We round up the week’s key cybersecurity news.
- Alleged mastermind of kidnappings targeting crypto millionaires arrested in Morocco.
- Ukrainian mined cryptocurrency using 5,000 compromised hosting accounts.
- Hedera Hashgraph wallets targeted by a fraudulent NFT drop.
- Hydra admin gets six years and testifies against accomplices.
Alleged mastermind of crypto-millionaire kidnappings arrested in Morocco
Moroccan police arrested 24-year-old Badis Mohammed Badjou, suspected of organising a series of kidnappings of crypto millionaires and their relatives in France, reports Le Figaro.
He is the subject of an Interpol Red Notice. Authorities in several countries accuse him of kidnapping and unlawful deprivation of liberty, assault, extortion and money laundering as part of an organised group.
He is allegedly linked to the kidnapping of Ledger co-founder David Ballan and his wife, the father of a manager at a Maltese marketing firm, and an attempted abduction of the pregnant daughter of crypto entrepreneur Pierre Nouaz.
According to police, Badjou coordinated and financed all the attacks from Morocco. He had an accomplice whom authorities have yet to find. Investigators believe the suspects recruited teenagers online to carry out crimes in France.
Hedera Hashgraph wallets targeted by a fraudulent NFT giveaway
Cybercriminals are spreading phishing links disguised as an NFT drop on the Hedera Hashgraph network, the FBI warned.
Users receive tokens; in the memo tag attached to the transaction they are invited to visit a site supposedly to claim additional rewards. There, victims are asked to enter wallet details and other sensitive information, giving attackers access to assets.
Similar malicious links are also distributed via email, social-media adverts and fake websites.
Coinbase data leak traced to outsourced staff
The January data leak of Coinbase user information was linked to bribes paid to employees of the international outsourcing firm TaskUS. The contractor provided customer-support and moderation services for the exchange, Reuters reported.
An employee of the Indian TaskUS team was caught trying to photograph her workstation screen with her phone. She and at least one accomplice, for payment, passed attackers users’ names, blockchain addresses and email addresses. Passwords, private keys and funds were unaffected.
The exchange “ceased working with the personnel involved” and tightened security. TaskUS, for its part, fired more than 300 employees in its India unit.
Ukrainian mined cryptocurrency on 5,000 hacked hosting accounts
Zaporizhzhia cyber police exposed a 35-year-old local resident who caused multimillion losses by covertly mining cryptocurrency on servers of an international hosting provider.
Investigators say the Ukrainian hacked more than 5,000 of the organisation’s accounts and launched virtual machines on the company’s infrastructure. Losses totalled about $4.5m.
During a search, police seized computer equipment, mobile phones and bank cards. Devices contained crypto wallets, mining software, tools for information gathering and remote administration.
Criminal proceedings have been initiated for unauthorised interference with information systems. The suspect faces up to 15 years in prison. The investigation continues.
Hydra admin gets six years and testifies against accomplices
Izvestia learned that 35-year-old administrator of the dark‑web marketplace Hydra, Dmitry Pavlov, struck a deal with investigators and received six years in a penal colony. He was found guilty of participating in a criminal community and aiding the illegal sale of drugs on a particularly large scale.
In return, Pavlov gave detailed testimony about how the online “drug cartel” functioned, how it was created and who led it. In late May he testified as a prosecution witness at the Dzerzhinsky Court in Yaroslavl.
A separate case has been opened against the Hydra boss’s contractor — freelance programmer Boris Gubko.
A third defendant was detained in April 2024. His name was not disclosed, but, according to a law-enforcement source cited by Izvestia, in the organisation’s hierarchy he ranked far above Pavlov.
US disables 145 BidenCash domains
US prosecutors halted operations of the major carding site BidenCash — seizing 145 domains and freezing cryptocurrency assets.
Since launching in 2022, the illegal market has served over 117,000 customers, facilitating trade in more than 15m payment-card numbers and personal information. Total criminal proceeds were about $17m.
Bank of Russia outlines shadow-business scheme with bitcoin exchangers
The Bank of Russia notified financial institutions about a new shadow-business scheme involving crypto exchangers, online casinos, Ponzi schemes and drug traffickers, Vedomosti reported.
Payments move from cards of “drop” individuals to corporate accounts opened for so‑called technical companies — legal entities with no real activity.
The regulator flagged criteria for suspicious operations:
- more than 10 individual counterparties per day or more than 50 per month;
- over 30 non-cash credit and debit operations in a day.
Banks are advised to analyse such transfers and, if necessary, restrict operations on accounts of clients linked to drops or technical companies.
Researchers find Meta and Yandex tracking Android users
Meta and Yandex used their trackers — Meta Pixel and Yandex.Metrica — to de-anonymise users by linking temporary web identifiers with persistent IDs in Android mobile apps, a group of security researchers noted.
Although Android should isolate browsers from apps, a vulnerability allows the browser to send a special identifier to a local device port. An app reads it and relays it to the company’s server. Data can be collected even in incognito mode.
Potentially vulnerable are 5.8m sites for Meta and 3m for Yandex where the relevant scripts are installed.
Both companies have temporarily suspended use of this technology.
Also on ForkLog:
- Kraken pointed to weak cybersecurity among crypto-event participants.
- BitMEX revealed operational-security vulnerabilities in the Lazarus Group.
- Hackers drained from the platforms Nervos Network and BitoPro assets totalling $14.5m.
- TON resumed operations after a disruption.
- In May, the crypto industry’s losses from hacks reached $244m.
What to read this weekend?
We review the Pro version of the Tonkeeper wallet and how it helps protect funds.