Cybersecurity Highlights: Pink Drainer’s Closure, FBI’s BreachForums Seizure, and More

Here are the week’s most significant cybersecurity news stories.

Phishing Service Pink Drainer Announces Closure

The developers of the popular cryptocurrency wallet phishing service Pink Drainer have decided to shut down their infrastructure. On-chain researcher ZachXBT highlighted this development.

“We have achieved our goal, and now, as planned, it is time for us to retire. After this message is published, we will begin dismantling our infrastructure. All stored information will be erased and securely destroyed,” the group stated.

Pink Drainer operated as a PhaaS platform, providing cybercriminals with tools to steal cryptocurrency through social engineering and phishing links. The developers charged fees and a percentage of the stolen funds as payment.

According to ScamSniffer, Pink Drainer was involved in the theft of digital assets worth $85 million from over 21,000 victims.

US Arrests Gang Members for Laundering $73 Million via USDT

US law enforcement arrested two Chinese nationals, Daren Lee and Yichen Zhang, who allegedly orchestrated a scheme to launder funds obtained through cryptocurrency investment fraud.

According to the indictment, the defendants, part of an “international syndicate,” funneled over $73 million through US financial institutions to domestic and international bank accounts, later converting the funds into USDT.

The cryptocurrency wallet used in the scheme received over $341 million in various assets.

Lee and Zhang were charged with conspiracy and six counts of international money laundering, each carrying a potential 20-year prison sentence.

FBI Seizes BreachForums, Arrests Administrators

On May 15, the FBI confiscated servers and domains of the hacker forum BreachForums, known for publishing various leaks. Bleeping Computer reported this development.

The placeholder banner depicted avatars of two site administrators, Baphomet and ShinyHunters, overlaid with prison bars.

Additionally, authorities seized the BreachForums Telegram channel and chat. They made a corresponding post under the Baphomet account, suggesting the seizure of his devices.

The FBI continues to investigate cybercriminal activities on BreachForums and its predecessor RaidForums, urging all victims and witnesses to provide information on the case.

US law enforcement shut down BreachForums in March 2023. Its creator and administrator, Conor Brian Fitzpatrick (Pompompurin), was sentenced to 20 years of supervised probation.

At the end of June, the FBI gained control over the forum’s backup domain on the clear web. Nevertheless, BreachForums continued to operate by changing sites.

Illegal P2P Operations with Ozon Wallets Surge in Russia

Criminals have increasingly used Ozon electronic wallets for illegal operations. Reports of buying and selling verified marketplace accounts for P2P transfers tripled from February to April, according to Forbes, citing Angara Security.

Ozon electronic wallets are freely sold on Telegram and the dark web for an average price of 2599 rubles.

Additionally, criminals sell databases with legitimate user data or exploit the service’s feature to link a digital card to an anonymous account, which only requires a SIM card from any operator for registration.

Access to Ozon Bank’s personal accounts ranges from 500 to 10,000 rubles, depending on the wallet’s status, verification method, account block risk, and the volume of data available to the buyer.

American and Ukrainian Charged with Aiding North Korean IT Workers

US authorities arrested American Kristina Marie Chapman and Ukrainian Oleksandr Didenko for separately assisting North Korean IT specialists in securing employment and conducting payment operations.

According to Chapman’s case, from October 2020 to October 2023, she managed a “laptop farm” used by North Korean citizens to secure remote work at over 300 US firms, presenting fake documents to employers. The scheme earned foreigners at least $6.8 million.

Didenko, in turn, controlled approximately 871 proxy servers and provided accounts to three freelance IT hiring platforms and three money service providers. Since July 2018, he processed transactions totaling $920,000.

Both defendants face charges of conspiracy to defraud the US, aggravated identity theft, money laundering, and various fraud offenses.

Chapman faces up to 97.5 years in prison, while Didenko faces up to 67.5 years.

Russian Hackers Deploy New Backdoors Against European Government

ESET researchers have discovered two new backdoors, LunarWeb and LunarMail, used by Russian hackers, allegedly the Turla group, to breach the Ministry of Foreign Affairs of an unnamed European country with diplomatic missions in the Middle East.

#ESETresearch has discovered the Lunar toolset, two previously unknown backdoors (which we named #LunarWeb and #LunarMail) possibly linked to Turla, compromising a European MFA and its diplomatic missions abroad. https://t.co/VnCsGTidwr 1/6

— ESET Research (@ESETresearch) May 15, 2024

The intrusion occurs via phishing emails containing Word files with malicious macros. The backdoors can remain undetected for extended periods, monitoring user activity and stealing data.

Experts estimate that LunarWeb and LunarMail have been active since at least 2020, targeting government and diplomatic institutions.

Also on ForkLog:

• Pump.fun lost $1.9 million in an insider attack.
• Binance introduced an “antidote” to spoofing scams.
• Two brothers in the US were arrested for an Ethereum attack and stealing $25 million.
• North Korean hackers laundered $147 million stolen from HTX through Tornado Cash.
• In Ukraine, the list of dubious projects expanded to include miners and crypto traders.
• Journalists uncovered a hacking attack on hedge fund BlockTower Capital.
• A participant in the hacked DEX Cypher admitted to stealing part of the funds.
• DeFi protocol Alex Labs lost $4.3 million in a hacking attack.
• In China, an underground bank with a turnover of $1.9 billion in USDT was dismantled.
• DeFi project Sonne Finance was hacked for $20 million.
• A hacker attacked users of the decentralized exchange Equalizer.
• Kimsuky deployed new software for attacks on cryptocurrency companies.
• ZachXBT speculated on a $14.8 million hack of the Rain bitcoin exchange.
• In China, a scheme for illegally withdrawing $295 million through cryptocurrencies was uncovered.

Weekend Reading Suggestions

In our News+ format, we explain the risks posed by EIP-3074 for Ethereum wallets and Vitalik Buterin’s proposed alternative to this standard: