US SEC Drops Civil Case Against Binance

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, U.S. SEC dropped its civil case against Binance, Zhao; France charged 25 in crypto kidnap plot; Hackers stole $3 million in Force Bridge exploit. A Singapore court rejected Wazirx restructuring plan, and BitMEX thwarted a Lazarus Group hacking attempt.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

The U.S. Securities and Exchange Commission dismissed a civil enforcement action against Binance Holdings, its U.S. affiliates, and founder Changpeng Zhao, according to a joint stipulation filed on May 29.

The SEC said it moved for the dismissal, made with prejudice, “in the exercise of its discretion and as a policy matter.” The lawsuit, originally filed in June 2023, alleged securities violations by Binance and its executives.

French prosecutors charged 25 individuals, aged 16 to 23, in connection with a series of violent abduction attempts targeting cryptocurrency millionaires, including the family of Paymium CEO Pierre Noizat.

The investigation centers on a foiled May 13 attack in Paris, where four armed men assaulted Noizat’s daughter, her husband, and their child in broad daylight. Bystanders intervened, forcing the attackers to flee. All three victims sustained minor injuries, according to a report by Le Monde.

Authorities said the suspects were involved in multiple failed plots, including a disrupted kidnapping near Nantes. Eighteen individuals remain in pre-trial detention, while others are under judicial supervision. Most suspects were French-born, with some originally from Senegal, Angola and Russia.

Interior Minister Bruno Retailleau met with crypto executives last month to discuss increased police collaboration and protective measures amid rising threats to crypto stakeholders in France.

Hackers exploited Force Bridge, a cross-chain protocol on the Nervos Network, stealing over $3 million in crypto assets, Web3 security firm Cyvers reported.

Attackers siphoned USDT, USDC, ETH, DAI and wrapped bitcoin before converting the funds to ether and laundering them through Tornado Cash.

Singapore-based Magickbase, a core Nervos contributor, paused the bridge service and launched an investigation. The breach comes just days after Magickbase announced plans to sunset Force Bridge due to low usage and high maintenance costs.

Force Bridge aimed to connect blockchains but now highlights ongoing vulnerabilities in decentralized finance infrastructure.

The Singapore High Court rejected crypto exchange WazirX’s proposed restructuring plan, dealing a blow to the company’s recovery efforts following a $230 million exploit last year.

In a statement, WazirX said it is exploring legal options, including a possible appeal. The company said the ruling does not impact its non-liability protected assets, which remain secure.

WazirX, once a leading exchange in India, said its priority is to begin distributions to affected users and that it remains committed to legal and regulatory compliance. The breach targeted the exchange’s multisig wallet on the Ethereum network, likely using a compromised private key.

Researchers successfully blocked a social engineering attack linked to North Korea’s Lazarus Group and reverse engineered the malware involved, crypto trading platform BitMEX said.

The attack began with a LinkedIn message proposing an NFT marketplace project. A BitMEX employee, recognizing familiar Lazarus tactics, alerted the security team.

The attackers shared a GitHub repository containing JavaScript code designed to steal credentials and device data, the company said.

BitMEX researchers uncovered that the malware transmitted victim information to an exposed Supabase database, revealing details from over 850 infections. Operational security lapses by the hackers exposed a China Mobile IP address.