Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto heist. Show all posts

India Strengthens Crypto Crime Vigilance with Dark Net Monitor Deployment

India has made a considerable effort to prevent crypto-related criminal activity by establishing a Dark Net monitor. This most recent development demonstrates the government's dedication to policing the cryptocurrency market and safeguarding individuals from potential risks.

India has made a considerable effort to prevent crypto-related criminal activity by putting in place a Dark Net monitor. This most recent development demonstrates the government's dedication to overseeing the cryptocurrency industry and safeguarding citizens from any potential risks.

Drug trafficking, cyberattacks, and financial crimes using cryptocurrency are just a few of the criminal activities that have long been the center of the Dark Net, a secret area of the internet. Indian officials hope to efficiently identify and stop these illegal activities by implementing a Dark Net monitor.

According to officials, this cutting-edge technology will provide critical insights into the operations of cybercriminals within the crypto space. By monitoring activities on the Dark Net, law enforcement agencies can gain intelligence on potential threats and take proactive measures to safeguard the interests of the public.

Sneha Deshmukh, a cybersecurity expert, commended this move, stating, "The deployment of a Dark Net monitor is a crucial step towards ensuring a secure and regulated crypto environment in India. It demonstrates the government's dedication to staying ahead of emerging threats in the digital landscape."

India's stance on cryptocurrencies has been closely watched by the global community. The government has expressed concerns about the potential misuse of digital currencies for illegal activities, money laundering, and tax evasion. The deployment of a Dark Net monitor aligns with India's broader strategy to strike a balance between innovation and regulation in the crypto space.

A spokesperson for the Ministry of Finance emphasized, "We recognize the transformative potential of blockchain technology and cryptocurrencies. However, it is imperative to establish a robust framework to prevent their misuse. The Dark Net monitor is a crucial tool in achieving this goal."

Experts believe that this move will bolster confidence among investors and industry stakeholders, signaling a proactive approach towards ensuring a secure crypto ecosystem. By leveraging advanced technology, India is poised to set a precedent for other nations grappling with similar challenges in the crypto space.

Initiatives like the deployment of the Dark Net monitor show India's commitment to staying at the forefront of regulatory innovation as the global crypto scene changes. This move is anticipated to be crucial in determining how cryptocurrencies will evolve in the nation and open the door for a more secure and safe digital financial ecosystem.

BitBrowser Hackers Launder 70.6% of Stolen Funds

Hackers were able to transfer a remarkable 70.6% of the stolen BitBrowser cash through the eXch crypto mixer in a recent cyber robbery that startled the cryptocurrency world. Concerns regarding the security of digital assets and the increasing sophistication of thieves have been sparked by this bold action.

The attack, which targeted BitBrowser, a decentralized finance (DeFi) platform, first came to light when users reported unauthorized transactions and missing funds. The hackers managed to siphon off a substantial amount of cryptocurrency before the breach was discovered. According to reports, the stolen funds included 236 ETH (Ethereum), which were promptly moved through the eXch crypto mixer to obfuscate their origins.

The eXch crypto mixer, known for its privacy-centric features, allows users to mix their cryptocurrencies with those of other users, making it difficult to trace the source of the funds. This tool has become increasingly popular among hackers looking to launder stolen digital assets.

The BitBrowser hack and subsequent use of the eXch crypto mixer highlight the ongoing battle between cybersecurity experts and cybercriminals. As blockchain technology and cryptocurrencies gain mainstream adoption, they also attract malicious actors seeking to exploit vulnerabilities.

Cybersecurity experts and law enforcement agencies are working tirelessly to track the stolen funds and identify the hackers responsible. However, the use of crypto mixers and other privacy-enhancing tools complicates these efforts. These tools are not inherently illegal, as they also serve legitimate purposes, such as protecting user privacy and enhancing fungibility in cryptocurrencies.

This incident underscores the importance of robust security measures for cryptocurrency platforms and the need for continued innovation in the field of blockchain forensics. Blockchain analysis companies are developing advanced techniques to trace the flow of cryptocurrencies through mixers and dark web marketplaces, but it remains a challenging endeavor.

Cryptocurrency exchanges and DeFi platforms must prioritize security and invest in state-of-the-art cybersecurity measures to protect their users' assets. Additionally, regulatory bodies around the world are tightening their grip on cryptocurrency-related activities to prevent money laundering and illegal financial activities.


Cryptocurrency Giants FTX, BlockFi, and Genesis Hit by Kroll Hack

Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.

The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.

FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.

The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.

The breach has consequences beyond only the immediate loss of client data. Users may stop using these platforms, which could result in lost revenue for the impacted businesses. Regulatory organizations might examine these occurrences more closely, which would result in tougher compliance standards for cryptocurrency businesses.

FTX, BlockFi, and Genesis have assured their consumers that they are acting right now in reaction to the intrusion. They are trying to improve their security procedures, assisting law enforcement, and carrying out in-depth investigations to ascertain the scope of the intrusion. Users who are affected are advised to modify their passwords, use two-factor authentication, and be on the lookout for phishing attacks.

The Bitcoin industry as a whole needs to pay attention after this tragedy. The digital world has unmatched prospects, but it also has its own challenges, notably in terms of cybersecurity. To properly protect the information of their users, businesses must implement proactive security measures, carry out routine audits, and spend money on powerful encryption.

Customers of these affected sites must implement suggested security procedures and stay up to date on developments as the investigation progresses. Additionally, the event highlights how crucial industry cooperation is to jointly fix vulnerabilities and improve the overall security posture of the Bitcoin ecosystem.


Friend.Tech Hit by Cyber Attack

 


Protecting sensitive information is now a top priority for both individuals and businesses in the digital age when data is king. The recent data breach at Friend.tech, regrettably, has once more highlighted how vulnerable our globally networked world is. Numerous users' security and privacy were put at risk, and the intrusion shocked the computer community.

Credible sources have reported that a large participant in the computer industry was the target of a significant cyberattack that resulted in a significant data breach. Along with exposing the victims' personal information, the breach earned the hackers an illegitimate reward.

Unauthorized access to customer data occurred as a result of a breach at Friend.tech, a company renowned for its creative solutions. Usernames, email addresses, and hashed passwords were among the information that was compromised. While the breach itself is troubling, what's perhaps more frightening is the possible misuse of this sensitive data, placing consumers at risk of identity theft, phishing attempts, and other cybercrimes.

The fallout from the incident showed how urgently organizations need to improve their cybersecurity procedures. In an interview with Outlook India, the CEO of Friend.tech underscored the seriousness of the situation, saying that businesses have little time to strengthen their defenses as assaults get more sophisticated. This alert serves as a reminder that cybersecurity is a continuous undertaking that necessitates continued monitoring and response to emerging threats.

The incident's impact was not confined to Friend.tech alone; the entire tech industry felt its reverberations. The breach's ripple effect reached even crypto exchange giant Binance, as reported in their official feed. This demonstrated how interconnected our digital ecosystem is, and any vulnerability in one part can potentially disrupt the entire chain.

Businesses must aggressively address cybersecurity concerns to safeguard the data of their users and their own integrity in an environment where trust is essential. It is now more important than ever to have thorough security policies, regular vulnerability assessments, and quick incident response strategies.

The data breach at Friend.tech serves as a sobering reminder that risks might still exist in the digital sphere. Individuals must put personal cybersecurity first by creating strong, one-of-a-kind passwords, activating two-factor authentication, and being watchful for phishing scams. Businesses must use this tragedy as a chance to review and strengthen their cybersecurity systems.

North Korean Hackers Swipe $200M in 2023 Crypto Heists

North Korean hackers had been effective in fleeing with an incredible $200 million in various cryptocurrencies in the year 2023 in a series of clever cyber heists. North Korea's alarming increase in crypto thefts has not only put the whole cybersecurity world on high alert, but it has also highlighted the country's increasing skill in the field of cybercrime.

Several cyberattacks targeting important cryptocurrency exchanges, wallets, and other digital platforms were conducted by North Korean cybercriminals, according to reports from reliable sources, a blockchain intelligence business.

The hackers' tactics are reported to be highly advanced, indicating a deep understanding of the cryptocurrency landscape and an evolving sophistication in their methods. Their operations have been linked to funding the North Korean regime's activities, including its missile development programs, which add a geopolitical dimension to these digital attacks.

Digital space has unavoidably been affected by the continued tension surrounding North Korea's actions on the international scene. The nation has apparently mastered cybercrime, allowing it to take advantage of holes in different encryption schemes. Strong countermeasures are needed for this new type of criminal conduct in order to safeguard both the interests of individual cryptocurrency holders and the integrity of the entire digital financial system.

Crypto exchanges and related platforms are under increasing pressure to improve their security protocols, implementing cutting-edge technologies like multi-factor authentication, biometric identification, and enhanced encryption to protect customer assets. To create a unified front against these cyber dangers, collaborations between government agencies and business sector cybersecurity professionals are essential.

As these attacks underscore the pressing need for global cybersecurity cooperation, governments, and international organizations should consider initiatives that promote information sharing, threat intelligence dissemination, and coordinated responses to cyber threats. This should ideally be coupled with diplomatic efforts to address the underlying issues that fuel such illicit activities.

The North Korean crypto heists also emphasize the significance of individual user vigilance. Cryptocurrency holders should adopt a proactive stance on security, utilizing hardware wallets, regularly updating software, and staying informed about potential threats. Additionally, employing a healthy level of skepticism towards unsolicited messages and emails can thwart phishing attempts that often serve as entry points for hackers.

OFAC Takes Action Against Accused Providing Material Support To North Korean Hackers

 

The U.S. Treasury Department has recently identified three over-the-counter (OTC) cryptocurrency traders in China and Hong Kong, as well as a China-based banker, who is believed to have assisted North Korea’s Lazarus Group in converting stolen crypto into fiat currency. The Department of Foreign Assets Control (OFAC) took action against the accused for providing material support to the North Korea-based Lazarus hacking group.

North Korea’s Lazarus Group is a notorious hacker group responsible for some of the largest crypto heists in recent years. According to OFAC’s report, the group is linked to illicit financial and cyber activity that supports North Korea’s development of weapons of mass destruction (WMD) and ballistic missile programs.

Under-Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson stated that North Korea’s operations to raise funds for WMD and ballistic missile programs directly threaten world security and cited three intercontinental ballistic missiles launched by North Korea this year as evidence of the same.

Chainalysis, a blockchain analysis firm, estimates that North Korean hackers such as the Lazarus Group have stolen an estimated $1.7 billion in cryptocurrencies in 2022 alone through numerous breaches traced to them. Moreover, they were one of the major forces behind the DeFi hacking trend, stealing $1.1 billion in DeFi protocol attacks. 

The accused individuals were allegedly involved in obtaining cryptocurrencies from North Korean citizens who were fraudulently undertaking IT services in other countries and then directing OTC traders to transfer funds to front firms for purchasing items such as tobacco and communication equipment. 

The actions taken by OFAC against those who provided material support to the North Korean hackers serve as a warning that cyber security vulnerabilities must be addressed at all times and malicious actors will be held accountable for their actions. 

Norwegian Authority Recovers Crypto Stolen in the North Korea Based Axie Heist


Civil authorities in Norway have announced this Thursday that they have recovered $5.9 million worth cryptocurrency. This enormous amount of crypto was apparently stolen in the Axie Infinity hack, largely believed to have been caused by the Lazarus Group, which as its ties to North Korea. 

According to the Norwegian National Authority of Investigation and Prosecution of Economic and Environmental Crime (Økokrim), this seizure is the largest-ever cryptocurrency-related money seizure ever made by Norway. 

"Økokrim are experts at following the money. This case shows that we are also good at following the money on the blockchain even though criminals use advanced techniques to avoid detection," says Marianne Bender, a senior public prosecutor. 

The firm added that that it would work in collaboration with Sky Mavis, owner of Axie Infinity game in order to get the funds back to its victims. 

Axie Infinity gives players the chance to win Ethereum. Its "flagship offering," according to Sky Mavis, is the "#1 game on Ethereum by daily, weekly, and monthly active players. 

Attackers who had access to five out of the nine private keys used by the transaction validators for Ronin Network, the Ethereum-based DeFi decentralized finance platform utilized by Sky Mavis, were able to steal $620 million in March 2022. The game, publisher describes its Ronin side chain as "a tool that allows game developers to deliver the benefits of blockchain to their players without any of the complications.

"Upon gaining access to the organization, the attackers approved cryptocurrency transactions and started promptly transferring the funds through the Ethereum-based cryptocurrency mixer Tornado Cash, which is currently the target of US sanctions. In September 2022, around $30 million worth of illicit proceeds were discovered and seized by US officials. 

The FBI and Økokrim allegedly collaborated to recover an additional $5.9 million. "This is money that can be used to finance the North Korean regime and their nuclear weapons program. It has therefore been important to trace the cryptocurrency and try to stop the assets from being converted into regular currency," explained Bender. 

More Crypto Comeuppance 

Cryptocurrency thieves with ties to the Korean peninsula had a tough day on Thursday. The same day, Terraform Labs and its wanted fugitive chief, South Korean national Do Kwon, were accused of scamming investors by the US Securities and Exchange Commission (SEC). 

"We allege that Terraform and Do Kwon failed to provide the public with full, fair, and truthful disclosure as required for a host of crypto asset securities, most notably for LUNA and Terra USD[…]We also allege that they committed fraud by repeating false and misleading statements to build trust before causing devastating losses for investors," says SEC chairman Gary Gensler. 

Moreover, the collapse of Terraform Labs' TerraUSD “stablecoin” and linked “Luna” tokens sparked the so called “crypto winter.” Since the cryptocurrency's value was tied to the US dollar, the crash was portrayed as being impossibly unlikely. But, that was not the case, and as a result, a lot of investors lost a loads of money. 

Apparently, Kwon has fled with the last known address in Singapore. While, the city-state claims he left the island in September 2022. His passport was revoked by the South Korean government and he has since been added to Interpol's Red Notice list. 

While this is going on, Terraform Labs continues announcing new findings as if it had not nearly brought about the end of the world. With its TerraLuna ecosystem, it introduced a decentralized automation layer function yesterday.  

U.S. Bans Crypto Mixing Service Tornado Cash

A 29-year-old man was detained in Amsterdam on Friday, per the Dutch tax authorities investigative department, who suspects him of working as a developer for Tornado Cash, a cryptocurrency mixing business that the US had earlier in the week sanctioned. 

The Dutch agency's action further demonstrates the increasing interest that governments are showing in so-called crypto mixers. Another cryptocurrency mixing service, Blender, received approval from the Office of Foreign Asset Control earlier this year. 

Sanctions against the service were imposed by the US Treasury Department on Monday. According to reports, North Korean state hackers used Tornado Cash to hide billions of dollars.

The Block identified the Tornado Cash engineer as Alexey Pertsev despite FIOD concealing his name. Tornado Cash, as per FIOD, "has been utilized to mask large-scale criminal money flows, particularly from data thefts of cryptocurrencies so-called crypto hacks and scams," the organization claimed.

The platform works by pooling and scrambling different digital assets from thousands of addresses, including money that might have been obtained illegally as well as money that might have been obtained legally, to hide the trail back to the asset's original source, giving criminals a chance to hide the source of the stolen money.  

After the U.S. sanction, a variety of companies have banned or deleted accounts connected to Tornado Cash, including GitHub, Circle, Alchemy, and Infura.

On the news, the Tornado Cash token TORN fell from $16.5 to $13.7, furthering this month's fall. According to CoinMarketCap, the token's decline during the past seven days has exceeded 50%.

The latest findings point to the greater attention of bitcoin mixing services for what is believed to be a means of paying out illicitly obtained cryptocurrency. 

This includes the indebted North Korean government, which is known to rely on cyberattacks on the cryptocurrency industry to steal virtual money and circumvent trade and economic sanctions placed on the country. 




               

Solana Funds Breached via Unknown Bug

After customers complained about their funds being stolen, Solana, a blockchain that is growing in popularity for its quick transactions, became the subject of the most recent breach in the cryptocurrency world.

The platform has launched an inquiry and is currently attempting to ascertain how the hackers were able to steal the money. 

What is SOL?

The value of Solana's stake, dropped by 7% to $38.4 in the past day, marking its lowest level in a week.

Solana is an open-source project that relies on the permissionlessness of blockchain technology to offer decentralized financial (DeFi) solutions. According to CoinGecko, end-user applications in the Solana ecosystem include non-fungible tokens (NFT), marketplaces, gaming, e-commerce, and decentralized finance (DeFi).

According to CoinGecko, Solana is one of the top 10 cryptocurrency assets in terms of market value, although its value has fallen significantly from its all-time high of $259.96 reached in November 2021.

The primary reason for the breach

The security problem appears to have affected more than 8,000 wallets, depleting them of their SOL tokens and USDC stablecoins, according to Changpeng  Zhao, CEO of cryptocurrency exchange Binance.

A blockchain consulting firm called Elliptic stated that the attack started on August 2 and has already resulted in the data theft of $5.8 million for its clients. The Solana cryptocurrency, and non-fungible tokens, as per the report, were among the stolen goods.

Elliptic noted that the issue didn't seem to be with the blockchain core, the digital ledger of transactions that serves as the foundation of cryptocurrency assets, but rather with software utilized by such wallets.

Phantom, Slope, and TrustWallet are among the other wallets that have been compromised by the hack.

Several blockchain security experts believe that a supply chain attack, a browser zero-day vulnerability, or a flawed random number generator used during the key generation process might have been leveraged to access such a huge number of private keys.


Netwalker: Ex Canadian Government Employee Pleads Guilty to Cybercrimes 

 

An ex-government of Canada official pleaded guilty in a US court to crimes related to data theft stemming from his involvement with the NetWalker ransomware group. 

Sebastien Vachon-Desjardins admitted on Tuesday that he had planned to commit bank fraud and phishing scams, intentionally damaged a protected computer, and also sent another demand regarding that illegally damaged computer. 

 Plea agreement filled 

Vachon-Desjardins, 34, who had previously been sentenced to six years and eight months in prison after entering a guilty plea to five criminal offenses in Canada, was deported to the United States in March. 
Vachon-Desjardins is "one of the most prolific NetWalker Ransomware affiliates," as per his plea agreement, and was in charge of extorting millions of dollars from several businesses all over the world. Along with 21 laptops, smartphones, game consoles, and other technological devices, he will also forfeit $21.5 million. 

He has pleaded guilty to conspiracy to commit computer fraud, conspiracy to commit wire fraud, intentionally harming a protected computer, and conveying a demand related to intentionally damaging a protected computer, according to a court filing submitted this weekThe accusations carry a maximum punishment of 40 years in jail combined. The attorneys did not identify the targeted business, but they did indicate that it is based in Tampa and was assaulted on May 1, 2020. 

 NetWalker gang's collapse

In 2019, a ransomware-as-a-service operation called NetWalker first surfaced. It is thought that the malware's creators are based in Russia. Its standard procedure – a profitable strategy also known as double extortion, includes acquiring sensitive personal data, encrypting it, and then holding it hostage in exchange for cryptocurrencies, or risk having the material exposed online.

According to reports, the NetWalker gang intentionally targeted the healthcare industry during the COVID-19 pandemic to take advantage of the global disaster. To work for other RaaS groups like Sodinokibi (REvil), Suncrypt, and Ragnarlocker, Vachon-Desjardins is suspected of being connected to at least 91 attacks since April 2020 in his capacity as one of the 100 affiliates for the NetWalker gang. 

The Feds dismantled the crime gangs' servers and the dark website is used to contact ransomware victims as part of the takedown of the NetWalker gang. Then they took down Vachons-Desjardins, who, according to the FBI, made $27 million for the NetWalker gang. 

His role in cybercrime is said to have included gathering information on victims, managing the servers hosting tools for reconnaissance, privilege escalation, data theft, as well as running accounts that posted the stolen data on the data leak site and collecting payments following a successful attack. 

However, some victims did pay fees, and the plea deal connected Vachons-Desjardins to the successful extortion of roughly 1,864 Bitcoin in ransom payments, or about $21.5 million, from multiple businesses around the world.

MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

 

In a Domain Name System (DNS) attack, hackers decided to retrieve $2 million worth of digital assets, as per MM.Finance. It is a DeFi ecosystem with the largest decentralized exchange on the Cronos blockchain. 

Hackers target the reliability or integrity of a network's DNS service in these attacks. The attacker could "inject a malicious contract address into the frontend code," as per the team behind MM.Finance, which bills itself as the world's largest decentralized finance ecosystem on the Cronos blockchain. "Attacker changed the network contract address in our hosted files via a DNS vulnerability." In a Medium post-mortem, the business claimed, "We understand that some of you have suffered considerable sums and are filled with anxieties and despair." 

After completing swaps or adding and deleting liquidity on the MM.Finance site starting on May 4, users lost money. "The malicious router kicked in and the LPs were withdrawn to the attacker's address when victims navigated to mm. finance to remove liquidity," the company revealed. MM.Finance has offered the attacker 48 hours to refund 90% of the stolen funds, warning that if the deadline is not met, it will notify the FBI. 

The attacker made off with more than $2 million in cryptocurrencies before laundering it all through Tornado Cash, a service that allows users to hide the source of their payments. The company is forming a compensation fund for anyone affected, and the platform's creators have stated that they will forego its part of trading revenue to pay the losses. The reward pool will be open for 45 days, with a procedure in place to reimburse individuals that participate. 

The company said it linked the seized assets to the OKX exchange in follow-up postings on Twitter, threatening to contact the FBI if the funds were not restored. OKX's CEO stated that the company is looking into the matter. According to DeFi Llama data, liquidity is still strong, with $804 million in total worth locked up (TVL).

New Mac Malware Samples Highlight The Growing Risk

 


Despite Apple's best attempts, Mac malware exists to keep in mind that Mac malware and viruses are quite rare in the wild. Apple has a number of safeguards in place to protect against such attacks. For example, according to the Security & Privacy settings in System Preferences > Security & Privacy > General, macOS should only allow the installation of third-party applications from the App Store or identified developers. If you were to install something from an unknown developer, Apple would prompt you to verify its legitimacy. 

Apple also has its own built-in anti-malware program and keeps all of the malware definitions in its XProtect file on your Mac, and whenever you download a new app, it checks to see whether any of them are there. This is a feature of Apple's Gatekeeper software, which prevents malware developers from creating apps and certifies that they haven't been changed. 

For the sixth year in a row, security researcher Patrick Wardle has compiled a list of all new Mac malware threats discovered during the previous year:
  1. ElectroRAT, a cross-platform remote access trojan that first appeared in January.
  2. Silver Sparrow, a malware tool designed specifically for Apple's M1 chip that was released last year.
  3. XLoader, a cross-platform password stealer. It was identified by XLoader to be a rebuilt version of a well-known information stealer named Formbook. 
  4. When analyzing sophisticated watering hole assaults targeting users to the Hong Kong websites of a media outlet and a pro-democracy organization, MacMa (OSX.CDDS) came up with a solution. To install the MacMa backdoor, the attackers used a zero-day privilege escalation vulnerability (CVE-2021-30869) in macOS Catalina. 
  5. XcodeSpy, a data-stealing malware tool that spread via sponsored search results on Baidu and installed the Cobalt Strike agent on compromised systems.
  6. ElectrumStealer, a cryptocurrency mining tool that Apple inadvertently signed digitally; WildPressure, a cross-platform Python backdoor that Kaspersky discovered targeting industrial companies in the Middle East.
  7. ZuRu, a data-stealing malware tool that spread via sponsored search results on Baidu and installed the Cobalt Strike.
Cryptominers like ElectroRAT and OSAMiner, adware loaders like Silver Sparrow, information stealers like Xloader and Macma, and cross-platform Trojans like WildPressure were among the most dangerous Mac malware threats last year, according to Willy Leichter, CMO of LogicHub.

Hacker Behind $600 Million Crypto Heist Returned Stolen Funds

 

The hacker behind the biggest cryptocurrency heist of all time has finally handed access to the final tranche of stolen funds. 

Poly Network, a platform in the decentralized finance or "DeFi" area, was hacked last month, with the hacker or hackers acquiring almost $600 million in digital tokens. The criminal took advantage of Poly Network's software flaw to move the cash to their own accounts. 

In an unexpected twist, the Poly Network hacker did not flee with the funds. Instead, they initiated contact with the targeted organization, offering to return all funds. Last week, the hacker returned all of the funds virtually, except $33 million in tether, or USDT, a dollar-pegged bitcoin that was locked by its issuers. 

However, there was a problem, more than $200 million in assets were locked up in an account that needed both Poly Network and the hacker to enter passwords. The hacker has been refusing to provide out their password for several days, only stating that they would do it when "everyone is ready." 

Poly Network appealed to the hacker, dubbed "Mr. White Hat," to refund the money. The company guaranteed the anonymous person a $500,000 reward for assisting in identifying a security weakness in its systems, as well as a post as "chief security advisor." 

Poly Network now has access to the final batch of stolen cash. According to a blog post published Monday, hacker Mr. White Hat provided the so-called private key needed to restore control of the remaining assets. 

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network stated. 

“We are in the process of returning full asset control to users as swiftly as possible.” 

Last week, the Japanese cryptocurrency exchange Liquid announced that it had been the target of a cyberattack in which hackers obtained $97 million worth of cryptocurrencies. However, in the case of Poly Network, the hacker kept an open dialogue going with their victim, eventually reclaiming the assets they had stolen. 

Security experts believe the attacker recognized it would be impossible to launder the money and cash because all transactions are recorded on the blockchain, the public ledgers that underlie most major digital currencies. 

An unidentified individual claiming to be the hacker stated they were “(quitting) the show” in a message embedded in a digital currency transaction. 

“My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style,” the unidentified person stated. 

“The consensus was reached in a painful and obscure way, but it works. Some people even suspect that the whole story is a PR stunt.” 

Poly Network's team verified that the private key is authentic, according to the organization.

“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners, and the multiple security agencies for their assistance.”