- \n
- Investigation: criminals keep laundering funds via CEX.<\/li>\n
- American pleads guilty to laundering $25m.<\/li>\n
- A serious privacy flaw found in WhatsApp.<\/li>\n
- Military dismantles a second scam compound in Myanmar.<\/li>\n<\/ul>\n<\/div>\n
Investigation: laundering continues via CEX<\/h2>\n
The International Consortium of Investigative Journalists (ICIJ) published<\/a> a report titled The Coin Laundry, revealing how criminal syndicates wash funds through major CEX<\/span>.<\/p>\n
According to the ICIJ, crypto exchanges continue to process crime-linked transactions despite regulatory oversight. The report highlights Huione Group, a network tied to human trafficking and scams in Asia. Reporters say at least $408m flowed from it to Binance.<\/p>\n
OKX, which in February 2025 admitted<\/a> violating US law, continued to \u201creceive hundreds of millions of dollars\u201d from the same sources as Binance. More than $161m arrived after the US Treasury labelled Huione a \u201cprimary money laundering concern,\u201d the investigation says.<\/p>\n
With 37 media partners across 35 countries, the ICIJ compiled hundreds of crypto addresses linked to North Korean hackers, Russian money-laundering schemes and Chinese drug networks. An analysis of tens of thousands of transactions found criminal groups actively used accounts on Binance, Coinbase, OKX, HTX, KuCoin and other exchanges.<\/p>\n
\n
\u201cThe crypto industry has effectively built a parallel shadow financial system in which exchanges continue to profit from dubious transactions while victims of crimes are left with no real chance of recovering losses.\u201d<\/em>, the authors concluded.<\/p>\n<\/blockquote>\n
American pleads guilty to laundering $25m<\/h2>\n
A 45-year-old California resident pleaded guilty to laundering at least $25m stolen in a fraud scheme, according to a US Department of Justice<\/a> release.<\/p>\n
According to the department, Kunal Mehta was part of a group active from October 2023 to March 2025. On 18 August 2024 the perpetrators stole<\/a> more than 4,100 BTC (over $230m at the time) from a victim in Washington, DC. The conspirators converted most of the funds into Monero<\/a> but made mistakes that allowed investigators to link the transactions to the stolen assets.<\/p>\n
In 2024, Mehta set up several shell companies to legitimise the proceeds, the DOJ said. He received partially \u201cclean\u201d cryptocurrency and sent it to partners who executed more complex schemes. The money then returned to accounts of legitimate firms connected to him.<\/p>\n
A serious flaw found in WhatsApp<\/h2>\n
Researchers at SBA Research<\/a> uncovered a serious privacy issue in WhatsApp. They collected data from 3.5bn user accounts due to a lack of request rate limits, Wired<\/a> reports.<\/p>\n
Enumeration via the web client reached up to 100m phone numbers per hour. Ultimately, researchers obtained profile photos for 57% of accounts and \u201cAbout\u201d text for 29%.<\/p>\n
They notified Meta in April and deleted the harvested data, according to the outlet. The company, however, did not fix the flaw until October.<\/p>\n
Media suggested attackers could have had similar access earlier. Meta told Wired there was no sign of abuse and that only \u201cpublic data\u201d were exposed.<\/p>\n
Country statistics showed a high share of profiles with open information:<\/p>\n
- \n
- US \u2014 44% with a photo, 33% with \u201cAbout\u201d data;<\/li>\n
- India \u2014 62% with a photo;<\/li>\n
- Brazil \u2014 61% with a photo.<\/li>\n<\/ul>\n
The report also notes that WhatsApp is banned in China, Myanmar, North Korea and several other countries. Even so, the team found millions of active accounts tied to numbers from these regions.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-6e0424af3023480e-10149886614077891-1024x405.png\")
Source: SBA Research.<\/figcaption><\/figure>\n Some cryptographic keys appeared hundreds of times, and for 20 US numbers the cipher consisted entirely of zeros. The experts suggested the cause was the use of unofficial or modified WhatsApp clients, not a flaw in the service itself.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-3e799d6a234003d5-10149886220455762-1024x301.png\")
Source: SBA Research.<\/figcaption><\/figure>\n A closer look at accounts with identical keys showed many appeared fraudulent. The researchers argue the core problem is the identification model\u2014phone numbers are ill-suited for the role.<\/p>\n
According to a Meta announcement<\/a>, WhatsApp developers are already testing usernames as a more private alternative.<\/p>\n
Myanmar military dismantles a second scam compound<\/h2>\n
Myanmar\u2019s military has expanded a sweeping operation against crypto-scam compounds, dismantling a second major hub in the city of Shwe Kokko, Nikkei Asia<\/a> reports.<\/p>\n
On 25 October, KK Park was targeted. Authorities detained 346 foreign nationals and seized about 10,000 mobile phones used in fraud schemes.<\/p>\n
Google warns of a Chrome vulnerability<\/h2>\n
On 17 November, Google warned<\/a> of a dangerous vulnerability in the Chrome browser.<\/p>\n
Specialists said the flaw stems from improper handling of a certain data type in the V8 JavaScript engine, causing memory corruption. An attacker could exploit it via a web page to execute malicious code.<\/p>\n
The company added that attackers had already attempted to exploit the issue. Google recommended promptly checking for an updated browser version:<\/p>\n
- \n
- Windows \u2014 142.0.7444.175\/176;<\/li>\n
- Mac \u2014 142.0.7444.176;<\/li>\n
- Linux \u2014 142.0.7444.175.<\/li>\n<\/ul>\n
Cloudflare explains a major outage<\/h2>\n
Service problems at Cloudflare that led<\/a> to significant client outages on 18 November were not the result of a hack, company representatives said<\/a>.<\/p>\n
Initially, the infrastructure giant cited a \u201cspike in unusual traffic,\u201d raising fears of a breach. Cloudflare\u2019s CTO, Dane Knecht, later rejected that theory.<\/p>\n
\n
I won\u2019t mince words: earlier today we failed our customers and the broader Internet when a problem in @Cloudflare<\/a> network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I\u2026<\/p>\n
\u2014 Dane Knecht \ud83e\uddad (@dok2001) November 18, 2025<\/a><\/p><\/blockquote>\n