News and Insights / Hot off the block

August 7, 2020

Share
August 7, 2020
CipherTrace

Tracing ETC 51% Attack | YouTube’s Hacker Problem | Election at Risk | PlusToken Arrests | Twitter Hack Details | Money in the Banana Scam  

  • CipherTrace Helps Ethereum Classic Labs Investigate Recent 51% Attacks 
  • YouTube Has a Bitcoin Hacker Problem 
  • The Ransomware Threat to America’s November Election 
  • 100+ Arrested by Chinese Authorities for Involvement in the PlusToken Fraud Ring 
  • Twitter Reveals Details on Verified Account Bitcoin Phishing Hack 
  • $6.5 Million in Crypto to be Returned to Victims of Banana.Fund Scam

CipherTrace Helps Ethereum Classic Labs Investigate Recent 51% Attacks 

On August 6, Ethereum Classic Labs announced that it has retained the services of CipherTrace “to assist in the investigation and pursuit of criminal charges against the perpetrators of the recent attacks on ETC.” 

The Ethereum Classic (ETC) blockchain suffered two 51% attacks this past weekresulting in the double-spending of millions of dollars’ worth of ETC tokens. The attacker was able to doublespend approximately $5M worth of ETC in the first attack and about $1.68M in the second. 

“We are proud to help solve this pivotal case which represents more than a major theft because it is an attack on the integrity of a major blockchain. By tracing these stolen funds to virtual asset service providers, preventing these hackers from converting ill-gotten crypto to cash, we can not only preserve financial integrity but also hold these criminals accountable and help prevent future attacks,” said Dave Jevans, CEO of CipherTrace 

Why it Matters: This case highlights the critical role blockchain analytics plays in maintaining the stability of the virtual asset economy. 

Read the Press Release: https://www.businesswire.com/news/home/20200807005118/en/Ethereum-Classic-Labs-Kobre-Kim-CipherTrace-Pursue 

Read more about the hack on The Blockhttps://www.theblockcrypto.com/linked/74305/etc-blockchain-attacks-ciphertrace-investigation 

 

YouTube Faces Twitter Hack-Style Challenges 

With the teenage hackers who ran a bitcoin doubler scam via the compromised Twitter handles of prominent politicians and celebrities now in custody, YouTube’s problem with crypto scammers is beginning to come to light. 

Over the lasfew months, the streaming media giant has seen numerous bitcoin doubler schemes of its own. Hackers take over channels with thousands of followers, change the names of the channels to reflect the trending topics of the day, and then hit viewers with fake giveaway messages. 

MarcoStyle, a YouTube gamer, told Business Insider that his account was hacked in November 2019 after he fell victim to a phishing attempt. He is critical of YouTube’s lax security, including the lack of two-factor authentication. 

Read more: https://www.businessinsider.com/youtube-channels-bitcoin-scammers-twitter-hack-2020-8 

Check out CipherTrace’s analysis of the Twitter hack: https://ciphertrace.com/twitter-hack-update-blockchain-analysis-helps-identify-twitter-hackers/ 

  

Foreign Governments and Criminals Pose Threat to US Election 

According to two US federal government agencies, ransomware—whether originating from a hostile foreign government or simply a criminal organization—poses a threat to the US’s November election. Both the FBI and DHS have issued warnings to localities across the country. Federal officials fear that a ransomware attack could shake voters’ faith in the integrity of the process. 

Authorities acknowledge a range of potential targets, including both voter registration systems and tabulation of votes cast. 

“With the 2020 election, election infrastructure has a target on its back,” said Colorado Secretary of State Jena Griswold. 

Read more from the APhttps://apnews.com/b39a09fc9a1334e9ef78bd46a40db253 

CipherTrace recently partnered with McAfee on their in-depth report on Netwalker ransomware. Learn how we helpedhttps://ciphertrace.com/tracing-ransomware-ciphertrace-helps-mcafee-follow-netwalker-funds/ 

 

Chinese Authorities Arrest Over 100 People for Involvement in the PlusToken Ponzi Scheme 

On July 31, Chinese authorities arrested 109 people suspected of involvement in the PlusToken cryptocurrency fraud ring. The South Korean Ponzi scheme was advertised as a highyield investment for crypto traders, with the company claiming investors would achieve 9% to 18% monthly returns.  

Members were encouraged to bring others into the fold in exchange for a commission, creating a Ponzi scheme of massive proportions. Last year, the operators of PlusToken performed a suspected exit from their scam, in which roughly $3 billion was withdrawn from the accounts of up to four million users who suddenly found themselves unable to access their funds. The Chinese Ministry of Public Security says that they have 27 “major criminal suspects” and a further 82 “key” members of PlusToken in police custody.   

Why It Matters: As this case unfolds, the real scope of the financial damage continues to come to light. The original estimate of amount stolen was $3 billion, but Chinese media outlet Chain News now suggests that $6 billion was stolen from investors. This news comes after similar events have unfolded in the UK, where authorities recently closed down cryptocurrency scam platform GPay Ltd. The UK High Court ordered GPay to pay for the loss of £1.5 million ($1.8m) in investor funds.   

Read more in ZDNet here:  

https://www.zdnet.com/article/china-arrests-over-100-people-suspected-of-involvement-in-plustoken-cryptocurrency-scam/ 

Read our full analysis of the PlusToken takedown in our Q2 2019 Cryptocurrency AML Report: https://ciphertrace.com/q2-2019-cryptocurrency-anti-money-laundering-report/ 

Twitter Reveals Details of Phone Spear-Phishing Attack Against its Employees  

On July 30Twitter released an update on their investigation claiming the recent hack, in which over 130 verified Twitter accounts were compromised, was the result of a “phone spear-phishing attack” against its employees. Hackers were successful in tweeting a Bitcoin phishing scam from 45 out of the 130 hacked accounts, which included those of Barack Obama, Elon Musk, Bill Gates, and Joe Biden.  

Phone spear phishing is a sophisticated form of phishing in which malicious actors target specific businesses or individuals using phone calls. During these calls, the Twitter hackers may have convinced victims to hand over passwords or other information used to access Twitter’s internal tools.  

“The attack on July 15, 2020, targeted a small number of employees through a phone spear-phishing attack,” Twitter said in a tweet yesterday, adding, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.” 

According to CipherTrace, which has been tracking the stolen funds, “the majority of Bitcoin sits in unattributed addresses, which are most likely private wallets.” However, CipherTrace has traced portions of the bitcoin into exchanges and other wallet services, specifically those with privacy-enhanced features.  

Why It Matters: In the aftermath of the hack, the details of Twitter’s lack of security protocols has been harshly revealed. According to Decrypt: “over 1,000 Twitter staff and even outside contractors had access to the platform’s so-called “God Mode” administrative panel. It was revealed by Bloomberg in 2017 and 2018 that those contractors with access to the admin tool had previously misused it to snoop on the likes of Beyonce, tracking the musician’s geolocation data and viewing private information. 

Read the Twitter’s update here:  https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html 

Read our analysis of the hack: https://ciphertrace.com/twitter-hack-update-blockchain-analysis-helps-identify-twitter-hackers/ 

Read the Decrypt article: https://decrypt.co/37306/twitter-reveals-how-the-bitcoin-scam-really-happened 

 

US Prosecutors Attempt to Return $6.5 Million in Crypto to Victims of Ponzi Scam 

US prosecutors are attempting to return $6.5 million in cryptocurrency that was taken from the victims of the “Banana.Fund” crowdfunding projectan alleged Ponzi scheme.  

The official report did not identify the operator of Banana.Fund by name. However, several victims of the alleged scam have testified that the fund was run by a British national named Richard Matthew John O’Neill aka “Jo Cook.” 

Federal prosecutors have accused Banana.Fund’s administrator of admitting to investors his project had flopped, promising to return $1.7 million, and then failing to do so. Prosecutors allege that the admin then secretly began a laundering and refund scheme that resulted in the US Secret Service’s (USSS) seizure of 482 bitcoin (BTC) and 1,721,868 tether (USDT).   

The lawsuit, filed July 29 in the US District Court for the District of Columbia, aims to give the federal government ownership of the assets so they can be returned to the victims. 

Why it Matters: The way cryptocurrencies are treated in the judicial system can reveal the direction of the law’s treatment of cryptocurrencies moving forward. As governments find ways to return stolen or scammed funds to their rightful owners, the repercussions will be felt far beyond the confines of this particular case. 

Read more in CoinDesk here: https://www.coindesk.com/banana-fund-crypto-ponzi-scheme 

Back To Top