North Korean crypto hacks down 80% but that could change overnight: Chainalysis

September 15, 2023 Coin Telegraph

chainalysis

Crypto bad actors from the DPRK have stolen $340.4 million in 2023, down from $1.7 billion from the prior year, but that's no reason to feel at ease.

Cryptocurrency stolen by North Korea-linked hackers is down a whopping 80% from 2022 — but a blockchain forensics firm says it isn’t necessarily a sign of progress.

As of Sept. 14, 2023, North Korea-linked hackers have stolen a total of $340.4 million worth of cryptocurrency, down from a record $1.65 billion reported funds stolen in 2022.

*Cryptocurrency funds stolen by North Korean-backed groups between 2016-2023. Source: Chainalysis*

“The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity,” Chainalysis said in a Sept. 14 report. “We must remember that 2022 set a dismally high benchmark.”

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Over the past 10 days, North Korea’s Lazarus Group has been linked to two separate hacks — Stake ($40 million) on Sept. 4 and CoinEx ($55 million) on Sept. 12, combining for a loss of over $95 million.

With the latest two hacks, North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year, noted Chainalysis.

*Funds stolen from North Korean hacking groups vs others between 2016 and 2023. Source: Chainalysis*

North Korea turns to dubious exchanges, mixers

Meanwhile, Chainalysis has found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years.

The firm said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.

United States-sanctioned cryptocurrency mixers Tornado Cash and Blender have also been used by Lazarus Group in the Harmony Bridge hack and other high-profile hacks committed by the group.

We've observed instances of DPRK-linked hackers sending funds to Russian services since 2021. But this year's transfer of $21.9M stolen from Harmony to a high-risk Russian exchange is an escalation of that activity. You can see examples of some of those transactions below. pic.twitter.com/S9cDxlk9Hu
— Chainalysis (@chainalysis) September 14, 2023

The United Nations is making an effort to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

Meanwhile, the firm hopes increased smart contract audits will make life tougher for these hackers.

Magazine: Deposit risk: What do crypto exchanges really do with your money?

India, Nigeria, Thailand top Chainalysis’ 2023 Global Crypto Adoption Index

September 12, 2023 Coin Telegraph

Adoption

Chainalysis’ upcoming Global Crypto Adoption Index indicates that the wider Asia region is driving grassroots adoption of cryptocurrencies.

India, Nigeria and Thailand are ranked as the three top countries in Chainalysis’ 2023 Global Crypto Adoption Index, with lower middle income nations leading the way in grassroots adoption of cryptocurrencies.

The blockchain analytics firm released an excerpt to its annual Index report which shows that central and south Asia and the wider Oceania regions dominate the top of its index, with six of the top ten countries located in this area of the world.

The index highlights that worldwide grassroots cryptocurrency is down as a whole in the wake of the FTX implosion of 2022. However, lower middle income countries identified under the World Bank’s classification of nations by wealth have shown the strongest recovery in grassroots crypto adoption over the past 12 months.

“In fact, LMI is the only category of countries whose total grassroots adoption remains above where it was in Q3 2020, just prior to the most recent bull market.”

Chainalysis goes on to highlight a number of promising aspects that could be derived from this data, highlighting that nations in the the LMI category typically have growing industries and populations and account for more than 40% of the world’s population.

“If LMI countries are the future, then the data indicates that crypto is going to be a big part of that future.”

The excerpt also suggests that institutional adoption driven by organizations in high-income countries is gaining pace despite a prolonged bear market. The report also predicts a potential “bottom up and top down” adoption of cryptocurrencies where these assets serve the needs of users from both high wealth and developing nations.

India remains the largest cryptocurrency market of the region and leads grassroots adoption according to Chainalysis’ index. It has also become the second-largest crypto market by raw estimated transaction volume globally ahead of other major economies.

Chainalysis also notes India’s unique tax deducted at source (TDS) scheme applied to cryptocurrency transactions that requires a 1% tax to be levied for all transactions that must be deducted from the user’s balance at the time of the trade in order for the trade to be completed.

Magazine: How to protect your crypto in a volatile market: Bitcoin OGs and experts weigh in

Hackers behind $41M Stake heist shifts BNB, MATIC in latest move: CertiK

September 12, 2023 Coin Telegraph

Hackers behind M Stake heist shifts BNB, MATIC in latest move: CertiK

Beosin

A total of $4.8 million in funds have now been moved by the hacker to Bitcoin and now Avalanche.

The hackers behind cryptocurrency casino Stake’s $41 million hack have shifted another $328,000 million worth of Polygon (MATIC) and Binance Coin (BNB) tokens — its latest moves following the Sept. 4 exploit, according to blockchain security firm CertiK.

The most recent transfer involved 300 BNB tokens worth about $61,500 to an externally owned address “0x695…” which were then bridged to the Avalanche blockchain on Sept. 11 at 4:09 pm UTC.

Another 520,000 MATIC tokens worth over $266,000 were also moved to Avalanche seven hours earlier at 7:18 am UTC.

#CertiKSkynetAlert

We are seeing a further movement of funds from the Stake exploiter.

520k MATIC was swapped and bridged to Avalanche before being bridged to BTC as per other fund movements from the exploiter.

See more on Skynet https://t.co/Sdsfh29AoF
— CertiK Alert (@CertiKAlert) September 11, 2023

The 520,000 MATIC and 300 BNB — totaling $328,000 — add to the $4.5 million in stolen funds that were bridged to the Bitcoin blockchain (in the form of BTC) on Sept. 7, according to blockchain security firm Arkham.

The total $4.8 million transferred however only represents 1.2% of the total $41 million stolen from the hackers.

Over the past 24 hours, the Hacker has been gradually bridging funds to the BTC Blockchain using a series of new wallets on Polygon and Avalanche.

They have so far bridged $4.5M to BTC addresses, with the remaining $36M still held on ETH/BNB/Polygon. pic.twitter.com/fiMy62ABwL
— Arkham (@ArkhamIntel) September 7, 2023

It is understood the hacker gained access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets to perpetrate the hack on Sept. 4.

The United States Federal Bureau of Investigation believes North Korea’s Lazarus Group was behind the exploit.

Estimated funds lost from hacks, scams passes $1 billion

With $41 million stripped from Stake, the industry’s malicious actors have now taken the cryptocurrency hacks and scams toll to well over $1 billion in 2023.

CertiK previously reported the figure to be $997 million at the end of August, though several attacks in the last two weeks will push the figure over the $1 billion mark.

In September, a cryptocurrency whale lost $24 million in staked Ether (ETH) in a phishing attack on Sept. 6, and Vitalik Buterin’s X (formerly Twitter) account was then compromised on Sept. 9, where the hacker then lured several victims into a nonfungible token scam which totaled $691,000.

The three incidents would take CertiK’s August figure to at least $1.04 billion.

Crypto Hacks And Scams Reach Nearly a Billion Dollars In 2023!

⚔️ThreatSlayer is your security sidekick that keeps you safe! pic.twitter.com/pZmPCdZzP2
— Interlock (@interlockweb3) September 11, 2023

Other recent incidents include Pepe (PEPE) coin’s withdrawal incident which set back investors $13.2 million, Exactly Protocol’s $7.3 million exploit and an exposed security vulnerability on Balancer which did $2.1 million in damage.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Chainalysis Teams Up With Deloitte To Surveil the Blockchain and Help Governments Fight Crime

July 27, 2023 The Daily Hodl

Crypto payment gateway CoinsPaid suspects Lazarus Group in $37M hack

July 27, 2023 Coin Telegraph

Crypto payment gateway CoinsPaid suspects Lazarus Group in M hack

chainalysis

CoinsPaid said it is now working with Estonian law enforcement and several blockchain security firms are assisting to minimize the impact of the July 22 exploit.

Cryptocurrency payments platform CoinsPaid has pointed the finger at North Korean state-backed Lazarus Group as being behind the hacking of its internal systems, which allowed them to steal $37.3 million on July 22.

“We suspect Lazarus Group, one of the most powerful hacker organisations, is responsible,” CoinsPaid explained in a July 26 post.

While CoinsPaid didn’t explain how the money was stolen exactly, the incident forced the firm to halt operations for four days.

CoinsPaid is back to processing after being hit by a hacker attack. Сlient’s funds were not affected and are fully available.

More details in our blog: https://t.co/XukI4ZTTLw pic.twitter.com/XjkKjjsluE
— CoinsPaid (@coinspaid) July 26, 2023

CoinsPaid confirmed that operations are back up and running in a new, limited environment.

The firm added that customer funds remain intact but considerable damage was done to the platform and the firm’s balance sheet.

Despite the huge exploit, CoinsPaid believes the cybercrime organization were chasing a much larger sum:

“We believe Lazarus expected the attack on CoinsPaid to be much more successful. In response to the attack, the company's dedicated team of experts has worked tirelessly to fortify our systems and minimize the impact, leaving Lazarus with a record-low reward.”

CoinsPaid filed a report with Estonian law enforcement three days after the hack to further investigate the exploit. In addition, several blockchain security firms such as Chainalysis, Match Systems and Crystal assisted in CoinsPaid’s preliminary investigation over the first few days.

The firm’s CEO, Max Krupyshev is confident that the Lazarus Group will be held accountable for their actions.

“We have no doubt the hackers won’t escape justice.”

Blockchain security firm SlowMist believes the CoinsPaid hack may be linked to two recent hacks in Atomic Wallet and Alphapo, which were exploited to the tune of $100 million and $60 million respectively.

MistTrack Update

Recently, the crypto community has been stirred by a sequence of incidents involving @coinspaid, @AtomicWallet, and Alphapo.

A veneer of mystery shrouds these incidents, yet there's a possibility that Lazarus might be behind them all! pic.twitter.com/ppxRk3xtUh
— MistTrack️ (@MistTrack_io) July 26, 2023

Lazarus Group targeting crypto devs

Online coding platform GitHub believes — with “high confidence” — that Lazarus Group is conducting a social engineering scheme targeted at workers in the cryptocurrency and cybersecurity sectors.

According to a July 26 post by cybersecurity platform Socket.Dev, Lazarus Group’s objective is to lure in these professionals and compromise their GitHub accounts with malware-infected NPM packages to infiltrate their computers.

The cybersecurity platform said the first point of contact is often on a social media platform like WhatsApp, where the rapport is built before the victims are led to clone malware-laden GitHub repositories.

Socket.Dev urged software developers to review repository invitations closely before collaborating and to be cautious when abruptly approached on social media to install npm packages.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Deloitte, Chainalysis alliance to give law enforcement a crypto edge

July 26, 2023 Coin Telegraph

Alliance

Big Four accounting firm Deloitte said the partnership could help authorities identify and take down bad actors hiding "behind the keyboard."

Professional services giant Deloitte is set to boost its clients’ blockchain-tracking capabilities following a strategic alliance with crypto analytics firm Chainalysis.

Announced during a Chainalysis conference in Washington DC on July 25, the tie-up will see Chainalysis’ blockchain datasets, analytics software and training programs assist Deloitte’s clients with their crypto forensic, investigative and compliance needs.

A Chainalysis spokesperson told Cointelegraph that the alliance had been in the works for years, with the aim of helping more organizations to adopt blockchain technology.

Our alliance with @Deloitte, announced today at #TraceDC, will provide public and private organizations with bespoke solutions and specialized services related to risk, compliance, and investigations. Read more:https://t.co/NqbPPA6HYb pic.twitter.com/I48lKhhInb
— Chainalysis (@chainalysis) July 25, 2023

Thomas Stanley, president and chief revenue officer of Chainalysis said the collaboration is aimed at their mutual clients, including law enforcement agencies, regulators and financial institutions.

"We’re starting with a focus on regulators, law enforcement, and financial institutions given where they are at in their adoption of this technology and the unique overlap of our customer base," the spokesperson added, noting that it will be introduced United States first.

"We're initially rolling this out in the United States, but it is something that other markets can readily adopt. It’s our belief that other global markets will follow suit."

In a document outlining the alliance, Deloitte said some of the challenges faced by government agencies include when cryptocurrencies are used to obfuscate transactions and launder the proceeds of crime, while the international regulatory landscape creates difficulty obtaining information from foreign exchanges.

Some of the challenges government agencies face when it comes to crypto. Source: Deloitte

Deloitte said the partnership with Chainalysis could help “identify the actors behind the keyboard and effectively prosecute them,” including tracing the flow of funds to high-risk or sanctioned entities.

“Chainalysis will work with Deloitte’s blockchain and digital assets practice across cryptocurrency and digital asset risk, analytics, investigation, anti-money laundering/know your customer (AML/KYC), and regulatory compliance,” added Chainalysis.

Deloitte, known as one of the world’s Big Four accounting firms, recently posted over 300 job listings for cryptocurrency-related roles, 97 of which were based in the United States.

In late February, Deloitte announced a partnership with Web3 platform Vatom to provide immersive experiences to different industries, from using virtual reality for events, meetings and employee training to brands focused on building community engagement with metaverse experiences.

Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers

Crypto Scam Revenue Down 77% Year-on-Year, but Ransomware Surges in the First Half of 2023: Chainalysis

July 14, 2023 The Daily Hodl

Crypto scams are down 77% — but this exploit is making a huge comeback

July 12, 2023 Coin Telegraph

Andrew J. Davis

Attackers of this kind are supposedly "big game hunting” large-scale organizations with deep pockets to extract ”the most money possible” out of these firms.

Cryptocurrency scams have fallen a massive 77% from $3.3 billion to $1.1 billion over the first six months of 2023, according to a recent report by blockchain intelligence firm Chainalysis.

The catch, though, is that ransom attacks are back in trend, with perpetrators pocketing 62.4% more revenue than the first six months of 2022.

On July 12, Chainalysis released its Mid Year Crypto Crime report, noting it’s the second consecutive year that scam revenue has trended downwards.

The firm observed that historically, scam revenue increases in bull markets — but that hasn’t been the case so far in 2023:

“Usually, positive price movements translate to higher scam revenue, likely because increased market exuberance and FOMO make victims more susceptible to scammers’ pitches. But 2023’s drastic scam decline bucks that long-standing trend.”

Inflows into known illicit entities fell 65% over the first six months of 2023 compared to the same timeframe last year, while inflows to risky entities — such as cryptocurrency mixers and high-risk exchanges — fell 42%.

While Chainalysis partially attributed the drop to decreasing transaction volumes, it explained that illicit inflows have fallen at a faster rate:

“Transaction volumes are down across the board, but declines are much less severe for legitimate services, which have seen just a 28% drop in inflows.”

*Cumulative flows for legitimate, risky and illicit services from January 1 to June 30 for 2020-2023. Source: Chainalysis.*

Kim Grauer, director of research at Chainalysis told Cointelegraph that past scam victims may also be becoming more “scrupulous” with their investment decisions and, as a result, may no longer be falling for the bait thrown out by scammers. This may also be contributing to the fall in scam revenue.

“It’s entirely possible that scam victims have learned to be more scrupulous,” the firm said. “It’s also likely that government and industry awareness campaigns, as well as media reporting, has helped educate people on the risks of scamming.”

Chainalysis warned that artificial intelligence tools may increasingly be used to promote scams through the use of deepfakes, among other things.

“Given the growing prominence of romance and pig butchering scams, one thing to look out for is the use of AI to increase effectiveness and scale, since those scams are largely text-based.”

Hacks also fell by $1.1 billion from the first six months of 2022, according to Chainalysis.

Ransom perpetrators are ‘big game hunting’ deep pocketed firms

Not everything has improved across the board, however. Ransomware revenue increased 62.4% to $449.1 million in the first half of 2023. through June.

The reason, according to Chainalysis, is that attackers are now “big game hunting” large-scale organizations with deep pockets to extract ”the most money possible” out of firms willing to pay up.

“Why the reversal in fortunes? For one thing, big game hunting — that is, the targeting of large, deep-pocketed organizations by ransomware attackers — seems to have bounced back after a lull in 2022.”

These attackers are on track for their second-biggest year ever, trailing 2021’s full year figure of $940 million by 4.6%.

*Cumulative flows for ransomware revenue from January 1 to June 30 for 2022 and 2022. Source: Chainalysis*

Chainalysis quoted Risk Officer Andrew J. Davis of cybercrime consulting firm Kivu said the decrease in 2022 could be attributed to stronger cybersecurity practices and new laws that impose stricter sanctions against paying ransoms.

As a result, ransom attackers are now likely trying to ”squeeze the most money possible” out of firms willing to pay ransoms, Davis added.

Chainalysis added payment sizes extracted by the largest perpetrators have increased substantially.

The United Nations Office on Drugs and Crime unit found in October 2021 that ransoms take place every 11 seconds around the world, which resulted in a total damage cost of $20 billion in 2021 alone.

Cybersecurity Ventures predicted in June that ransomware will cost its victims $265 billion annually by 2031.

Chainalysis noted that all figures are a “lower bound estimate” and that illicit and risky transaction volume will likely increase over time as new illicit activity is found.

In addition, the data doesn’t include crime where cryptocurrency is used as a mode of payment.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Multichain’s ‘mysterious withdrawals’ have whiffs of a ‘rug pull’ — Chainalysis

July 11, 2023 Coin Telegraph

chainalysis

Chainalysis told Cointelegraph that they were “describing it as a possible rug pull,” based on an analysis of Multichain’s spurious transactions and internal problems.

The multi-million dollar exploit of cross-chain bridge protocol Multichain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.

“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the firm wrote in a July 10 blog post.

The exploit has so far resulted in the loss of more than $125 million.

On July 6, @MultichainOrg experienced unusually large, unauthorized withdrawals, resulting in losses of more than $125M. It’s one of the biggest #crypto hacks on record.

Read on to learn what we know so far: https://t.co/ib2K6sIrID pic.twitter.com/BBY3iU75oB
— Chainalysis (@chainalysis) July 10, 2023

However, Chainalysis believes the exploit may have been the result of administrator keys being compromised, which some suggest means it couldy have been an “inside job.”

*Blockchain security firm SlowMist has also previously suggested the same. Source: Twitter*

In a statement to Cointelegraph, a spokesperson for Chainalysis confirmed the firm is “describing it as a possible rug pull.”

Multichain’s smart contracts use a multi-party computation (MPC) system, which is similar to a multi-signature wallet, the firm explained.

“It is possible that the attacker gained control of Multichain’s MPC keys in order to pull off this exploit,” Chainalysis said before adding:

“While it’s possible those keys were taken by an external hacker, many security experts and other analysts think this exploit could be an inside job or rug pull, due in part to recent issues suffered by Multichain.”

Chainalysis said the most obvious example of these internal issues was the disappearance of Multichain's CEO, known as “Zhaojun,” in late May. The platform also suffered delayed transactions and other technical problems resulting in Binance ending support for several of its bridged tokens on July 7.

Cointelegraph reached out to Multichain for a response to the claims but had not heard back at the time of publication.

Meanwhile, blockchain sleuths have reported more spurious Multichain token movements over the past few hours. The abnormal outflows were the Multichain Executor address draining anyToken addresses across several chains, they reported.

The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA pic.twitter.com/gqDaXMBl96
— Spreek (@spreekaway) July 10, 2023

On July 8, stablecoin issuers Circle and Tether froze more than $65 million in assets tied to the Multichain exploit.

Chainalysis commented that it was interesting that the exploiter “did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company.”

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Atomic Wallet gives major update on hack but questions remain unanswered

June 22, 2023 Coin Telegraph

Atomic Wallet

The statement is the first major update from the wallet provider since the exploit in early June, but users are still in the dark about the actual cause.

Atomic Wallet users have been left wanting more answers, despite the decentralized wallet provider finally releasing a full "event statement" about the June exploit — which some estimate has run up to $100 million in losses.

In a June 20, blog post — the first major update from the firm since the June 3 exploit — Atomic Wallet claimed there have been no new confirmed cases after initial reports of the hack.

It has reiterated that “less than 0.1%” of app users were affected. Atomic Wallet has made the claim at least once before in a now-deleted June 5 tweet. The figure is still rebuffed by many online.

June 3rd event Statement. To summarise, less than 0.1% of Atomic app users have been affected. Since then, no new cases have been reported.

None of the possible issues are confirmed as potentially causing massive breaches, at least in the latest app versions. Builds are verified… pic.twitter.com/YTcOFpo3M3
— Atomic - Crypto Wallet (@AtomicWallet) June 21, 2023

Atomic Wallet didn’t point to what exactly led to the exploit, only laying out the four most “probable” causes, including a virus on user devices, an infrastructure breach, a man-in-the-middle attack or malware code injection.

However, none of these scenarios “are confirmed as potentially causing massive breaches," said Atomic Wallet, while adding its “security infrastructure has been updated.”

Additionally, Atomic Wallet said an app update to boost security is being worked on, which is verified “by external auditors.”

However, questions have been swirling around certain aspects of the June 20 statement.

Former smart contract audit head at cybersecurity firm Hacken, Yevhenii Bezuhlyi, asked who the mentioned “external auditors” are and where users can find their statements.

Ouriel Ohayon, the CEO of rival wallet provider ZenGo asked why Atomic Wallet needed to update its security infrastructure and what happened for it to undertake such a measure.

“Our security infrastructure has been updated.”

why did you need to update it? what happened?
— Ouriel @ZenGo (@OurielOhayon) June 21, 2023

Others highlighted the wide array of probabilities posed by the firm as evidence it was no closer to understanding how the exploit took place.

Atomic Wallet said it can see the laundering and mixing of user funds, most of which remain traceable. It's engaged the help of blockchain analytics firms Chainalysis and Crystal Blockchain. It said that the investigation is still ongoing.

Chainalysis told Cointelegraph it can't comment on its work or findings relating to Atomic Wallet.

Cointelegraph contacted Atomic Wallet for clarity on aspects of its statement. Crystal Blockchain was also contacted for comment on its findings related to Atomic Wallet.

Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers

chainalysis

North Korea turns to dubious exchanges, mixers

Estimated funds lost from hacks, scams passes $1 billion

Lazarus Group targeting crypto devs

Ransom perpetrators are ‘big game hunting’ deep pocketed firms

Share this video