crypto theft - Pwim.Net

Indian Woman Caught After Stealing 63.5 Bitcoins From Company She Co-Founded

Ayushi Jain, a 26-year-old Indian woman, has been arrested by police after she stole 63.5 Bitcoins worth approximately $420,000 from Bengaluru-based BitCipher Labs LLP, a company she co-founded with Ashish Singhal. Following the split up between the co-founders in December 2019, Ayushi decided to go on a looting spree and fled with the Bitcoins between January and March this year.

Irregularities witnessed

Singhal, who filed the complaint with the Indian Criminal Investigation Department (CID), acknowledged that he noted something was amiss in the hard wallet containing the Bitcoins as he holds the private keys with two others.

He stated, “Recently, we found that 63.5 Bitcoins (Rs 36,662,259) were stolen and transferred through crypto exchange SwapLab between January 11 and March 11.”

Following thorough investigations, the police found Ayushi culpable of the crime as she had transferred the Bitcoins to accounts belonging to her close friends. She was crafty as she had gained access to the hard wallet by using a passphrase, which comprises a sequence of text or words utilized in a computer system.

An investigating officer noted, “We seized a laptop which contained the history, showing how Ayushi used the passphrase and stole money in installments between January and March. She confessed to the Crime.” Following her revelation, the entire amount was recovered.

The escalation of crypto theft

This is the first case involving crypto theft in India following the landmark ruling earlier this month by the nation’s Supreme Court as it lifted the crypto ban imposed by the central bank.

Crypto theft has been rising at an alarming rate across the globe. According to a report by CipherTrace, a blockchain forensics company, the cryptocurrency sector lost a whopping $4.4 billion in scams and thefts in 2019.

Image via Shutterstock

CipherTrace Unveils Crypto Predictive Risk Model to Combat Suspicious Transactions in Wake of Twitter Scam

CipherTrace, a cryptocurrency intelligence company, has introduced a predictive risk-scoring model to instantly avert money laundering of cryptocurrencies from ransomware attacks and theft. This model will enable crypto exchanges, hedge funds, OTC desks, ATMs, financial investigators, payment processors, and custody solutions to flag down suspicious transactions based on the predictive analysis scores generated.

Mitigating Twitter-like hacks

On July 16, the world woke up to the shocking news that Twitter had been hacked as high-profile figures like Jeff Bezos, Joe Biden, Elon Musk, and Bill Gates had been hit by a massive Bitcoin Scam. Things went haywire because victims lost Bitcoin worth nearly $200,000 in a matter of hours.

CipherTrace seeks to mitigate such hacks by warning the relevant stakeholders like exchanges and payment processors of the incoming plunder as the score given will show the transactions are traveling through illegal paths.

As per the announcement:

“Real-time analytics and predictive risk scoring for cryptocurrencies enables exchanges and other Virtual Asset Service Providers (VASPs) to be able to score transactions from low to high risk based on whether the funds have been tainted by traveling through illicit paths or associated with known bad actors or sanctioned geographies.”

User privacy is not sacrificed as the company asserts that it offers the foresight without personally identifiable information being processed by the software.

Crypto user protection

Crypto fraud and theft continue causing nightmares to users. For instance, a recent report by leading blockchain tracking and analytics provider Whale Alert revealed that scammers have looted Bitcoin worth $24 million so far in 2020.

The crypto predictive risk model seeks to eradicate this by undertaking predictive analysis enabling users to freeze stolen funds. Moreover, ransomware launderers will be stopped, and this offers crypto users protection.

Dave Jevans, CipherTrace CEO, noted:

“The introduction of predictive risk scoring provides VASPs with a powerful new tool to identify potentially illicit funds before those transactions are finalized on the Bitcoin blockchain. This capability will also help VASPs offer an improved, more efficient user experience to their customers.”

This development is touted a game-changer in altering Bitcoin’s lingering reputation in the movement of illegal funds.

Australian Female Hacker Sentenced to 2 Years of Prison for $400K Ripple (XRP) Crypto Heist

Australia recorded one of its first cases of cryptocurrency theft charges recently.

First Australian to Be Charged with Crypto Theft

Australian 25-year-old Kathryn Nguyen has been arrested and sentenced to a maximum of 2 years and 3 months in prison for stealing more than 100,000 Ripple (XRP) tokens in January 2018. Along with an accomplice, Nguyen hacked a 56-year-old man’s cryptocurrency account, managing to swap the two-factor authentication of the victim onto her phone.

To store the large sum of stolen crypto, she then proceeded to transfer the assets to an overseas Chinese exchange, and traded XRP for Bitcoin. The stolen cryptocurrency was also shuffled into different digital wallets to cover the act. Nguyen and her accomplice carried out the digital heist at a time where XRP crypto was booming, and Ripple coins were worth $4 each. This translated to $400,000 in XRP for the Australian native, a hefty cryptocurrency sum.

Judge Empathizes with Hacker’s Case

To carry out the arrest, Australian law enforcers raided Nguyen’s home and seized computers, phones and money. When overlooking the case, judge Chris Craigie found it difficult to condemn the female and send her to prison for cryptocurrency fraud. According to News Corp, Craigie said that it was “a difficult and troubling decision to send Nguyen in prison and that her references reflected a generous and hardworking personality,” adding that she appeared to have acted out of character while engaging in crypto theft. It may seem as if the judge empathizes with the crypto offender’s case.

Nguyen’s parole hearing is set for October 2021. Since the cryptocurrency theft in 2018, Ripple’s pricing on the market has dropped, making the value of stolen XRP worth approximately $30,000 at the time of writing.

Cybercrime Is Relatively New in Australia

When speaking about the case to Information Age, Detective Superintendent of NSW Cybercrime Matthew Craft addressed the issue and said:

“The problem we have nationally – not just in New South Wales – is that the reporting for cyber related crimes is very low.”

Officials have had a hard time categorizing and dealing with cybercrime cases with regulatory actions, as digital theft transcends borders. Detective Craft stated that when cyber hackers are located overseas, there is “not much law enforcement can do,” as it is out of their jurisdiction.

Though cybercrime is still relatively new in Australia, the country’s Federal Government has recently flagged ongoing cyber-attack cases affecting Australian institutions in June. Australia Federal Government officials believe that China may be the culprit behind these cyber-attacks.

In response to these allegations, Chinese government has vehemently denied all claims of being involved in cyberattacks worldwide.

Malaysian Crypto Miners Caught Stealing $59,700 of Electricity from State on Monthly Basis

Malaysian police recently arrested five cryptocurrency mining operators that were caught stealing electricity from a state-owned power firm, Sarawak Energy Berhad (SEB).

Officials Crack Down on Cryptocurrency Mining Operations

During a joint inspection put together by SEB, Malaysian police and the Electrical Inspectorate Unit (EIU) – a department operating under Sarawak Ministry of Utilities – discovered the illicit activities. The operation had been running for quite a while and was reported to be coordinated from four shophouses that served as headquarters for the criminal cryptocurrency mining operators.

The SEB and the EIU spent two days cracking down on the locations, which were found to be situated in Jalan Tun Ahmad Zaidi Adruce, Jalan Pahlawan, and Jalan Tunku Abdul Rahman.

According to a report released by the Electrical Inspectorate Unit, Malaysian officials believed that the deviant crypto miners masked their operation by bypassing the energy meters installed in the power firm to measure electricity consumption. The report provided further explanations:

“It was found that unsafe direct tapping cables from the main incoming supply were hidden in the gypsum ceiling that were connected straight to the electrical appliances, bypassing the meter and avoiding actual electricity consumption measurements.”

Malaysian police reported that all 5 crypto mining premises generated RM 250,000 worth of electricity per month, which translates to roughly $59,000.

However, the add-up of the monthly electricity bills for all 5 shophouses amounted to approximately $215 per month, suggesting that the crypto mining operators were also cheating local energy meters in order to cover up their main electricity theft operation.

According to Malay Mail, the crypto operators had been conducting electricity theft for quite some time, with the EIU and SEB tracking and investigating them since 2018. Over this 2-year gap, 50 electricity theft cases originating from these crypto mining operators had been uncovered.

The cryptocurrency mining operators and their criminal cases are currently pending prosecution by Sarawak State Attorney-General’s Chambers.

Illegal Crypto Mining Farm in Kyrgyzstan

Recently, another illegal cryptocurrency mining farm trying to gain electricity supply through illicit means was also uncovered.

This mining operation was discovered to be run in Kyrgyzstan, on the territory of Bishkek Free Economic Zone. The mining farm was set up there purposely to take advantage of the cheap electricity offered by the country.

US Army Reveals That North Korea Has A Legion of 6,000 Hackers Working for the Nation

In a recent tactical report, the US Army unveiled that North Korea possessed a number of government-based divisions assigned to cryptocurrency and crypto cybercrimes.

US Discloses North Korean Tactics

The report released by the US Army is dubbed North Korean Tactics. In the legal document, it indicated that hackers working for the Asian country did not necessarily launch cyberattacks directly from North Korea. The reason is due to a lack of information technology (IT) infrastructure on North Korea’s part. Due to this lack of digital power, the country is unable to deploy massive campaigns.

In the report, the US Army revealed that North Korea currently had more than 6,000 hackers throughout the world working for them. Countries with North Korea-based hackers include Belarus, China, India, Malaysia, and Russia, to name a few. Bureau 121, which constitutes the cyber warfare directing unit of North Korea, currently has four active subdivision operations that it is managing and operating under its entity are at least 6,000 hackers.

North Korean Tactics report details that criminal activity is rampant in any country, and so naturally, alliances between North Korea and South Korea are at times formed for the mutual purpose of combatting crime.

However, in Chapter 3 of the report, US officials described what constituted a criminal organization in detail. In the conclusion of that section, it indicated that according to standardized definitions, the North Korean Government operating under Kim Jong Un “could be considered a criminal network.” The report read:

“Criminal organizations […] protects its activities through patterns of corruption, coercion, or violence. These networks can range within a local community, national/regional areas, or international/transnational activities. Due to the illegal activities that are sanctioned by Kim Jong Un, the North Korean Government could be considered a criminal network. The Kim regime is involved in drug trade, counterfeiting, human trafficking, and cybercrime.”

Goal to End North Korea Criminal Operations

The US has long been active in trying to put an end to North Korea’s widespread cryptocurrency-driven cybercrime campaigns. Earlier in April, the US had published another report outlining the North Korean regime’s attacks dating back to 2017. Enclosed in the list were guidelines on how to counter the cybercrime attacks driven by North Korea.

Hackers Steal $500,000 Worth of Tokens from Arbitrum Airdrop

Hackers have managed to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop. The theft was carried out through the use of vanity addresses, customized cryptocurrency addresses that contain specific words or phrases chosen by the user to make them more personal and identifiable. While vanity addresses offer a level of personalization and identification, their safety is questionable, as they can compromise the security of users’ private keys.

The hacker compiled vanity addresses that were eligible to receive ARB tokens and generated similar addresses using vanity address generators. This allowed them to redirect the airdropped tokens to their own addresses, making it impossible for the original owners to claim their ARB tokens. Several crypto users have expressed sadness about their stolen ARB tokens, with many being unaware of the reason behind the loss and having no idea what to do about it.

Creating a vanity address requires using special software or services that could potentially compromise the security of users’ private keys. Hackers who gain access to the private key could steal any crypto assets tied to that address. This is not the first time scammers have compromised vanity addresses in the crypto space. In January, MetaMask warned crypto users about address poisoning.

Arbitrum’s token giveaway caused a lot of excitement and overwhelmed several websites. However, according to the blockchain analytics platform Nansen, 428 million ARB tokens are still available to claim. As of late Thursday, March 22, around 240,000 addresses had not yet claimed governance tokens, even though 61% of eligible crypto wallets had already done so. The 428 million unclaimed tokens, worth nearly $596 million as of publication time, represent 37% of the total 1.1 billion ARB allocated for Arbitrum’s airdrop.

It is important to note that the use of vanity addresses to claim crypto assets is not a secure practice. Vanity addresses require the use of special software or services that can compromise the security of users’ private keys, making them vulnerable to hackers. Therefore, crypto users should exercise caution when using vanity addresses and prioritize the security of their private keys.

Unidentified Exploit Steals Over $10.5 Million in NFTs and Coins

Since December 2022, an unidentified exploit has drained more than $10.5 million in non-fungible tokens (NFTs) and coins from experienced members of the crypto community who believed they were “reasonably secure.” The alarming incident was first brought to light by MetaMask developer Taylor Monahan, who revealed that over 5,000 Ether (ETH) had been stolen. However, the extent of the losses is yet to be determined. Monahan also cautioned that no one knows how the exploit works yet.

What is particularly worrying about this exploit is that it does not target crypto newbies but rather those who are experienced in safeguarding their digital assets. As Monahan noted, the exploit is not like the usual phishing attempts or random scammers. It targets those who are “crypto native,” with multiple addresses and work within the space. Some of the known commonalities about the exploit are that it targets keys that were created from 2014 to 2022.

To safeguard their digital assets, Monahan advised crypto veterans to use a hardware wallet or migrate their funds. Those who have their assets in a single private key are especially vulnerable and should consider splitting up their assets or getting a hardware wallet. Community member Jacky Goh echoed this sentiment, stating that the unknown hack is yet another reminder to use a hardware wallet. Goh recommended moving assets worth more than $1,000 for more than a week to a hardware wallet, which can save one in the long run.

The crypto community has been grappling with cybersecurity threats, with data published by cybersecurity and anti-virus provider Kaspersky indicating that it detected over 5 million crypto phishing attacks in 2022 alone. This marks a 40% year-on-year increase compared to 2021 when the company detected around 3.5 million attacks. The rise in cyberattacks targeting the crypto community highlights the need for robust cybersecurity measures.

Moreover, the exploit highlights the need for greater awareness and education around digital asset protection. While many crypto veterans are well-versed in securing their digital assets, it is essential to stay up to date with emerging threats and vulnerabilities. The fast-paced and rapidly evolving nature of the crypto space means that vigilance is essential. By keeping a close eye on one’s digital assets and using best practices for digital asset security, one can reduce the risk of falling victim to cyberattacks.

In conclusion, the recent exploit that has stolen over $10.5 million in NFTs and coins serves as a sobering reminder of the importance of robust cybersecurity measures for crypto assets. The crypto community must remain vigilant and educate themselves on emerging threats to safeguard their digital assets effectively. By adopting best practices and staying up to date with the latest cybersecurity trends, crypto veterans can protect their assets from theft and loss.