Crimeware-as-a-service: A new threat to crypto users

January 13, 2025 Coin Telegraph

caas

Crimeware-as-a-service fuels cybercrime in crypto. Explore its impact, tactics used and key steps to safeguard your wallets and transactions.

Crimeware-as-a-service (CaaS) involves experienced criminals selling their tools and services to less experienced offenders for a price. This model resembles software-as-a-service (SaaS), where the provider gives access to the software to the subscriber. In the case of crimeware-as-a-service, the SaaS model has reshaped itself in the context of cybercrime.

In the early days of cybercrime, cybercriminals mostly worked alone or in small groups, playing with technology and trying to sneak into people’s bank accounts or emails for personal gains and fun. Criminals generally used email to send viruses and commit scams.

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

Canadian police praise Tether for ‘swift’ recovery of stolen funds

November 8, 2024 Coin Telegraph

Asset Freeze

The stablecoin firm previously came under fire from Wyoming Senator Cynthia Lummis for allegedly facilitating illicit finance activities.

The Ontario Provincial Police (OPP) thanked stablecoin issuer Tether for its assistance in aiding an investigation by freezing approximately 10,000 Canadian dollars ($7,186) in Tether stablecoins stolen from an individual, which has since been returned to the victim.

Tether worked alongside the OPP’s Cyber Investigations Team to recover the funds, and following the successful operation, Addison Hunter — detective staff sergeant of the OPP — remarked:

Tether CEO Paolo Adoino also highlighted the company’s commitment to “Supporting law enforcement efforts to combat cybercrime,” and will continue to work with law enforcement officials worldwide to “Hold bad actors accountable and, ultimately, support the victims.”

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

North Korean hacker BlueNoroff targets crypto firms with new malware

November 8, 2024 Coin Telegraph

BlueNoroff

According to cybersecurity firm Recorded Future, North Korean hacker groups have stolen approximately $3 billion in funds since 2017.

BlueNoroff, the infamous North Korean hacker group responsible for a string of phishing and cybersecurity attacks since 2019, is targeting crypto firms with a new malware that attacks MacOS computers.

According to a report from SentinelLabs, the malware operation nicknamed “Hidden Risk” is spread through PDF files in multiple stages. The threat actors use fake news headlines and legitimate crypto market research to lure in unsuspecting individuals and companies.

Once the user downloads the PDF file, a seemingly legitimate decoy PDF is downloaded and opened, while the malware downloads as a separate file on the MacOS desktop in the background.

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

US gov files complaints to seize assets from North Korean hackers

October 7, 2024 Coin Telegraph

Coin Telegraph

According to PeckShieldAlert, losses from crypto hacks and exploits accounted for over $120 million in losses during September 2024.

The United States government filed two legal complaints on October 4, 2024, to begin seizing more than $2.67 million in digital assets stolen by the North Korean Lazarus hacking group.

According to the legal filings, the US government seeks to recover approximately $1.7 million in Tether (USDT) stolen by the organization in the 2022 Deribit hack — which left the options exchange drained of $28 million.

Once the hackers successfully breached a Deribit hot wallet, they passed the funds through the Tornado Cash mixer and several Ethereum (ETH) addresses in an attempt to avoid detection.

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

DHS says it thwarted more than 500 crypto ransom attacks in 3 years

October 7, 2024 Coin Telegraph

chainalysis

The US Department of Homeland Security reported that it has disrupted hundreds of ransom attacks since its formation in 2021.

United States Department of Homeland Security investigators say they’ve thwarted hundreds of ransomware cyberattacks, often before they occurred, and have seized billions of extorted crypto since 2021.

US agencies were the top targets, accounting for 21% of the disrupted hacks, more than any business sector, Mike Prado, the deputy assistant director of the Homeland Security Investigations (HSI) Cyber Crimes Center, told Bloomberg in an Oct. 4 report.

The division has disrupted 537 ransomware attacks since it was formed in 2021 and has traced and seized $4.3 billion worth of crypto from exchanges and hackers’ devices that had been stolen through extortion payments.

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

US Targets Lazarus Group and APT38 in $879M Crypto Forfeiture Complaint

October 7, 2024 Bitcoin.com

APT38

Offshore Alert reporter David Marchant disclosed the United States has initiated two forfeiture complaints related to previously confiscated bitcoin (BTC) and tether (USDT), alleging that these funds were snatched by the notorious North Korean hacking groups Lazarus Group and Advanced Persistent Threat 38 (APT38). These cyber hacking syndicates are known for their operations to fund […]

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

4 Arrests, Sanctions Follow Global Operation Against Lockbit Group

October 5, 2024 Bitcoin.com

bitcoin.com

Europol and multiple countries have taken a significant step against the notorious Lockbit ransomware group with four key arrests and international sanctions. A collaborative effort between France, the UK, and Spain led to the detainment of critical individuals, including a developer and a hosting administrator. The operation is part of a larger international crackdown known […]

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

DOJ Charges 21-Year-Old in $37M Cyber Intrusion and Crypto Heist

October 4, 2024 Bitcoin.com

DOJ Charges 21-Year-Old in M Cyber Intrusion and Crypto Heist

bitcoin.com

A 21-year-old from Indiana has pleaded guilty to cyber intrusion and cryptocurrency theft in a massive scheme targeting hundreds of victims. His actions involved stealing personal data and cryptocurrency worth over $37 million, with law enforcement crediting significant investigative efforts for his capture. FBI Cracks Global Cryptocurrency Theft Network The U.S. Department of Justice (DOJ) […]

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

Polymarket users complain of mysterious Google login wallet attacks

September 29, 2024 Coin Telegraph

Coin Telegraph

The attacker used a “proxy” function to swipe victims’ USDC balances, but only a small number of Google login users have been affected.

Some users of the Polymarket prediction market app are complaining that their wallets were mysteriously drained after they logged in via their Google accounts.

After making deposits, users found that their wallets were wiped out, leaving a balance of zero. The attacks have not occurred against users that relied on wallet browser extensions such as MetaMask or Trustwallet.

Cointelegraph spoke to two victims of the attacks. The first victim identified himself by the Discord username, “HHeego,” and claimed to be the owner of a Polymarket account whose address ends in C3d4.

Worldcoin (WLD), SPX6900 (SPX) and Three Under-the-Radar Altcoins Flashing Bearish Signal: Santiment

User loses $32 million spWETH in a sophisticated phishing attack

September 28, 2024 Coin Telegraph

User loses million spWETH in a sophisticated phishing attack

Coin Telegraph

According to crypto security firm Scam Sniffer, 9,145 users were victims of phishing attacks during August 2024, losing funds as a result.

A wallet ending in "e57" fell prey to a sophisticated phishing attack on Sept. 27 that left the wallet drained of 12,083 Spark Wrapped Ethereum tokens (spWETH), valued at $32 million.

According to security firm CertiK, 10,000 spWETH, valued at approximately $26 million, was initially sent to a wallet beginning with "0x471c." A portion of these funds was subsequently transferred to 4 additional wallets.

1,750 Ether (ETH) was transferred to a wallet beginning with the characters "0x105c", 2,613 ETH was sent to a wallet starting with "0x278d", an additional 3,730 ETH to an address beginning with "0x408d", and, finally, approximately 1,865 ETH was transferred to an address beginning in "0xfaf2."

Cybercrime