Cryptocurrency

israel-tied-predatory-sparrow-hackers-are-waging-cyberwar-on-iran’s-financial-system

Israel-tied Predatory Sparrow hackers are waging cyberwar on Iran’s financial system

Biz & IT, crypto exchange, Cryptocurrency, Iran, Israel, nation state hacking, Security, syndication / /

Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen’s Houthi rebels, and the Palestinian Islamic Jihad group. “It’s also an act of sabotage, by attacking a financial institution that was pivotal in Iran’s use of cryptocurrency to evade sanctions,” Robinson says.

Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel’s military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country’s critical infrastructure. The group has targeted Iran’s railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group’s own video of the attack posted to its YouTube account.

Exactly why Predatory Sparrow has now turned its attention to Iran’s financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google’s threat intelligence group and a longtime tracker of Predatory Sparrow’s attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences.

“This actor is very serious and very capable, and that’s what separates them from many of the operations that we’ll probably see in the coming weeks or months,” Hultquist says. “A lot of actors are going to make threats. This is one that can follow through on those threats.”

This story originally appeared on wired.com.

Israel-tied Predatory Sparrow hackers are waging cyberwar on Iran’s financial system Read More »

senate-passes-genius-act—criticized-as-gifting-trump-ample-opportunity-to-grift

Senate passes GENIUS Act—criticized as gifting Trump ample opportunity to grift

Binance, Cryptocurrency, Donald Trump, genius act, memecoin, Policy, stablecoin, world liberty financial / /

“Why—beyond the obvious benefit of gaining favor, directly or indirectly, with the Trump administration—did you select USD1, a newly launched, untested cryptocurrency with no track record?” the senators asked.

Responding, World Liberty Financial’s lawyers claimed MGX was simply investing in “legitimate financial innovation,” CBS News reported, noting a Trump family-affiliated entity owns a 60 percent stake in the company.

Trump has denied any wrongdoing in the MGX deal, ABC News reported. However, Warren fears the GENIUS Act will provide “even more opportunities to reward buyers of Trump’s coins with favors like tariff exemptions, pardons, and government appointments” if it becomes law.

Although House supporters of the bill have reportedly promised to push the bill through, so Trump can sign it into law by July, the GENIUS Act is likely to face hurdles. And resistance may come from not just Democrats with ongoing concerns about Trump’s and future presidents’ potential conflicts of interest—but also from Republicans who think passing the bill is pointless without additional market regulations to drive more stablecoin adoption.

Dems: Opportunities for Trump grifts are “mind-boggling”

Although 18 Democrats helped the GENIUS Act pass in the Senate, most Democrats opposed the law over concerns of Trump’s feared conflicts of interest, PBS News reported.

Merkley remains one of the staunchest opponents to the GENIUS Act. In a statement, he alleged that the Senate passing the bill was essentially “rubberstamping Trump’s crypto corruption.”

According to Merkley, he and other Democrats pushed to remove the exemption from the GENIUS Act before the Senate vote—hoping to add “strong anti-corruption measures.” But Senate Republicans “repeatedly blocked” his efforts to hold votes on anti-corruption measures. Instead, they “rammed through this fatally flawed legislation without considering any amendments on the Senate floor—despite promises of an open amendment process and debate before the American people,” Merkley said.

Ultimately, it passed with the exemption intact, which Merkley considered “profoundly corrupt,” promising, “I will keep fighting to ban Trump-style crypto corruption to prevent the sale of government policy by elected federal officials in Congress and the White House.”

Senate passes GENIUS Act—criticized as gifting Trump ample opportunity to grift Read More »

incorporated-in-us:-$8.4b-money-launderer-for-chinese-speaking-crypto-scammers

Incorporated in US: $8.4B money launderer for Chinese-speaking crypto scammers

crypto scams, Cryptocurrency, investment scams, Security, syndication, Xinbi Guarantee / /

Before crackdown, this was one of the ‘Net’s biggest markets for Chinese-speaking scammers.

As the underground industry of crypto investment scams has grown into one of the world’s most lucrative forms of cybercrime, the secondary market of money launderers for those scammers has grown to match it. Amid that black market, one such Chinese-language service on the messaging platform Telegram blossomed into an all-purpose underground bazaar: It has offered not only cash-out services to scammers but also money laundering for North Korean hackers, stolen data, targeted harassment-for-hire, and even what appears to be sex trafficking. And somehow, it’s all overseen by a company legally registered in the United States.

According to new research released today by crypto-tracing firm Elliptic, a company called Xinbi Guarantee has since 2022 facilitated no less than $8.4 billion in transactions via its Telegram-based marketplace prior to Telegram’s actions in recent days to remove its accounts from the platform. Money stolen from scam victims likely represents the “vast majority” of that sum, according to Elliptic’s cofounder Tom Robinson. Yet even as the market serves Chinese-speaking scammers, it also boasts on the top of its website—in Mandarin—that it’s registered in Colorado.

“Xinbi Guarantee has served as a giant, purportedly US-incorporated illicit online marketplace for online scams that primarily offers money laundering services,” says Robinson. He adds, though, that Elliptic has also found a remarkable variety of other criminal offerings on the market: child-bearing surrogacy and egg donors, harassment services that offer to threaten or throw feces at any chosen victim, and even sex workers in their teens who are likely trafficking victims.

Xinbi Guarantee is the second such crime-friendly Chinese-language market that Robinson and his team of researchers have uncovered over the past year. Last July, they published a report on Huione Guarantee, a similar Cambodia-based service that Elliptic said in January had facilitated $24 billion in transactions—largely from crypto scammers—making it the biggest illicit online marketplace in history by Elliptic’s accounting. That market’s parent company, Huione Group, was added to a list of known money laundering operations by the US Treasury’s Financial Crimes Enforcement Network earlier this month in an attempt to limit its access to US financial institutions.

Telegram bans

After WIRED reached out to Telegram last week about the illicit activity taking place on Xinbi Guarantee’s and Huione Guarantee’s channels on its messaging platform, Telegram appears to have responded Monday by banning many of the central channels and administrator accounts used by both Xinbi Guarantee and Huione Guarantee. “Criminal activities like scamming or money laundering are forbidden by Telegram’s terms of service and are always removed whenever discovered,” Telegram spokesperson Remi Vaughn wrote to WIRED in a statement. “Communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down.”

Telegram had banned several of Huione Guarantee’s channels in February following an earlier Elliptic report on the marketplace, but Huione Guarantee quickly re-created them, and it’s not clear whether the new removals will prevent the two companies from rebuilding their presence on Telegram again, perhaps with new accounts or even new branding. “These are very lucrative businesses, and they’ll attempt to rebuild in some way,” Robinson said of the two marketplaces following Telegram’s latest purge.

Elliptic’s accounting of the total lifetime revenue of the biggest online black markets.Courtesy of Elliptic

Xinbi Guarantee didn’t respond to multiple requests for comment on Elliptic’s findings that WIRED sent to the market’s administrators on Telegram.

Like Huione Guarantee, Xinbi Guarantee has offered a similar “guarantee” model of enabling third-party vendors to offer services by requiring a deposit from them to prevent fraud. Yet it’s flown under the radar, even as it grew into one of the biggest hubs for crypto crime on the Internet. In terms of scale of transactions prior to Telegram’s crackdown, it was second only to Huione’s market, according to Elliptic.

Both services “offer a window into the China-based underground banking network,” Robinson says. “It’s another example of these huge Chinese-language ‘guaranteed’ marketplaces that have thrived for years.”

On Xinbi Guarantee, Elliptic found numerous posts from vendors offering to accept funds related to “quick kills,” “slow kills,” and “pig butchering” transactions, all different terms for crypto investment scams and other forms of fraud. In some cases, Robinson explains, these Xinbi Guarantee vendors offer bank accounts in the same country as the victim so that they can receive whatever payment they’re tricked into making, then pay the scammer in the cryptocurrency Tether. In other cases, the Xinbi Guarantee merchants offer to receive cryptocurrency payments and cash them out in the scammer’s local currency, such as Chinese renminbi.

Not just money laundering

Aside from Xinbi Guarantee’s central use as a cash-out point for crypto scammers, Elliptic also found that the market’s vendors offered other wares for scammers such as stolen data that could be used for finding victims, as well as services for registering SIM cards and Starlink Internet subscriptions through proxies.

North Korean state-sponsored cybercriminals also appear to have used the platform for money laundering. Elliptic found through blockchain analysis, for instance, that about $220,000 stolen from the Indian cryptocurrency exchange WazirX—the victim of a $235 million theft in July 2024, widely attributed to North Korean hackers—had flowed into Xinbi Guarantee in a series of transactions in November.

Those money-laundering and scam-enabling services, however, are far from the only shady offerings found on Xinbi Guarantee’s market. Elliptic also found listings for surrogate mothers and egg donors, with one post showing faceless pictures of the donor’s body. Other accounts have offered services that will, for a payment in Tether, place a funeral wreath at a target’s door, deface their home with graffiti, post damaging statements around their home, have someone verbally threaten them, throw feces at them, or even, most bizarrely, surround their home with AIDS patients. One posting suggested these AIDS patients would carry “case reports and needles for intimidation.”

Other listings have offered sex workers as young as 18 years old, noting the specific sex acts that are allowed and forbidden. Elliptic says that one of its researchers was even offered a 14-year-old by a Xinbi Guarantee merchant. (The account holder noted, however, that no transaction for sex with someone below the age of 18 would be guaranteed by Xinbi. The legal age of consent in China is 14.)

Exactly why Xinbi Guarantee is legally registered in the US remains a mystery. Its incorporation record on the Colorado Secretary of State’s website shows an address at an office park in the city of Aurora that has no external Xinbi branding. The company appears to have been registered there in August of 2022 by someone named “Mohd Shahrulnizam Bin Abd Manap.” (WIRED connected that name with several people in Malaysia but couldn’t determine which one might be Xinbi Guarantee’s registrant.) The listing is currently marked as “delinquent,” perhaps due to failure to file more recent paperwork to renew it.

For fledgling Chinese companies—legitimate and illegitimate—incorporating in the US is an increasingly common tactic for “projecting legitimacy,” says Jacob Sims, a visiting fellow at Harvard’s Asia Center who focuses on transnational Chinese crime. “If you have a US presence, you can also open US bank accounts,” Sims says. “You could potentially hire staff in the US. You could in theory have more formalized connections to US entities.” But he notes that the registration’s delinquent status may mean Xinbi Guarantee tried to make some sort of inroads in the US in the past but gave up.

While Telegram has served as the chief means of communication for the two markets, the stablecoin cryptocurrency Tether has served as their primary means of payment, Elliptic found. And despite Telegram’s new round of removals of their channels and accounts, Xinbi Guarantee and Huione Guarantee are far from the only companies to use Tether and Telegram to create essentially a new, largely Chinese-language darknet: Elliptic is tracking close to 30 similar marketplaces, Robinson says, though he declined to name others in the midst of the company’s investigations.

Just as Telegram shows new signs of cracking down on that sprawling black market, Tether, too, has the ability to disrupt criminal use of its services. Unlike other more decentralized cryptocurrencies such as Bitcoin, Tether can freeze payments when it identifies bad actors. Yet it’s not clear to what degree Tether has taken measures to stop Chinese-language crypto scammers and others on Xinbi Guarantee and Huione Guarantee from using its currency.

When WIRED wrote to Tether to ask about its role in those black markets, the company responded in a statement that it encourages “firms like Elliptic and other blockchain intelligence providers to share critical data with law enforcement so we can act swiftly and in coordination.”

“We are not passive observers—we are active players in the global fight against financial crime,” the Tether statement continued. “If you’re considering using Tether for illicit purposes, think again: it is the most traceable asset in existence. We will identify you, and we will work to ensure you are brought to justice.”

Despite that promise—and Telegram’s new effort to remove Huione Guarantee and Xinbi Guarantee from its platform—both tools have already been used to facilitate tens of billions of dollars in theft and other black market deals, much of it occurring in plain sight. The two largely illegal and very public markets have been “remarkable for both the scale at which they’re operating and also the brazenness,” says Harvard’s Jacob Sims.

Given that brazenness and the massive criminal fortunes at stake, expect both markets to attempt a revival in some form—and plenty of competitors to try to take their place atop the Chinese-language crypto crime economy.

This story originally appeared on wired.com.

Photo of WIRED

Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.

Incorporated in US: $8.4B money launderer for Chinese-speaking crypto scammers Read More »

celsius-founder-alex-mashinsky-sentenced-to-12-years-for-“unbank-yourself”-scam

Celsius founder Alex Mashinsky sentenced to 12 years for “unbank yourself” scam

Alex Mashinsky, Celsius Network, Cryptocurrency, cryptocurrency fraud, Policy, securities fraud / /

As the case dragged on, Mashinsky and his family appeared unremorseful, victims said, even while facing threats of violence and significant public shaming. Some victims accused Mashinsky of lying to their faces and pushing them to continue depositing funds even when the end was near and he knew that the money would be lost.

In victim statements sent to US District Judge John Koeltl, customers accused Mashinsky of weaponizing his family-man brand to scam many naïve investors out of their life savings. Some suicides were reported, victims said, and elderly victims were among the most vulnerable, with many becoming homeless after retirement funds were drained. Among the victims was Rien Vanmarcke, who confessed to feeling haunted by guilt after convincing his aging mother to invest in Celsius and losing the majority of their savings.

And “Mashinsky’s cruelty didn’t end with the collapse,” Vanmarcke wrote. “His family mocked victims with ‘unbankrupt yourself’ merchandise funded by stolen savings, while flaunting luxury lifestyles online.”

Other victims also described feeling palpable shame, even if they felt their road to recovery wasn’t as bad as others. One victim, Daniel Frishberg, was still in high school when he lost 70 percent of his crypto to Mashinsky’s false promises.

“I am lucky that I am young and have plenty of time to make back the money I lost due to naively trusting Mr. Mashinsky—many are not as fortunate,” Frishberg wrote.

Celsius founder Alex Mashinsky sentenced to 12 years for “unbank yourself” scam Read More »

trump-says-bitcoin-reserve-will-change-everything-crypto-fans-aren’t-so-sure.

Trump says bitcoin reserve will change everything. Crypto fans aren’t so sure.

Bitcoin, bitcoin reserve, Cryptocurrency, digital assets, Donald Trump, Policy / /

Ahead of the first-ever White House Crypto Summit Friday, President Donald Trump signed an executive order establishing a strategic bitcoin reserve that a factsheet claimed delivers on his promise to make America the “crypto capital of the world.”

Trump’s order requires all federal agencies currently holding bitcoins seized as part of a criminal or civil asset forfeiture proceeding to transfer those bitcoins to the Treasury Department, which itself already has a store of bitcoins. Additionally, any other digital assets forfeited will be collected in a separate Digital Assets Stockpile.

But while Trump likely anticipates that bitcoin fans will be over the moon about this news—his announcement of the reserve and looser crypto regulations helped send bitcoin’s price to its all-time high of $109,000 in January, Reuters noted—some cryptocurrency enthusiasts were clearly disappointed that Trump’s order confirmed that the US currently has no plans to buy any more bitcoins at this time.

Bitcoin’s price briefly dropped by about 5 percent to $85,000 on the news, Reuters reported. Charles Edwards, the founder of a bitcoin-focused hedge fund called Capriole Investments, took to X (formerly Twitter) to declare that Trump’s order is “a pig in lipstick.” Currently, bitcoin’s price is around $90,500.

“This is the most underwhelming and disappointing outcome we could have expected for this week,” Edwards wrote. “No active buying means this is just a fancy title for Bitcoin holdings that already existed” with the government.

A digital assets managing director at S&P Global Ratings, Andrew O’Neill, agreed, telling Reuters that the “significance” of Trump’s order was “mainly symbolic” and provides no timeline for when more bitcoin might be acquired by the US.

In the factsheet, the White House insisted that the strategic reserve and digital assets stockpile would harness “the power of digital assets for national prosperity rather than letting them languish in limbo.”

Trump says bitcoin reserve will change everything. Crypto fans aren’t so sure. Read More »

how-north-korea-pulled-off-a-$1.5-billion-crypto-heist—the-biggest-in-history

How North Korea pulled off a $1.5 billion crypto heist—the biggest in history

Biz & IT, Cryptocurrency, hacking, North Korea, Security / /

The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

This wallet is too hot, this one is too cold

Researchers for blockchain analysis firm Elliptic, among others, said over the weekend that the techniques and flow of the subsequent laundering of the funds bear the signature of threat actors working on behalf of North Korea. The revelation comes as little surprise since the isolated nation has long maintained a thriving cryptocurrency theft racket, in large part to pay for its weapons of mass destruction program.

Multisig cold wallets, also known as multisig safes, are among the gold standards for securing large sums of cryptocurrency. More shortly about how the threat actors cleared this tall hurdle. First, a little about cold wallets and multisig cold wallets and how they secure cryptocurrency against theft.

Wallets are accounts that use strong encryption to store bitcoin, ethereum, or any other form of cryptocurrency. Often, these wallets can be accessed online, making them useful for sending or receiving funds from other Internet-connected wallets. Over the past decade, these so-called hot wallets have been drained of digital coins supposedly worth billions, if not trillions, of dollars. Typically, these attacks have resulted from the thieves somehow obtaining the private key and emptying the wallet before the owner even knows the key has been compromised.

How North Korea pulled off a $1.5 billion crypto heist—the biggest in history Read More »

sec’s-“scorched-earth”-lawsuit-against-coinbase-to-be-dropped,-company-says

SEC’s “scorched-earth” lawsuit against Coinbase to be dropped, company says

coinbase, Cryptocurrency, cryptocurrency exchange, Donald Trump, Policy, SEC, Securities and Exchange Commission / /

On Friday, a Coinbase executive declared the “war against crypto” over—”at least as it applies to Coinbase.”

According to Coinbase Chief Legal Officer Paul Grewal, the US Securities and Exchange Commission (SEC) plans to drop its lawsuit against the largest US cryptocurrency exchange as the agency shifts to embrace Donald Trump’s new approach to regulating cryptocurrency in the US.

The SEC sued Coinbase in 2023, accusing Coinbase of “operating its crypto asset trading platform as an unregistered national securities exchange, broker, and clearing agency” and “failing to register the offer and sale of its crypto asset staking-as-a-service program.”

“Since at least 2019, Coinbase has made billions of dollars unlawfully facilitating the buying and selling of crypto asset securities,” the SEC alleged.

At that time, the SEC claimed that Coinbase’s supposedly dodgy operations were depriving investors of “significant protections, including inspection by the SEC, recordkeeping requirements, and safeguards against conflicts of interest, among others.” The litigation was intended to protect Coinbase customers, the SEC said, by holding Coinbase to the same standards as any service acting as an exchange, broker, or clearing agency.

Former SEC Chair Gary Gensler, long considered an adversary in the crypto industry, had warned that Coinbase “deliberately” flouted rules to cheat investors out of protections for financial gain. That left customers exposed to risks, Gensler claimed, and allowed for insider trading that resulted in a settlement.

“You simply can’t ignore the rules because you don’t like them or because you’d prefer different ones: the consequences for the investing public are far too great,” Gensler said.

SEC’s “scorched-earth” lawsuit against Coinbase to be dropped, company says Read More »

man-offers-to-buy-city-dump-in-last-ditch-effort-to-recover-$800m-in-bitcoins

Man offers to buy city dump in last-ditch effort to recover $800M in bitcoins

bitcoins, climate change, crypto mining, Cryptocurrency, Policy, solar farm / /

Howells told The Times that he envisions cleaning up the site and turning it into a park, but the council’s analysis seems to suggest that wouldn’t be a suitable use. Additionally, the council noted that there aren’t viable alternative sites for the solar farm, which, therefore, must be built on the landfill site or else potentially set back the city’s climate goals.

If Howells can’t turn the landfill into a park, he suggested that he could simply clear it out so that it can be used as a landfill again.

But the Newport council does not appear to be entertaining his offer, the same way the council seemingly easily rejected his prior offer to share his bitcoin profits if granted access to dig up the landfill. When asked about Howells’ most recent offer, a council spokesperson directed The Times to a 2023 statement holding strong to the city’s claims that Howells gave up ownership of the bitcoins the moment the hard drive hit the landfill and his plans for excavation would come at “a prohibitively high cost.”

“We have been very clear and consistent in our responses that we cannot assist Mr. Howells in this matter,” the spokesperson said. “Our position has not changed.”

Howells insists his plan is “logical”

But Howells told The Guardian that it was “quite a surprise” to learn the city planned to close the landfill, reportedly in the 2025–26 financial year. This wasn’t disclosed in the court battle, he said, where the council claimed that “closing the landfill” to allow his search “would have a huge detrimental impact on the people of Newport.”

“I expected it would be closed in the coming years because it’s 80–90 percent full—but didn’t expect its closure so soon,” Howells told The Guardian. “If Newport city council would be willing, I would potentially be interested in purchasing the landfill site ‘as is’ and have discussed this option with investment partners and it is something that is very much on the table.”

Man offers to buy city dump in last-ditch effort to recover $800M in bitcoins Read More »

us-selling-69k-seized-bitcoins-could-mess-with-trump-plans-for-crypto-reserve

US selling 69K seized bitcoins could mess with Trump plans for crypto reserve

Bitcoin, Cryptocurrency, department of justice, Donald Trump, Federal Reserve, Policy, Silk Road, US bitcoin reserve / /

At the end of 2024, a US court authorized the Department of Justice to sell 69,370 bitcoins from “the largest cryptocurrency seizure in history.”

At bitcoin’s current price, just under $92,000, these bitcoins are worth nearly $6.4 billion, and crypto outlets are reporting that DOJ officials have said they’re planning to proceed with selling off the assets consistent with the court’s order. The DOJ had reportedly argued that bitcoin’s price volatility was a pressing reason to push for permission for the sale.

Ars has reached out to the DOJ for comment and will update the story with any new information regarding next steps.

A hacker initially stole these bitcoins from Silk Road—an illegal online marketplace where goods could only be bought and sold with bitcoins—in 2012, shortly before the US government shut down the marketplace. The US later discovered the stolen bitcoins in 2020 while conducting further investigations of Silk Road, eventually securing a consent agreement that year from the hacker, who signed the bitcoins over to the government.

Whether the government’s seizure of those bitcoins was proper has been disputed by Battle Born Investments, a company that purchased the assets of bankruptcy estate from an individual who they believed to be either the hacker whose bitcoins were seized or someone “associated with him.”

After a court battle failed to return the bitcoins, Battle Born attempted to unmask the hacker through a Freedom of Information Act (FOIA) request, which sparked a new court fight. But ultimately, in late December, the court agreed with the US government that the hacker had a right to privacy as someone who was the subject of a criminal investigation and shouldn’t be unmasked. That ended Battle Born’s claim to the bitcoins and cleared the way for the government’s sale.

US selling 69K seized bitcoins could mess with Trump plans for crypto reserve Read More »

do-kwon,-the-crypto-bro-behind-$40b-luna/terra-collapse,-finally-extradited-to-us

Do Kwon, the crypto bro behind $40B Luna/Terra collapse, finally extradited to US

Cryptocurrency, do kwon, Policy / /

The US government finally got its metaphorical hands on Do Hyeong Kwon, the 33-year-old Korean national who built a financial empire on the cryptocurrency Luna and the “stablecoin” TerraUSD, only to see it all come crashing down in a wipeout that cost investors $40 billion.

As private investors filed lawsuits, and as the governments of South Korea and the United States launched fraud investigations, Do Kwon was nowhere to be found. In 2022, the Korean government filed a “red notice” with Interpol, seeking Kwon’s arrest and his return to Korea. A few months later, the Securities and Exchange Commission charged Kwon with fraud in the US.

On September 17, 2022, Kwon famously tweeted, “I am not ‘on the run’ or anything similar”—but he also wouldn’t say where he was. He didn’t help his case when he was arrested in March 2023 by the authorities in Montenegro. At an airport. With fake travel documents. On his way to a country with no US extradition agreement.

After serving some time in a Montenegro prison, Kwon battled extradition to both Korea and the US. This delayed the process by some months, but on December 31, 2024, he was shipped off to US authorities. Today, he appeared in front of a federal judge in New York City, where he pled “not guilty” to fraud.

The US Justice Department crowed about the extradition, with US Attorney General Merrick Garland pointing out that the US can sometimes get to people in surprising ways.

“We secured this extradition despite Kwon’s alleged attempt to cover his tracks by laundering proceeds of his schemes and trying to use a fraudulent passport to travel to a country that did not have an extradition treaty with the United States,” Garland said in a statement. “This extradition from Montenegro is an example of the Justice Department’s international partnerships, which enable the pursuit of criminals wherever they attempt to hide.”

Five alleged misrepresentations

As for the charges, the US also unsealed a massive indictment against Kwon today, which you can read here (PDF) if you want all the gory details.

The basic claim is that Kwon “defrauded investors by falsely advertising the company’s blockchain products as decentralized, reliable, and effective, and by engaging in market manipulation, ultimately resulting in more than $40 billion in investor losses,” according to the US government. This, the government alleges, happened in five key ways:

Do Kwon, the crypto bro behind $40B Luna/Terra collapse, finally extradited to US Read More »

power-company-hid-illegal-crypto-mine-that-may-have-caused-outages

Power company hid illegal crypto mine that may have caused outages

Bitcoin, crypto mining, Cryptocurrency, Policy, russia, siberia / /

But Russia presumably gets no taxes on illegal crypto mining, and power outages can be costly for everyone in a region. So next year, Russia will ban crypto mining in 10 regions for six years and place seasonal restrictions that would disrupt some crypto mining operations during the coldest winter months in regions like Irkutsk, CoinTelegraph reported.

Illegal mining is still reportedly thriving in Irkutsk, though, despite the government’s attempts to shut down secret farms. To deter any illegal crypto mining disrupting power grids last year, authorities seized hundreds of crypto mining rigs in Irkutsk, Crypto News reported.

In July, Russian president Vladimir Putin linked blackouts to illegal crypto mines, warning that crypto mining currently consumes “almost 1.5 percent of Russia’s total electricity consumption,” but “the figure continues to go up,” the Moscow Times reported. And in September, Reuters reported that illegal mines were literally going underground to avoid detection as Russia’s crackdown continues.

Even though illegal mines are seemingly common in parts of Siberia and increasingly operating out of the public eye, finding an illegal mine hidden on state land controlled by an electrical utility was probably surprising to officials.

The power provider was not named in the announcement, and there are several in the region, so it’s not currently clear which one made the controversial decision to lease state land to an illegal mining operation.

Power company hid illegal crypto mine that may have caused outages Read More »

crypto-scammers-posing-as-real-brands-on-x-are-easily-hacking-youtubers

Crypto scammers posing as real brands on X are easily hacking YouTubers

Cryptocurrency, cryptocurrency scam, fake x accounts, Gmail, Google, LinkedIn, phishing, Policy, Twitter, X, youtube / /

“I’m fighting with Google now,” Townsend told Ars. “I don’t expect any real answers from them.”

How YouTubers can avoid being targeted

As YouTube appears evasive, Townsend has been grateful for long-time subscribers commenting to show support, which may help get his videos amplified more by the algorithm. On YouTube, he also said that because “the outpouring of support was beyond anything” he could’ve expected, it kept him “sane” through sometimes 24-hour periods of silence without any updates on when his account would be restored.

Townsend told Ars that he rarely does sponsorships, but like many in the fighting game community, his inbox gets spammed with offers constantly, much of which he assumes are scams.

“If you are a YouTuber of any size,” Townsend explained in his YouTube video, “you are inundated with this stuff constantly,” so “my BS detector is like, okay, fake, fake, fake, fake, fake, fake, fake. But this one just, it looked real enough, like they had their own social media presence, lots of followers. Everything looked real.”

Brian_F echoed that in his video, which breaks down how the latest scam evolved from more obvious scams, tricking even skeptical YouTubers who have years of experience dodging phishing scams in their inboxes.

“The game has changed,” Brian_F said.

Townsend told Ars that sponsorships are rare in the fighting game community. YouTubers are used to carefully scanning supposed offers to weed out the real ones from the fakes. But Brian_F’s video pointed out that scammers copy/paste legitimate offer letters, so it’s already hard to distinguish between potential sources of income and cleverly masked phishing attacks using sponsorships as lures.

Part of the vetting process includes verifying links without clicking through and verifying identities of people submitting supposed offers. But if YouTubers are provided with legitimate links early on, receiving offers from brands they really like, and see that contacts match detailed LinkedIn profiles of authentic employees who market the brand, it’s much harder to detect a fake sponsorship offer without as many obvious red flags.

Crypto scammers posing as real brands on X are easily hacking YouTubers Read More »