NY Man, Firm to Pay $228M in Ponzi Case

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, a Ponzi scammer ordered to pay $228 million, Google clarified Play Store rules for non-custodial wallets, Coinbase misconfigured a smart contract, GMX repayment plans, BtcTurk halted transfers, U.S. bank groups wrote lawmakers about the stablecoin law. U.S. prosecutors seized funds from an accused ransomware operator. The Federal Reserve ended its special oversight program and Hong Kong published new rules for crypto platforms.

See Also: What Manufacturing Leaders Are Learning About Cloud Security – from Google’s Frontline

A Manhattan federal judge ordered New Yorker Eddy Alexandre and his company EminiFX to pay more than $228 million after the Commodity Futures Trading Commission accused them of running a Ponzi scheme involving foreign exchange and cryptocurrency trading.

The judge granted the CFTC’s motion for summary judgment, ruling that Alexandre and his firm misappropriated investor funds. Court filings showed tens of thousands of victims collectively invested more than $262 million. Over its eight months of existence, EminiFX lost more than $49 million – at least $15 million of that attributable to Alexandre diverting investor money into personal accounts.

The judgment requires $228.6 million in restitution paid jointly by Alexandre and EiminiFX and Alexandre to personally pay $15 million in disgorgement, although his restitution payments will offset disgorgement. Alexandre also pled guilty to related criminal charges and is serving a nine-year prison sentence handed down by the U.S. Attorney’s Office in Manhattan.

Google briefly sparked confusion when a policy update suggested its Play Store might block unregistered non-custodial crypto wallets in countries including the United States and United Kingdom starting in October.

The move drew criticism from users who warned it would undercut widely used self-custody tools. Google clarified that non-custodial wallets are not covered by its Cryptocurrency Exchanges and Software Wallets Policy. The policy targets custodial services instead, meaning crypto exchanges and software wallets must comply with local laws and industry standards.

In the U.S., developers must either register with Financial Crimes Enforcement Network as a money services business and as a state money transmitter, or operate as a federally or state-chartered bank.

Coinbase lost about $300,000 in token fees after mistakenly approving transactions through the 0x Project’s “swapper” contract, a tool designed for token swaps – but not for handling approvals. Security researcher “deeberiroz” of Venn Network reported the issue, saying that Coinbase’s approvals exposed tokens including Amp, MyOneProtocol, DEXTools and Swell Network to malicious actors.

Since the swapper contract is permissionless, a waiting MEV bot quickly exploited the misconfiguration, draining the tokens from Coinbase’s fee receiver wallet into its own accounts. Coinbase Chief Security Officer Philip Martin confirmed the loss, describing it as an isolated incident linked to a change in a corporate DEX wallet. He stressed that customer funds were unaffected.

Coinbase has since revoked token allowances and transferred assets to a new wallet to prevent further misuse.

Decentralized exchange GMX has begun distributing compensation to users impacted by a July exploit of its funds pool on Arbitrum.

The $44 million payout covers affected GLP holders, combining recovered funds with $2 million from GMX’s treasury. The exploit caused $42 million in losses, and stemmed from a reentrancy vulnerability that allowed an attacker to manipulate asset-under-management calculations and withdraw excess funds. GMX negotiated with the attacker, offering a 10% white-hat bounty in exchange for returning 90% of the stolen assets. Eligible users will now receive GLV tokens as payback, and GMX is offering a $500,000 GLV incentive pool to users who hold their allocated tokens for at least three months without selling or transferring.

Turkey’s oldest cryptocurrency exchange, BtcTurk, suspended crypto deposits and withdrawals after blockchain security firm Cyvers flagged about $48 million in suspicious multi-chain transfers linked to the platform. Cyvers reported rapid movements across ethereum, avalanche, arbitrum, base, optimism, mantle and polygon, with most funds consolidated into two addresses before being swapped.

BtcTurk attributed the disruption to a “technical problem” with its hot wallets and said services would be paused until further notice, though Turkish lira trading and deposits are unaffected.

Major U.S. banking associations are calling on senators to amend the Guiding and Establishing National Innovation for U.S. Stablecoins Act, signed into law last month by President Donald Trump.

In a letter to the Senate Banking Committee, the American Bankers Association and 52 other groups warned that loopholes in the law could destabilize the financial system. Their primary concern is that the current ban on stablecoin issuers paying interest does not extend to exchanges, brokers or affiliates.

Their fear is that those platforms could exploit the gap and incentivize deposit flight from banks into yield-bearing stablecoins. Such shifts would erode the banking systems’ role in credit creation, increase borrowing costs and heighten risks during market stress, they said. The groups urged Congress to extend restrictions across the cryptocurrency ecosystem.

Coinbase legal chief Paul Grewal dismissed the claims as an effort to block competition.

The U.S. Justice Department has unsealed warrants authorizing the seizure of $2.8 million in cryptocurrency, $70,000 in cash and a luxury car from a wallet linked to alleged ransomware operator Ianis Aleksandrovich Antropenko.

Filed in Virginia, California and Texas federal courts, the warrants target assets prosecutors say were obtained through ransomware campaigns that struck individuals and organizations worldwide. Prosecutors said Antropenko stole sensitive data and demanded payments in exchange for decryption, promises not to publish the data or its deletion. Authorities allege he laundered the proceeds through multiple channels, including ChipMixer, a cryptomixing service dismantled in 2023 when its operator was charged with money laundering.

The U.S. Federal Reserve Board is winding down its year-old program for supervising banks engaged in cryptocurrency and financial technology initiatives. The agency said it had gained sufficient insight into these activities and will now fold oversight back into its regular supervisory framework.

As part of the change, the central bank is rescinding its 2023 supervisory letter that created the initiative. The Novel Activities Supervision Program launched in August 2023 aimed to enhance monitoring of banks experimenting with digital assets, distributed ledger technology and other fintech-driven partnerships, including collaborations with nonbank firms.

Hong Kong’s Securities and Futures Commission published guidance requiring licensed virtual asset trading platforms to adopt stricter custody standards for client assets. The regulator said the move follows a series of international crypto failures and a targeted review earlier this year that revealed weaknesses in local platforms’ cybersecurity defenses.

Detailed in a circular, the requirements cover senior management accountability, cold wallet infrastructure, third-party wallet oversight and real-time threat monitoring. The standards take immediate effect and will also serve as the baseline for future virtual asset custodians.