TronWeekly

Crypto World News

You are here: Home / Archives for News / Crypto Scam

Crypto Scam

Ledger User Claims Receiving Death Threat, Ransom Attempts

by

Just days after the personal information of Ledger customers was dumped on a hacker site called ‘Raidforum’, victims were being targeted by e-mail and SMS phishing campaigns. But the certain malicious entities have gone a bit too far as reports now suggest not just a spate of hacking and phishing attempts but even more distressing incidents especially for the ones who had their home addresses revealed.

In an alarming situation for the breach victims, details of kidnapping and murdering threats given by the attackers to victims have emerged. In the latest reddit thread, a Ledger user, whose personal details were compromised, claimed to have recoeved a phone call threatening kidnapping and murder. The attacker allegedly demanded 10 XMR by midnight and also threatened the victim of physical violence if the ransom is not paid.

“He demanded 10 XMR and said if it’s not sent by midnight, he will show up at my house, kidnap me, and “stab to death” any relatives living at my address. I was able to record this phone call as I put him on speaker phone.”

While the Ledger customer did take the help of the local police, this breach has caused severe distress among the community members whose personal information were dumped on the site. Several users have reported phishing emails. Another user under the pseudonym ‘JimboChewdip’ reported a sim swapping incident which cost him $2k. The attacker was able to access the victim’s phone, thereby changing passwords on several platforms.

 

Ledger CEO Pascal Gauthier had recently apologized for the event and clarified that the data breach has no link nor impact on its hardware wallets, the app or customer funds and concerns only e-commerce related information.

The exec further noted that the goal of the platform was to provide its customers with the best protection and security for their digital assets. However, he went on to confirm that the firm would not be providing any compensation for victims who had their home addresses revealed

That’s precisely Ledger’s mission: we continuously invest to improve security standards. That’s also why we won’t be refunding customers like some have suggested – instead, the best and most sincere thing we can offer is our dedication to being better and making these investments to continuously upgrade the security of the products we make available for you.

Is The Ledger Leak Forgivable?

by

It has been a bad year for Ledger, even worse for its users. In the latest development, the hacker of Ledger’s data breach on its e-commerce and marketing database has reportedly dumped the stolen contents of the hardware wallet provider customer database on the hacker site called ‘Raidforums.

According to Alon Gol the network security firm Hudson Rock’s Co-founder, the leaked database contains user information such as email IDs, physical addresses, phone numbers, and more information. Over a million customer emails stolen from the hardware wallet manufacturer were made publicly available on a hacker site today.

Ledger confirmed that payment information, credentials [passwords], or crypto funds were not impacted and the data breach has no link nor impact on the platform’s hardware wallets and the Ledger Live application.

While this security seems like just another addition to the long list of cybercrimes, not everyone is of the opinion that Ledger can be forgiven. The pseudonymous crypto researcher, Hasu, for one posted criticized Ledger in the following tweet:

“You simply can’t sell hardware wallets and store the personal information of your customers on an online server. Cut off business with them, only way companies in this space are gonna learn to take our physical security seriously.”

How Can The Ledger Leak Victims Protect Themselves?

While the information leaked in this breach would not directly compromise a users’ Ledger device and crypto funds, it could however be used [or already being used] in social engineering attacks. This was noted by a well-known cryptographer, Nik Bougalis, who went on to state that the attackers are likely to use the information to target users’ and hence they might very well get emails, phone calls, snail mail, and even packages.

According to the Bougalis, most of these will be “ham-fisted” attempts, which will stand out, while others will be tailored and carefully designed to dupe the victims. He also urged the users’ to approach every email critically.

Furthermore, the software engineer also warned,

“If the phone number you used for your order is used as a 2nd factor anywhere, change it immediately. If possible, avoid using SMS/phone as a 2nd factor altogether. Get a YubiKey or something similar and set up something like Google Authenticator.”

In a series of tweets, Bougalis also asked the victims to use a password manager for everything and enable 2FA wherever they can.

 A Quick Synopsis of The Security Breach

This hack seems to originate back in April 2020 to the 28th of June, 2020, when an attacker got access to a portion of Ledger’s e-commerce and marketing database through a third party’s API key that was misconfigured on its website. This apparently enabled unauthorized access to Ledger’s customers’ contact details and order data. The platform claimed to have fixed the data breach within the same day it was detected and the API key was deactivated.

According to the Twitter Handle, ‘Have I Been Pwned’, which was created by Microsoft Regional Director Troy Hunt, revealed that since the time of the original hack, 69% of the addresses in the dumped database as having been compromised.

Robinhood Swims Out Of Troubled Waters After Agreeing To Pay $65M

by

Lawsuits and legal interventions have become remarkably prevalent. Robinhood, a trading platform decided to fend off a lawsuit instead of prolonging it by deciding to pay off the designated fine. The platform had found itself drowning in troubled waters with the Securities and Exchange Commission [SEC] charged the trading application for duping customers and seeking extra money from its users.

Robinhood’s Tiff With The SEC

In an elaborate press release, the Securities and Exchange Commission of the United States called out and charged Robinhood Financial LLC with an array of accusations. This list included the submission of “misleading statements and omissions in customer communications” from 2015 all the way up to 2018. This entailed false assertions in the platform’s FAQ pages where it lied about its revenue sources.

Joseph Sansone, Chief of the SEC Enforcement Division’s Market Abuse Unit commented on Robinhood’s activities and said,

“Robinhood failed to seek to obtain the best reasonably available terms when executing customers’ orders, causing customers to lose tens of millions of dollars. Today’s action sends a clear message that the Commission will not allow brokers to ignore their obligations to customers.”

The SEC further alleged that the trading platform went on to deceive individuals by hoarding the “commission-free” trading option. While this seemed like an attractive deal to its customers, it was nothing but a mere honey pot as the trading firm charged higher prices for order flow. This was off-putting for many as the prices of other brokers were comparatively lesser. The statement further read,

“The order finds that Robinhood provided inferior trade prices that in aggregate deprived customers of $34.1 million even after taking into account the savings from not paying a commission. Robinhood made these false and misleading statements during the time in which it was growing rapidly.”

The trading application was quick enough to try and get out of trouble. Robinhood went on to agree to pay $65 million as a civil penalty. The platform refrained from accepting or denying the charges imposed by the SEC.

Dan Gallagher, Chief Legal Officer of Robinhood had asserted that the settlement relates to historical practices that do not reflect the platform today. While recognizing the responsibility that comes with having helped millions of investors make their first investments, the executive went on to say that the team was committed to continuing to evolve the trading platform as it grows to meet the needs of its customers. He also added,

“We are fully transparent in our communications with customers about our current revenue streams, have significantly improved our best execution processes, and have established relationships with additional market makers to improve execution quality”

Bitcoin Mining Farm Accused Of Carrying Out The Biggest Electricity Theft In Bulgaria

by

Bitcoin has become one of the most valuable assets over time. From 10,000 Bitcoins being worth merely two Papa John’s pizzas, to a whopping $19K, the king coin has come a long way. While this industry got more attractive, the Bitcoin mining rewards started luring in several who intended to make a profit through the crypto industry. Bitcoin mining isn’t an easy job, it requires an immense amount of electricity. This factor remains unfavourable for many and hence they resort to illegal means to garner electricity to mine the king coin.

Bitcoin Mining Behind The Biggest Electricity Theft

Even though the Bitcoin miner rewards have depreciated with every halving, the value of the asset has surged. With Bitcoin currently priced at $19,251, every miner gets a reward of 6.25 BTC following the recent halving that took place in May 2020. While this is a profitable method of pocketing the money, the mining process eats a ton of electricity. Recent news from Bulgaria revealed that a village called Herakovo was stealing electricity from the CEZ Group, an electricity exporter in Europe.

The CEZ Group went on to find out that a crypto mining farm in the village was operating over 1,000 ASIC miners. The farm duped the electricity exporter by illegally connecting to a medium voltage network. This theft of electricity was touted as the biggest of its kind in Bulgaria as a whopping 4,250 families could live off the electricity that the mining farm had illegally used for an entire month.

Bitcoin

This isn’t the first time Bulgaria is seen taking a drive on the bad side of the crypto-verse. The country has time and again been subject to several crimes pertaining to electricity theft to execute Bitcoin mining. More recently, two residents of the country were nabbed by Bulgarian law enforcement for stealing electricity worth about $1.5 million for mining the king coin.

While the police managed to seize the biggest electricity theft in Bulgaria, the CEZ Group took a while to discover the treachery. Nevertheless, the electricity exporter suggested that it went on to recognize the loss and the location of the preparators.

 

Ledger Database Hackers Attempts Phishing Attack Mentioning Trezor

by

With the popularity of the digital asset space, the number of copycats, scammers, and website spoofers have only gained traction and were emerging out almost every day. The community, once again, woke up to a fresh phishing attempt. This time, the fraudulent entities masqueraded as the team behind the hardware wallet, Trezor, and sent a text message to several individuals urging them to update their wallet stating that their wallet has been disabled further adding a phishing link.

The message, in question, uses a misspelled with a zero instead of an O and looks something like this:

“Your TREZ0R Wallet has been deactivated. You are required to pass verification due to the new KYC regulations: <phishing link removed>”

Popular Bitcoin proponent Andreas Antonopoulos provided more clarity and revealed that the new phishing attack appeared to originate from the same database that was stolen from Ledger. He went on to add,

“The same [fake] name and the number appear for me. It seems to be unrelated to Trezor, other than the attackers using that name in their new phishing campaign.”

While neither Ledger nor Trezor has yet commented about the whole affair, it is, however, important to note that the sales database breach has nothing to do with the security of the hardware wallets, something that was also stressed by Antonopoulos while responding to a query on his original Twitter post.

With the growing popularity of this space, the number of phishing cases has grown tremendously. Day in and day out, attackers are leveraging spoof websites and hijacking URLs, putting up a sting site, or a fake URL to steal users’ cryptocurrencies.

The latest news just days after Trezor tweeted out a warning to all its Android users owning Trezor devices about an Android app that was pretending to be the official app. It confirmed that the app was a scam and has no relation to SatoshiLabs and Trezor. The team behind the hardware wallet also revealed reporting it to the Google team. Soon after which the malicious app was removed from the PlayStore.

South Korean Exchange Coinbit Execs Find Themselves Behind Bars Following Market Manipulation Allegations

by

Market manipulation has become a common phrase in the world of crypto. South Koreans are the latest to be affected by the massacres of market manipulation. The South Korean authorities, however, aren’t far behind as they took down a prominent exchange that engaged in market manipulation over the last year.

South Korean Authorities Shut Down Market Manipulating Crypto Exchange

The popularity of the crypto-verse has grown by a huge majority and the value of its market follows suit. Scammers and hackers across the globe view this as a major point of attraction and dive into the industry to pocket some easy money. Regulators and law enforcement have been working towards busting crime pertaining to the crypto-verse. A recent incident in South Korea is a clear example of the same.

A local news portal reported that the Seoul police had taken down, Coinbit, a cryptocurrency exchange that formulated a market manipulation scheme. The Chairman, Choi Moi along with two other executives of the exchange were nabbed by the police for dwelling into market manipulation over the course of several months. The news portal reported that the executives had bagged over 100 billion won by buying and selling the crypto asset around the same time. This action was called wash trading and about 99% of the crypto exchange’s activities were executed through wash trading.

The Coinbit officials had even set up a ghost account to meddle with the prices of the assets and accelerate the volume of the transactions. This took place from August 2019 all the way up to May 2020.

The South Korean police took this exchange down on 26 August 2020. The Coinbit had an office in Gangnam-gu where the police searched and sealed the place following the information about the scam that the execs of the exchange were running. The prosecutors of South Korea have reportedly been gearing up for a case against the men behind the Coinbit market manipulation.

Fraudsters Target XRP Community; Several Victims Reported Over Weekend

by

Over the past several months, the Brad Garlinghouse-led blockchain firm, Ripple has been targeted by fraudsters by creating official-sounding accounts and websites. These malicious entities have once again preyed on the XRP community.

A well-known analytics firm, XRP forensics claimed to have received several reports of XRP-related scams over the weekend.

Ripple’s clarification post on the same, read,

“Beware of the latest giveaway scam: there is a fake email and fraudulent website circulating offering “Community Incentive Programs” or “XRP Incentive Plans.” Neither Ripple, nor any executive of our company, has offered—or ever will offer—free giveaways of digital assets. Any XRP giveaway is not endorsed by, affiliated with, maintained, authorized or sponsored by our company. “

For the last two days, XRP Forensics reportedly received more than 20 victim reports, most of which were theft after the money has already been laundered. The analytics team identified more than 6,000,000 XRP were stolen most likely by the same group.

The mails have reportedly been periodically sent since April-May this year. A mix of leaked databases [Gatehub, old Ripple forums, Coil mail, Ledger] were suspected. Victims were sent fake Ripple emails, while others as fake Coindesk newsletters.

XRP Forensics further noted that this group of fraudsters was operating more professionally when compared to January when they first started out, having learned “some things along the way”.

While hoping that the law enforcement would soon pick up the cases, the analytics platform asserted that connecting the current cases to those of January would indeed be a great lead for investigators. For this particular case, the team also said that owning a hardware wallet is risky for crypto users than not having one as the scammers have now become skilled at siphoning off their coins.

The tweet read,

“The most common denominator of the victims, besides being in various leaked databases, is that they almost all use Ledger hardware wallets. Having a hardware wallet is likely putting people at greater risk than not having one, as phishers know exactly how to target them.”

This news comes nearly a month after a Ledger owner lost 1.1 million XRP to a scam website followed a breach of email and other personal information that happened earlier this year. Many Ledger wallet customers also noticed phishing attempts.

Texas Government Brings Down Over 15 Fraudulent Investment Platforms

by

The crypto industry has been catching the attention of the entire globe. With the value of Bitcoin reaching new heights, people have been making attempts to garner some easy money, not in the most honest way. Several governments have been trying to bring down illicit operations and Texas seems to be the latest to conduct a “series of sweeping actions.”

Texas State Securities Board Slaps Several Crypto Platforms With Cease And Desist Order

In an elaborate article titled, “Commissioner Announces Series of Sweeping Actions Against Fifteen Online Crypto, Forex and Binary Options Investment Scammers” published by the Texas State Securities Board, the agency revealed that several investment platforms were brought down for carrying out fraudulent investment schemes. The post penned down by Commissioner Travis J. Iles pointed out that over fifteen platforms including forex, binary options as well as crypto were formulating deceiving projects in the state. Three cease and desist orders were issued against the platforms. The first cease and desist order was issued against James Blundell, an individual who defrauded people through ten platforms that offered crypto investment opportunities.

Blundell, a resident of Seabrook Texas created social media profiles and lured people to invest in his platforms. His scammy platforms included, Proactive Expert Trading, Reliable Miners, BitcoinFX Options, Sure Trade Earnings, CryptoTradeFXWay, Proactive ExpertTrade, ReliableFX Internal Trade, MaxFX Internal Trade, AntPoolTop Mining and ExpertTrades247. The investment plans on these websites ranged from $10K all the way to $1,000,000 with a profit of 80% per hour for 24-hours.

Another order was issued against Binary Trade Forex, FX Trades, and IQTrade. These websites promised its users a daily return of 30% to 120%. The plans on this website ranged from $500 to $10,000.

Speaking about the same and alerting the investors, the Commissioner further wrote,

“Investors can’t afford to take everything at face value when transacting over the internet. They need to thoroughly investigate before they invest– because on the internet, anyone can fake a trading license, publish phony testimonials or falsely claim to be regulated by an offshore agency.”

Investors were urged by the Commissioner to steer clear of scammy operations. The Texas State Securities Board Commissioner also gave its citizens a means of contact in case they came across such schemes or platforms. The post read,

“Investors can begin the due diligence process by contacting the Texas State Securities Board by telephone at 512-305-8392 or by email at [email protected]

Binance Rewards Investigators Spearheading the 2018 Phishing Campaign Case

by

The crypto-verse has been exposed to several hacks and attacks. While many platforms like Binance and others parts of the industry have been striving to wipe the darknet association off the crypto sphere, the scams and hacks have overshadowed these efforts. However, by supporting the process of nabbing these criminals, Binance offered a huge reward to those who helped arrest those involved in the attack in March 2018. The Malta-based crypto exchange seems to have kept its promise.

Binance Gives $200K To Investigators For Revealing Suspects

The world’s largest cryptocurrency exchange was in troubled waters after a group of fraudsters acquired credentials of certain individuals by mirroring Binance. However, unlike Binance these websites were not legit. The fraudsters went on to use the acquired information to breach the Malta’-based exchange. While the exchange revealed that the attempts to hack the platform was unsuccessful, it announced a bounty on information pertaining to the hacker. In a recent blog post, the exchange affirmed the distribution of the bounty.

Pointing out the United States’ Department of Justice’s recent charges, the exchange declared that two people involved in the aforementioned case were identified and charged. The exchange’s security team had drafted the findings pertaining to the case and had passed it on to US law enforcement and had even been working with several agencies of the US to nab the suspects. Binance offered a total of $200,000 to private investigators who probed the case.

Binance further wrote,

“As a result of this cooperation, the culprits have been identified and sanctioned, and are currently being pursued. Though the suspects remain at large, we decided to award a 200,000 USD bounty to the investigators for their work, with the remaining 50,000 USD to be given once the attackers are in custody.”

The investigators involved in the case were not named, however, they reportedly helped to identify the attacker as well as the attack process. Both the attackers who carried out the case were from Russia. The attackers were known as Dimitrii Kamasavidi and Danil Potekhin, and the pair allegedly executed similar hacks on other prominent exchanges, such as Gemini, Bittrex, and Poloniex, which further resulted in losses of up to $17 million.

US Officials Aid Brazilian Govt In $24M Crypto Bust

by

Ponzi schemes and scammy projects continue to take over the crypto-verse. While the US has been fending off scammy projects, other countries have been following suit. However, a collaboration between the Brazilian and the United States’ government has resulted in a big crypto bust.

US Department Of Justice Working Closely With Brazilian Officials

In a recent release, the Department of Justice of the United States revealed its latest bust of an online fraud involving cryptocurrency. The Brazilian government reportedly urged the US government to assist them in the case as it entailed a large cryptocurrency fraud scheme. “Operation Egypto” as labeled by the Brazilian federal police, was handed over to the US government and the latter went on to seize up to $24 million worth of cryptocurrency.

Brazilian law enforcement revealed that a whopping $200 million worth of profits was made through this fraudulent scheme. They further estimated that more than tens of thousands of Brazilians were victims of this scammy project. The project mainly focused on soliciting money from individuals. The involvement of crypto was reportedly very minute in the case as the convicts were returned very little money to the investors. The release further read,

“Solicitations referred to as innovative investment opportunities were made over the internet and in person, offering investments in cryptocurrencies. As alleged, the defendants solicited investors to give money to corporations they controlled, in the form of Brazilian currency or cryptocurrency, which the companies would then invest in a variety of virtual currency types.”

While the US government focused on Brazilian Marcos Antonio Fagundes, the Brazilian federal prosecutors went on to charge several in light of the same case. Fagundes was charged with several counts by the US government following the information provided by the Brazilian officials. Fagundes, as well as the other convicts, carried this operation out from August 2017 all the way to May 2019.

This latest bust and collaboration was carried out under the Treaty between the United States of America and the Federative Republic of Brazil on Mutual Legal Assistance in Criminal Matters.