Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cryptocurrency Frauds. Show all posts

Former Amazon Security Engineer Charged of Defrauding a Crypto Exchange


A prominent cybersecurity pro for Amazon is apparently facing a problem. The U.S. Department of Justice has detained security engineer, Shakeeb Ahmed, with charges of defrauding and money laundering from an unnamed decentralized cryptocurrency exchange, both charged carrying a maximum 20-year-imprisonment.

According to Damian Williams, the U.S. attorney for the Southern District of New York, this was the second case their firm was announcing that is highlighting the case of “fraud in the cryptocurrency and digital asset ecosystem.”

As noted by the DOJ, Ahmed – a former security engineer for an “international technology company” – was able to "fraudulently obtain" from the aforementioned exchange almost $9 million worth of cryptocurrencies. He executed this by creating bogus dates for pricing, in order to produce the fees that he later withdrew for himself.

Williams further added, "We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges. But none of those actions covered the defendant's tracks or fooled law enforcement, and they certainly didn't stop my Office or our law enforcement partners from following the money."

Ahmed is also charged with allegedly attempting to steal more money from the exchange via "flash loan" attacks, another type of crypto vulnerability

While it was initially imprecise as to what company the accused had worked for, cybersecurity blogger Jackie Singh on Tuesday mentioned that Ahmed was a former Amazon employee. Jackie further mentioned several other online profiles the accused appeared to have links with.

According to a LinkedIn profile that matches Ahmed's job description, he works at Amazon as a "Senior Security Engineer" and has worked there since November 2020. The user's profile continues to claim Amazon as his employer. However, it is still unclear if this profile is in fact representing Ahmed.

Following this, Amazon was contacted to confirm the aforementioned details, to which the company confirmed that he had worked for Amazon. However he is no longer employed with the company, they added. The tech giant said that it could not provide any further information regarding his role in the company.

Moreover, a report by Inner City Press – a New York outlet – confirms that Ahmed appeared at the court following his detainment on Tuesday. The report mentions him wearing flip-flops, shorts, and a T-shirt saying “I code,” to the court hearing. Later, he was released on bond after pleading not guilty and will be permitted to continue living in his Manhattan apartment, according to the site.

Cloudflare Blocks a  DDoS Attack with 15 million Requests Per Second

 

On Wednesday, Cloudflare, an internet infrastructure company, revealed it has successfully resisted one of the largest volumetric distributed denials of service (DDoS) attacks ever seen. A DDoS attack with a pace of 15.3 million requests per second (rps) was discovered and handled earlier this month, making it one of the greatest HTTPS DDoS attacks ever. 

According to Cloudflare's Omer Yoachimik and Julien Desgats, "HTTPS DDoS assaults are more pricey of necessary computational resources due to the increased cost of establishing a secure TLS encrypted connection." "As a result, the attacker pays more to launch the assault, and the victim pays more to mitigate it. Traditional bandwidth DDoS assaults, in which attackers seek to exhaust and jam the victim's internet connection bandwidth, are different from volumetric DDoS attacks. Instead, attackers concentrate on sending as many spam HTTP requests as possible to a victim's server to consume valuable server CPU and RAM and prevent legitimate visitors from accessing targeted sites."

Cloudflare previously announced it mitigated the world's largest DDoS attack in August 2021, once it countered a 17.2 million HTTP requests per second (rps) attack, which the company described as nearly three times larger than any prior volumetric DDoS attack ever observed in the public domain. As per Cloudflare, the current attack was launched from a botnet including about 6,000 unique infected devices, with Indonesia accounting for 15% of the attack traffic, trailed by Russia, Brazil, India, Colombia, and the United States. 

"What's intriguing is the majority of the attacks came from data centers," Yoachimik and Desgats pointed out. "We're seeing a significant shift away from residential network Internet Service Providers (ISPs) and towards cloud compute ISPs." According to Cloudflare, the attack was directed at a "crypto launchpad," which is "used to showcase Decentralized Finance projects to potential investors." 

Amazon Web Services recorded the largest bandwidth DDoS assault ever at 2.3 terabytes per second (Tbps) in February 2020. In addition, cybersecurity firm Kaspersky reported this week about the number of DDoS attacks increased 4.5 times year over year in the first quarter of 2022, owing partly to Russia's invasion of Ukraine.

Amazon's Bogus Crypto Token Investment Scam Robs Bitcoin off Users.

 

Investors are being misled into turning over Bitcoin in a new cryptocurrency fraud (BTC). Scams involving cryptocurrency and digital tokens have become commonplace, posing a risk to potential buyers. 

Exit scams, rug pulls, and theft are still common, despite the fact regulators throughout the world are cracking down on fraud through tax laws, securities offering registration, tougher restrictions governing cryptocurrency advertisements, and a careful check on initial coin offers (ICOs). The popularity of cryptocurrencies and NFTs continues to rise, creating breeding soil for new frauds to emerge on a regular basis.

Utilizing Amazon's branding to promote a bogus scheme entitled "Amazon to produce its digital token," cyber-criminals are luring users to give away private credentials from the first step of the scam campaign. 

According to Akamai experts, the ongoing cyberattack attempts have profited from the cryptocurrency hype, including scammers using a range of phishing methods based on false rumors. "This particular fraud preyed on consumers' fear of missing out on a special offer to participate in a new cryptocurrency opportunity". Furthermore, in 2021, according to Chainalysis, fraudsters have received around $14 billion in deposits.

Visitors were asked to purchase for the pre-sale tokens with users cryptocurrencies, such as Bitcoin (BTC) or Ethereum (ETH). However, as the tokens aren't real, the funds ended up in the hands of criminals. 

Another enticement is a referral programme that allows the attackers to increase the scope of the token fraud with no further effort. In all, mobile devices were used by the majority of visitors to the phoney token landing pages (98 percent). The distribution of mobile operating systems, however, favors Android handsets (56 percent), with Apple iOS coming in second (42 percent). North America, South America, and Asia account for the vast majority of victims.

To avoid being a victim of fraud like this, users are advised to take the following precautions: 

  •  Be wary of bitcoin marketing and social media posts. 
  •  Before submitting information and making a purchase, double-check URLs and websites. 
  •  Don't be fooled by high-pressure techniques like "flash sales," "just a few left," or "buy now."
  •  Look for legitimate sources while researching what to buy. 
  •  When you see scam ads or postings, report them so they can be removed from social media. 
  •  Be alert, and therefore don't believe everything. 
It's essential to avoid chatting with random commentators or accepting unsolicited invitations from strangers, especially now when social media-based communication is at its most over-used in the pandemic.

Crypto Firm Arbix Identified as a Rug Pull After Scamming $10 Million From Investors

 

Arbix Finance, Binance Smart Chain-based yield farming protocol, appears to have scammed users out of millions after its developers made off with their deposited funds. 

Earlier this week, the blockchain security firm CertiK tweeted confirming the scam, which is known as a rug pull or exit scam. In these types of scams, project developers collect funds for an allegedly legitimate "service" and then disappear with deposited funds. 

Because decentralized networks are traditionally unreliable, bodies like CertiK attempt to examine them via audits that scan a token’s smart contracts for signs of a scam, susceptibilities, privacy issues, etc. In Arbix's case, CertiK's conducted an audit on November 19th, 2021, whose findings had initially been a reason for users to trust Arbix Finance. 

According to CertiK, the scam was uncovered after the token's smart contract was spotted minting 10 million ARBIX to addresses under the owner's control and then dumping them for Ethereum. The operators of Arbix also directed $10 million in investor funds to unverified pools, a tool used to deposit and withdraw funds. An anonymous actor then drained the assets from the pools and converted them to Ethereum. Finally, Ethereum was transferred to Tornado.cash, which acts as a mixer to make it difficult to track the funds.

"Tornado Cash improves transaction privacy by breaking the on-chain link between source and destination addresses. It uses a smart contract that accepts ETH deposits that can be withdrawn by a different address," explains Tornado.cash's FAQ page. "To preserve privacy a relayer can be used to withdraw to an address with no ETH balance. Whenever ETH is withdrawn by the new address, there is no way to link the withdrawal to the deposit, ensuring complete privacy." 

The funds and their movements are being tracked, but the chances of them being recovered are slim at this point. Yield farming is a particularly enticing prospect for investors because it promises cryptocurrency investors payouts without doing anything. 

The risk takers deposit cryptocurrency into yield farming platforms and then allow automated algorithms to monitor fluctuations in the values of multiple tokens and send yield returns (harvest returns) to investors according to their trading threshold settings. 

The main concern with these platforms is cyber theft, as many of these platforms are either insecure or unreliable. In October 2020, a similar platform called Harvest Finance was hacked, leading to the theft of $24 million from users.

$57 Million in Seized Cryptocurrency Being Sold for Victims of BitConnect Scam

 

US law enforcement authorities will begin liquidating around $57 million in cryptocurrency confiscated from the now-defunct BitConnect crypto exchange. 

The amount is insignificant in comparison to the $2 billion that BitConnect executives defrauded from American and foreign investors over the course of the company's two years of presence. Nonetheless, the US Department of Justice considers this liquidation to be "the largest single recovery of cryptocurrency for victims to date" and the first step in assisting BitConnect victims regain some of their losses. 

BitConnect, an open-source cryptocurrency exchange with its own token, the BitConnect Coin, was founded in 2016. (BCC). The platform, which offers a high-yield investment programme (up to 1% per day), swiftly gained traction, with the token's value hitting the 'top 20' by the summer of 2017. 

Soon, clouds gathered above BitConnect as regulators accused it of being a Ponzi scheme, a charge the company frequently denied. After several probes, the platform was eventually shut down in January 2018, BCC's price collapsed, and a restraining order was filed to freeze all of the company's assets. 

During the subsequent investigations, it was found that one of the top executives was actively involved in money laundering as well as a second fraud known as 'Regal Coin.' On September 1, 2021, the company's founder, Glen Arcaro, pleaded guilty to the criminal allegations brought by the US Department of Justice. 
 
Arcaro agreed that he deceived investors about BitConnect's allegedly patented technology, which promised investors a profit. Early BitConnect investors were compensated with money from later BitConnect investors, as he admitted, a classic Ponzi scheme example (SEC complaint). 

Acting U.S. Attorney Randy S. Grossman of the Southern District of California stated, "Arcaro and his confidantes preyed on investor interest in cryptocurrency. As a result, a staggering number of individuals lost an enormous amount of money. To the investing public, let this also serve as a cautionary tale to safeguard your money and invest it wisely." 

The offender now faces up to twenty years in jail, $250,000 in penalties, forfeiture, and restitution, or double the gross gain or loss from the offence. Arcaro's sentence will be heard on January 7, 2022.
 
Victims of the BitConnect scam can identify themselves as possible victims by filling out this victim impact statement form. Victims can also willingly provide their information to the FBI to help with the investigation. 

It's suggested to keep an eye out for counterfeit wallet software, spoofed websites, and multiplier frauds while investing in cryptocurrency. Even if people find a platform that looks to be reliable, it’s recommended to not put all the money in one place. Rather, diversify the cryptocurrency and investment portfolio to reduce the danger of losing everything all at once.

Fraudsters Used Google Ads to Steal Around $500k Worth of Cryptocurrency

 

Crypto-criminals are using Google Ads to target victims with fraudulent wallets that steal credentials and empty accounts. So far, the cyber-thieves appear to have stolen more than $500,000 and counting. 

As per a recent Check Point Research analysis, the ads appear to connect to popular crypto-wallets Phantom and MetaMask for download. Based on the research, attackers began their hunt for potential victims by utilizing Google Ads and clicking on the fraudulent Google Ad leads to a malicious site that has been falsified to seem like the Phantom (or sometimes MetaMask) wallet site. 

The researchers stated, “Over the past weekend, Check Point Research encountered hundreds of incidents in which crypto-investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto-swap platforms like PancakeSwap or Uniswap.” 

After that, the target is prompted to create a new account with a "Secret Recovery Phrase." They must also construct a password for the alleged account (which is harvested by the attackers). As per Check Point, users are subsequently given a keyboard shortcut to open the wallet and then directed to the legitimate Phantom site. The legitimate site offers users the Phantom wallet Google Chrome extension. Crypto-criminals have also targeted MetaMask wallets by purchasing Google Ads that drove users to a fake MetaMask site. 

The analysts further stated, “In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto. We estimate that over $500k worth of crypto was stolen this past weekend alone. I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email.” 

“In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets. Unfortunately, I expect this to become a fast-growing trend in cybercrime. I strongly urge the crypto community to double-check the URLs they click on and avoid clicking on Google Ads related to crypto wallets at this time.” 

Check Point researchers recommended a few protective measures: 
  1. Verify the browser's URL: Only the extension should create the password, and always check the browser URL to see if it's an extension or a website. 
  2. Find the icon for the extension: The extension will have a chrome-extension URL and an extension icon near it. 
  3. Skip the ads. If users are looking for wallets, crypto trading, and swapping platforms in the crypto world, always look at the first website that comes up in the search rather than the ad, since they might lead to users being fooled by attackers. 
  4. Take a look at the URL: Last but not least, make sure the URLs are double-checked.

Coinbase: Hackers Stole Cryptocurrency From Around 6,000 Customers

 

Crypto Exchange Coinbase has revealed that hackers successfully stole money from at least 6,000 Coinbase users this spring, partly by exploiting a vulnerability in the cryptocurrency exchange's two-factor authentication mechanism. 

Coinbase is the world's second-largest bitcoin exchange with over 68 million users from over 100 countries. In a data breach warning delivered to impacted clients this week, Coinbase disclosed the hacking activity. The notice states, “At least 6,000 Coinbase customers had funds removed from their accounts, including you,” 

Account breaches happened between March 2021 and May 20, 2021. Coinbase estimates hackers launched a wide-scale email phishing effort to deceive a significant number of customers into providing their email addresses, passwords, and phone numbers. 

Furthermore, the unknown attackers got access to victims' email inboxes through the use of malicious software competent of reading and writing to the inbox if the user enables permission. Although, a password is insufficient to gain access to a Coinbase account. 

The business secures an account by default using two-factor authentication, which means users must enter both a password and a one-time passcode issued on the phone to log in. 

However, the hackers were capable to obtain the one-time passcode in certain situations. This happened to users who used the two-factor authentication method, which depends on SMS texts to deliver the code. 

A spokesperson for the cryptocurrency exchange told PCMag in a statement, “Once the attackers had compromised the user’s email inbox and their Coinbase credentials, in a small number of cases they were able to use that information to impersonate the user, receive an SMS two-factor authentication code, and gain access to the Coinbase customer account.” 

Coinbase did not go into detail about how the impersonation occurred. However, according to the statement, the attackers employed a SIM-swapping attack to deceive the cell phone carrier into transferring over the victim's phone number. 

In response, Coinbase says it’s been compensating victims for the stolen cryptocurrency, following reports the company did little to help consumers hit in the hack. 

A company spokesperson added, “We immediately fixed the flaw and have worked with these customers to regain control of their accounts and reimburse them for the funds they lost.” 

It's also unclear how the issue was resolved. Coinbase, on the other hand, is pushing consumers to abandon the SMS-based two-factor verification scheme for more secure alternatives. This includes utilising a smartphone app to generate the one-time passcode or a hardware-based security key. 

SEC: Stay Vigilant Against Cryptocurrency Related Frauds

 

The U.S. Securities and Exchange Commission has released a new alert that fresh illegal schemes are targeting digital assets. 

According to security experts, individuals and organisations must be cautious against crypto-related frauds or other "get rich fast" schemes since social engineering attempts are rising. 

The SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force states in its advisory, "Fraudsters continue to exploit the increasing popularity of digital assets to entice investors into schemes, frequently leading to severe losses." 

Users should be wary of phishing or impersonation schemes that pretend to provide something innovative or cutting edge, according to the regulator. 

The SEC added, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam." 

The SEC's advisory comes after the authority fined BitConnect, a now-defunct cryptocurrency network, with $2 billion in the alleged fraud. 

The SEC termed the scheme "one of the largest Bitcoin-related Ponzi-like schemes," stating that defendants stole almost $2 billion of investor funds using a platform - a "technology bot" - that promised extravagant profits. The cryptocurrency platform reportedly advertised itself in several countries using testimonial-style YouTube videos and other social media.

As per the SEC, BitConnect ran a pyramid scheme-style referral programme, paid investor withdrawals from incoming investor funds, and "did not trade investors' Bitcoin consistent with its representation". 

Furthermore, according to the US Department of Justice, BitConnect's major U.S. promoter, Glenn Arcaro, pleaded guilty to similar criminal charges last week. Officials say he faces up to 20 years in jail and must refund $24 million to investors gained from the scam. 

Suspicious Signs

According to the Securities and Exchange Commission, suspicious digital asset activities frequently: 
• Are unregistered/unlicensed vendors;
• Demonstrate representations of account values rising; 
• Sounds too good to be true, and it usually is; 
• Promote phoney testimonials since fraudsters frequently pay people to promote a product or service on social media or through video. 

Many security and blockchain researchers attribute these malicious practices and highly complex social engineering tactics or outright misleading advertising, contributing to bad or disastrous crypto investments. 

According to James McQuiggan, the Florida Cyber Alliance's education director and a security awareness advocate for the business KnowBe4, "Cybercriminals will always find emotional lures to exploit users through social engineering. Asking yourself the question, 'Is this too good to be true?' is the first step to determine if the organisation is worthwhile." 

Likewise, Julio Barragan, head of cryptocurrency intelligence at CipherTrace, warned about ongoing schemes in which victims are enticed by a convincing fraudster who sends them direct messages on social media or through a friend's hacked account promising big rewards. 

As per Neil Jones, a cybersecurity evangelist with Egnyte, "Significant change [in the space] will only occur when cryptocurrency platforms become subject to the same standardized IT requirements as traditional investment platforms, and when cryptocurrency exchanges no longer represent a safe haven for payments to ransomware attackers." 

Notwithstanding, Robinson stated, "There is no need for new crypto-specific regulation to handle [these events] since regulators are currently prosecuting these fraudsters under existing laws." According to him, US authorities have penalized over $2.5 billion in fines, primarily for fraud and unregistered securities offerings. 

But authorities like Sen. Elizabeth Warren, D-Mass., continue to push for extensive cryptocurrency regulation. Warren compared many cryptocurrency activities to "shadow banks" that lack standard investor safeguards in an interview with The New York Times on Sunday. 

SEC Chair Gary Gensler highlighted earlier remarks on impending cryptocurrency regulation last week, stating The Financial Times that digital assets must be safe and long-lived within a public policy framework. He also asked the congressional authority to minimize investment risks associated with virtual currencies.