US to Return Seized Binance Assets, IMF Confirms Email Breach, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

US to Return $2.3 Million Seized from Binance to Fraud Victims

The US Department of Justice announced it will reimburse $2.3 million confiscated from the cryptocurrency exchange Binance to victims of a “pig butchering” scheme.

The investigation began in 2023 after a Massachusetts resident reported losing $400,000. By tracing the transaction chain, investigators identified two wallets on the Binance exchange containing a total of $2.3 million in various cryptocurrencies. 

These funds were linked to 36 other US residents who fell victim to various fraudulent schemes. 

In January 2024, authorities secured a court order to confiscate assets from these two accounts, including:

• 299,457 USDC;
• 1,455,305 USDT;
• 102,278 TRX;
• 3,032 SOL;
• 67 BNB;
• 13,703 ADA;
• 0.5 ETH.

On average, each victim lost more than $62,000.

Viber Found No Evidence of 740 GB Data Leak

On March 14, the hacker group Handala Hack claimed to have breached Viber’s servers and stolen over 740 GB of data, including source code. 

To support their claim, they published screenshots of a control panel showing login logs and message history. The dump is being sold for 8 BTC.

However, Viber representatives told Cybernews they found no evidence of a breach in their systems or compromise of user data.

Hackers Breached IMF Email Accounts

The International Monetary Fund (IMF) reported the compromise of 11 email accounts within the organization, according to Bleeping Computer.

The incident was discovered in February, and an assessment of its impact is ongoing.

So far, the IMF has found no evidence that the attackers accessed other systems or resources.

The organization stated it uses Microsoft’s cloud-based email platform 365, but the cyberattack is not part of the recent breach of the tech giant.

Key LockBit Member Sentenced to Prison in Canada

An Ontario court sentenced Mikhail Vasiliev, a key member of the LockBit hacker group, to four years in prison and fined him $860,000, as reported by local media.

The Russian and Canadian citizen was found guilty of orchestrating numerous ransomware attacks between 2021 and 2022, extorting over $100 million from his victims.

Vasiliev was arrested in October 2022. During the investigation, he confessed to extortion, causing harm, and crimes involving weapons.

After serving his sentence in Canada, Vasiliev faces extradition to the US, where additional charges await him.

Meanwhile, Moldovan citizen Sandu Boris Diaconu received a 42-month prison sentence in the US for operating the darknet marketplace E-Root. After his release, he will be under supervision for three more years, according to court documents.

Diaconu pleaded guilty to one count of conspiracy to commit computer fraud and four counts of possession of unauthorized access devices.

Incognito Market Extorts Users After Exit Scam

The administration of the darknet marketplace Incognito Market, which executed an exit scam involving millions in cryptocurrency in early March, announced plans to release user data. The marketplace is demanding payments ranging from $100 to $20,000 to delete the information, reports KrebsOnSecurity.

The perpetrators threaten to publish the history of 557,000 orders and 862,000 transactions by the end of May. They also claim to have access to all personal messages between sellers and buyers, as they “never encrypted or deleted” them.

The extortion message includes a “Payment Status” table listing the marketplace’s top sellers.

Incognito Market stated that on April 1, users who paid the ransom would gain access to all their data with the option to delete it.

Fake Bitcoin Wallet Leather Available on App Store for Over Two Weeks

On March 4, developers of the cryptocurrency wallet Leather warned users about a malicious version of their app on the App Store. An official iOS program does not yet exist.

PSA: The Leather Wallet app currently in the iOS store is FAKE ?

⚠️ Do not download it, and definitely do not input your seed phrase.

We promise we’ll let you know once our mobile app is actually ready!

Leather should only be downloaded directly from https://t.co/V9zpQR40uC.

— Leather — The Bitcoin wallet for the rest of us (@LeatherBTC) March 4, 2024

Users who installed the fake app were advised to immediately transfer all cryptocurrency to a new wallet to prevent asset theft.

Since the App Store does not disclose download numbers, the exact number of affected users and the total damage remain unknown. One user lost $120,000 in STX. 

Watch out. This scam wallet INSIDE Apple App Store stole 38,000 STX after importing. @muneeb please warn @Stacks community. https://t.co/gX0IC2ofiO

— George Burke (@geoburke) March 11, 2024

Another user lost about $100,000 in PIXEL cryptocurrency.

I feel you brother. I was drained yesterday.

I lost everything I had on ETH.

Years of grinding, gone…

— JT (Redemption Arc) (@wherermyprofits) March 10, 2024

The app had a 4.9 rating due to numerous similar fake reviews.

Apple removed the malicious program only two weeks after the first complaints.

World Youth Festival in Sochi Targeted by Miners

During the World Youth Festival in Sochi from February 29 to March 7, specialists from Solar Group repelled over 10,500 medium and high-severity cyber incidents on the event’s website and accreditation system.

Attackers primarily used DDoS attacks and SQL injections to steal information from databases.

They also prevented CSS attacks—stealing cookies and other sensitive information stored in the browser. Resource scans and vulnerability exploits, including RCE and brute force, were recorded.

Attempts to mine cryptocurrency using the event’s computing resources were also blocked.

In total, hackers used about 150 malware types, including trojan ransomware and software for altering data on servers and user workstations. 

Also on ForkLog:

• DemHack 8 hackathon announced a prize fund for internet freedom projects. 
• The NFPrompt team reported a platform breach.
• Kaspa holders accused TradeOgre exchange of stealing coins worth over $6 million.
• WSJ: US investigates $165 million crypto transactions for Hamas links.
• Nigeria requested Binance’s transaction history for the past six months.
• Media: Bitcoin Fog operator found guilty of money laundering.
• EU approved criminal penalties for circumventing sanctions using cryptocurrencies.
• Dubai police introduced a forensic solution based on Cardano.
• In February, crypto users lost $47 million to phishing.
• Vitalik Buterin proposed a way to protect Ethereum from quantum computers.
• Solana’s mempool by Jito was shut down after a surge of MEV bots.

What to Read Over the Weekend?

Predictions from World Wide Web inventor Tim Berners-Lee on what the internet will look like in the next 35 years.