Category: Crime

Categories
Australia Banking Crime Crypto News Regulation

CBA’s Crypto Team to Help Track Down Money Launderers

Despite ongoing sentiment in traditional finance circles that crypto is the “Wild West”, Chainalysis, which recently partnered with Commonwealth Bank of Australia (CBA), has assured Australia’s biggest bank that it truly isn’t so.

The Crypto Wild West. Source: Zen Monk

Crypto Forensics On the Case

Chainalysis, which works extensively with the FBI and IRS in the US, has proprietary on-chain forensic analysis techniques that help identify criminal and money-laundering activities on public blockchains.

Speaking to ongoing discussions with local Australian authorities, Chainalysis’ Australia and New Zealand manager Todd Lenfield noted that a lot of its work centred on education.

We want to have conversations with AUSTRAC about what are they looking to regulate and explain to the tax office the lessons that can be learned from what the IRS is doing. We can take experience we have got in the space, and provide a local flavour.

Todd Lenfield, Chainalysis’ country manager in Australia and NZ

Shift in Sentiment in Australia?

In recent months, there have been positive signs that Australia may be gradually shifting towards a more crypto-friendly environment.

Earlier this month, CBA became the first Australian bank to offer its customers the ability to buy cryptocurrencies natively through its digital app. And just this week at the Australian Financial Review Super & Wealth Summit, Liberal Senator Jane Hume cautioned industry against being left behind.

Don’t be the person who thought the iPhone would never take off because people would prefer to have their music and telephone on separate devices. Don’t be the person who was still doing their financial models by hand in 2001, rather than using Excel. Don’t be the person in 1995 who said the internet was just a place for geeks and criminals and would never become mainstream. And don’t be the person who argued that email was a passing fad.

Senator Jane Hume

Despite these positive signs, the Reserve Bank of Australia (RBA) remains concerned about the risks of crypto, in particular memecoins. Over the past year, crypto has seemingly crossed the chasm into mainstream consciousness. This in turn appears to have pushed regulators towards embracing innovation and regulating it, rather than trying to undermine or shut it down.

While some regulatory risks remain, the crypto space within Australia is arguably looking brighter than ever.

Categories
Crime Crypto News Ransomware

$6 Million in Crypto Seized from REvil Ransomware Group

The US Department of Justice has announced charges against a REvil ransomware affiliate responsible for the July attack against the Kaseya MSP platform, which had ripple effects as far as Australia, and also seized more than US$6 million from another REvil partner.

The alleged ringleader is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity last month at the behest of the US when he tried to enter Poland. Vasinskyi is one of seven REvil ransomware affiliates apprehended so far in a concerted international effort to combat a growing ransomware threat.

According to the indictment, Vasinskyi is a long-time affiliate of the REvil ransomware operation, having been involved since March 2019 and deploying an estimated 2,500 attacks against businesses worldwide.

Ransom Demands Top $767 Million

An FBI investigation revealed that Vasinskyi’s ransom demands totalled US$767 million but victims paid only $2.3 million. He is believed to have deployed ransomware on the networks of at least nine US companies. The entire REvil ransomware operation has ensnared more than US$200 million since it began its activities and encrypted at least 175,000 computers.

Of all the companies attacked, Kaseya’s ransom was by far the biggest, with US$70 million demanded to decrypt all its systems.

The US has requested Vasinskyi’s extradition and has unsealed the charges against him. Law enforcement has also impounded US$6.1 million from another REvil ransomware affiliate, Russian national Yevgeniy Polyanin, who is still at large. Polyanin is believed to be responsible for about 3,000 ransomware attacks against various organisations, including multiple US government entities and private-sector companies, extorting around US$13 million in total.

The joint charges against Polyanin and Vasinskyi are:

  • conspiracy to commit fraud and related activity in connection with computers (one count for each defendant);
  • intentional damage to a protected computer (nine counts for Vasinskyi, 12 for Polyanin); and
  • conspiracy to commit money laundering (one count for each defendant).

Seven REvil Affiliates Apprehended in Five Months

A total of seven affiliates of the REvil ransomware operation have been apprehended over five months with assistance from various jurisdictions, including police from Romania, Canada, France, the Netherlands, Poland, and the governments of Norway and Australia.

The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other REvil actors in Romania are the culmination of close collaboration with our international and private sector partners.

Christopher Wray, FBI director

In July, several retail operations in Australia were affected by REvil’s attack on Kaseya. Consequently, last month the Australian government outlined plans to tighten the screws on ransomware attacks on local businesses and individuals.

Categories
Crime Crypto News Crypto Wallets Google Scams

Google Ads Scam Alert: $500,000 Stolen Through Fake Crypto Wallets

According to a Check Point Research (CPR) report, users of crypto swap platform PancakeSwap, as well as crypto wallets MetaMask and Phantom, have been targeted in a phishing scam involving the theft of over US$500,000.

The crypto world is full of scammers and dangers, and in recent weeks CPR has identified multiple reports of phishing scams in which crypto wallet users have had their funds stolen while trying to install well-known wallets. The scam worked by using Google Ads to direct users to fake crypto wallets.

According to the CPR report:

Over the past weekend, CPR encountered hundreds of incidents in which crypto investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto swap platforms like PancakeSwap or Uniswap.

Check Point Research (CPR) report

Scammers Replicate Official Websites

CPR has found that the scam has been hitting popular crypto wallets MetaMask and Phantom, with the scammers mimicking the legitimate websites almost exactly. Phantom and MetaMask wallets are the most popular wallets for both the Solana and Ethereum ecosystems.

CPR added:

CPR researchers spotted multiple phishing websites that looked like the original website because the scammers copied its design.

Check Point Research (CPR) report

For the Phantom domain, users were scammed when encountering domains such as “phanton.app” and “Phantonn.app” instead of the legitimate “phantom.app”. The same applied for MetaMask. Users encountered domains such as “MètaMask” on Google Ad campaigns.

The scam works as follows: attackers buy Google Ads in response to searches for popular crypto wallets.

Google Ads for the fake phishing scam websites. Source: CPR

By clicking on the ad, the unsuspecting user is redirected to a phishing website, which looks almost identical to the official wallets’ website.

The phishing website, which looks almost identical to the actual website. Source: CPR

The user then clicks on the “Create New Wallet” button, which generates a message about a secret recovery phrase. Users think it is the phrase with their new wallet, though it’s actually a recovery phrase for the attacker’s website. The attacker then moves on to also steal the user’s password.

The user then clicks on “save and continue” and is redirected to the original wallet’s website. If the user then adds the chrome wallet to their browser and inserts the newly created recovery phrase, they log into the attacker’s wallet instead of creating a new one. If the user then transfers any funds, the attacker will immediately intercept them.

CPR advises crypto wallet users to “refrain from clicking on ads and only use direct, known URLs”.

Scams on the Rise

Last year, hardware wallet provider Ledger suffered an internal break of security which resulted in the exposure of 250,000 to 1,000,000 customer email addresses. Recently a number of fake Ronin wallets were spotted circulating on the Apple and Google App Stores. Fake wallets trick users into disclosing account information which then drains the funds or collectibles held within the wallets.

Categories
Crime Crypto Art Crypto News NFTs Scams

Adobe Photoshop to Add ‘Prepare as NFT’ Feature to Help Verify Art Authenticity

An unfortunate side-effect of the booming non-fungible token (NFT) market is that scammers are grabbing the opportunity to exploit it. In an effort to combat NFT art theft, Adobe will soon launch a “prepare as NFT” option to its Photoshop software.

Adobe’s Content Credential is a system built into Photoshop that can assist in proving that the person selling an NFT is the one who made it. The system will allow NFT sellers to link the Adobe ID with their crypto wallets, thereby allowing compatible NFT marketplaces to show a verification certificate to prove the art is authentic.

Fighting Theft in an Exploitable Market

Art theft has become rife in the NFT industry, chiefly because anybody can mint an NFT – even if they don’t own the content’s copyright. As it stands, there is not much the blockchain can do to stop this. Earlier this month, a 17-year-old 3D artist promised to deliver 8,000 NFT artworks but disappeared with US$500,000, leaving investors with the rug pulled right out from under them.

To help prevent similar events, Adobe’s authentication system is designed to counter an otherwise highly exploitable market. Scott Belsky, Adobe’s chief product officer, revealed in a recent Megaphone interview that the new feature will preview by the end of October.

The Content Credential attribution data will live on an InterPlanetary File System (IPFS), a decentralised method of hosting files where a network of people, rather than a single company or entity, is responsible for safeguarding data and making it available.

According to Adobe, NFT marketplaces such as Rarible, OpenSea, KnownOrigin and SuperRare will be able to integrate with its attribution data system.

To further enhance NFT copyright security, Crypto News Australia recently published a guide to the best 10 NFT websites to buy digital collectibles.

This system doesn’t make it harder to mint an NFT of media you don’t own the rights to, but it could make that NFT less attractive to the market.

Scott Belsky, chief product officer, Adobe

While Adobe concedes that it is still possible to click on an existing image of an NFT and mint it again, and that this may still fool buyers, it says its new system at least provides a means to prove that if you are selling an NFT, it is not stolen.

Twitter Gets on the Verification Train

Twitter recently announced it would be rolling out Bitcoin Tips, but is also looking into plans to integrate NFTs into its workings. The social media giant has said that it intends to “explore NFTs for authentication”.

According to Twitter executive Esther Crawford, “it’s a way to support creators making this art with a stamp to demonstrate authenticity”, and that “by allowing people to connect their bitcoin wallets, they can track and showcase their NFT ownership on Twitter”.

Categories
Crime Crypto News

Joe Biden to Bring 30 Countries Together to Stem ‘Illicit use of Cryptocurrency’

US President Joe Biden intends to marshall the resources of 30 other countries to try to prevent “the illicit use of cryptocurrency”.

In a statement released to mark the beginning of Cybersecurity Awareness Month, Biden said the US was linking up with nations around the world – “including our NATO allies and G7 partners” – to respond to cybersecurity threats.

We must lock our digital doors – by encrypting our data and using multi-factor authentication, for example – and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy.

Joe Biden White House briefing, October 1

The president said he was committed to strengthening US cybersecurity by “hardening critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security”.

Biden Ramping Up Against Ransomware

The Biden administration has been already ramping up measures against ransomware. Last month, the US Treasury announced “a set of actions focused on disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms” as part of a whole-of-government effort to counter ransomware.

Also in September, Treasury issued the country’s first sanctions against a cryptocurrency exchange. Registered in Prague but based in Moscow and St Petersburg, Suex was linked to alleged ransomware cash-outs among other transgressions.

Ssshhhh … Don’t Mention Russia!

Conspicuously absent in Biden’s statement was any mention of Russia, in particular its growing ecosystem of cyber gangs. Yet ransomware had loomed large in conversations between Biden and his Russian counterpart, Vladimir Putin, in July.

Meanwhile, just last month the US Securities and Exchange Commission quietly signed off on a deal to spy on crypto DeFi transactions. And in May, Biden revealed a new proposal to report crypto transactions over US$10,000 from 2023, with the aim of generating an additional US$700 billion in tax revenue each year.

Categories
Crime Crypto News Cryptocurrencies Scams

Crypto Romance Scams Cost Americans $133 Million in the First Half of 2021

Americans are increasingly falling into the tender trap of online romance scams, backed by figures for the first half of 2021. From January 1 to July 31, the FBI logged over 1,800 complaints related to romantic deceptions resulting in personal losses of approximately US$133,400,000, much of it in cryptocurrency.

Nationwide in 2020, only 23,768 complaints categorised as romance scams were reported to the FBI, though even that figure was 4,295 higher than the previous year. The obvious exponential increase in complaints in a mere six-month period has spurred the FBI into publishing a guide for potential victims to guard against the practice.

The scammer’s initial contact is typically made via dating apps and other social media sites, the FBI warns. Having gained the victim’s trust via the cultivation of an online relationship, the scammer may then claim inside knowledge of lucrative cryptocurrency investment or trading opportunities on the pretext of “building a future together”.

The scammer next directs the victim to a fraudulent website or investment application. The victim invests on the platform and returns a small profit predetermined by the scammer.

Hook, Line, Lure and Sinker

This practice invariably escalates to larger amounts of money as the scammer presses for urgency. When the victim is ready to withdraw funds again, the scammer invents reasons why this cannot happen. Additional taxes or fees need to be paid, or the minimum account balance has not been met to allow a withdrawal.

This usually encourages the victim to provide additional funds. Sometimes, a “customer service group” gets involved, also part of the scam. Victims are soon unable to withdraw any money at all, and the scammer(s) most often cut off contact with the victim and are never heard from again.

Tips to Prevent Online Eclipses of the Heart (and Wallet)

While many of these cautionary recommendations are No-Brainers 101, it may pay to keep them in mind:

  • Never send money, trade, or invest per the advice of someone you have solely met online.
  • Do not disclose your current financial status to unknown and untrusted individuals.
  • Do not provide your banking information, Medicare number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know for sure is legitimate.
  • If an online investment or trading site is promoting profits too good to be true, it’s most likely they’re false.
  • Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast.

Like Americans, Australians are losing record amounts to scams of various kinds. According to an August report from the Australian Competition and Consumer Commission, Aussies lost over A$70 million during the first half of this year and more than half of that number was attributed to cryptocurrency investment scams. The top crypto-related scams in Australia, according to the report, were investment scams, followed by romance scams and personal identity mining.

Categories
Crime Crypto News Ethereum Institutions

ETH Developer Pleads Guilty to Helping North Korea Use Blockchain to Evade Sanctions

Virgil Griffith, a prominent Ethereum developer and one of the most recognised names in the crypto industry, has pleaded guilty to a federal charge accusing him of conspiring with the North Korean government to evade US sanctions law.

Two-Year Legal Battle Not Yet Over

Griffith’s September 27 appearance in the Southern District of New York courthouse ended a long battle with US authorities. Griffith had been arrested in November 2019 shortly after giving a keynote speech in the North Korean capital of Pyongyang. 

The reason for his arrest, according to prosecutors, was that the subject of Griffith’s presentation was how to launder money and evade sanctions using blockchain technology. While awaiting trial on house arrest, in July Griffith apparently violated the terms of his bail and was taken into custody.

Defence Lawyer’s Testimony Thwarted

According to Ethan Lou, a journalist who claims to know Griffith, he tried to seek legal advice on how best to prove his innocence. Griffith also tried to access his Coinbase account to pay his lawyers but access was denied numerous times. According to Lou, the court wanted a lawyer’s testimony to show Virgil tried to seek legal advice, but the lawyer was based in Singapore and was unable to travel.

Now that Griffith has pleaded guilty, US authorities have imposed a six-year prison penalty. The formal sentencing is expected to take place in January 2022. Needless to say, the case has raised a lot of eyebrows in the crypto community. “Unclear what new development caused this guilty plea,” tweeted Lou. “One possible reason is the barring of the remote testimony of an Ethereum Foundation lawyer.”

It is unknown what prompted the guilty plea. Griffith faced a charge of “conspiracy to violate” sanctions laws, meaning he was accused of trying to help North Korea but not actually helping the rogue state, giving the prosecution the green light to proceed without providing any tangible evidence.

Seven months ago, the US Department of Justice charged three North Korean hackers allegedly involved with cybercrimes that caused over US$1.3 billion in damages. These actors were said to have helped the North Korean government by stealing cryptocurrencies to fund its nuclear program.

Categories
Bitcoin Crime Crypto Hardware Wallets Crypto Wallets

UK Student Bitcoin Mugging Highlights Importance of Multisig Wallets

A student starting at England’s University of Kent last year was threatened at knifepoint in the first week of term after his new “friend” and eight East London thugs paid a visit to his on-campus dorm room and demanded access to his bitcoin.

The amount stolen by the criminals was worth around £6,000 (US$8,200) at the time (12 months ago) but is now worth around US$93,000 as the price of bitcoin has risen. Another £3,000 (US$4000) of the student’s grant money was also stolen. The suspects were never charged.

This story should come as a warning not to disclose your crypto holdings to people you don’t know. Violent crimes targeting bitcoin theft are becoming increasingly common and with the cryptocurrency economy rising significantly over the past year, crypto robberies are also on the rise. Do not trust even your next Tinder date, as he or she could be a potential threat to your crypto holdings if you aren’t careful.

Keeping digital assets in mobile or hot wallets come with significant risk. If you are bullied or tricked into giving up your wallet keys, it is very difficult to recover your money.

Multisig Wallet Benefits

By using technology such as a Casa multisig wallet, crypto holders can significantly reduce the risk of losing control over their funds. Attackers cannot spend stolen funds if they don’t have all of the client’s different keys to gain full access to the compromised wallet.

Learn more about Casa’s multisig bitcoin wallet in this video:

Categories
Crime Crypto Wallets Hackers

Apple Faces $5 Million Class Action Lawsuit Over Fake Wallet That Led to Crypto Theft

Apple is facing a US$5 million class-action lawsuit from crypto investors after one of its applications allegedly enabled hackers to steal their coins.

The suit levels accusations of negligence, fraud and several computer-specific privacy torts against Apple. It details how hackers planted a phishing application disguised as a crypto wallet called “Toast Plus” in the tech giant’s App Store and lured unwitting users into installing a criminal portal on their devices.

For all intents and purposes, the app resembled a version of popular crypto wallet Toast Wallet but had no connection to it other than sharing a similar name.

According to the suit – filed on behalf of first plaintiff Hadona Diep – Apple is liable for all victims’ losses due to its failure to vet the application before placing it on the App Store. The compensation sought is specified in the complaint as upwards of US$5 million.

Diep, a resident of Maryland who describes herself as a “full-time cyber-security IT professional”, linked her private XRP key or seed phrase into Toast Plus only to later discover her crypto assets – a total of 474 Ripple (XRP) coins – had been drained.

Court documents show that as well as compensation, all class-action plaintiffs demand that Apple be prevented from allowing similar schemes to operate in its App Store in future.

Apple User Agreement Disclaimers Do Not Apply

Apple has yet to respond to the lawsuit or make any public comment on the matter, but it seems the disclaimers in its user agreement don’t apply in this case. The fact that Toast Plus was not an actual application, but instead a medium for the commission of fraud, makes any existing contract using it as subject matter void.

As the lawsuit points out:

While the App Store does have terms and conditions, including limitations on liability, those terms and conditions are the product of adhesion, in that consumers have no other practical ability to access applications for iPhones and iPads if they do not use the App Store; those terms and conditions are therefore not applicable to this case.

Class-action complaint, Diep v Apple Inc, Maryland District Court

Just last month, fake Ronin wallets were reported to be circulating on Google and Apple app stores. The bogus wallets were designed to trick users into giving up their account information, only to find their funds or collectibles removed soon thereafter.

Also last month, Apple announced the settlement of a separate class-action suit filed by US-based software developers, promising better terms for those who make the software that iPhone users run.

Categories
Bitcoin Mining Crime Crypto News Mining

Government Employee Faces Jail for Installing Crypto Miners Inside Office Walls

An IT operations supervisor in New York state is being prosecuted for allegedly installing BTC mining rigs and other devices inside government offices, costing his Long Island civic employer thousands of dollars in electricity, according to a report last week by The New York Times.

Over $6,000 in Electricity Bills

Christopher Naples, 42, allegedly hid 46 mining devices in various areas in the Suffolk County Center in Riverhead. The Long Island resident now faces up to 15 years in jail for grand larceny, official misconduct, public corruption and computer trespass.

The Suffolk County Center now has to pay more than US$6,000 in restitution for the power used, but it’s likely Naples has cost the county thousands more as another 36 machines were later discovered.

Timothy D. Sini, the Suffolk County district attorney, said that the first 10 mining rigs discovered had been operating since early February, some of them hidden in at least six rooms – including beneath floorboards and in an unused electrical panel.

Mining cryptocurrency requires an enormous amount of resources, and miners have to navigate how to cover all of those electricity and cooling costs. [Naples] found a way to do it; unfortunately, it was on the backs of taxpayers.

Timothy D. Sini, district attorney, Suffolk County

Sini told The New York Times that Naples placed so many mining rigs inside the building that it required an “unusual level of expertise from investigators” to discover them. Several employees even complained about slow internet speeds and an unusual rise in temperature. Once the machines were removed, the temperature dropped by more than 20 degrees Fahrenheit (6.6ºC).

Miners Forced to Emigrate as Countries Tighten Mining Regulations

Mining cryptocurrencies such as bitcoin consumes a lot of electricity and can even cause massive power outages. Such was the case in Iran, where in June the government confiscated over 45,000 mining rigs due to high energy consumption sparking power outages across the country.

Other countries like China have been more aggressive toward miners. As Crypto News Australia reported, also in June, China’s State Council released a document saying it would “crack down on bitcoin mining and trading activities” in order to “prevent possible financial risks”.

As a consequence, miners were forced to set up shop overseas to continue their operations in more receptive environments.