Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cryptocurrency. Show all posts
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
Zoom
APTs cryptocurrency CyberCrime Cyberfraud Cyberhackers Cybersecurity CyberThreat Elusive lazarus Privacy Zoom

Zoom Platform Misused by Elusive Comet Attackers in Fraud Scheme

 


Recent reports suggest that North Korean threat actors are now employing an alarming evolution in the tactics they employ to launch a sophisticated cybercrime operation known as Elusive Comet, a sophisticated cybercrime operation. This newly uncovered campaign demonstrates a way of exploiting Zoom's remote control capabilities to gain unauthorised access to cryptocurrency industry users' systems. 

It is clear from this development that a significant trend is occurring in which widely trusted communication platforms are being exploited as tools to facilitate high-level cyber intrusions. Security Alliance, one of the most reputable cybersecurity research organisations, conducted the investigation and analysis that led to the discovery. Elusive Comet exhibited some significant operational similarities to activities previously associated with North Korea's notorious Lazarus Group, a group which has been linked to North Korea for some years. 

The findings suggest that definitive attribution is yet to be made. Due to the lack of conclusive evidence, attempts to link this campaign with any known state-sponsored entity have been complicated, further demonstrating how covert cyberattacks have become increasingly common in the financial sector. This campaign, according to security experts, marks a dramatic departure from the traditional methods of gaining access to cryptocurrency targets previously used to attack them. This is because the attackers can leverage legitimate features of mainstream platforms such as Zoom, which not only makes their operations more successful but also makes detection and prevention much more difficult. 

Using such ubiquitous communication tools emphasises the need for enhanced security protocols in industries that handle digital assets to stay on top of digital threats. With the emergence of Elusive Comet, the threat landscape continues to evolve, and adversaries are increasingly adopting innovative approaches to bypass traditional defences, a reminder that the threat landscape is constantly changing and that adversaries are continuously evolving. The threat actors behind Elusive Comet have invested considerable resources into establishing a convincing online persona to maintain an appearance of legitimacy. 

To reinforce their facade of authenticity, they operate credible websites and maintain active social media profiles. As one example of the fraudulent entities that are associated with the group, Aureon Capital, a fake venture capital company posing as a legitimate company, Aureon Press, and The OnChain Podcast have all been carefully designed to trick unsuspecting individuals and businesses. 

The attackers usually contact users by sending them direct messages via X (formerly Twitter), or by contacting them via email, or by offering invitations to appear on their fabricated podcast as a guest. In the study, researchers found that after initiating contact and establishing a certain level of trust, attackers then move swiftly to set up a Zoom meeting under the pretext of learning more about the target's professional activities. 

It is common for key meeting details to be withheld until very near the time of the scheduled meeting, a tactic employed by the organisation to create an impression of urgency and encourage compliance among participants. A common occurrence is that victims are often asked to share their screens during the call so that they can demonstrate their work, and in doing so, they unknowingly expose their sensitive systems and data to the attackers. As a result of the Elusive Comet operation, Jake Gallen, CEO of the cryptocurrency company Emblem Vault, lost over $100,000 of his digital assets, which included his company's cryptocurrency. As a result, he was targeted after agreeing to participate in a Zoom interview with someone who was posing as a media person. 

By manipulating Gallen during the session into granting remote access to his computer under the disguise of technical facilitation, the attacker succeeded in obtaining his permission to do so. The attackers were able to install a malicious payload, referred to by the attackers as "GOOPDATE," which allowed them to gain access to his cryptocurrency wallets and steal the funds that resulted from this attack. 

It is clear from this incident that cryptocurrencies are vulnerable, especially among executives and high-net-worth individuals who interact regularly with media outlets and investors, which makes them particularly susceptible to sophisticated social engineering schemes because of their high level of exposure to these media outlets. Additionally, the breach emphasises that professionals operating in high-value financial sectors should have heightened awareness of cybersecurity and adopt stricter digital hygiene policies. 

A leading cybersecurity research and advisory firm specialising in forensics and advanced persistent threats (APTS), Security Alliance, meticulously tracked and analysed the Elusive Comet campaign, a campaign that is highly likely to persist for many years to come. Security Alliance published a comprehensive report in March 2025 detailing the tactics, techniques, and procedures (TTPS) used by threat actors and presenting comprehensive insights into these tactics. In their research, the attackers were able to install malware on victims' systems based primarily on a combination of social engineering and using Zoom's remote control features to get their malicious code into the systems of their victims. 

Despite drawing parallels between the methods used to conduct this campaign and those of the notorious Lazarus Group of North Korea, Security Alliance exercised caution when attributions were made. It was noted in the research that the similarities in techniques and tools could indicate common origins or shared resources; however, the researchers stressed the difficulties associated with attribution in a cyber threat landscape where various actors tend to duplicate or repurpose the methodologies of each other. 

Taking into account the methods employed by the Elusive Comet campaign, cryptocurrency professionals are strongly advised to take a comprehensive and proactive security posture to reduce the risk of falling victim to the same types of sophisticated attacks again. First and foremost, companies and individuals should make sure that Zoom's remote control feature is disabled by default, and that it is only enabled when necessary by the organisation and the individual. This functionality can be significantly restricted by restricting the use of this feature, which reduces the chances of cybercriminals exploiting virtual engagements as well.

It is also important to exercise increased caution in responding to unsolicited meeting invitations. When invitations are sent by an unknown or unverified source, it is essential to verify the identity of the requester through independent channels. In order to increase account security in cryptocurrency-related platforms, including digital wallets and exchanges, it is imperative to implement multi-factor authentication (MFA) as a critical barrier. 

MFA serves as an additional layer of protection if credentials are compromised as well, providing an extra layer of defence. Further, it will be beneficial for organisations to deploy robust endpoint protection solutions as well as maintain all software, including communication platforms such as Zoom, consistently updated, to protect against the exploitation of known vulnerabilities. Additionally, regular cybersecurity education and training for employees, partners, and key stakeholders is also extremely important. 

An organisation can strengthen the security awareness of its teams through the development of a culture of security awareness, which will allow them to identify and resist threat actors' tactics, such as social engineering, phishing attacks, and other deceptive tactics. The Elusive Comet operation highlights a broader, more dangerous threat to the cryptocurrency industry as cybercriminals are increasingly manipulating trusted communication tools to launch highly targeted and covert attacks targeting the crypto market. 

There is a strong possibility that the attacker may have been part of the North Korean Lazarus Group, but an official attribution remains elusive, further illustrating the difficulty in identifying cyber threat actors, yet there are some clear lessons to be learned from this attack. 

As today's cybersecurity landscape becomes more volatile and more complex, it is more important than ever for organisations to maintain vigilance, implement rigorous security protocols, and continually adapt to emerging threats to survive. The adversaries are continually refining their tactics, so the only people who can successfully safeguard the assets and reputation of their organisations and businesses against evolving threats to their identity and reputation will be those who invest in resilient defence strategies.
Read more »
Money Laundering
cryptocurrency Cyber Security CyberCrime Dark Web Elon Musk FBI international cybercrime operation Money Laundering

FBI Operated ElonmuskWHM: Undercover Money Laundering Site That Handled $90M in Crypto

 

In a bold and controversial move, the FBI operated a money laundering platform on the dark web under the alias “ElonmuskWHM,” aiming to infiltrate the criminal ecosystem it served. According to an investigation by 404 Media, the FBI’s undercover cybercrime operation lasted nearly 11 months and facilitated close to $90 million in cryptocurrency transactions. 

The ElonmuskWHM site allowed cybercriminals—including drug traffickers and hackers—to convert illicit cryptocurrency into cash, often mailed discreetly to customers across the country. In exchange, the operator took a 20% fee. The service, regularly advertised on forums like White House Market (WHM), offered anonymity and required no form of identity verification—making it a go-to laundering tool for bad actors avoiding mainstream exchanges like Coinbase or Binance. 

A 404 Media review of court documents and online evidence confirmed the FBI’s direct role in running the site following the arrest of its original operator, Anurag Pramod Murarka, a 30-year-old Indian national. Murarka was eventually sentenced to over 10 years in prison. During its covert management, the FBI used the ElonmuskWHM site to investigate major crimes including drug trafficking, hacking schemes, and even a violent robbery in San Francisco. 

This FBI crypto sting is part of a broader pattern of law enforcement embedding within the digital underworld. Similar tactics were used in previous operations like Trojan Shield, where the agency ran a fake encrypted phone company named ANOM, secretly monitoring global criminal communications. Another example includes the infiltration of the ransomware group “Hive,” enabling the FBI to intercept communications and disrupt attacks. While effective, the ElonmuskWHM sting also sparked privacy concerns. Court documents reveal that the FBI requested data from Google identifying every user who watched a specific YouTube video, raising red flags about surveillance overreach and potential constitutional violations. 

Still, authorities defend such undercover cybercrime strategies as essential to understanding and dismantling complex digital criminal networks. Gabrielle Dudgeon, spokesperson for the U.S. Attorney’s Office, noted that the operation directly supported multiple federal prosecutions and investigations. As cybercrime becomes increasingly sophisticated, law enforcement agencies are evolving too—blurring ethical lines in the process. The ElonmuskWHM operation underscores the high-stakes chess match between digital criminals and those tasked with stopping them.
Read more »
phishing
AI Bybit cryptocurrency Cyber Attacks Ethereum phishing

600 Phishing Campaigns Emerged After Bybit Heist, Biggest Crypto Scam in History

600 Phishing Campaigns Emerged After Bybit Heist, Biggest Crypto Scam in History

Recently, the cryptocurrency suffered the largest cyberattack to date. The Bybit exchange was hit by the "largest cryptocurrency heist in history, with approximately $1.5 billion in Ethereum tokens stolen in a matter of hours," Forbes said.

After the Bybit hack, phishing campaigns steal crypto

Security vendor BforeAI said around 600 phishing campaigns surfaced after the Bybit heist, which was intended to steal cryptocurrency from its customers. In the last three weeks, after the news of the biggest crypto scam in history, BforeAI found 596 suspicious domains from 13 different countries. 

Dozens of these malicious domains mimicked the cryptocurrency exchange itself (Bybit), most using typosquatting techniques and keywords like “wallet,” “refund,” “information, “recovery,” and “check.” 

According to BforeAI, there were also “instances of popular crypto keywords such as ‘metaconnect,’ ‘mining,’ and ‘airdrop,’ as well as the use of free hosting and subdomain registration services such as Netlify, Vercel, and Pages.dev.” 

Malicious free domains used for attacks

The use of free hosting services and dynamics is a common practice in this dataset. Many phishing pages are hosted on forums that offer anonymous, quick deployment without asking for domain purchases.  Also, the highest number of verified malicious domains were registered in the UK.

After the incident, Bybit assured customers that they wouldn’t lose any money as a result. But the hackers took advantage of this situation and intentionally created a sense of anxiety and urgency via deceptive tactics like ‘fake recovery services and ‘phishing schemes.’ A few phishing websites pretended to be the “Bybit Help Center.”

The end goal was to make victims enter their crypto/Bybit passwords. A few weeks later, campaigns changed from “withdrawals, information, and refunds” through spoof Bybit sites to providing “crypto and training guides” and special rewards to trick potential investors. 

Regardless of the change in these crypto and training guides, the campaigns persevered a “connection to the earlier withdrawal scams by including ‘how to withdraw from Bybit guides,’ BforeAI explained. This results in “a flow of traffic between learning resources fakes and withdrawal phishing attempts,” it added.

Bybit has accused North Korean hackers behind the attacks, costing the firm a massive $1.5 billion in stolen crypto. The campaign has contributed to Q1 2025 with an infamous record: a $1.7 billion theft in the first quarter, the highest in history.

Read more »
Sanctions
Crypto Exchange cryptocurrency cryptocurrency security Cyber Security financial risks Garantex Russian Crypto Sanctions

Sanctioned Russian Crypto Exchange Garantex Allegedly Rebrands as Grinex

 

International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that Grinex may be a direct successor to Garantex, which was shut down earlier this month in a joint operation by law enforcement agencies from the U.S., Germany, and Finland. 

Despite the crackdown, Global Ledger researchers have identified on-chain movements linking the two exchanges, including the transfer of Garantex’s holdings in a ruble-backed stablecoin, A7A5, to wallets controlled by Grinex. Off-chain clues further support the connection, such as the sudden surge in trading volume—Grinex reportedly handled over $40 million in transactions within two weeks of its launch. According to Lex Fisun, CEO of Global Ledger, social media activity also suggests a direct relationship between the platforms.

In a Telegram post, Sergey Mendeleev, a known figure associated with Garantex, downplayed the similarities between the two exchanges while making light of the situation. Meanwhile, reports indicate that former Garantex users have been transferring funds at the exchange’s physical offices in Europe and the Middle East, strengthening claims that Grinex is simply a rebranded version of the defunct platform. While leading blockchain analytics firms such as Chainalysis and TRM Labs have yet to verify these findings, Andrew Fierman, Head of National Security Intelligence at Chainalysis, acknowledged that early indicators point to a connection between Garantex and Grinex. 

However, a full assessment of Grinex’s infrastructure is still underway. If Grinex is indeed a rebranded Garantex, it would not be the first time a sanctioned exchange has attempted to evade regulatory scrutiny through rebranding. Similar cases have been observed in the past—BTC-E, a Russian exchange taken down by U.S. authorities in 2017, later reemerged as WEX, only to collapse due to internal conflicts. Likewise, Suex, another Russian exchange sanctioned for facilitating illicit transactions, resurfaced as Chatex before facing renewed enforcement actions. 

The reappearance of Garantex in another form underscores the persistent difficulties regulators face in enforcing financial sanctions. Despite the seizure of its servers and domain, the exchange’s infrastructure appears to have been quickly reestablished under a new identity. Experts warn that non-compliant exchanges operating in high-risk regions will continue to find ways to circumvent restrictions. Before its takedown, Garantex had been identified as a hub for money laundering and illicit financial transactions. 

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the exchange in 2022, citing its involvement in facilitating payments for ransomware groups such as Black Basta and Conti, as well as its ties to darknet marketplaces like Hydra. Court documents also revealed that Garantex provided financial services to North Korea’s Lazarus Group, a state-backed hacking organization responsible for some of the largest cryptocurrency heists in history, including the $1.4 billion Bybit hack.

Additionally, Russian oligarchs reportedly used the platform to bypass economic sanctions imposed after Russia’s invasion of Ukraine. Two individuals linked to Garantex’s operations, Lithuanian national and Russian resident Aleksej Besciokov and Russian citizen Aleksandr Mira Serda, have been charged with conspiracy to commit money laundering. Besciokov was arrested in India earlier this month while on vacation with his family and is expected to be extradited to the U.S. to face trial. 

While authorities work to contain illicit financial activity in the crypto space, the rapid emergence of Grinex serves as a reminder of how easily such operations can adapt and reappear under new identities. Analysts warn that other high-risk exchanges in Russia, such as ABCEX and Keine-Exchange, are poised to take advantage of regulatory loopholes and fill the void left by Garantex’s shutdown.
Read more »
Security Breach
Crypto Exchange Crypto Hack cryptocurrency Cyber Attacks Digital Assets Lazarus Group Security Breach

Bybit Crypto Exchange Hacked for $1.5 Billion in Largest Crypto Heist

 

Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack, now considered the largest in crypto history, compromised the exchange’s cold wallet—an offline storage system designed to provide enhanced security against cyber threats. 

Despite the breach, Bybit CEO Ben Zhou assured users that other cold wallets remain secure and that withdrawals continue as normal. Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen funds as they were quickly moved across multiple wallets and laundered through various platforms. Most of the stolen assets were in ether, which were liquidated swiftly to avoid detection. 

The scale of the attack far exceeds previous high-profile crypto thefts, including the $611 million Poly Network hack in 2021 and the $570 million stolen from Binance’s BNB token in 2022. Investigators later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for targeting cryptocurrency platforms. The group has a history of siphoning billions from the digital asset industry to fund the North Korean regime. 

Experts say Lazarus employs advanced laundering techniques to hide the stolen funds, making recovery difficult. Elliptic’s chief scientist, Tom Robinson, confirmed that the hacker’s addresses have been flagged in an attempt to prevent further transactions or cash-outs on other exchanges. However, the sheer speed and sophistication of the operation suggest that a significant portion of the funds may already be out of reach. The news of the breach sent shockwaves through the crypto community, triggering a surge in withdrawals as users feared the worst. 

While Bybit has managed to stabilize outflows, concerns remain over the platform’s ability to recover from such a massive loss. To reassure customers, Bybit announced that it had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations. The Lazarus Group’s involvement highlights the persistent security risks in the cryptocurrency industry. Since 2017, the group has orchestrated multiple cyberattacks, including the theft of $200 million in bitcoin from South Korean exchanges. 

Their methods have become increasingly sophisticated, exploiting vulnerabilities in crypto platforms to fund North Korea’s financial needs. Industry experts warn that large-scale thefts like this will continue unless exchanges implement stronger security measures. Robinson emphasized that making it harder for criminals to profit from these attacks is the best deterrent against future incidents. 

Meanwhile, law enforcement agencies and crypto-tracking firms are working to trace the stolen assets in hopes of recovering a portion of the funds. While exchanges have made strides in improving security, cybercriminals continue to find ways to exploit weaknesses, making robust protections more crucial than ever.
Read more »
Technology
AI Agent Chatbots cryptocurrency Finance Technology

How AI Agents Are Transforming Cryptocurrency

 



Artificial intelligence (AI) agents are revolutionizing the cryptocurrency sector by automating processes, enhancing security, and improving trading strategies. These smart programs help analyze blockchain data, detect fraud, and optimize financial decisions without human intervention.


What Are AI Agents?

AI agents are autonomous software programs that operate independently, analyzing information and taking actions to achieve specific objectives. These systems interact with their surroundings through data collection, decision-making algorithms, and execution of tasks. They play a critical role in multiple industries, including finance, cybersecurity, and healthcare.


There are different types of AI agents:

1. Simple Reflex Agents: React based on pre-defined instructions.

2. Model-Based Agents: Use internal models to make informed choices.

3. Goal-Oriented Agents: Focus on achieving specific objectives.

4. Utility-Based Agents: Weigh outcomes to determine the best action.

5. Learning Agents: Continuously improve based on new data.


Evolution of AI Agents

AI agents have undergone advancements over the years. Here are some key milestones:

1966: ELIZA, an early chatbot, was developed at MIT to simulate human-like conversations.

1980: MYCIN, an AI-driven medical diagnosis tool, was created at Stanford University.

2011: IBM Watson demonstrated advanced natural language processing by winning on Jeopardy!

2014: AlphaGo, created by DeepMind, outperformed professional players in the complex board game Go.

2020: OpenAI introduced GPT-3, an AI model capable of generating human-like text.

2022: AlphaFold solved long-standing biological puzzles related to protein folding.

2023: AI-powered chatbots like ChatGPT and Claude AI gained widespread use for conversational tasks.

2025: ElizaOS, a blockchain-based AI platform, is set to enhance AI-agent applications.


AI Agents in Cryptocurrency

The crypto industry is leveraging AI agents for automation and security. In late 2024, Virtuals Protocol, an AI-powered Ethereum-based platform, saw its market valuation soar to $1.9 billion. By early 2025, AI-driven crypto tokens collectively reached a $7.02 billion market capitalization.

AI agents are particularly valuable in decentralized finance (DeFi). They assist in managing liquidity pools, adjusting lending and borrowing rates, and securing financial transactions. They also enhance security by identifying fraudulent activities and vulnerabilities in smart contracts, ensuring compliance with regulations like Know Your Customer (KYC) and Anti-Money Laundering (AML).


The Future of AI in Crypto

Tech giants like Amazon and Apple are integrating AI into digital assistants like Alexa and Siri, making them more interactive and capable of handling complex tasks. Similarly, AI agents in cryptocurrency will continue to take new shapes, offering greater efficiency and security for traders, investors, and developers.

As these intelligent systems advance, their role in crypto and blockchain technology will expand, paving the way for more automated, reliable, and secure financial ecosystems.



Read more »
Investment Scam
bank scams CFPB Crypto Scam cryptocurrency Cyber Security DBS Bank Investment Scam

California Man Sues Banks Over $986K Cryptocurrency Scam



Ken Liem, a California resident, has filed a lawsuit against three major banks, accusing them of negligence in enabling a cryptocurrency investment scam. Liem claims he was defrauded of $986,000 after being targeted on LinkedIn in June 2023 by a scammer promoting crypto investment opportunities. Over six months, Liem wired substantial funds through Wells Fargo to accounts held by Hong Kong-based entities.

Liem’s ordeal escalated when his cryptocurrency account was frozen under false allegations of money laundering. To regain access to his funds, scammers demanded he pay a fake IRS tax—an established tactic used to maximize financial extraction from victims before vanishing.

The lawsuit names three financial institutions as defendants:
  • Chong Hing Bank Limited (Hong Kong-based)
  • Fubon Bank Limited (Hong Kong-based)
  • DBS Bank (Singapore-based, with a Los Angeles branch)

Allegations of Negligence and Non-Compliance

Liem accuses these banks of failing to follow mandatory “Know Your Customer” (KYC) and anti-money laundering (AML) protocols as required by the U.S. Bank Secrecy Act. The lawsuit asserts that the banks:
  • Failed to Verify Identities: Inadequate due diligence on account holders allowed fraudsters to operate unchecked.
  • Neglected Business Verification: The nature of the businesses linked to these accounts was not properly investigated.
  • Ignored Complaints: Liem reported the scam in August 2024, but the banks either disregarded his concerns or denied accountability.

The lawsuit contends that these financial institutions enabled the transfer of illicit funds from the U.S. to Asian accounts tied to organized scams by ignoring suspicious transactions.

Liem's case highlights the growing debate over banks' responsibility in preventing fraud. While lawsuits of this nature are uncommon, they are not without precedent. For instance:
  • January 2024: Two elderly victims of IRS impersonation scams sued JPMorgan Chase for allowing large international transfers without adequate scrutiny.

Globally, different approaches are being adopted to address fraud:
  • United Kingdom: New regulations require banks to reimburse scam victims up to £85,000 ($106,426) within five days, though banks have pushed back against raising this cap.
  • Australia: Proposed legislation could fine banks, telecom providers, and social media platforms for failing to prevent scams.
  • United States: The Consumer Financial Protection Bureau (CFPB) has taken legal action against Bank of America, Wells Fargo, and JPMorgan Chase for not preventing fraud on the Zelle platform, which has resulted in $870 million in losses since 2017.

As global authorities and financial institutions grapple with accountability measures, victims like Ken Liem face significant challenges in recovering their stolen funds. This lawsuit underscores the urgent need for stronger fraud prevention policies and stricter enforcement of compliance standards within the banking sector.
Read more »
Subscribe to: Posts (Atom)