{"id":14368,"date":"2024-06-15T07:00:00","date_gmt":"2024-06-15T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-highlights-crypto-scams-arrests-and-ransomware-warnings\/"},"modified":"2024-06-15T07:00:00","modified_gmt":"2024-06-15T04:00:00","slug":"cybersecurity-highlights-crypto-scams-arrests-and-ransomware-warnings","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-highlights-crypto-scams-arrests-and-ransomware-warnings\/","title":{"rendered":"Cybersecurity Highlights: Crypto Scams, Arrests, and Ransomware Warnings"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>An old nickname of an a16z employee was used to steal $245,000 in cryptocurrencies.<\/li>\n<li>A suspected developer of ransomware for Conti and LockBit was arrested in Kyiv.<\/li>\n<li>Crypto scams involving ENS domains were discovered in Russia.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Empire Market Darknet Marketplace Owners Face Multiple Charges<\/strong><\/h2>\n<p>Federal prosecutors in Chicago <a href=\"https:\/\/www.justice.gov\/usao-ndil\/pr\/owners-empire-market-charged-chicago-operating-430-million-dark-web-marketplace\">charged<\/a> Thomas Peavy and Rahaim Hamilton, alleged owners of the Empire Market darknet marketplace with a turnover of $430 million.<\/p>\n<p>According to the case materials, from 2018 to 2020, the defendants sold drugs, stolen information, counterfeit currency, and malicious computer programs through the platform. They received payments in cryptocurrencies and conducted over 4 million transactions during their operation.<\/p>\n<p>They are accused of conspiracy to engage in illegal drug trafficking, computer fraud, money laundering, and counterfeiting. Authorities seized cash, precious metals, and digital assets worth over $75 million from the accused.<\/p>\n<p>Previously, Peavy and Hamilton were charged with selling counterfeit currency on the AlphaBay darknet marketplace.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Old Nickname of a16z Employee Used to Steal $245,000 in Cryptocurrencies<\/strong><\/h2>\n<p>An unknown perpetrator stole funds in Ethereum and LinqAI totaling $245,000 by impersonating an employee of the American venture company Andreessen Horowitz (a16z). This was reported by on-chain researcher <a href=\"https:\/\/x.com\/zachxbt\">ZachXBT<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ Here is an overview of one of the better executed scams I have seen in recent times so I figured I would share with the community as a cautionary tale.<\/p>\n<p>A few weeks ago I received a DM from a follower who lost $245K after accidentally downloading malware onto their computer. <a href=\"https:\/\/t.co\/gVQEO52XOU\">pic.twitter.com\/gVQEO52XOU<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1800906884666528071?ref_src=twsrc%5Etfw\">June 12, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The victim was invited to participate in a joint podcast supposedly on behalf of a16z representative Peter Lauten. The scammer exploited the fact that the real Lauten had recently changed his nickname in X from &#8220;peter_lauten&#8221; to &#8220;lauten,&#8221; but the company&#8217;s official account still mentioned the old name.<\/p>\n<p>The victim did not notice the deception and downloaded the Vortax application sent by the hacker, which was malware. Once on the computer, it transferred all cryptocurrency assets to the scammer&#8217;s wallets. The funds were later moved to several exchanges.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Suspected Developer of Ransomware for Conti and LockBit Arrested in Kyiv<\/strong><\/h2>\n<p>Ukraine&#8217;s Cyber Police <a href=\"https:\/\/cyberpolice.gov.ua\/news\/atakuvaly-providne-pidpryyemstvo-u-niderlandax-ta-belgiyi-policzejski-vykryly-posobnyka-rosijskyx-xakeriv-4010\/\">reported<\/a> the arrest of a 28-year-old Kyiv resident suspected of collaborating with the Conti and LockBit ransomware groups and conducting at least one attack on a Dutch multinational corporation.<\/p>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/be5XS4RUai4?si=f90nCqwOCX88W-Ew\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>According to the investigation, the detainee developed special ransomware for hackers to make it difficult to detect their malware on victims&#8217; computers.<\/p>\n<p>Additionally, the Dutch police <a href=\"https:\/\/www.politie.nl\/nieuws\/2024\/juni\/5\/verdachte-ransomware-opgepakt.html\">confirmed<\/a> at least one instance of the suspect organizing an attack using Conti payload in 2021.<\/p>\n<p>During searches in Kyiv and the Kharkiv region, computer equipment, mobile phones, and handwritten notes were seized.<\/p>\n<p>The developer is charged with unauthorized interference in information systems. He faces up to 15 years in prison. The investigation continues.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Crypto Scams Involving ENS Domains Discovered in Russia<\/strong><\/h2>\n<p>Experts from F.A.C.C.T. <a href=\"https:\/\/t.me\/F_A_C_C_T\/3235\">warned<\/a> cryptocurrency holders in Russia about a new fraudulent scheme involving ENS domains.<\/p>\n<p>The victim is contacted under the pretext of selling digital assets for further investment in precious metals. To gain trust, scammers may organize a video call demonstrating fake documents.<\/p>\n<p>Then, supposedly to verify the assets&#8217; legitimacy, the victim is persuaded to transfer cryptocurrency to an address owned by the scammers, ending with &#8220;.eth&#8221;.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/docsz\/AD_4nXfzZDzXosR-W2w6qfunnrLBFXCirOpb7giybEwOcvlhtXJGmQBakYqu53gzxxag0XpQd1jR2IXnRYQuYfSCCi8_m6c8bQSSVGoz7XKrJuHVRaYqTYytjFzU9zvBHMukV6YNGw_WJFsiOYrh1Kb3n9d_i15J?key=6jOgTC-ZJ84-E95Z-Vf-2w\" alt=\"Cybersecurity Highlights: Crypto Scams, Arrests, and Ransomware Warnings\"\/><figcaption class=\"wp-element-caption\">ENS domains registered using the scammer&#8217;s address. Data: F.A.C.C.T.<\/figcaption><\/figure>\n<p>The amount received during the &#8220;test&#8221; transaction is manually returned to the sender by the scammers. However, after full payment for &#8220;services,&#8221; they disappear with the assets.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Singapore Authorities Warn Local Companies of Bitcoin Ransomware Surge<\/strong><\/h2>\n<p>Singaporean enterprises are increasingly falling victim to the Akira ransomware program. The local Cybersecurity Agency listed ways to detect, contain, and neutralize these attacks.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">It highlights the observed Tactics, Techniques and Procedures (TTPs) employed by Akira threat group to compromise their victims\u2019 networks and provides some recommended measures for organisations to mitigate the threat posed.<\/p>\n<p>\u2014 CSA (@CSAsingapore) <a href=\"https:\/\/twitter.com\/CSAsingapore\/status\/1799304478434472418?ref_src=twsrc%5Etfw\">June 8, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Typically, Akira operators demand cryptocurrency payments for restoring affected computer systems. However, authorities have urged businesses to ignore these demands and immediately report such incidents.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/docsz\/AD_4nXdKL4443Uy31DKNb7lJEeO6Drn7Av5dz7bt5unFKN7sxFRTVjz0xkXWy-YqUJGAtGt-FEHXvWTZFWFB3ZmWb5n98liO6vjT2IRyF5TdRXoVc_Vp4FTx-VpAm9PW8bczuZHfz7xfzN3oQePNG63UVF7RX8Mn?key=6jOgTC-ZJ84-E95Z-Vf-2w\" alt=\"Cybersecurity Highlights: Crypto Scams, Arrests, and Ransomware Warnings\"\/><figcaption class=\"wp-element-caption\">Message from hackers. Data: Singapore Police.<\/figcaption><\/figure>\n<p>Paying the ransom not only fails to guarantee data decryption but also encourages perpetrators to conduct repeat attacks.<\/p>\n<p>Over the past year, Akira operators have stolen $42 million from more than 250 organizations in North America, Europe, and Australia.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Series of hacks: attack on Holograph, fake exchange, and reward from UwU Lend.<\/li>\n<li>Researchers found security setting flaws in OKX. The exchange commented on the situation.<\/li>\n<li>UwU Lend protocol hacked twice in a week for $24 million.<\/li>\n<li>Several Solana validators excluded for participating in &#8220;sandwich attacks.&#8221; Most turned out to be Russians.<\/li>\n<li>Crypto exchange Lykke halted operations after a $22 million hack.<\/li>\n<li>Orbit hacker sent $32 million in assets to Tornado Cash.<\/li>\n<li>Gemholic project from the zkSync ecosystem accused of a $3.4 million rug pull.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to Read Over the Weekend?<\/strong><\/h2>\n<p>In the &#8220;Cryptorium&#8221; section, we explain how to recognize a <span data-descr=\"the practice of inflating the value of a created token in a liquidity pool followed by a sharp withdrawal of funds; subsequently, other pool participants are left with devalued assets\" class=\"old_tooltip\">rug pull<\/span> and avoid falling victim to it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. An old nickname of an a16z employee was used to steal $245,000 in cryptocurrencies. A suspected developer of ransomware for Conti and LockBit was arrested in Kyiv. Crypto scams involving ENS domains were discovered in Russia. Empire Market Darknet Marketplace Owners Face Multiple Charges [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14367,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-14368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"12","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/14368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=14368"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/14368\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/14367"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=14368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=14368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=14368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}