1. Home
  2. Ransomware


Breaking: Europol seizes $46M from crypto mixer after $2.88B allegedly laundered

Law enforcement officials allege that ChipMixer laundered 152,000 BTC ($2.88 billion) over the past five years.

According to The European Union Agency for Law Enforcement Cooperation, commonly known as Europol, on March 15, the agency seized assets of cryptocurrency mixer ChipMixer for its alleged involvement in money laundering activities. Total assets seized include 1,909.4 Bitcoin (BTC) in 55 transactions amounting to 44.2 million euros ($46 million). Decentralized finance analyst ZachXBT previously alleged on Nov. 25, 2022, that the hacker(s) of defunct cryptocurrency exchange FTX laundered 360 BTC ($5.9 million) using ChipMixer after an $372 million exploit

ChipMixer website after law enforcement seizure. Source: Europol

In addition, the ChipMixer website has been shut down after authorities seized four servers hosting the application. Europol claims that the application laundered over 2.73 billion euros since its inception in 2017. According to law enforcement officials:

“ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, was specialised in mixing or cutting trails related to virtual currency assets. The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities."

The investigation and subsequent enforcement was coordinated by the Belgian Federal police, the Federal Criminal Police Office of Germany, the Central Cybercrime Bureau of Poland, the Cantonal Police of Zurich Switzerland, the U.S. Federal Bureau of Investigation, the U.S. Department of Homeland Security, and the U.S. Department of Justice. Law enforcement stated that "a large share of this is connected to darkweb markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets."  Deposited funds in ChipMixer would be turned into “chips," or small tokens with equivalent value, which were then mixed together to anonymize the initial trail of funds.  

"Ransomware actors such as Zeppelin, SunCrypt, Mamba, Dharma or Lockbit have also used this service to launder ransom payments they have received. Authorities are also investigating the possibility that some of the crypto assets stolen after the bankruptcy of a large crypto exchange in 2022 were laundered via ChipMixer."

Europol facilitated the information exchange between national authorities for the operation. The entity said it "also provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through operational analysis, crypto tracing, and forensic analysis."

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Russia-Ukraine war: How both sides of the conflict have used crypto to win

While tens of millions worth of crypto were donated to Ukraine in the last year, pro-Kremlin groups have also leveraged digital currencies to buy military supplies and spread propaganda.

In the Russia-Ukraine war, both sides of the conflict have been leveraging cryptocurrencies to achieve the upper hand. 

Pro-Ukraine causes have collected around $200 million from crypto donations, showing how borderless and uncensorable money could be useful in time of emergency. 

But the Russian side has taken advantage of crypto too: a total of about $5 million was raised by pro-Kremlin groups and propaganda outlets in the course of the invasion, as revealed by a recent Chainalysis report. These entities are small grassroot organizations that have used crypto to bypass western financial sanctions. 

“We're really looking at individual actors. So somebody who's on the front, somebody who's trying to help provide more military resources to the front [...] things like bulletproof vests or drones,” explained Andrew Fierman, head of Sanctions Strategy at Chainalysis and one of the authors of the report.

But those numbers don’t take into account ransomware attacks: As shown in Chainalysis data, in the course of 2022, over $450 million were paid to these entities, the majority of which were believed to be based in Russia. Some of them, like the cybercriminal group Conti, have openly supported the Russian government in its war effort.

“When it comes to ransomware payments, a lot of the time bad actors have some sort of political agendas behind what they're doing,” Fierman pointed out.

To find out more about the impact of crypto in the Ukrainian conflict and how Russia leveraged it to promote its cause, check out the full interview on our YouTube channel and don’t forget to subscribe!

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Russian Darknet Markets, Ransomware Groups Thrive Despite Sanctions, Report

Russian Darknet Markets, Ransomware Groups Thrive Despite Sanctions, ReportRussian marketplaces on the dark web have continued to operate despite Western sanctions and efforts to shut them down, according to a report accessing the illicit blockchain space amid the world’s “first crypto war.” Ransomware actors and high-risk crypto exchanges have also remained active. Underground Russian Crypto Platforms Adapting to Disruptions Caused by Ukraine War […]

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Crypto investors under attack by two new malware, reveals Cisco Talos

Since Dec. 2022, the two malicious files — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors.

Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment. 

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The victims of this campaign are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.

Victimology of the malicious campaign. Source: Cisco Talos

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learn how to keep crypto assets safe.

Related: US Justice Department seizes website of prolific ransomware gang Hive

On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.

Total value extorted by ransomware attackers between 2017 and 2022. Source: Chainalysis

While revealing the information, Chainalysis noted that the figures don’t necessarily mean the number of attacks is down from the previous year.

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Russian Charged With Laundering Ransomware Proceeds in Crypto Pleads Guilty in US

Russian Charged With Laundering Ransomware Proceeds in Crypto Pleads Guilty in USA Russian national accused of processing cryptocurrency payments from ransomware attacks has pleaded guilty to money laundering in the United States. The man who was extradited from the Netherlands in mid-August, last year, will be sentenced in April. Russian Crypto Launderer Pleads Guilty in US Court, May Get Up to 20 Years in Prison An […]

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

How to protect against crime in the metaverse

To protect against crime in the metaverse, take precautions, such as using secure passwords, and report suspected criminal activities to law enforcement.

How to protect yourself in the metaverse

To protect yourself in the metaverse, use strong passwords, be cautious of suspicious activity, and limit the amount of personal information shared online.

Here are some ways to protect yourself in the metaverse:

  • Use strong and unique passwords: Create secure passwords utilizing a variety of letters, numbers and symbols and steer clear of using the same one for many accounts.
  • When disclosing personal information, exercise caution: Be cautious when sharing information online and be on the lookout for unauthorized requests for personal information.
  • Utilize two-factor authentication: To further secure your accounts, use two-factor authentication.
  • Update your hardware and software: To guard against any vulnerabilities, make sure to keep your software and devices up to date with the most recent security upgrades.
  • Report suspicious activity: Inform the proper authorities or the platform’s moderation team of any questionable activity or behavior.
  • Pay attention to phishing attempts: To deceive you into revealing personal information or login passwords, you should be on the alert for phishing attempts.
  • Use a virtual private network (VPN), if possible: When entering the metaverse, use a VPN to secure your internet connection and safeguard your personal data.
  • Set privacy preferences: Utilize the privacy settings and tools offered by the metaverse platforms to control how much of your personal information is exposed to others.
  • Be aware of the potential sexual harassment: Take precautions to shield yourself from offensive or unwanted behavior by being aware of the possibility of sexual harassment in the metaverse.
  • Beware of scammers: Criminals may try to fool you by using social engineering, making up identities or impersonating.

By being mindful of the hazards and cautions in virtual reality worlds, users can take further precautions to protect themselves. This can entail being watchful with the data they disclose online, exercising caution when speaking to strangers and blocking or reporting any individuals who engage in inappropriate behavior.

Are there any sexual harassment risks in the metaverse?

In virtual worlds, people may feel empowered to engage in unethical or criminal behavior, such as sexual harassment, due to the anonymity and lack of oversight by law enforcement agencies.

In the metaverse, sexual harassment can take many forms, including:

  • Virtual sexual assault: Sexual propositions, unwanted touching and other unwanted physical contacts could all constitute virtual sexual assault.
  • Online sexual harassment: Online sexual harassment may take the form of sending unwelcome sexually suggestive messages, exchanging inappropriate or sexually explicit photographs, or making vulgar remarks.
  • Cyberstalking: This can involve persistently sending unwelcome messages or following someone online with the intention of intimidating or harassing them.
  • Non-consensual sharing of intimate images: Sharing intimate photos or films of someone without their consent is referred to as non-consensual sharing of intimate photographs or revenge porn.
  • Online grooming: This may involve adults pursuing children or other vulnerable individuals in virtual spaces with the intention of sexually exploiting them.

Metaverse users should report any instances of sexual harassment to the relevant authorities, and metaverse companies should have strong policies in place to handle and prevent it.

What financial crimes occur in the metaverse?

Money laundering, fraud and asset theft are all types of financial crimes that can cost people and virtual communities a lot of money in the metaverse.

The use of cryptocurrencies to conceal the proceeds of criminal activity, such as the sale of illegal narcotics or weapons, by hiding the source and ownership of the money through a convoluted web of transactions is an example of money laundering in the metaverse.

A Ponzi scheme is an example of financial fraud in the metaverse, which involves the use of virtual goods or money to trick investors into thinking that their money is being put toward a successful project when, in reality, the returns are being paid from the contributions of new investors rather than from any genuine business gains. Moreover, criminals may use the metaverse to conduct financial transactions that are not reported to tax authorities in order to evade taxes.

Criminals may also utilize hacking methods to steal users’ confidential financial data in the metaverse. Similarly, criminals may use the metaverse to conduct cyberextortion, which is a type of digital blackmail in which a criminal demands payment in exchange for withholding sensitive information or data.

These are only a few instances of how metaverse users are targeted by cybercriminals; therefore, it’s crucial to be aware of these threats and take precautions to safeguard your information. One can do this by using two-factor authentication and strong passwords, being cautious about unsolicited requests for personal information, and making sure their software and devices are up-to-date with the most recent security patches.

How do cybercriminals target the metaverse?

By taking advantage of flaws in virtual systems and user behavior, such as malware infections, phishing scams and illegal access to personal and financial information, cybercriminals prey on the metaverse.

Cybercriminals may target the metaverse in a variety of ways, including:

  • Phishing scams: Thieves may employ phishing techniques to deceive victims into disclosing personal information or login credentials, which can then be used for identity or data theft or other unlawful acts.
  • Hacking: To steal money or personal information, criminals may try to hack into user accounts or metaverse platforms.
  • Malware: To access sensitive data or carry out illicit operations, criminals may use malware to infect virtual environments or devices that support the metaverse.
  • Frauds: Criminals may leverage the anonymity and lax regulation of the metaverse to carry out scams such as Ponzi or pyramid schemes.
  • Ransomware: Thieves may use ransomware to encrypt a user’s digital possessions or personal data before requesting payment in exchange for the decryption key.
  • Exploiting virtual goods and assets: Cybercriminals may use bots or other tools to buy virtual goods and assets, which they then sell on the black market for real money. 
  • Creating fake digital assets: Criminals may make false virtual assets and sell them to unwary buyers, causing the victims to suffer financial loss.
  • Social engineering: Thieves may take advantage of the metaverse’s social elements to win over people’s trust before defrauding them.

Related: How are metaverse assets taxed?

The “Crypto Crime Cartel” case is one real-world instance of cybercrime in the metaverse. In 2020, it was discovered that a group of cybercriminals had been working in the metaverse, more specifically in the online community of Second Life.

They tricked customers into submitting log-in and personal information via a phishing scam, which they then utilized to steal virtual money and digital assets. The group also perpetrated identity theft and other financial crimes in the real world using the stolen information. Money-laundering crypto criminals were successful in stealing digital assets and currencies worth millions of dollars.

This example demonstrates how cybercriminals might use the anonymity and lax regulation of the metaverse to carry out unlawful acts. It emphasizes the significance of exercising caution when using virtual worlds and taking precautions to safeguard private data and digital assets, such as using strong passwords, being wary of unsolicited requests for personal information and notifying the appropriate authorities of any suspicious activity.

The Decentral Games hack is just another instance of financial crime in the metaverse. A group of hackers attacked Decentral Games, a well-known metaverse gaming site built on the Ethereum blockchain, in 2021 by taking advantage of a flaw in the smart contract. They were able to steal Ether (ETH) and other cryptocurrencies valued at more than $8 million from users of the network.

This illustration shows how susceptible smart contracts and decentralized systems can be to hackers and other sorts of cyberattacks. It also demonstrates how a lack of oversight and regulation in the crypto and metaverse industries can make it simpler for criminals to commit cybercrimes and steal substantial sums of money.

What is the dark side of the metaverse?

The metaverse has the potential to alter the way we interact and engage with one another and technology. However, there are also possible drawbacks and risks, just like with any new technology. Potential problems with privacy, security and legislation are part of the metaverse’s negative side.

One of the main issues with metaverse platforms is privacy. People may disclose more sensitive data and personal information in the metaverse, increasing the risk of hacking and data breaches. Furthermore, there may be less supervision and regulation over how businesses gather and use this data, which might result in the misuse of personal data.

Being a virtual environment, the metaverse is open to various security risks, including hacking, intellectual property theft and misuse of user data that can lead to the loss of personal data, financial harm and damage to the reputation and stability of virtual communities. For instance, the metaverse may be used by criminals to commit additional crimes, propagate malware or steal personal data.

Regulation is another issue because the metaverse is a young and rapidly changing environment. Governments and other institutions can find it difficult to keep up with technology and lack the resources or tools necessary to govern it successfully. This absence of oversight may result in problems like unlawful activity and hazardous content.

However, it is also unclear how society will be affected by the metaverse because it is a brand-new area that is developing quickly. While some experts assert that technology will create more options for community and connection, others counter that it will just increase social alienation and isolation.

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Hive Ransomware Network Dismantled by American, European Law Enforcement

Hive Ransomware Network Dismantled by American, European Law EnforcementLaw enforcement authorities from over a dozen countries in Europe and North America have taken part in disrupting the activities of the Hive ransomware group, the U.S. Justice Department and Europol announced. Hive is believed to have targeted various organizations worldwide in the past couple of years, often extorting payments in cryptocurrency. Captured Decryption Keys […]

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

US Justice Department seizes website of prolific ransomware gang Hive

The group is known to have targeted critical infrastructure and healthcare providers, extorting $100 million from victims worldwide.

According to sources from the U.S. Department of Justice on Jan. 26, international law enforcement groups have dismantled the infamous Hive cryptocurrency ransomware gang and recovered over 300+ decryption keys to victims since July 2022. Officials raise the example of one incident where a Hive ransomware attack on a Louisiana hospital was thwarted by law enforcement, saving the victim from a $3 million ransom payment.

Ghost servers were reportedly seized Wednesday night in an international law enforcement effort to track ransom payments, seize them back to victims, and dismantle the network's infrastructure. The organization had been infiltrated by undercover agents since July 2022.

Hive network Dark Web address has been taken down by law enforcement | Source: Twitter

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Bitzlato Executives Arrested in Europe, Exchange Laundered €1 Billion, Europol Says

Bitzlato Executives Arrested in Europe, Exchange Laundered €1 Billion, Europol SaysEuropean law enforcement authorities have detained four more members of the executive team of crypto exchange Bitzlato, Europol announced. According to the police agency, nearly half of the funds processed through the platform were associated with various criminal activities. Bitzlato Senior Management Targeted in Europe, Exchange Infrastructure Dismantled High-ranking executives of the recently busted Bitzlato […]

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

Enforcement goes on with Bitzlato action — Law Decoded, Jan. 16-23.

Anatoly Legkodymov, the founder of China-based crypto firm Bitzlato, was arrested under suspicion of money laundering related to illicit Russian finance.

The good news of the last week is that Bitcoin (BTC) continued to review, making around 10% up from Jan.16 to Jan. 23. But it has yet to change a worrying trend of crypto companies making headlines due to their troubles with the law. 

The United States Department of Justice launched a “major international cryptocurrency enforcement action” against China-based crypto firm Bitzlato and arrested its founder, Anatoly Legkodymov. The enforcers consider Bitzlato to be a “primary money laundering concern” connected to Russian illicit finance. While the exchange attracted little attention until the DOJ action, it had received $206 million from darknet markets, $224.5 million from scams, and $9 million from ransomware attackers.

The United States Financial Crimes Enforcement Network (FinCEN) states the Binance cryptocurrency exchange was among the “top three receiving counterparties” of Bitzlato in terms of Bitcoin transactions. However, it doesn’t mention Binance among the top sending counterparties to the malevolent exchange.

The United States Securities and Exchange Commission (SEC) has followed the Commodity Futures Trading Commission (CFTC) in filing parallel charges against the crypto user allegedly behind a multimillion-dollar exploit of decentralized exchange Mango Markets. Avraham Eisenberg is alleged of manipulating Mango Markets’ MNGO governance token to steal roughly $116 million worth of cryptocurrency from the platform.

Iran and Russia want to issue new stablecoin backed by gold

The Central Bank of Iran is reportedly cooperating with the Russian government to jointly issue a new cryptocurrency backed by gold. A “token of the Persian Gulf region” would serve as a payment method in foreign trade. The stablecoin aims to enable cross-border transactions instead of fiat currencies like the United States dollar, the Russian ruble or the Iranian rial. Reportedly the potential cryptocurrency would operate in a special economic zone in Astrakhan, where Russia started to accept Iranian cargo shipments.

Continue reading

EU postpones final vote on MiCA for the second time

The final vote on the European Union’s (EU) much-awaited set of crypto rules, known as the Markets in Crypto Assets regulation (MiCA), was deferred to April 2023. It marks the second delay in the final vote, which was previously postponed from November 2022 to February 2023. The latest delay is due to a technical issue where the official 400-page document couldn’t be translated into the 24 official languages of the EU. Legal documents like the MiCA, which are drafted in English, must comply with EU regulations and be published in all 24 official languages of the union.

Continue reading

Japanese regulators want crypto treated like traditional banks

“If you like to implement effective regulation, you have to do the same as you regulate and supervise traditional institutions,” the deputy director-general of the Financial Services Agency’s Strategy Development and Management Bureau, Mamoru Yanase, has told the media. Yanase added that countries “need to firmly demand” consumer protection measures from crypto exchanges. Demands were also laid down for money laundering prevention, strong governance, internal controls, auditing and disclosure for crypto brokerages.

Continue reading

Further reads

Going cashless: Norway's digital currency project raises privacy questions

Today’s iteration of DeFi could be criminalized by 2025. Here’s how its replacement could look

FTX fallout: SBF trial could set precedent for the crypto industry

Crypto to play 'major role' in UAE trade, according to its foreign trade minister

Central African Republic eyes legal framework for crypto adoption

North Korean hackers using stolen crypto to mine more crypto via cloud services: Report