FBI Fingers TraderTraitor for $308M Hack

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week’s stories include the FBI fingering TraderTraitor in a $308M hack, Bitfinex hacker Lichtenstein saying he operated alone, South Korea sanctioning North Korean hackers, Trump naming an exec director for Digital Assets Council, Craig Wright being sentenced to a year in prison and the Interpol issuing a red notice for Hex founder.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

North Korean hacker group TraderTraitor stole $308 million worth of cryptocurrency in an attack on the Japanese exchange DMM Bitcoin from May, the FBI said. The heist is linked to the Pyongyang group also known as Jade Sleet, UNC4899 and Slow Pisces. The incident caused platform disruptions, including halted account registrations and cryptocurrency withdrawals.

The attack began in late March, when a hacker posed as a recruiter on LinkedIn to target an employee at a cryptocurrency wallet software company Ginco. The attacker lured the victim with a job proposal requiring them to run malicious Python code on their GitHub page, compromising the victim’s system. TraderTraitor then infiltrated Ginco, moving laterally to DMM Bitcoin. By May, they exploited session cookies to impersonate the employee, ultimately manipulating a transaction request to steal Bitcoin worth $308 million then. TraderTraitor has targeted the blockchain sector since 2022 using fake apps and social engineering tactics.

Ilya Lichtenstein, confessed hacker behind the 2016 Bitfinex theft of 120,000 bitcoins, said on social media that he took full responsibility for the crime in what appears to be an attempt to clear his wife Heather Morgan and father Eugene Lichtenstein. In a video recorded from prison, Lichtenstein, serving a five-year sentence, stated that he planned and executed the Bitfinex heist “entirely by myself.” He dismissed allegations linking his father, an elderly, non-technical individual, to the hacking activities as baseless. Morgan, aka Razzlekhan, was sentenced to 18 months for laundering a small portion of the stolen funds but maintains her unawareness of the crime. The Bitfinex coin seizure remains the largest in U.S. history.

Lichtenstein has assisted the government in recovering over $10 billion in stolen assets, with restitution hearings slated for early next year. He also testified against Roman Sterlingov, the operator of Bitcoin Fog.

The South Korean government imposed sanctions on 15 individuals and one entity from North Korea for involvement in hacking, including cryptocurrency thefts. The individuals are linked to Bureau 313, a division under the Workers’ Party of Korea’s Machine-Building Industry Department. It oversees North Korea’s weapons and ballistic missile programs.

The South Korean Ministry of Foreign Affairs said that North Korean IT operatives disguise their identities to secure jobs with global companies in regions like China, Russia, Southeast Asia and Africa. These operatives participate in cyberattacks and funnel stolen assets back to Pyongyang. Sanctioned individual Kim Cheol-min infiltrated IT firms in the U.S. and Canada and sent substantial foreign currency to support the North Korean regime, it said. The sanctions also target a North Korean entity responsible for deploying IT personnel abroad and transferring significant funds to bolster the regime’s military efforts.

U.S. President-elect Donald Trump has named former North Carolina congressional candidate Bo Hines as executive director of a to-be-established Presidential Council of Advisers for Digital Assets, set to be headed by venture capitalist David Sacks. Hines is an advocate for blockchain technology and will collaborate with Sacks to develop regulatory frameworks and explore opportunities for integrating digital assets into the economy. Sacks has experience in tech and decentralized finance and is expected to guide the council’s efforts to foster innovation while addressing security and market stability concerns.

Craig Wright, an Australian computer scientist who falsely claimed to be Bitcoin’s pseudonymous creator Satoshi Nakamoto, received in British court a sentence of one year in prison for contempt, though the sentence is suspended for two years. The ruling follows Wright’s 900 billion pound intellectual property claim, which sparked the contempt proceedings, reported The Independent. Wright appeared via video link, refusing to disclose his location and confirming plans to appeal, reported The Guardian. A judge previously ruled that Wright was not Satoshi Nakamoto. The Crypto Open Patent Alliance had initially sued Wright in April to prevent him from asserting copyright claims over the Bitcoin whitepaper and database.

Interpol has on Finland’s request issued a red notice for Richard James Schueler, better known as Richard Heart, founder of Hex and PulseChain. The notice signals a valid national arrest warrant and could lead to extradition if Schueler is detained abroad. Finnish authorities accuse him of tax fraud amounting to “hundreds of millions of euros” and assaulting a 16-year-old. Europol’s website, where Schueler is listed as one of Europe’s most wanted criminals, outlines these allegations, including his failure to file business tax returns over multiple years and the physical assault incident involving severe injuries to the minor.

The charges come as Schueler also faces a U.S. Securities and Exchange Commission lawsuit for allegedly selling unregistered securities through his cryptocurrency ventures. Europol added Schueler to its list on Dec. 18, likely coinciding with the Red Notice’s issuance. In response, Schueler posted cryptic comments on social media, claiming optimism about his future and dismissing adversaries as powerless against his projects.