Cryptohack Digest: Authorities Close Down Cryptomixer

Weekly, Information Security Media Group summarizes significant cybersecurity events in the realm of digital assets. This week, authorities dismantled Cryptomixer, Anthropic warned about the risks posed by autonomous AI in exploiting vulnerabilities, the U.K. moves towards banning crypto political donations, Do Kwon requests a reduced sentence, the Lazarus Group is suspected in a major theft from Upbit, and Balancer outlines compensation plans post-exploit.

Related: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Law enforcement from Switzerland and Germany, in collaboration with Europol, successfully dismantled the illicit cryptocurrency mixing service known as Cryptomixer. The operation resulted in the seizure of three servers in Switzerland, control of the cryptomixer.io domain, and the confiscation of over 12 terabytes of data alongside more than 25 million euros worth of Bitcoin. Following the closure, officials placed a seizure notice on the site.

Cryptomixer operated on both the clear web and dark web, serving primarily ransomware groups, dark web markets, and cybercriminal forums aiming to obscure the origins of illegally obtained funds. Since its inception in 2016, the platform manipulated over 1.3 billion euros worth of Bitcoin through pooled deposits and randomized transactions to elude blockchain tracking.

In a recent disclosure, Anthropic revealed that its advanced AI agents are capable of autonomously identifying and exploiting vulnerabilities in smart contracts. Tests were conducted in a simulated blockchain environment with models such as Claude Opus 4.5 and Claude Sonnet 4.5, targeting smart contracts that had been exploited post-March. Out of 34 contracts, the AI successfully exploited 17, siphoning off $4.5 million in simulated assets.

In a broader assessment involving 405 contracts deployed from 2020 to 2025 on platforms like Ethereum and BNB Smart Chain, the models exploited 207 contracts, generating approximately $550 million in simulated income. Notably, when tasked with scanning over 2,800 recently deployed contracts, Anthropic’s agents identified two zero-day vulnerabilities with an estimated exploit value of $3,694, posing potential regulatory challenges and ethical concerns.

The Labour government in the United Kingdom is in the process of drafting legislation to prohibit political contributions made via cryptocurrency, as reported by The Guardian. Officials disclosed that the legislation will not be finalized in time for upcoming elections, citing concerns over transparency and electoral integrity due to the challenges in identifying the origins of cryptocurrency donations. However, complexities associated with regulating digital assets have decelerated legislative progress.

This proposed ban adversely impacts the right-wing populist party Reform U.K., which recently became the first political entity to accept crypto donations via a newly established platform. Concerns have been raised about these contributions potentially concealing foreign influence or criminal activity. Initially, the Electoral Commission characterized these risks as manageable but has since adopted a more cautious stance. Chief executive Vijay Rangarajan emphasized that tracing ownership, especially across international wallets, requires extensive resources and often yields inconclusive results. Advocacy groups stress that any ban must be reinforced with robust regulations to mitigate foreign monetary influence in British politics.

Do Kwon, the founder of Terraform Labs, has requested that a U.S. federal judge cap his prison sentence to no more than five years after pleading guilty to charges related to fraud in the context of the $40 billion collapse of the Terra-Luna ecosystem. His legal team filed a 23-page document with the U.S. District Court for the Southern District of New York, arguing that a shorter sentence would be appropriate given the circumstances, countering the government’s recommendation for a maximum of 12 years.

Kwon confessed to two counts of fraud related to the May 2022 failures of TerraUSD and Luna. His filing indicates that the collapse was partially influenced by collusion from third parties, although he recognizes having misled investors by withholding information regarding a private stabilizing agreement with Jump Trading. Kwon’s attorneys argue that his actions were driven by desperation rather than personal gain and highlight his nearly two years of detention in Montenegro. He also faces separate charges in South Korea, with sentencing scheduled for December 11.

The Lazarus Group, a cybercriminal organization affiliated with North Korea, is suspected of orchestrating an attack that netted approximately 44.5 billion won (around $30 million) in cryptocurrency from Upbit, South Korea’s preeminent cryptocurrency exchange, as reported by The Yonhap News Agency. Upbit previously reported unusual withdrawal activity involving solana-based assets, leading to a temporary suspension of deposits and withdrawals. The exchange initially estimated losses at 54 billion won but later adjusted this figure downward. Investigators believe the attackers may have exploited or impersonated administrative accounts, a method reminiscent of tactics used in a previous attack on Upbit attributed to the Lazarus Group.

On-chain analysis indicates that the suspected perpetrator has initiated transactions converting the stolen solana into USDC and subsequently transferring funds to Ethereum, underscoring the evolving nature of these attacks.

Following a significant exploit that drained over $128 million from its vaults, decentralized finance protocol Balancer proposed a plan to distribute roughly $8 million in recovered assets to affected users. This reimbursement initiative is based on funds retrieved through external white-hat interventions and internal recovery efforts. Although the overall recovery amount is approximately $28 million, $19.7 million remains under the stewardship of liquid staking provider StakeWise.

Under the proposed distribution plan, only liquidity providers in the impacted pools will receive compensation, allocated based on their shares in the Balancer Pool Tokens at the time of the attack. Payments will return the same tokens that were salvaged. Additionally, white-hat hackers who collectively retrieved about $3.86 million could potentially earn 10% bounties, with a cap of $1 million each, contingent on completing necessary identity and compliance checks. A 180-day claims window is anticipated post-proposal, with unclaimed funds subject to governance deliberations.

Yearn Finance successfully recovered approximately $2.4 million out of nearly $9 million lost due to an exploit affecting its legacy yETH pools, according to insights shared by the team in a recent report. A post-analysis identified an “unchecked arithmetic” vulnerability along with other design flaws that enabled the attacker to generate an unlimited supply of yETH tokens. Following this hyper-inflation, the attacker executed a series of withdrawals, exchanging the counterfeit yETH for legitimate assets, with blockchain data revealing that at least 1,000 ETH was sent to Tornado Cash.

Yearn confirmed that both V2 and V3 vaults remained unaffected, committing to returning any recovered funds to impacted depositors. Collaborating with firms such as SEAL 911, ChainSecurity, and Plume, the protocol has so far reclaimed assets worth about $2.4 million. The exploit leveraged self-destructing helper contracts, a technique frequently seen in sophisticated flash loan-style attacks.