investors by not disclosing a secret stabilizing agreement with Jump Trading. His attorneys say Kwon’s actions stemmed from hubris and desperation, not personal gain, and pointed to his nearly two-year detention in Montenegro. He also faces separate charges in South Korea. His sentencing is set for Dec. 11.

North Korea’s Lazarus Group is suspected of stealing roughly 44.5 billion won – about $30 million – in cryptocurrency from South Korea’s largest exchange Upbit, reported The Yonhap News Agency. Upbit disclosed previously that it detected abnormal withdrawals involving solana-based assets, halting deposits and withdrawals. The exchange first reported losses of 54 billion won before revising the figure downward. Investigators believe the attackers likely compromised or impersonated administrator accounts rather than breaching servers directly, mirroring tactics used in Upbit’s 2019 hack, which police later attributed to Lazarus.

Onchain data shows the suspected hacker has begun swapping stolen solana for USDC and bridging funds to ethereum.

Decentralized finance protocol Balancer proposed distributing about $8 million in recovered assets to users hit by a major exploit earlier this month that drained more than $128 million from its vaults.

The reimbursement plan allocates funds salvaged through external white hat interventions and internal rescue efforts. Although about $28 million was recovered overall, $19.7 million in osETH and osGNO is still under the control of liquid staking provider StakeWise.

Under the proposal, only liquidity providers in the affected pools will be reimbursed, with pro rata distributions based on Balancer Pool Token’s balances at the time of the attack. Payments will be made in kind, returning the same tokens that were rescued.

White hats who recovered around $3.86 million collectively would receive 10% bounties capped at $1 million each, provided they complete identity and compliance checks. A 180-day claim window is planned, after which unclaimed funds will require governance decisions.

Yearn Finance recovered about $2.4 million of the nearly $9 million lost in an exploit of its legacy yETH pools, the team said. A post-mortem identified an “unchecked arithmetic” flaw and other design gaps that allowed the attacker to mint an effectively infinite supply of yETH tokens. After the hyper-mint, the attacker executed a sequence of withdrawals that swapped the fake yETH for real assets. At least 1,000 ETH were sent to Tornado Cash, blockchain data showed.

Yearn said that V2 and V3 vaults were unaffected and promised that any recovered funds will be returned to impacted depositors. Working with SEAL 911, ChainSecurity and Plume, the protocol has so far reclaimed about $2.4 million worth of currency. The attacker relied on self-destructing helper contracts, a tactic often used in complex flash loan-style exploits.