Lưu trữ cho từ khóa: crypto scam

Bitcoin

Did Jump Trading just ‘Fracture’ the trust of the entire crypto industry?

Để lại phản hồi
Did Jump Trading just ‘Fracture’ the trust of the entire crypto industry?

Is Jump Trading responsible for the collapse of DIO tokens? How did a market maker supposedly take advantage of a partnership with Fracture Labs to pocket millions and leave chaos behind?

Jump Trading, a prominent name in the crypto trading space, is now entangled in a legal battle. Fracture Labs, the creators of the blockchain-based game Decimated, has sued Jump, accusing the firm of executing a “pump and dump” scheme.

At the heart of the lawsuit, Fracture Labs claims Jump Trading exploited its role as a market maker to inflate the value of its DIO gaming token artificially. Once the price peaked, Jump allegedly sold off its holdings, triggering a sharp price decline.

How does a collaboration designed to promote a token’s success devolve into allegations of fraud and manipulation? Let’s break down the sequence of events leading up to the lawsuit and why it has drawn so much attention.

What happened between Jump Trading and Fracture Labs?

On Oct. 15, Fracture Labs filed a lawsuit against Jump Trading in an Illinois district court, accusing the firm of breaching their agreement and manipulating the DIO token.

To fully grasp the situation, we need to revisit 2021. During this time, Fracture Labs had just launched its DIO token to support its blockchain game, Decimated, and entered a partnership with Jump Trading to facilitate the token’s market introduction.

Jump Trading agreed to serve as a market maker—a role that involves providing liquidity to ensure smooth trading and price stability for the token. Market makers typically buy and sell assets to maintain balanced trading conditions, especially for newly launched tokens like DIO.

As part of the arrangement, Fracture Labs loaned 10 million DIO tokens to Jump, valued at approximately $500,000 at the time. The expectation was that Jump would assist in the token’s debut on the crypto exchange Huobi (HT), now known as HTX.

In addition to the loaned tokens, Fracture Labs sent 6 million more tokens directly to HTX, worth about $300,000, as part of its broader marketing campaign. With these preparations in place, everything seemed primed for a successful launch.

HTX played its part by heavily promoting the DIO token and leveraging influencers and social media campaigns to boost its visibility.

The strategy appeared successful — perhaps overly so. The price of DIO surged to $0.98, dramatically raising the value of Jump’s 10 million DIO holdings from $500,000 to a staggering $9.8 million in a short period.

For Jump Trading, this price surge represented an enormous windfall. The 10 million tokens they had borrowed were suddenly worth nearly $10 million. However, what followed is where the allegations of manipulation arise.

Fracture Labs alleges that Jump Trading saw the soaring price as a profit-making opportunity. Instead of continuing to provide liquidity and stabilize the token, Jump allegedly began selling off its DIO holdings in large quantities.

This mass sell-off caused a steep drop in DIO’s value, plummeting from nearly a dollar to just $0.005—a dramatic collapse that decimated the token’s worth.

The lawsuit further claims that after selling the tokens at their peak, Jump repurchased the devalued DIO tokens for just $53,000. This allowed Jump to return the 10 million tokens it had borrowed, fulfilling its obligation to Fracture Labs, all while pocketing millions in profit.

The collapse of DIO’s price had devastating consequences for Fracture Labs. According to the lawsuit, the sudden and severe drop in value crippled the company’s ability to attract new investors or sustain interest in the DIO token.

Adding to their troubles, Fracture Labs had deposited 1.5 million Tether (USDT) into an HTX holding account as a safeguard against accusations of market manipulation. This deposit was intended to reassure the market that Fracture Labs would not manipulate DIO’s price during its first 180 days of trading.

However, due to the extreme price volatility that Fracture Labs claims were triggered by Jump Trading’s actions, HTX allegedly refused to return most of the USDT deposit. This left Fracture Labs with not only a devalued token but also a substantial financial loss from their USDT deposit.

Fracture Labs is now accusing Jump Trading of fraud, civil conspiracy, breach of contract, and breach of fiduciary duty. They assert that Jump Trading abused the trust placed in them as a market maker, using their privileged position to manipulate DIO’s price for personal gain.

The lawsuit seeks damages, the return of the profits that Jump allegedly made from the scheme, and a jury trial to settle the matter. Interestingly, HTX is not named as a defendant in the lawsuit.

Jump Trading’s troubled past

The controversy surrounding Jump Trading is not new, as the firm has been under regulatory scrutiny multiple times in recent years.

In fact, both Jump Trading and its crypto arm, Jump Crypto, have faced several legal and regulatory challenges, raising concerns about their operations in the crypto market.

One of the more prominent cases surfaced in November 2023, when Jump Crypto’s involvement came under the spotlight in the U.S. Securities and Exchange Commission’s lawsuit against Terraform Labs.

The lawsuit, originally filed in February 2023, alleged that Terraform Labs and its former CEO, Do Kwon, engaged in fraudulent activities and sold unregistered securities, focusing on their failed algorithmic stablecoin, TerraUSD (UST).

The collapse of UST in May 2022 led to billions of dollars in losses and significant turmoil across the broader crypto market.

According to the SEC, when UST first began losing its dollar peg in 2021, Terraform Labs collaborated with Jump Crypto to artificially boost the stablecoin’s value. 

The regulator claimed that Jump Crypto purchased large amounts of UST to restore its price, temporarily stabilizing the asset. However, when UST experienced its final collapse in May 2022, no similar intervention took place.

Terraform Labs, however, denied these claims, stating that Jump Crypto’s actions had no bearing on UST’s earlier recovery.

In April 2024, Terraform Labs reached a settlement with the SEC, agreeing to pay $4.47 billion after a jury found them liable for defrauding investors. The settlement included $420 million in civil fines, $3.6 billion in disgorgement, and $467 million in interest.

Although Jump Crypto was linked to UST’s earlier recovery efforts, it was neither charged nor formally implicated in any wrongdoing as part of the settlement.

By June 2024, Jump Crypto found itself under investigation by another U.S. regulatory body—the Commodity Futures Trading Commission. The CFTC launched a probe into Jump Crypto, reportedly scrutinizing its trading and investment activities within the crypto sector. Kanav Kariya, the firm’s former president, resigned just days later.

While the specifics of the investigation remain confidential, and no official allegations have been made, the probe reflects a broader push by U.S. regulators, including the CFTC, to intensify their enforcement actions against crypto firms throughout 2023 and 2024.

What to expect next?

If Fracture Labs succeeds in proving Jump Trading’s misconduct, it could trigger a major shift across the crypto industry, leading to tighter regulations and increased scrutiny of market makers.

However, this case is more than just one lawsuit. Governments, especially in the U.S. and Europe, are actively developing policies aimed at curbing market abuses. This case might provide regulators with the prime example they need to justify stricter oversight of market makers.

Additionally, token creators may start advocating for decentralized solutions or pushing for more restrictive contracts that limit the influence of market makers.

For the crypto industry to truly mature, this could be a crucial moment that compels everyone — projects, exchanges, and investors — to reevaluate how tokens are launched and managed, placing a greater emphasis on fairness and trust.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Bitcoin

FBI arrests ‘AGiantSchnauzer’, the Alabama man behind SEC Bitcoin hack

Để lại phản hồi

Eric Council Jr., a 25-year-old from Athens, Alabama, was arrested in connection with the January 2024 hack of the U.S. Securities and Exchange Commission’s X account.

Council’s hack resulted in the false pretense that the SEC had approved Bitcoin exchange-traded funds, leading to a sharp spike in the value of Bitcoin (BTC). 

Council has been charged with conspiracy to commit aggravated identity theft and access device fraud. He is set to make his first court appearance in the Northern District of Alabama.

From SIM swap to market manipulation

According to the indictment, Council and his conspirators orchestrated a “SIM swap” attack to take unauthorized control of the SEC’s X account.

On January 9, 2024, they posted a fraudulent message from the SEC Chair, falsely stating that Bitcoin ETFs had been approved for listing on national securities exchanges. This announcement caused Bitcoin’s value to rise by $1,000. 

After the SEC regained control of the account and clarified that the message was fake, Bitcoin’s value dropped by $2,000.

SIM swapping is a cybercrime in which attackers trick mobile phone carriers into transferring a victim’s phone number to a SIM card they control, allowing them to bypass security measures like two-step verification.

In this case, Council allegedly used a fake ID to obtain a SIM card linked to the victim’s phone and then used this access to hijack the SEC’s X account.

Is the FBI investigating me?  

According to the indictment, Council used usernames like “Ronin,” “Easymunny,” and “AGiantSchnauzer” online, and obtained personal identifying information and a victim’s photo and name from co-conspirators.

Using this information, Council created a fake ID with an ID card printer. He then used the fake ID to obtain a SIM card linked to the victim’s phone line at a cell phone store in Huntsville, Alabama.

With the SIM card and a new iPhone purchased with cash, Council accessed codes for the @SECGov X account and shared them with co-conspirators.

They used the codes to issue a fraudulent tweet on the @SECGov X account in the name of the SEC Chairman, falsely announcing the SEC’s approval of BTC ETFs. 

Council received Bitcoin payment for the successful SIM swap and later returned the iPhone for cash in Birmingham, Alabama, according to the FBI.

After all this, Council searched the internet for terms such as “SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” and “What are the signs that you are under investigation by law enforcement or the FBI even if they have not contacted you.”

FBI warns of SIM swapping 

U.S. Attorney Graves emphasized the serious implications of SIM swapping schemes, which can lead to significant financial losses. “Here, the conspirators allegedly used their illegal access to a phone to manipulate financial markets,” he said.

Principal Deputy Assistant Attorney General Argentieri highlighted how Council and his accomplices exploited this access to falsely boost Bitcoin’s price, underscoring the Justice Department’s commitment to prosecuting cybercrimes that threaten market integrity.

FBI Acting Special Agent in Charge Geist also noted that SIM swapping continues to be used by cybercriminals to exploit financial systems. “The FBI will continue to work tirelessly with law enforcement to hold accountable those who break U.S. laws,” he said.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Pháp Lý

Binance, Indian police bust renewable energy scam, seize $100,000 in USDT

Để lại phản hồi

Binance and the Delhi Police have dismantled a $100,000 scam, which misled investors with false claims tied to India’s renewable energy initiatives.

Cryptocurrency exchange Binance has teamed up with Indian police to bust a sophisticated scam involving a fraudulent entity dubbed “M/s Goldcoat Solar.” The operation, which falsely claimed ties to India’s renewable energy initiatives, resulted in multiple arrests and the seizure of over $100,000 in Tether’s (USDT) stablecoin, per an Inc42 report on Tuesday, Oct. 15.

The scam centered on deceptive claims that the had received rights from the Ministry of Power to help India expand its solar power capacity to 450 gigawatts by 2030. Promising high returns, the scheme attracted numerous investors by falsely aligning itself with the nation’s renewable energy goals. Binance reported that the fraud gained momentum on social media, where scammers impersonated high-ranking officials and used the names of prominent dignitaries to bolster credibility.

Victims were deceived by fake earnings reports, allegedly from previous investors, which the syndicate used to build trust in the scheme, while investigators discovered that multiple SIM cards had been activated under the identities of unsuspecting individuals to conceal the perpetrators’ true identities. Some of these SIM cards were even sent overseas, adding complexity to the investigation, the report reads.

Funds from victims were funneled through various bank accounts, with some converted into crypto, further complicating tracing efforts. Binance assisted Delhi Police by providing analytical support, helping investigators track the financial transactions involved, the report reads.

This development follows Binance’s recent re-entry into India, where it registered as a reporting entity with the Financial Intelligence Unit as part of ongoing efforts to comply with local regulations amid a crackdown on unregistered crypto platforms.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

Gotbit’s $42m manipulation case could strengthen crypto market resilience: Santiment

Để lại phản hồi

Gotbit’s multi-million dollar charges may spark FUD, but fear-driven sell-offs could trigger a swift recovery, Santiment predicts.

The recent criminal charges against Aleksei Andriunin, CEO of market-making firm Gotbit, for a $42 million crypto market manipulation scheme have sent shockwaves through the industry, though analysts suggest the eventual outcome might actually be positive for the space.

As crypto.news reported earlier, Andriunin and Gotbit face charges for inflating crypto trading volumes through “wash trading,” creating the illusion of active markets before dumping assets at inflated prices. Despite the short-term panic, blockchain analytics Santiment points to historical trends indicating that such fear-driven sell-offs often create buying opportunities for more experienced traders.

Brian Quinlivan, director of marketing at Santiment, highlighted in a recent blog post that “markets tend to move in the opposite direction of the crowd’s expectations, especially when fear-driven retail activity dominates the headlines.”

“While the immediate reaction might be a small dip, as news of the manipulation scheme spreads, there’s a strong likelihood that the market could absorb the panic and swiftly reverse direction.”

Brian Quinlivan

He noted that panic selling may lead to a capitulation effect, where the worst-case scenario is already priced in, setting the stage for a potential bullish reversal, creating opportunities for institutional investors and market participants.

Santiment warns that the broader crypto market could face short-term disruptions “especially those directly connected to the manipulation, like Robo Inu and Saitama.” However, Quinlivan emphasized that “moments of extreme FUD often coincide with market bottoms,” and the removal of Gotbit’s market manipulation practices could lead to a “healthier, more transparent trading environment, increasing confidence in cryptocurrency markets.”

Gotbit, which has been active since 2017, was co-founded by Andryunin and Iuliia Milianovich. Per the firm’s description, its platform-based solution was aimed at giving project founders more control over their markets. In July 2019, Andryunin publicly acknowledged that the firm’s business “is not entirely ethical” and expressed intentions to wind down its market-making operations due to challenges with strict customer identification processes.

The firm’s website listed several prominent crypto exchanges and venture firms, including Binance, OKX, Crypto.com, a16z, Gate.io, and Bybit, in its “our friends” section. However, it remains unclear if these entities have any formal connections to Gotbit.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

US sanctions Cambodian senator involved in crypto-related human trafficking scams

Để lại phản hồi

The U.S. Department of the Treasury’s Office of Foreign Assets Control has sanctioned Cambodian businessman Ly Yong Phat for his role in operating cyber-scam centers that exploited trafficked workers to run crypto scams.

In a Sept. 12 press release, Phat, who is also a Cambodian senator, along with his conglomerate L.Y.P. Group and associated entities, was involved in serious human rights abuses related to forcing trafficked workers to participate in online scam operations.

These scams usually centered around convincing targets to invest in false cryptocurrency schemes or bogus foreign exchange trades, often leading to significant losses.

Crypto scams surge in Asia

The OFAC cited reports from the Financial Crimes Enforcement Network and the FBI’s Internet Crime Complaint Center which documented a dramatic increase in losses from investment fraud that often leverages the hype around cryptocurrencies. 

In 2023 alone, cryptocurrency investment fraud losses surged to $3.96 billion, with the schemes being predominantly orchestrated by criminal organizations based in Southeast Asia, including those linked to the O-Smach Resort and other entities controlled by Phat. 

The regulator alleges that many of those orchestrating these scams were, in fact, victims of human trafficking themselves. Deceived by false promises of employment, individuals were lured to the O-Smach Resort and other sites in Cambodia tied to Phat. Upon arrival, their phones and passports were confiscated, stripping them of any chance to escape, and they were forced into running crypto-related scams.

These trafficked individuals endured severe physical and psychological abuse, including beatings, electric shocks, and threats of being sold into further exploitative situations, effectively turning them into both victims and perpetrators.

According to the press release, local authorities have managed to rescue victims of various nationalities like China, India, Indonesia, Malaysia, Singapore, Thailand, and Vietnam.

Phat and his associated entities have been cut off from the U.S. financial system, with their assets frozen and all transactions by U.S. residents with them prohibited. These sanctions also apply to any businesses owned 50% or more by Phat or his affiliates, carrying harsh penalties for anyone found violating these rules.

From Cambodia to Laos

The incident, however, is not an isolated one. As reported by crypto.news, a 2023 investigation by Bloomberg journalist Zeke Faux uncovered a similar network in Cambodia and Myanmar, operated by Chinese gangsters.

Likewise, the Indian Embassy in Laos recently rescued 14 Indian youths from similar cyber-scam operations in the Golden Triangle Special Economic Zone where they were trafficked and coerced into crypto-related scams.

A 2023 FBI report warned that criminals use fake job ads on social media — ranging from tech support and call center roles to beauty salon positions — to lure victims into these operations.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

Whale loses over $55m in DAI stablecoin to phishing attack

Để lại phản hồi

A whale address lost a substantial amount of DAI tokens to a phishing attack after carelessly signing a fraudulent transaction.

On-chain data confirms that the losses amounted to a whopping $55.47 million in Dai (DAI). According to an X post by Lookonchain, the whale’s funds were stored in Maker, a decentralized finance protocol built on Ethereum.

However, after signing the fraudulent transaction, the ownership of these funds was altered, allowing the attacker to take full control of the DAI tokens in the wallet. When the whale tried to withdraw the funds, the transaction failed due to the unintended change in ownership. The hacker then swiftly moved the stolen DAI tokens to a newly created address

Through this address, the attacker has since been converting the tokens to Ethereum (ETH) and rerouting them to other wallets. So far, the hacker swapped 27.5 million DAI for approximately 10,625 ETH, ultimately moving most of the funds to CoW, a trading protocol.

Phishing attacks have become increasingly common in the crypto scene. In June, a MakerDAO delegate lost $11 million in various tokens, including USDe, to a similar scam. In May, an NFT trader lost over $145,000 in Bored Ape Yacht Club collectibles, while another investor saw $101,000 in multiple cryptocurrencies vanish due to phishing.

Recent Chainalysis research confirms that since May 2021, approval attacks have accounted for an astonishing $2.7 billion in stolen assets. Previous reports also revealed that victims lost over $46 million to phishing attacks in February this year.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Pháp Lý

The US to fine for social media boosting: How crypto bloggers may suffer

Để lại phản hồi

The U.S. Federal Trade Commission has banned fake reviews and recommendations. What does it mean for crypto?

According to the latest news, the decision introduces financial and administrative restrictions on individuals who “sell or buy fake social media influencer indicators.”

The FTC leadership unanimously supported the introduction of the new rules. They will take effect 60 days after publication in the Federal Register:

Fake reviews not only waste people’s time and money, but pollute the marketplace and divert business away from honest competitors.

Lina M. Khan, FTC chair

The new policy also applies to crypto influencers. With the release of the latest ban, unfair methods to boost a channel or page on a social network will lead to fines and sanctions from the authorities. The FTC will also prohibit using tools that use artificial intelligence technologies for such purposes.

At the same time, the ban only applies to cases where the account owner specifically ordered or otherwise facilitated such a service. The rules also mention that fines will be imposed if the mentioned methods are used to obtain benefits for commercial purposes.

Social media investment scams continue to grow

Recently, the FTC has noted a sharp increase in social media investment scams, especially in cryptocurrency. These include fake messages promising guaranteed high returns with little or no risk.

FTC consumer education specialist Andrew Raio noted that scammers are increasingly targeting social media users on major platforms with fraudulent investment opportunities, especially crypto:

If you reply, the scammer will say they’ve made lots of money investing in Bitcoin or another cryptocurrency. And they can get you a unique opportunity that guarantees significant returns with little or no risk. But these are all lies designed to convince you and get your money.

The victim is redirected to a fake investment site or app where their investment account looks profitable. However, once the scammer has squeezed out as much money as possible, they disappear, leaving the victim with nothing.

Crypto romance scams

The FTC has also warned about cryptocurrency scammers offering investment advice under the guise of romantic partners.

The regulator noted that scammers build an emotional connection with you, making you more likely to believe they are experts in investing in cryptocurrency.

The scam usually begins with an unsolicited social media contact. The scammer carefully studies the victim’s profile to establish trust and a connection. Once a relationship is established, the conversation turns to investments, with the scammer claiming their top priority is the victim’s financial security.

More restrictions for the crypto sphere are coming

In addition to crypto influencers, betting platforms have previously come under the scrutiny of the U.S. authorities.

Earlier in August, the U.S. Congress called on the Commodity Futures Trading Commission to ban political bets. Authorities noted that they could influence the outcome of the U.S. presidential election.

Five senators and three members of the House of Representatives sent an open letter to CFTC Chairman Rostin Benham. They stated that such mechanisms could undermine public confidence in the electoral system.

The initiative is also aimed at the Polymarket betting platform, where crypto community members guess the presidential election’s outcome. According to the latest data, the bet volume has exceeded $606 million. Vice President Kamala Harris is in the lead — users estimate her chances of winning at 53%, and 44% of people who placed a bet believe in former President Donald Trump’s triumph.

Source: Polymarket

At the same time, the total political section on the platform in terms of funds exceeds $1 billion. Polymarket participants bet on hundreds of events.

U.S. politicians have suddenly fallen in love with cryptocurrencies

Despite the statements of individual regulators and government officials, politicians have also increased their interest in cryptocurrencies in the run-up to the presidential elections. In particular, Trump, who in 2018 instructed the U.S. Treasury to end Bitcoin (BTC), and in 2021, called it a fraud and asked for regulating the industry.

Although the Democrats have not explicitly stated their support for digital assets, they have not recently called for increased regulation or a ban. In addition, with the approval from above, the Securities and Exchange Commission would have approved even one of the documents required to list the Ethereum ETF.

Therefore, it is evident that American politicians have taken a course on a loyal attitude towards cryptocurrency.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

North Korea’s digital infiltration: Threat of fake job applications in crypto

Để lại phản hồi

Suspected North Korean operatives are allegedly using fake job applications to infiltrate web3 projects, siphoning off millions and raising security concerns.

In the last few years, blockchain and web3 have been at the forefront of technological innovation. However, to paraphrase a quote, with great innovation comes great risk. 

Recent revelations have uncovered a sophisticated scheme by operatives suspected to be affiliated with the Democratic People’s Republic of Korea to infiltrate the sector through fake job applications, raising alarms about the security and integrity of the industry.

Economic motives and cyber strategies

North Korea’s economy has been severely crippled by international sanctions, limiting its access to crucial resources, restricting trade opportunities, and hindering its ability to engage in global financial transactions. 

In response, the regime has employed various methods to circumvent these sanctions, including illicit shipping practices, smuggling, and tunneling, as well as using front companies and foreign banks to conduct transactions indirectly. 

However, one of the DPRK’s most unconventional methods of raising revenue is its reported use of a sophisticated cybercrime warfare program that allegedly conducts cyberattacks on financial institutions, crypto exchanges, and other targets.

The crypto industry has been one of the biggest victims of this rogue state’s alleged cyber operations, with a TRM report from earlier in the year indicating crypto lost at least $600 million to North Korea in 2023 alone. 

In total, the report stated that North Korea was responsible for an eye-watering $3 billion worth of crypto stolen since 2017.

Amount of crypto reportedly stolen by North Korea-linked actors between 2017 and 2023 | Source: TRM Labs

With crypto seemingly a soft and lucrative target, reports have emerged of DPRK-linked actors tightening the screw by infiltrating the industry using fake job applications. 

Once hired, these operatives are in a better position to steal and siphon off funds to support North Korea’s nuclear weapons program and circumvent the global financial restrictions imposed on it.

The modus operandi: fake job applications

Going by stories in the media and information from government agencies, it seems DPRK operatives have perfected the art of deception, crafting fake identities and resumes to secure remote jobs in crypto and blockchain companies worldwide. 

An Axios story from May 2024 highlighted how North Korean IT specialists were gaming American hiring practices to infiltrate the country’s tech space. 

Axios said the North Korean agents use forged documents and fake identities, often masking their true locations with VPNs. Additionally, the story claimed that these would-be bad actors primarily target sensitive roles in the blockchain sector, including developers, IT specialists, and security analysts.

300 companies affected by fake remote job application scam

The scale of this deception is vast, with the U.S. Justice Department recently revealing that more than 300 U.S. companies were duped into hiring North Koreans through a massive remote work scam. 

These scammers not only filled positions in the blockchain and web3 space but also allegedly attempted to penetrate more secure and sensitive areas, including government agencies.

According to the Justice Department, the North Korean operatives used stolen American identities to pose as domestic technology professionals, with the infiltration generating millions of dollars in revenue for their beleaguered country.

Interestingly, one of the orchestrators of the scheme was an Arizona woman, Christina Marie Chapman, who allegedly facilitated the placement of these workers by creating a network of so-called “laptop farms” in the U.S. 

These setups reportedly allowed the job scammers to appear as though they were working within the United States, thereby deceiving numerous businesses, including several Fortune 500 companies.

Notable incidents and investigations

Several high-profile cases have shown how these North Korea-linked agents infiltrated the crypto industry, exploited vulnerabilities, and engaged in fraudulent activities. 

Cybersecurity experts like ZachXBT have provided insights into these operations through detailed analyses on social media. Below, we look at a few of them.

Case 1: Light Fury’s $300K transfer

ZachXBT recently spotlighted an incident involving an alleged North Korean IT worker using the alias “Light Fury.” Operating under the fake name Gary Lee, ZachXBT claimed Light Fury transferred over $300,000 from his public Ethereum Name Service (ENS) address, lightfury.eth, to Kim Sang Man, a name which is on the Office of Foreign Assets Control (OFAC) sanctions list. 

Light Fury’s digital footprint includes a GitHub account, which shows him as a senior smart contract engineer who has made more than 120 contributions to various projects in 2024 alone.

Case 2: the Munchables hack

The Munchables hack from March 2024 serves as another case study showing the importance of thorough vetting and background checks for key positions in crypto projects. 

This incident involved the hiring of four developers, suspected to be the same person from North Korea, who were tasked with creating the project’s smart contracts. 

The fake team was linked to the $62.5 million hack of the GameFi project hosted on the Blast layer-2 network.

The operatives, with GitHub usernames such as NelsonMurua913, Werewolves0493, BrightDragon0719, and Super1114, apparently displayed coordinated efforts by recommending each other for jobs, transferring payments to the same exchange deposit addresses, and funding each other’s wallets.

Additionally, ZachXBT said they frequently used similar payment addresses and exchange deposit addresses, which indicated a tightly-knit operation.

The theft happened because Munchables initially used an upgradeable proxy contract that was controlled by the suspected North Koreans who had inveigled themselves into the team, rather than the Munchables contract itself. 

This setup provided the infiltrators with significant control over the project’s smart contract. They exploited this control to manipulate the smart contract to assign themselves a balance of 1 million Ethereum

Although the contract was later upgraded to a more secure version, the storage slots manipulated by the alleged North Korean operatives remained unchanged. 

They reportedly waited until enough ETH had been deposited in the contract to make their attack worthwhile. When the time was right, they transferred approximately $62.5 million worth of ETH into their wallets.

Fortunately, the story had a happy ending. After investigations revealed the former developers’ roles in the hack, the rest of the Munchables team engaged them in intense negotiations, following which the bad actors agreed to return the stolen funds.

Case 3: Holy Pengy’s hostile governance attacks

Governance attacks have also been a tactic employed by these fake job applicants. One such alleged perpetrator is Holy Pengy. ZachXBT claims that name is an alias for Alex Chon, an infiltrator allied to the DPRK.

When a community member alerted users about a governance attack on the Indexed Finance treasury, which held $36,000 in DAI and approximately $48,000 in NDX, ZachXBT linked the attack to Chon.

According to the on-chain investigator, Chon, whose GitHub profile features a Pudgy Penguins avatar, regularly changed his username and had been reportedly fired from at least two different positions for suspicious behavior.

In an earlier message to ZachXBT, Chon, under the Pengy alias, described himself as a senior full-stack engineer specializing in frontend and solidity. He claimed he was interested in ZachXBT’s project and wanted to join his team.

An address linked to him was identified as being behind both the Indexed Finance governance attack and an earlier one against Relevant, a web3 news sharing and discussion platform.

Case 4: Suspicious activity in Starlay Finance

In February 2024, Starlay Finance faced a serious security breach impacting its liquidity pool on the Acala Network. This incident led to unauthorized withdrawals, sparking significant concern within the crypto community.

The lending platform attributed the breach to “abnormal behavior” in its liquidity index.

However, following the exploit, a crypto analyst using the X handle @McBiblets, raised concerns regarding the Starlay Finance development team.

As can be seen in the X thread above, McBiblets was particularly concerned with two individuals, “David” and “Kevin.” The analyst uncovered unusual patterns in their activities and contributions to the project’s GitHub.

According to them, David, using the alias Wolfwarrier14, and Kevin, identified as devstar, appeared to share connections with other GitHub accounts like silverstargh and TopDevBeast53.

As such, McBiblets concluded that those similarities, coupled with the Treasury Department’s warnings about DPRK-affiliated workers, suggested the Starley Finance job may have been a coordinated effort by a small group of North Korean linked infiltrators to exploit the crypto project.

Implications for the blockchain and web3 sector

The seeming proliferation of suspected DPRK agents in key jobs poses significant risks to the blockchain and web3 sector. These risks are not just financial but also involve potential data breaches, intellectual property theft, and sabotage. 

For instance, operatives could potentially implant malicious code within blockchain projects, compromising the security and functionality of entire networks.

Crypto companies now face the challenge of rebuilding trust and credibility in their hiring processes. The financial implications are also severe, with projects potentially losing millions to fraudulent activities. 

Furthermore, the U.S. government has indicated that funds funneled through these operations often end up supporting North Korea’s nuclear ambitions, further complicating the geopolitical landscape.

For that reason, the community must prioritize stringent vetting processes and better security measures to safeguard against such deceptive job-hunting tactics. 

It is important for there to be enhanced vigilance and collaboration across the sector to thwart these malicious activities and protect the integrity of the burgeoning blockchain and crypto ecosystem.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

ZachXBT: Arbitrum lender likely an exit scam

Để lại phản hồi

A new lending protocol on Arbitrum’s network may be a scam platform, says on-chain investigator ZachXBT.

Crypto sleuth ZachXBT has called out newly launched defi lender Sorta Finance as a possible exit scam, and part of a criminal group stealing funds across blockchains. According to ZachXBT, the Arbitrum-based protocol bears the same signature as past rug pulls like Magnate Finance, Solfire, and HashDAO.

The modus operandi usually involved forking Compound’s lending smart contract on Ethereum Virtual Machine-compatible chains. Malicious developers would then pause the protocol and withdraw user deposits from the total value locked. 

ZachXBT said the bad actors gained legitimacy on EVM chains and accrued TVL by tapping shady audit firms. Low-tier crypto influencers were also paid to promote the platforms. The crypto-native term for this is a process called “shilling.” 

Furthermore, the crypto investigator noted that a Tornado Cash withdrawal funded an early Sorta Finance user. Tornado Cash is a U.S.-sanctioned crypto mixer used to obfuscate transactions. Lawmakers have frequently noted that criminals use the tool to hide where funds originated from. 

As of July 25, Sorta Finance had less than $100,000 in TVL. But ZachXBT stressed that similar protocols seemingly masterminded by the same person led to millions of deposits. The blockchain Sherlock Holmes surmised that individuals behind Sorta Finance and other scams have pocketed over $25 million to date. 

ZachXBT’s post highlights an emerging crypto trend that focuses on preventing blockchain crime before it happens. Individuals and collaborative entities are dedicating resources to improve on-chain safety by bootstrapping public vigilance.

Companies like Coinbase and initiatives like SEAL 911 have formed digital information sharing and analysis centers or ISAC to pool data on hacks, malicious activity, and criminal operations to better defi’s ecosystem.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News