bounty - Pwim.Net

US Government Offers $5 Million Reward for the Arrest of Venezuela’s Head of Petro Cryptocurrency

US Immigration and Customs Enforcement (ICE), a division of the Department of Homeland Security, has added Joselit Ramirez to its most wanted person’s list. Ramirez is a public official and currently he is Venezuela’s superintendent of cryptocurrency Petro, the country’s oil-backed cryptocurrency.

Unresolved case

The report shows that Ramirez is wanted by the US government over allegations of corruption, links to the narcotics trade, and other crimes. The ICE accuses him for multiple violations associated with international commerce and his alleged involvement in the international drug trafficking scene.

The ICE wants the superintendent for violation of the Kingpin Act, the International Emergency Economic Powers Act, and for breaking multiple sanctions imposed by the US Treasury Department’s Office of Foreign Asset Control (OFAC).

Now, the US government is offering a $5 million reward to anyone who can provide information leading to the conviction or arrest of Ramirez. The ICE says that Ramirez has deep economic, social, and political ties to numerous alleged narcotics kingpins. Ramirez is also wanted for sanction evasion and money laundering.

The move comes the same day when Venezuela’s government has started accepting the similar sanctioned Petro crypto for gasoline purchases. Last week, Venezuela obtained many shipments of gasoline from Iran, evading sanctions imposed by the US.

Ramirez has been serving as the head of Venezuela’s cryptocurrency agency since June 2018. Carlos Vargas was his predecessor, an opposition leader, and a famous congressman who later worked with the Nicolas Maduro administration during the development of the Petro.

In March 2020, the district attorney of New York, Geoffrey Barman, accused Ramirez of being part of a corrupt group of high-profile Venezuela officials, including President Nicolas Madura, for running a narco-terrorism partnership that aims to flood the US with cocaine so that to undermine the wellbeing and health of the United States.

Venezuela journalist Marbellis posted a photo of Ramirez on twitter in which he seemed to be working from his office and apparently appeared unaffected by the ICE announcement.

If Ramirez is arrested, then he will be sent to the United States and tried in the Southern District of New York.

Venezuelans to bypass hyperinflation with Bitcoin-backed synthetic US Dollars after years of extreme economic crisis

Venezuela launched its Petro cryptocurrency backed by mineral reserves and oil in 2018 as the nation was facing harsh sanctions imposed by the US and seeing a plummeting Venezuela currency (Bolivar).

The controversial Venezuelan government has even forced its citizens to use Petro. The nation recently announced that all petrol stations across the nation will sell fuel at reduced prices in exchange for Petro cryptocurrency from customers. But the cryptocurrency was not supported or embraced wholeheartedly by the global community. Even local investors are skeptical about Petro cryptocurrency.

However, the Venezuelan government is trying to develop its own mainstream digital currencies to revive its failing economy. Last year, the government initiated a testing initiative to examine whether it can hold cryptocurrencies in its national reserves.

Image via Shutterstock

Bitfinex Launches $400 Million Bounty Hunt for 2016 Hackers Who Stole $1.3 Billion in BTC

Bitfinex has launched a 400 million dollar bounty hunt in search of the hackers responsible for the theft of nearly 120,000 Bitcoins from the global exchange in 2016.

Bitfinex is offering a 400 million dollar reward to anyone that can lead them to the hackers responsible for the theft of the 120,000 Bitcoins, now valued at over $1.3 billion. The global exchange is also offering a reward to the hackers themselves for the return of the stolen Bitcoin.

According to the Bitfinex blog on Aug 4, the hack that defrauded the exchange of 120,000 Bitcoins in 2016 is a “dark chapter” in the history of the exchange and the bounty reward is evidence of their determination to obtain the stolen Bitcoin. The reward of up to $400 million would equate roughly one-third of the Bitcoin’s value at the time of writing.

Aggregate Bitcoin Bounty Hunt

On August 2, 2016, hackers breached Bitfinex’s security systems. Subsequently, 2,072 unauthorized transactions (representing 119,755 BTC in aggregate) were broadcast on the Bitcoin network, resulting in the loss.

The Bitfinex Bitcoin bounty reward can be paid out to informants and hackers returning the stolen cryptocurrency in aggregate.

According to the blog post:

“Those who put Bitfinex in contact with the hacker will receive 5% of the total property recovered (or equivalent funds or assets at current market values), and the hackers will receive 25% of the total property recovered (or equivalent funds or assets at current market values). Any payments made to those connecting Bitfinex with the hackers and the hackers themselves will be classified as costs of recovery of the stolen property.”

Through the aggregate rewards recovery program, the total reward could be worth up to US$400 million at the current BTC price if all bitcoins were to be fully recovered.

“We will reward anyone with information that can put us in direct contact with those responsible for the 2016 security breach at Bitfinex,” said Paolo Ardoino, CTO at Bitfinex. “The hackers will receive a share of the returned property.”

Twitter Hack Demonstrates Danger For Digital Assets

The official post also cited the recent Twitter hack as an example that hacks and cybercrime continue to be a threat for all cryptocurrency and digital asset businesses in the as well as wider technology sphere. No-one in our community can afford to be complacent about the ingenuity of criminal gangs to perpetuate new types of fraud.

“As the recent hack of Twitter demonstrates, the threat posed by maliferous hackers remains,” said Ardoino. “We urge all exchanges, investors, and stakeholders in the space to remain vigilant and to work together to counter the threat that hackers pose to the digital asset industry.”

Since the 2016 Bitfinex hack, the exchange has made security its number one priority and continued to work with law enforcement agents in investigating the security breach. In February 2019, US authorities recovered 27.66270285 bitcoins stolen in the 2016 hack, which were converted to US dollars and paid to RRT (Recovery Right Token) Holders.

DeFi Protocol Harvest Finance Put Out $100K Bounty After $24M Attack, FARM Token Crashes

Harvest Finance is taking the offensive against an alleged attacker who exploited the DeFi protocol’s stablecoin and BTC liquidity pools—putting a $100K bounty on the “well-known” crypto community member.

Major decentralized finance (DeFi) protocol, Harvest Finance has announced a $100,000 bounty on the hacker who reportedly exploited around $24 million dollars from its liquidity pools earlier today—swapping them for renBTC (rBTC).

A tweet from Harvest Finance today Oct.26, reports that there is already a significant amount of data that could be used to identify the attacker and alleges he is “well-known” to the crypto community.

The tweet reads:

“In addition to the BTC addresses which hold the funds, there is now a significant amount of personally identifiable information on the attacker, who is well-known in the crypto community. We are putting out a 100k bounty for the first person or team to reach out to the attacker.”

Harvest Finance had confirmed the attack in another tweet only hours earlier, claiming that the “economic attack” had targeted the DeFi protocol’s stablecoin and BTC pools and they were actively working to mitigate the attack.

Soon after, Harvest Finance reported that the attacker sent back “$2,478,549.94 to the deployer in the form of USDT and USDC” which they will distribute to the affected depositors pro-rata using a snapshot.

At this point, Harvest Finance is only leveraging the $100K bounty to get someone to reach out and “help the attacker return the funds to the deployer address” and is not interested in “doxxing the attacker” claiming the perpetrator’s skill and ingenuity is respected.

According to data from DeFi Pulse, since the attack the total value locked in Harvest Finance’s DeFi protocol has plunged from over $1 Billion on Oct.25 to $570 million at time of writing.

The FARM token price crashed and is now down around 40% and trading at $140.89 at time of publication.

Transit Finance Convinces Hacker to Return $2m to Protocol

Earlier this month, Transit Finance, a Decentralized Finance (DeFi) protocol, unveiled it was hacked for $21 million, marking the sheet as one of the latest protocols to suffer exploitation this year.

In an unusual turn of events, the protocol has come out to announce that from its conversation with the biggest hacker, there is an agreement to return a significant portion of the funds.

With Transit Finance ready to take the hacking event as a White Hat, the protocol said its main hacker would return 6,500 BNB in the first tranche and return another 3,500 BNB when the protocol has come through with the payment reward promised.

“After friendly communication with white hat #1 (the biggest hacker), we have both reached a consensus. White hat #1 stated that he would refund the users’ 6,500BNB as soon as possible today and promised to refund another 3,500BNB when TransitFinance Official initiates the second phase of refunds. Ultimately white hat #1 will keep 2,500 BNB as a bounty for this event,” the protocol said in a Monday announcement. “TransitFinance Official expresses its gratitude to white hat #1 for the refund and promises that if white hat #1 returns the remaining 3500BNB as agreed, TransitFinance Official will no longer hold him any legal responsibility.”

The DeFi protocol said it has filed for legal proceedings, and while it will make good on its promise not to launch a lawsuit against Whitehat #1, the protocol said it would not hesitate if other hackers do not return the funds stolen.

Relying on whitehat-hinged refunds is not something that is uncommon and was made popular when the hacker who stole over $610 million from the interoperability network Poly Network returned the complete funds stolen last year.

When Poly Whitehat refunded the cash stolen, many protocols started appealing to the hackers, and a few, like Transit Finance, has recorded success in their moves.

Hacker moves stolen funds after bounty launch

A hacker responsible for a $196 million attack on Euler Finance has moved some of the stolen funds into the crypto mixer Tornado Cash, just hours after a $1 million bounty was launched to identify the perpetrator. The attack, carried out through a flash loan on the Ethereum noncustodial lending protocol, resulted in the theft of a range of cryptocurrencies including Dai, USD Coin, staked ETH and wrapped Bitcoin. Blockchain analytics firm PeckShield reported on Twitter that the hacker had transferred 1,000 ETH, equivalent to around $1.65 million, via the sanctioned mixer. Euler Labs had previously sent a message to the attacker’s address warning of the bounty and offering amnesty if 90% of the funds were returned within 24 hours. However, the hacker’s movement of funds suggests that they are not swayed by this offer.

Victims of the attack have been appealing for the return of their funds, with one message on the blockchain claiming that a group of 26 families from jobless rural areas had lost a total of $1 million in the attack. Another message was sent by an apparent victim who congratulated the hacker on their “big win”, but begged for help as they had invested funds they “desperately needed” for a house. “My wife is going to kill me if we can’t afford our house. Is there anyway you can help me? I have no idea what to tell my wife,” they wrote.

The hacker’s use of a crypto mixer is a common tactic for obscuring the source of funds, and is likely to make it harder for authorities to identify them. However, the blockchain trail may still provide some clues, and the bounty may encourage individuals to come forward with information. The incident highlights the risks associated with DeFi and the importance of robust security measures.

Sentiment Recovers Stolen Funds with Bounty

Lending protocol A recent hacking incident using Sentiment resulted in the perpetrator stealing close to one million dollars. However, because to a reward of $95,000 that was offered to the hacker, the protocol was successful in recovering the stolen cash. Through the use of the Arbitrum blockchain, Sentiment spoke with the hacker, imploring them to “do the right thing” and restore the cash by April 6 at the latest. In addition, the policy guaranteed the same payment to anybody who was able to assist in determining who was responsible for the crime and bringing them to justice.

After monitoring the situation, the creator of MetaMask, Taylor Monahan, made the announcement that the hacker had returned 414 ether, which is equivalent to around $771,000 at the current exchange rate. After some time had passed, the hacker sent a further 51.75 ETH to the recovery address provided by Sentiment. The protocol said unequivocally that it had been successful in acquiring the monies and that the problem had been fixed.

On April 4, a hack was carried out, and it is thought that it was carried out as a consequence of a re-entry assault or a flaw. As was stated by a few members of the community, this episode underscores how critically important it is for businesses to take bug bounties seriously. Even one of the members gave the hacker kudos for “taking it by force” with their efforts. On the other hand, a different user of Twitter voiced their disapproval of the event, labeling it as “a bug bounty with a criminal step,” and asking businesses to provide greater and more open bug bounties.

Comparisons have been made between this attack and the recent one that occurred at Euler Finance, in which the Ethereum protocol awarded a reward to a hacker who returned almost 90% of the assets that had been taken. The hacker returned over 176.4 million dollars in digital assets while keeping roughly $20 million for themselves. Because of this occurrence, the significance of bug bounties as a method for resolving vulnerabilities in protocols for decentralized financial transactions has been further highlighted.

It is very necessary for businesses to take bug bounties seriously and provide awards that encourage ethical conduct in their employees. The usefulness of this strategy was recently shown by the fact that Sentiment was successful in regaining its data. Moving ahead, it is probable that other organizations will adopt similar tactics to manage possible security breaches in their systems. This will increase the likelihood that these breaches will occur.

HTX Hacker Returns Stolen Ether, Rewarded with Bounty

Huobi Global’s cryptocurrency exchange HTX encountered a significant security breach on September 25, when one of its hot wallets was compromised and drained of 5,000 Ether (ETH), which was valued at approximately $8 million at the time. This incident was part of a broader trend of increasing security breaches within the cryptocurrency and Web3 spaces during the third quarter of 2023. However, the narrative took a positive turn on October 7, when the hacker returned the stolen funds. Following this action, HTX issued a 250 ETH whitehat bounty to the individual, which, with an exchange rate of $1,621 per ETH, is valued at around $410,000.

The Bounty Offer

In the aftermath of the hack, HTX promptly initiated communication with the hacker. The exchange claimed to be aware of the individual’s identity and proceeded to offer a 5% bounty of the stolen funds, which equates to around $400,000, under the condition that 95% of the stolen funds were returned before a set deadline of October 2. Additionally, it was agreed that HTX would abstain from pursuing any legal action against the hacker if the stipulated conditions were met, thus providing an incentive for the hacker to return the stolen assets.

The return of the stolen funds and the subsequent bounty reward were publicly acknowledged by Justin Sun, Huobi Global owner, on October 7 through a post on X (formerly Twitter). Sun expressed that “The hacker made the right choice. We would like to express our gratitude to everyone in the industry for their help!” He also underlined the persistent endeavor to bolster blockchain security and ensure the protection of user assets, a task that he described as never easy but crucial for the industry. His acknowledgment was echoed across the community, emphasizing the collaborative nature of blockchain security endeavors and the importance of community support in overcoming such security challenges.

The incident with HTX is a part of a larger hacking landscape that has seen a significant uptick in the third quarter of 2023. A recent report from blockchain security platform Immunefi highlighted a sharp rise in the number of hacking incidents, with 76 reported hacks in Q3 2023 as compared to 30 in Q3 2022. The same week HTX was targeted, another notable project, the decentralized cross-chain protocol Mixin Network, also suffered a security breach. Attackers exploited a vulnerability associated with a third-party cloud service provider and managed to siphon off around $200 million. These incidents underscore the pressing need for enhanced security measures within the rapidly evolving crypto and Web3 spaces, and the HTX incident serves as a unique case of community and hacker collaboration towards a resolution.