Category: Scams

SnowdogDAO Potentially Rugged for $30 Million

Post author By Phil Stafford
Post date November 30, 2021

SnowdogDAO (SDOG), a decentralised reserve memecoin based on Avalanche, has shed more than 90 percent of its value in what many in the DeFi community believe was the platform’s largest rug-pull.

@SnowdogDAO $SDOG rugpulled. Here's how:
1. Promised a 40M buyback happening on its own DEX Snowswap and migrated all liquidity from Joe
2. Snowswap contract requires a "challengeKey" to trade which only insiders knew it beforehand
3. Insiders backran the buyback and made 10M pic.twitter.com/tfKDqA4t4I
— TechnoArtoria (🦇,🔊) (@artoriamaster) November 25, 2021

Developers Claim ‘Failed Experiment’

Yet the SnowdogDAO team claims that what happened on November 26 was not a rug-pull, simply a “game theory experiment” that went awry. In the event, up to US$30 million in investments was lost.

Launched as an eight-day experiment that was scheduled to end with a giant buyback, SDOG understandably attracted a lot of attention. According to the development team, its so-called experiment was intended only to create awareness for Snowbank.

The buyback was to have been financed by assets acquired by the Snowdog treasury through mint sales. In eight days, the treasury market value grew to US$44 million, which meant that holders were able to compete for a portion of those funds during the buyback.

Buyback Fails Spectacularly

What the developers failed to clarify was that only 7 percent of the SDOG supply was eligible to be sold above market price before the buyback. But the buyback failed spectacularly within seconds of launching, with a single address making almost US$10 million by swapping SDOG for other cryptocurrencies, thus removing a quarter of the treasury’s buyback power.

So $SDOG @SnowdogDAO just rugged $10.392+ Million in $MIM. https://t.co/jhmkeYMTHx pic.twitter.com/I5owBGO9Jw
— James (@JamesCliffyz) November 26, 2021

Funds Drained into Three Wallets

Just before the buyback, the address bought around US$180,000 worth of SDOG with Magic Internet Money (MIM) in batches of $10,000 and then staked the token. A day later, they staked the funds and were able to drain over $10 million worth of MIM. Two other wallets drained $7.7 million and $3.3 million respectively using the same strategy.

The owners of the addresses are yet to be identified, though many believe they most likely belonged to people closely connected to the development team.

“This certainly looks like an inside job where someone made millions of dollars on two transactions,” said Steven McKeon of software security firm MacguyverTech.

They didn’t follow up on their promises, and unfortunately, a lot of people got wrecked. They liquidated within three or four seconds before it was launched. Someone knew something before everyone else did, and went straight to the target to liquidate everything in one shot.
Steven McKeon, MacguyverTech

Postmortem Greeted With Scepticism

Although Snowdog has published a postmortem, it was largely greeted with scepticism. “The postmortem didn’t address any of the concerns,” McKeon added. “It was really wishy-washy, and tells me they don’t care. They’re trying to cover their butts any way they can. That project has a super-high risk; I’d avoid them at all costs.”

@OVHcloud @ovh_support_en You might want to look into this domain https://t.co/jqXAfGd1NS and https://t.co/VQKFAfb7HO that is registered with you. this company has performed fraud and made a lot of people lose money today with their project @SnowdogDAO pic.twitter.com/2ZhYsFMlkn
— Steven McKeon (Mac) (@macguyvermedia) November 26, 2021

The apparent Snowdog rug-pull is just the latest of many to have occurred in the DeFi space this year, adding to a list that includes TurtleDex, ICP Coin, WhaleFarm and Bondly Finance.

Crypto News Cryptos Google Scams

Google Report: 86% of Hacked Cloud Accounts are Used to Mine Crypto

Post author By Jana Serfontein
Post date November 30, 2021

According to the Threat Horizons report for November released by Google, the majority of recently attacked accounts on the search engine’s Google Cloud Platform (GCP) service are being used to mine cryptocurrencies. Hackers are also accessing cloud accounts to find new targets and to host malware and phishing scams.

86% of Hacked Accounts Used for Illegal Crypto Mining

The report indicates that “malicious actors were observed performing cryptocurrency mining within compromised Cloud instances”. It adds:

“Of 50 recently compromised GCP instances, 86 percent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space.” The remainder of the hacks included ransomware and phishing scams.

Revealed: 86% of hacked Google Cloud accounts used for illegal crypto mining https://t.co/joDlskSXq2
— Halil Öztürkci (@halilozturkci) November 27, 2021

Poor Security Opens the Doors For Scammers

In nearly 75 percent of all cases, malicious actors were able to access the Google Cloud by taking advantage of users’ poor security practices, mostly via customers’ weak passwords or absence thereof. Hackers were also able to gain access through vulnerable third-party software. When hackers used accounts to mine cryptos, mining software was installed within 22 seconds of the attack, leaving manual intervention useless.

The team at Google made recommendations to prevent such attacks, with guidelines including the use of two-factor authentication and implementing Google’s “Work Safer” product.

Scams on the Rise

Due to the unregulated nature of the market, exploits in the digital asset space remain common. Earlier this month, Google issued a “Google Ads Scam Alert” after US$500,000 was stolen using fake crypto wallets. Users of crypto swap platform PancakeSwap and MetaMask and Phantom wallets had been targeted in a phishing scam when hackers stole funds while users tried to install the wallets. Scammers used Google Ads to divert users to fake crypto wallets.

Also in October, Google’s Threat Analysis Group (TAG) had to fend off numerous hackers after they attacked the accounts of various YouTubers, hijacking and repurposing the accounts to run crypto scam ads.

Blockchain Crypto News Ethereum Gaming Hackers NFTs Scams

Blockchain Gaming Company ‘Animoca’ to Repay Users 265 ETH After Fake NFT Discord Hack

Post author By Jana Serfontein
Post date November 27, 2021

Hong Kong-based gaming software and venture capital firm Animoca Brands has reassured victims of the recent hack of its upcoming “Phantom Galaxies” game’s Discord Server that the company intends to cover their losses.

Losses incurred totalled 265 Ether (ETH), worth about US$1.1 million. The details of the reimbursement have yet to be announced, according to the company’s website.

Fraudulent Minting Leaves Users Out of Pocket

The “Phantom Galaxies” game, which is being developed by Animoca Brands’ Australian-based subsidiary, Blowfish Studios, was hacked at around 3am on November 19. The hack involved stolen money in a fraudulent non-fungible token (NFT) sale on Discord.

Animoca Brands provides an update about the hack of the Phantom Galaxies Discord server that occurred in the early hours of 19 November 2021, and reassures the victims of the hackers’ scam that we will cover their losses!https://t.co/8DDbK8dNSO @the_phantom_g #wecare
— Animoca Brands (@animocabrands) November 24, 2021

The hack involved 1,571 fake minting transactions over the course of three hours. According to Animoca, there was no evidence that smart contracts were compromised, and no money was stolen from the game, its developer, or its publisher. Hackers directed users to a website charging users a 0.1 ETH fee, which then sent the funds to the hackers’ Ethereum address.

Animoca Brands and @blowfishstudios will cover the losses of all victims of this scam, being 265 ETH, or ~US$1.1 million. It will involve transfers to users to cover the amounts stolen by the hackers, or the delivery of equivalent value.
— Animoca Brands (@animocabrands) November 24, 2021

The Phantom Galaxies Discord server has about 94,000 members to date. Animoca Brands has said the method of compensation for their lost ETH will be determined following discussions within the Phantom Galaxies community. Both Animoca and Blowfish took to Twitter to apologise to their users:

Animoca Brands and Blowfish apologize to all those affected by this incident. We care deeply about our users and wish to assure them that we are taking steps to further increase security and prevent such incidents in the future.
— Animoca Brands (@animocabrands) November 24, 2021

Hacks and Scams on the Rise

Hacks on Discord are becoming increasingly common. Similar to this hack, earlier in the year MetaMask wallet was hacked for US$10,000 by a deceptive Discord member. One user lost about US$10,000 from their MetaMask Wallet at the hands of a scammer in Discord using a fake WalletConnect app.

Last month, Crypto News Australia reported on a 17-year-old who sold fake NFTs in a US$500,000 scam. Iconic Sol, an NFT project built on the Solana (SOL) blockchain, had apparently rugged investors after failing to deliver the promised NFTs and disappeared with US$500,000.

The teenager had promised to deliver 8,000 NFT artworks on the project’s Discord channel, and some of the tokens were supposed to be available in a presale on October 1. A total of 2,000 NFTs were up for grabs for a price of 0.5 SOL each, and many of them sold out quickly.

Crypto News Crypto Wallets Cryptocurrencies Scams

Scam Warning: Another Crypto User Falls Victim to Fake MetaMask Google Ad

Post author By Caitlin Carey
Post date November 18, 2021

Scammers have struck again with a sneaky paid advertisement on Google for a fake MetaMask wallet that allows access to victims’ crypto. The scam has been running for the best part of a year but is still alive and well thanks to Google, with a new domain constantly being promoted via Google Search ads.

Just days ago, one Reddit user posted how his friend lost 38 ETH (US$163,000) to the scam. He also lost some altcoins, bringing the total crypto lost to approximately US$190,000.

MetaMask issued an official warning via Twitter last December about the phishing/ad scam. The domain being promoted by the Google ad reads maskmeta, not metamask.io (which is the official MetaMask domain).

🎣🚨 Phishing warning? 🎣🚨@Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links! pic.twitter.com/Fx4WArcH80
— MetaMask (@MetaMask) December 2, 2020

Google’s Fake MetaMask Ad Promotion

When a user searches Google for MetaMask, a fake ad for the MetaMask wallet comes up as the first listing, which leads the victim to the scammers’ domain, rather than the official MetaMask.io site. MetaMask alerted its community to the scam and recommended the use of direct links to ensure users are directed to the legitimate metamask.io domain.

Here are two rules to keep you safe:

Never click sponsored or paid ad links to get to MetaMask.

Fraudulent MetaMask ad in Google Search

The fake MetaMask phishing page prompts users to install the extension, which gives them an option to either import an existing wallet or create a new one. It looks identical to the real MetaMask.

Fake MetaMask site

Legitimate MetaMask site

The only difference between the original MetaMask site and the fake one is unnoticeable for most users (the writing on the button for getting the fake extension says ‘Install now’, not ‘Download now’).

2. Question everything when asked to enter your seed phrase.

Fake MetaMask phishing page

If you click on the ‘Create Wallet’ button on the right, the fake ad sends you to the real MetaMask.io site as there is no crypto for the attackers to steal. However, if they click on ‘Import a wallet’, you will be asked to enter the key phrase of your existing wallet, which is then sent to the attacker. Never, ever enter your seed phrase into anything unless you are absolutely certain you are using the official MetaMask wallet extension.

MetaMask phishing form stealing wallet phrase

So remember: do not click on any Google ad search suggestions. Stay safe. Google Ad scams are everywhere.

Crypto News Ethereum Scams Social media

Discord CEO Hints at ETH Integration, Allowing Users to Send Each Other Crypto

Post author By José Oramas
Post date November 11, 2021

One of the largest messaging and digital distribution platforms, Discord, could soon allow support for Ethereum, as hinted by its founder and CEO, Jason Citron.

On a Twitter thread on November 9, Citron posted a screenshot of what appears to be Discord connecting to Ethereum through MetaMask and WalletConnect, with a caption that reads: “probably nothing”.

The screenshot is probably a private development not yet released:

probably nothing pic.twitter.com/p4P6MoNGgd
— Jason Citron (@jasoncitron) November 8, 2021

Citron was responding to Packy McCormick, founder of Not Boring Capital and the Not Boring newsletter. McCormick posted a link to the latest issue of his newsletter called Discord: Imagine a Place. The post highlighted various features of the social network, saying it has the potential to lead the web3, considered the next stage of the internet – a decentralised version of it.

There are more than 150 million monthly active users on Discord, and many of them are crypto users, so Discord could benefit from ETH and ERC-20 transaction fees performed on the platform.

However, not everyone in Discord is so happy about this scenario.

Community Divided on the Issue

Citron’s tease divided the Discord community, with one side saying the integration of cryptos into the platform is the right step towards innovation, and the other saying cryptos and NFTs are mainly used for money laundering or tax evasion.

Several users cancelled their subscriptions to Discord Nitro, the platform’s premium membership:

I am literally in the process of cancelling as I come across this tweet, so yes, on the off chance someone from Discord is paying attention to the social media backlash; stop this shit. I like stickers and all but I'm not willing to give you money if you start doing this.
— Jane The Anime Witch 🔮 (@planet_Jane) November 9, 2021

Other users responded to these comments as invalid statements with no factual evidence:

Unfortunately for you, Discord will make much more money by adding this technology than losing a few crybabies.
— Slick Crypz (@slickcrypz) November 9, 2021

A lot of scams have occurred in the Discord platform from users using deceiving wallets. Two months ago, a Discord user lost US$10k after a scammer hacked the user’s MetaMask wallet using a fake WalletConnect app.

Crime Crypto News Crypto Wallets Google Scams

Google Ads Scam Alert: $500,000 Stolen Through Fake Crypto Wallets

Post author By Jana Serfontein
Post date November 6, 2021

According to a Check Point Research (CPR) report, users of crypto swap platform PancakeSwap, as well as crypto wallets MetaMask and Phantom, have been targeted in a phishing scam involving the theft of over US$500,000.

The crypto world is full of scammers and dangers, and in recent weeks CPR has identified multiple reports of phishing scams in which crypto wallet users have had their funds stolen while trying to install well-known wallets. The scam worked by using Google Ads to direct users to fake crypto wallets.

According to the CPR report:

Over the past weekend, CPR encountered hundreds of incidents in which crypto investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto swap platforms like PancakeSwap or Uniswap.
Check Point Research (CPR) report

Scammers Replicate Official Websites

CPR has found that the scam has been hitting popular crypto wallets MetaMask and Phantom, with the scammers mimicking the legitimate websites almost exactly. Phantom and MetaMask wallets are the most popular wallets for both the Solana and Ethereum ecosystems.

CPR added:

CPR researchers spotted multiple phishing websites that looked like the original website because the scammers copied its design.
Check Point Research (CPR) report

For the Phantom domain, users were scammed when encountering domains such as “phanton.app” and “Phantonn.app” instead of the legitimate “phantom.app”. The same applied for MetaMask. Users encountered domains such as “MètaMask” on Google Ad campaigns.

The scam works as follows: attackers buy Google Ads in response to searches for popular crypto wallets.

Google Ads for the fake phishing scam websites. Source: CPR

By clicking on the ad, the unsuspecting user is redirected to a phishing website, which looks almost identical to the official wallets’ website.

The phishing website, which looks almost identical to the actual website. Source: CPR

The user then clicks on the “Create New Wallet” button, which generates a message about a secret recovery phrase. Users think it is the phrase with their new wallet, though it’s actually a recovery phrase for the attacker’s website. The attacker then moves on to also steal the user’s password.

The user then clicks on “save and continue” and is redirected to the original wallet’s website. If the user then adds the chrome wallet to their browser and inserts the newly created recovery phrase, they log into the attacker’s wallet instead of creating a new one. If the user then transfers any funds, the attacker will immediately intercept them.

CPR advises crypto wallet users to “refrain from clicking on ads and only use direct, known URLs”.

Scams on the Rise

Last year, hardware wallet provider Ledger suffered an internal break of security which resulted in the exposure of 250,000 to 1,000,000 customer email addresses. Recently a number of fake Ronin wallets were spotted circulating on the Apple and Google App Stores. Fake wallets trick users into disclosing account information which then drains the funds or collectibles held within the wallets.

DeFi Scams Tokens

Rug Pull: ‘Monkey Jizz’ DeFi Token Founders’ Alleged Exit with $300,000 of BNB

Post author By Caitlin Carey
Post date November 4, 2021

What could possibly go wrong with a new DeFi Token launch named Monkey Jizz, released on PancakeSwap (running on the Binance Smart Chain) by a team of unknown developers and a cartoon monkey with a peeled banana as the face of its branding? Answer: everything.

People really went onto a website called monkeyjizz dot life and said "yeah this is a good investment opportunity"
— John Karalis 🇬🇷 (@RedsArmy_John) November 3, 2021

Warnings Came Too Late For Some Investors

Warnings about the MJIZZ scam were tweeted about but it was too late for some, as the “dickheads” behind the project pulled the rug, stealing 500 BNB in total of Monkey Jizz investors’ money, worth US$300,000.

Not a Rebase, but this is a MASSIVE rug!

MonkeyJizz Life just set (like 30min ago) a 94.9% sell tax and closed the group.

They had KYC Presale on Pinksale https://t.co/QIJ6XfoDvm

and Doxx and Dev in VC active!

You can't trust this space because of this dickheads. pic.twitter.com/mtDd9T7zjV
— Rebase Tokens (@RebaseTokens) October 31, 2021

Like most refined scams, the Monkey Jizz project went to added lengths to reassure the community that it was a real project and would not rug. The website (which is now unsurprisingly down) FAQ read: “We understand everyone’s concerns and have been victims of scams ourselves in the past; we get it“. A doxxed “monkey master” was even posted with a photo of a guy named Cal, purported to be a real person to reassure buyers the project was legitimate.

As it turns out, ‘Cal’ is some otherwise pseudonymous bald guy sitting on a beach in Thailand, his photo watermarked with the logo of a local nightclub. According to Reddit, some users had done some online detective work and matched the photo to a Facebook account.

Presale Listed on PinkSale

The Monkey Jizz Life crew had also invested a lot of time and energy on the marketing side. They had all the basics: Twitter address, Telegram page, website (all now inactive), as well as doing a live AMA on YouTube with crypto influencer Travladd Crypto. The crew also had a presale listed on token launch platform PinkSale:

Rug pulls are becoming increasingly commonplace in DeFi, especially on PancakeSwap because it runs on BSC (Binance Smart Chain), where the transaction fees are insanely low compared to UniSwap, which runs on ETH. Buyers beware. Just because a project seems legit, does AMAs with influencers, and even goes to the trouble to highlight that it has an “anti-rug” mechanism built into its tokenomics, do not fall for it.

A similarly sad outcome occurred earlier this month with the SQUID token, which rugged on investors who said they weren’t able to sell their tokens on PancakeSwap.

Crypto News DeFi Scams Tokens

DeFi Investor Loses $470K as Dog-Themed Token AnubisDAO Drained of $60 Million

Post author By Robert Drage
Post date November 2, 2021

Investors looking for the next Dog-themed memecoin have found themselves on the backside of a rug pull, draining an estimated US$60 million from the project’s liquidity pool.

Participants in a brand-new project called AnubisDAO contributed ETH in exchange for ANKH-tokens that would have been distributed as soon as the sale ended. The sale started on October 28 and attracted considerable interest from investors, who contributed 13.6K ETH (US$60 million) in under 24 hours.

A newly launched #crypto project AnubisDAO raised $60 million and lost the funds, calling the event a phishing attack. Many claim this to be an inside job/ rug pull. pic.twitter.com/vDqfQc2TR9
— Token Metrics (@tokenmetricsinc) October 29, 2021

Even though the project didn’t have a website, investors still poured US$60 million into the initial token sale. Twenty hours into the sale, the ETH in the pool was sent to a different address before the smart contract was activated, leaving investors with ANKH tokens and no liquid market for them.

Since October 28, the Anubis official Twitter page has been silent, with no mention of the disappearance of millions of dollars.

Coins being transfered to multiple accounts: Etherescan

Phishing Attack or Elaborate Scheme?

Copper Launch was the token launch platform used by AnubisDAO and it stated in a post that “the launch was configured to last 24 hours, but before the launch finished, the token liquidity was pulled by the creator of the launch from the LBP smart contract that housed the funds”.

We have further confirmation that Copper has not been compromised, but the Anubis team seems to have compromised their admin keys. Please refer to the thread below for an overview of the situation:https://t.co/7JhqQv4M2J
— Copper (@CopperLaunch) October 29, 2021

Later, @Beerus tweeted under an alternate account called @cryptofan777, attempting to clear the air. The tweeter claiming to be @Beerus said they had not personally drained the funds; they had probably been the victim of a phishing attack, and attached a screenshot of an email with a potentially malicious attachment from an emailer posing as 0xSisyphus.

In a later statement, Copper said that “other accounts on Twitter that are known to be AnubisDAO affiliates claim that the auction creator’s wallet account was either compromised or that they were a bad actor”.

At the time of writing, a Twitter account was under police investigation, though it’s too early to draw any conclusions as the situation is still developing. But the community hopes that the exploiter is identified, and the stolen funds returned soon.

The Importance of DYOR

One investor told CNBC that he lost US$450,000, though admitting that he didn’t investigate the project thoroughly prior to investing. “We, in crypto, tend to have a ‘buy first, do research later’ mentality,” he said:

Damn, just lost $450k on @AnubisDAO. Pretty painful rug.
— Dog_Brian 🦴 (Hiring developers) (@DeFi_Brian) October 29, 2021

One of the most important things to do before investing in a project is to do your own research (DYOR), investigate the website, Twitter, team members, and any other information available to verify the authenticity of a project. In June, Mark Cuban called for DeFi regulation after a DeFi token collapsed from US$65 to US$0.00000003 on him, with others taking a starker position:

Okay I’ll say it since no one else will.

AnubisDAO was a completely meritless project / purely a moneygrab. Stop “investing” in dogshit that was conceived the day prior and maybe you won’t get rugged.
— Evanss6.eth 👘 (@Evan_ss6) October 31, 2021

Crypto News DeFi Gaming Scams Tokens

SQUID Game Token Surged 110,000%, But Buyers Couldn’t Sell It Before Rug Pull?

Post author By Ibiam Wayas
Post date November 2, 2021

The popular Korean Netflix TV series-inspired “play-to-earn” cryptocurrency Squid Game (SQUID) tanked almost 99 percent on November 1 in what is suspected to have been a rug pull. This happened after people who bought the cryptocurrency rained their complaints on the project as a scam, as they were not able to sell on PancakeSwap.

The SQUID token rose more than 110,000 percent since launching last week. Just like the original Squid Game drama, the whitepaper for the cryptocurrency project reads that players can participate in six online games, after which the winners will be rewarded with prizemoney.

The more people join, the larger the reward pool will be […] 10 percent of the entry fee will be sent to the developer’s wallet, and the [remaining] 90 percent will be added to the reward pool for the last winner of the game.
Squid Game whitepaper

This project was not in any way related to Netflix or the producers behind the eponymous Korean TV series, which raised red flags against the SQUID crypto:

Closed Telegram group: ❌❌❌❌
Closed discord: ❌❌❌❌
Blocked Tweets comments: ❌❌❌❌
No founder Linkedin: ❌❌❌❌
CNBC article to pump: ❌❌❌❌

CONFIRMED SCAM@IncomeSharks @jaynemesis
— Crypto Tyrion (@Cryptotyrion) October 29, 2021

Did SQUID Pull the Rug?

As many had warned, the SQUID crypto game was rug-pulled. The price of the token dropped nearly 100 percent from US$2,864 to US$0.005. The website for the crypto game was also taken down at the time of writing. Sadly, a lot of people who invested in the SQUID token are left head-scratching in regret as their funds vanished in a matter of minutes.

Before the crash, CoinMarketCap had warned that investors weren’t able to sell their tokens on PancakeSwap:

We have received multiple reports that the website and socials are no longer functional and the users are not able to sell this token in Pancakeswap […] This project, while clearly inspired by the Netflix show of the same name, is not affiliated with the official IP.
CoinMarketCap

Investors were trapped and some lost everything. The takeaway is to think twice before investing into new meme projects with no utility.

Australia Crypto News Hackers Ransomware Regulation Scams

Australian Police Seize $1.6 Million of Cryptos Acquired Through Stolen Netflix Accounts

Post author By Jana Serfontein
Post date November 2, 2021

The Australian Federal Police (AFP), in collaboration with the US Federal Bureau of Investigation (FBI), has uncovered cryptos and cash to the value of A$1.66 million during an investigation of a convicted Sydney-based hacker. The man was arrested and subsequently ordered by the Supreme Court of New South Wales to forfeit the ill-gotten gains to the Commonwealth, according to the AFP.

Largest Commonwealth Forfeiture of Cryptocurrencies

Evan McMahon, 23, who was convicted earlier this year of selling stolen Netflix and Spotify subscriptions, has been ordered to hand over proceeds in the form of cryptocurrencies and cash to the value of A$1.66 million, of which A$1.2 million are cryptos – the largest forfeiture of cryptos to date in Australia.

A convicted hacker who sold stolen Netflix and Spotify subscriptions has been ordered to forfeit more than $1.66 million in cryptocurrency and cash to the Commonwealth after an Australian Federal Police investigation.https://t.co/XX97jy1pdC
— AFP (@AusFedPolice) October 28, 2021

The court was told McMahon conspired with US accomplice Samuel Joyner to steal the log-in details and passwords of streaming service customers, subsequently selling them online at a cheaper rate. McMahon pleaded guilty to various offences in October 2020 and was sentenced to two years and two months’ imprisonment in April 2021.

The investigation began in 2018 when the FBI passed on information to the AFP about an account generator website called WickedGen that sold stolen account details for online subscription services such as Netflix, Hulu and Spotify.

Following sentencing, the AFP-led Criminal Assets Confiscation Taskforce (CACT) obtained restraining orders over cryptos, PayPal and bank accounts held in false names, which were suspected to be controlled by McMahon.

Australia’s Home Affairs Minister Karen Andrews says the funds will be redistributed to support crime prevention, community safety-related initiatives, and law enforcement. Andrews added:

Good work by the AFP has seen a criminal stripped of their ill-gotten gains, and this money redirected to enhancing the safety and security of communities right around Australia.
Karen Andrews, Minister for Home Affairs

AFP Clamps Down on Cryptos

Many criminal organisations have turned to cryptos in an effort to hide their profits, but authorities are now moving to seize cryptos linked to illegal activities.

In the UK, police recently seized 48 bitcoin from a 16-year-old who ran an operation that scammed thousands of victims after extracting their personal details via a copycat website of gift voucher platform Love2Shop.

In Australia, the AFP has executed a series of an initiatives designed to decentralise organised criminal syndicates away from illegally obtained profits by confiscating cryptocurrencies, designer items, homes and luxury vehicles.

The government recently passed amendments to the Surveillance Legislation Bill, granting the AFP and Australian Criminal Intelligence Commission (ACIC) new powers to surveil, intercept data, and also alter data online.

The Australian government has also mapped out plans to permit the seizure of cryptos amid a 15 percent increase in ransomware attacks. The “Ransomware Action Plan”, released last month by the Department of Home Affairs, outlines several measures in an effort to deter and punish cybercriminals. Part of the plan includes confiscating illicit cryptos.