Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: $5M for Info on the Crypto Queen; Attacks on BtcTurk and CoinStats
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, a crypto stealer was convicted, the reward for information on the Crypto Queen was increased, BtcTurk and CoinStats suffered cyberattacks, Lazarus was blamed for the Alex Lab hack, Nigeria refuted allegations of ill treatment, there was a sentencing in the Hydrogen Technology case, Binance was fined in India, and the FBI warned of crypto scams.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Crypto Thief Who Invaded Homes Is Convicted
A U.S. court convicted Remy St. Felix, 24, of West Palm Beach, for leading an international robbery crew that kidnapped and terrorized wealthy victims to steal cryptocurrency.
St. Felix’s gang conducted several violent home invasions between September 2022 and July 2023 to steal crypto. St. Felix and an accomplice assaulted and restrained an elderly couple in April 2023 in Durham, North Carolina. Disguised as construction workers, they entered the couple’s home, restrained them with zip ties and held them at gunpoint. While holding the couple hostage, the crew remotely drained over $150,000 from the husband’s cryptocurrency wallet.
During the invasion, St Felix forced the husband to install remote access software on their home computer, enabling a third crew member to transfer the funds. The crew attempted to transfer more funds, but Coinbase blocked the fourth transaction. The complaint says the gang had prior knowledge of the victim’s Coinbase account, indicating a possible email account breach.
St. Felix was convicted of nine counts, including conspiracy, kidnapping, Hobbs Act robbery, wire fraud and brandishing a firearm in furtherance of violent crimes. He threatened extreme violence – including cutting off the husband’s toes and genitals, shooting him, and raping his wife – if the couple didn’t comply.
The gang conducted similar home invasions across North Carolina, New York, Florida and Texas, laundering stolen funds through privacy-enhanced cryptocurrencies such as monero and using platforms that bypass anti-money laundering checks. St. Felix was arrested in July 2023 while traveling to conduct a home invasion in New York. He faces a minimum of seven years to life in prison, and his sentencing is set for September 11.
US Offers $5M for Info on OneCoin Suspect
The U.S. Department of State increased to $5 million a reward offer for information leading to the arrest of Ruja Ignatova, founder of multilevel marketing network OneCoin, who has been a fugitive since 2017. Ignatova, known as the Crypto Queen, was added to the FBI’s Ten Most Wanted Fugitives list in June 2022. The previous reward for information about her was $100,000.
The FBI said that Ignatova may have had plastic surgery to alter her appearance and could be traveling with bodyguards.
Ignatova and Karl Sebastian Greenwood founded OneCoin in 2014. The federal government has described it as “one of the largest global fraud schemes in history,” and it swindles investors out of more than $4 billion. Thai authorities arrested Greenwood in 2018 and extradited him to the U.S., where he is serving a 20-year prison term that came with a $300 million fine.
Federal prosecutors charged Ignatova in 2017 with conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. She fled to Greece to evade arrest.
BtcTurk Hack
Turkish cryptocurrency exchange BtcTurk fell victim to a cyberattack that compromised funds in 10 of its hot wallets. It did not specify the amount stolen but said its cold wallets, which hold a majority of its assets, remain secure.
Blockchain sleuth ZachXBT pegged the losses at $54 million and said they were moved to exchanges such as Binance and Coinbase via THORChain and then converted to bitcoin and transferred to two separate wallets.
Binance CEO Richard Teng said that the company was assisting BtcTurk with the investigation and has already frozen over $5.3 million in stolen funds.
CoinStats Cyberattack
A cyberattack on crypto portfolio management app CoinStats affected 1,590 wallets hosted on the platform, the company said. It is unclear how much the hackers stole or what data they accessed.
The company’s co-founder said there is “significant evidence” that the attacker is North Korea’s Lazarus Group. The company’s website and app are temporarily unavailable to its 1.5 million users.
CoinStats allows users to manage investments, track real-time data, receive news updates and create hosted wallets. Users who connect external wallets for portfolio management were unaffected due to the read-only access required by the platform, but those whose wallets were hosted on CoinStats may be affected. CoinStats said the hack affected 1.3% of its hosted wallets. It listed their details in a spreadsheet and asked them to transfer the remaining funds to external wallets.
Scammers are also exploiting the aftermath of the breach by promoting fake refund programs under the official announcement, using typosquatted handles such as @CoinStals.” These scams direct users to cloned sites that drain their wallets. CoinStats has not announced an official refund program.
Alex Lab Hack Attributed to Lazarus
Bitcoin decentralized finance protocol Alex Lab said that a $4 million exploit it suffered last month is likely linked to North Korea. It identified two critical addresses, one related to the initial exploit and another connected to the Lazarus Group, tracing the flow of stolen assets. The team is collaborating with international law enforcement and cybersecurity experts to address the attack’s implications and recover the lost assets.
The exploit occurred on May 16 when compromised private keys obtained through a phishing attack allowed the hacker to drain assets from the Alex protocol. Blockchain security firm CertiK pegged the losses from the attack at $4.3 million.
Alex Lab has since facilitated communication between the Singapore police and relevant cryptocurrency exchanges to secure the stolen assets during the ongoing investigation, it said. The project said that many traced STX assets are currently frozen by the exchanges and will remain so pending police investigations. The Alex Lab Foundation will announce when the frozen funds can be returned to affected users.
Nigeria Refutes Ill Treatment of Gambaryan
U.S. lawmakers raised concerns about the Nigerian government’s treatment of Binance executive Tigran Gambaryan, who has been detained since February on money laundering and tax evasion charges. Although authorities reportedly dropped tax evasion charges earlier this month, Gambaryan remains in custody awaiting trial for money laundering. Two U.S. Congress members who recently visited him said that he is suffering from malaria and pneumonia due to poor health conditions and inadequate healthcare.
Nigerian Minister of Information and National Orientation Mohammed Idris denied the allegations and said Gambaryan has access to quality medical care and consular services from the U.S. government.
Several U.S. officials, including members of Congress and former federal prosecutors, reportedly urged the Biden administration to intervene. A letter from federal agents described Gambaryan’s detention conditions as “deplorable.” Despite this pressure, the Nigerian government stated that only the court can alter the terms of Gambaryan’s detention or direct his release. Gambaryan’s trial has reportedly been adjourned to July 1.
Sentencing in Hydrogen Technology Case
The U.S. Department of Justice announced the sentencing of two former executives of Hydrogen Technology for manipulating the price of the firm’s cryptocurrency and defrauding investors. Michael Kane, co-founder and former CEO of Hydrogen, received a sentence of three years and nine months in prison. His co-conspirator, Shane Hampton, former head of financial engineering, was sentenced to two years and eleven months.
Court documents show that Kane and Hampton hired Moonwalkers Trading Ltd., a South African firm, to manipulate the price of Hydro tokens on a U.S. cryptocurrency exchange. The manipulation involved approximately $7 million in wash trades and over $300 million in spoof trades executed through a trading bot.
The DOJ said that Hampton’s case marked the first criminal jury trial in which a cryptocurrency was deemed a security. The jury unanimously determined that the sales of Hydro tokens constituted investment contracts, classifying the token as a security under federal securities law.
Hydrogen’s platform, which started in 2018, claimed to allow users to develop applications and businesses using Hydro protocols on the Ethereum blockchain. The U.S. Securities and Exchange Commission charged Hydrogen and Kane in September 2022 with market manipulation of crypto asset securities from 2018 to 2019. In February, Hampton was convicted of conspiracy to commit securities price manipulation and wire fraud. Hydrogen was previously ordered to pay $2.8 million in fines and damages following an SEC enforcement action.
Binance Faces $2M AML Violation Penalty
India’s Financial Intelligence Unit has ordered Binance to pay a penalty of $2.25 million for violating the Prevention of Money Laundering Act. The order follows a notice issued in December 2023, which required Binance to explain why action should not be taken against it for offering services to local clients and operating within India without proper registration under the country’s anti-money laundering regulations. Binance is reportedly seeking to re-enter the Indian market after being banned by regulators in January.
FBI Warns of Theft Recovery-Themed Crypto Scams
The FBI has issued a warning about cybercriminals pretending to be law firms or lawyers offering cryptocurrency recovery services to scam victims. These fraudsters steal both funds and personal information from their targets. The latest alert comes on the heels of a similar warning from the FBI’s Internet Crime Complaint Center about the rise in fake digital asset recovery services.
Scammers convince victims of their legitimacy by claiming partnerships with government agencies such as the FBI and the Consumer Financial Protection Bureau. They also reference real financial institutions and money exchanges to build credibility. Common tactics include asking for personal or banking information, requiring upfront fees and demanding payments for back taxes or other fees.
Between February 2023 and February 2024, victims of these secondary cryptocurrency recovery scams lost over $9 million, according to IC3 data. While federal and state authorities can sometimes track and freeze stolen crypto, these services are free, and officials do not proactively ask for personal information or fees. No private entity can issue seizure orders, so any such claims are likely fraudulent.