Cybersecurity Highlights: Crypto Scams, Arrests, and Ransomware Warnings

We have compiled the most significant cybersecurity news of the week.

Empire Market Darknet Marketplace Owners Face Multiple Charges

Federal prosecutors in Chicago charged Thomas Peavy and Rahaim Hamilton, alleged owners of the Empire Market darknet marketplace with a turnover of $430 million.

According to the case materials, from 2018 to 2020, the defendants sold drugs, stolen information, counterfeit currency, and malicious computer programs through the platform. They received payments in cryptocurrencies and conducted over 4 million transactions during their operation.

They are accused of conspiracy to engage in illegal drug trafficking, computer fraud, money laundering, and counterfeiting. Authorities seized cash, precious metals, and digital assets worth over $75 million from the accused.

Previously, Peavy and Hamilton were charged with selling counterfeit currency on the AlphaBay darknet marketplace.

Old Nickname of a16z Employee Used to Steal $245,000 in Cryptocurrencies

An unknown perpetrator stole funds in Ethereum and LinqAI totaling $245,000 by impersonating an employee of the American venture company Andreessen Horowitz (a16z). This was reported by on-chain researcher ZachXBT.

1/ Here is an overview of one of the better executed scams I have seen in recent times so I figured I would share with the community as a cautionary tale.

A few weeks ago I received a DM from a follower who lost $245K after accidentally downloading malware onto their computer. pic.twitter.com/gVQEO52XOU

— ZachXBT (@zachxbt) June 12, 2024

The victim was invited to participate in a joint podcast supposedly on behalf of a16z representative Peter Lauten. The scammer exploited the fact that the real Lauten had recently changed his nickname in X from “peter_lauten” to “lauten,” but the company’s official account still mentioned the old name.

The victim did not notice the deception and downloaded the Vortax application sent by the hacker, which was malware. Once on the computer, it transferred all cryptocurrency assets to the scammer’s wallets. The funds were later moved to several exchanges.

Suspected Developer of Ransomware for Conti and LockBit Arrested in Kyiv

Ukraine’s Cyber Police reported the arrest of a 28-year-old Kyiv resident suspected of collaborating with the Conti and LockBit ransomware groups and conducting at least one attack on a Dutch multinational corporation.

According to the investigation, the detainee developed special ransomware for hackers to make it difficult to detect their malware on victims’ computers.

Additionally, the Dutch police confirmed at least one instance of the suspect organizing an attack using Conti payload in 2021.

During searches in Kyiv and the Kharkiv region, computer equipment, mobile phones, and handwritten notes were seized.

The developer is charged with unauthorized interference in information systems. He faces up to 15 years in prison. The investigation continues.

Crypto Scams Involving ENS Domains Discovered in Russia

Experts from F.A.C.C.T. warned cryptocurrency holders in Russia about a new fraudulent scheme involving ENS domains.

The victim is contacted under the pretext of selling digital assets for further investment in precious metals. To gain trust, scammers may organize a video call demonstrating fake documents.

Then, supposedly to verify the assets’ legitimacy, the victim is persuaded to transfer cryptocurrency to an address owned by the scammers, ending with “.eth”.

The amount received during the “test” transaction is manually returned to the sender by the scammers. However, after full payment for “services,” they disappear with the assets.

Singapore Authorities Warn Local Companies of Bitcoin Ransomware Surge

Singaporean enterprises are increasingly falling victim to the Akira ransomware program. The local Cybersecurity Agency listed ways to detect, contain, and neutralize these attacks.

It highlights the observed Tactics, Techniques and Procedures (TTPs) employed by Akira threat group to compromise their victims’ networks and provides some recommended measures for organisations to mitigate the threat posed.

— CSA (@CSAsingapore) June 8, 2024

Typically, Akira operators demand cryptocurrency payments for restoring affected computer systems. However, authorities have urged businesses to ignore these demands and immediately report such incidents.

Paying the ransom not only fails to guarantee data decryption but also encourages perpetrators to conduct repeat attacks.

Over the past year, Akira operators have stolen $42 million from more than 250 organizations in North America, Europe, and Australia.

Also on ForkLog:

• Series of hacks: attack on Holograph, fake exchange, and reward from UwU Lend.
• Researchers found security setting flaws in OKX. The exchange commented on the situation.
• UwU Lend protocol hacked twice in a week for $24 million.
• Several Solana validators excluded for participating in “sandwich attacks.” Most turned out to be Russians.
• Crypto exchange Lykke halted operations after a $22 million hack.
• Orbit hacker sent $32 million in assets to Tornado Cash.
• Gemholic project from the zkSync ecosystem accused of a $3.4 million rug pull.

What to Read Over the Weekend?

In the “Cryptorium” section, we explain how to recognize a rug pull and avoid falling victim to it.