Cryptonator Founder Charged with $235 Million Laundering, Monero Wallet Leak Scam, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

Cryptonator Founder Accused of Laundering $235 Million

Law enforcement agencies in the US and Germany have seized the domain of the cryptocurrency online wallet Cryptonator and charged its founder and operator, Russian Roman Boss (Pikulev), with money laundering.

According to the investigation, from 2014 to 2023, the platform processed illegal transactions amounting to $235 million. 

This includes:

• high-risk operations — $80 million;
• sanctioned addresses — $71 million;
• wallets linked to cryptocurrency theft — $54 million;
• fraudulent addresses — $34.5 million;
• crypto mixers — $34 million,
• darknet marketplaces — $25 million;
• ransomware operators — $8 million.

Analysts from TRM Labs identified links between some transactions and the darknet marketplace Hydra, the mixer Blender.io, the pyramid scheme Finiko, the exchange Bitzlato, the Russian exchange Garantex, the Iranian Nobitex, and an unknown terrorist organization.

In total, the platform conducted over 4 million transactions amounting to $1.4 billion, with Boss receiving a small share from each operation.

Cryptonator did not require user verification, traded anonymous coins, and, according to the charges, offered API key integration with illegal platforms.

In addition to money laundering, Boss is accused of conducting unlicensed money services business. Authorities are seeking to seize his assets, impose fines, enforce prohibitive measures, and require compensation for damages.

Hackers Simulated Crypto Wallet Leak to Profit from “Greedy“ Users

A multi-step cryptocurrency theft scheme was discovered by Kaspersky Lab specialists. It began with a video about the urgent sale of a couple of profitable crypto projects and links to them. The first opened a site of a small working exchange, while the second was a lure.

Instead of a landing page, it led to a root directory with text and graphic documents. The files contained crypto wallet details, including seed phrases, screenshots of successful transactions for large sums, with background video of yacht purchases with bitcoins. This created the impression that the user, due to an external error, gained access to the domain owner’s documents.

The listed wallet addresses turned out to be real. The total amount on several of them was nearly $150,000, although all assets were staked and could not be withdrawn.

The perpetrators then waited two months before adding a screenshot of a Telegram chat to the documentation site, reporting a successful payout in Monero. It also displayed the Electrum-XMR wallet application with transaction logs and a balance of nearly 6000 XMR (about $1 million at the time of the report). Another new text file contained its seed phrase.

Following the scammers’ logic, unscrupulous users would want to steal funds from the wallet. This would lead them to the final stage of the scheme — searching for and downloading the malicious Electrum-XMR application (the real Electrum only works with the Bitcoin network). 

The installation file infects the victim’s computer with a backdoor to steal cryptocurrency wallet data and other confidential information.

There is also a simplified version of the scheme. 

Bitcoin Exchange Gemini Discloses Incident Affecting 15,000 Clients

The cryptocurrency exchange Gemini notified US authorities that it suffered from a data breach on the side of an unnamed ACH provider.

According to available information, from June 3 to 7, an unauthorized intruder accessed the provider’s systems. The incident affected the banking information of about 15,000 exchange clients, including their full name, account number, and routing number, which Gemini used for ACH transfers.

The exchange assured that no other information, including logins, passwords, emails, and physical addresses, was compromised. The analysis conducted also found no signs of attacks on clients.

All affected users were informed of the situation and advised to enable multi-factor authentication for bank accounts linked to Gemini. 

The investigation is ongoing.

Unnamed Company Pays Record $75 Million to Ransomware Operators 

The hacker group Dark Angels received a record ransom of $75 million from an unnamed Fortune 50 company. This was reported by analysts at Zscaler ThreatLabz.

?ThreatLabz has uncovered a record breaking $75 million payment made by a Fortune 50 company to the #DarkAngels ransomware group. The payment is the single largest ransomware-related transaction ever reported. For more details, check out our annual ransomware report:… pic.twitter.com/mlZyvNPfO0

— Zscaler ThreatLabz (@Threatlabz) July 30, 2024

The attack occurred in early 2024. Based on available data, media speculated that it might involve the pharmaceutical giant Cencora, which fell victim to ransomware in February. 

At that time, none of the cybercriminals claimed responsibility for the breach, and the company’s data was not leaked. This could indirectly indicate the payment of the ransom.

FBI Warns of Scam Calls Posing as Bitcoin Exchanges

US residents have been urged to be vigilant due to an increase in calls and messages allegedly from cryptocurrency exchange employees. The FBI issued a corresponding memo.

The FBI is warning of scammers impersonating cryptocurrency exchange employees to steal your money! If you have been a victim of this scam report the activity associated with it to https://t.co/eGBci0wXVk. https://t.co/ic89u4BDNM pic.twitter.com/dYVLufs0Wo

— FBI Las Vegas (@FBILasVegas) August 1, 2024

Perpetrators tell victims that they have detected an attempted breach of their accounts on the platform and demand immediate action. 

In this way, they try to extract confidential information to access the account and gain access to cryptocurrency accounts.

AI Trained to Steal Data via Electromagnetic Emissions

A group of scientists from the University of the Republic of Uruguay confirmed the ability of AI to spy on a computer screen by reading electromagnetic emissions from HDMI cables. 

Their tests showed that the model could reconstruct text from the received signals with about 70% accuracy. 

This is sufficient for reading entered passwords, financial data, or encrypted messages.

However, for the average user, implementing such attacks is still complex. Deploying AI models and the necessary equipment to capture the signal is not a trivial task.

Mandatory Owner Identification Introduced for Large Telegram Channels in Russia

The Federation Council has approved a law requiring owners of public pages on social networks and messenger channels with an audience of more than 10,000 users to report information about themselves to Roskomnadzor. This was reported by TASS.

Bloggers will be included in a separate registry, and the platforms themselves will be required to label the channels. The government will determine the verification procedure separately.

If authors refuse to provide information, they will be banned from advertising and calls for other forms of financing, as well as reposting their messages to external channels.

The regulation will take effect on November 1.

Also on ForkLog:

• CertiK: Crypto projects lost $278.8 million in July due to incidents.
• Cyvers: CeFi accounted for 70% of losses from hacker attacks.
• Terra blockchain relaunched after a $5.2 million hack.
• SEC accused BitClout founder of fraud.
• Crypto industry losses due to hackers and scammers exceeded $1 billion since the beginning of the year.
• Bitfinex hack-related hacker attended Bitcoin 2024 conference.
• Number of pyramid schemes disguised as clicker games increased in Russia.
• WazirX clients criticized the “social loss strategy”.
• British hacker sentenced to 3.5 years for stealing $900,000 from Coinbase users.
• How to disable: X started transmitting user data for Grok training.
• TRM Labs reported a predominance of Russian-speaking crypto hackers.
• Neiro project clone accused of potential scam amid 5000-fold profit of the original creator.
• Compound community suspected participants of “governance attack”.
• Edward Snowden reminded of Bitcoin’s privacy issues.

What to Read on the Weekend?

Especially for ForkLog, Web3 entrepreneur Vladimir Menaskop conducted a study of the cross-chain bridge segment, which has repeatedly become a target for hackers.