Cryptohack Recap: Trump’s Cryptocurrency Fortune

This week, ISMG reports on notable cybersecurity events in the digital asset space. Highlights include revelations about Trump’s cryptocurrency ventures, the sentencing of a hacker tied to Mango Markets for child sexual abuse material, a fix for a zero-day vulnerability on Solana, and a dramatic kidnapping plot involving a crypto millionaire’s family.

See Also: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

U.S. President Donald Trump has reportedly augmented his family’s fortune, with digital assets now comprising almost 40% of his estimated $7.3 billion net worth, according to the watchdog group State Democracy Defenders Action. Key sources of this wealth include meme coins like $Trump and $Melania, alongside a significant stake in World Liberty Financial, a Trump-associated cryptocurrency exchange launched last October. Additionally, Abu Dhabi-based MGX has unveiled a $2 billion investment in the exchange’s stablecoin USD1.

The Trump family controls 60% of World Liberty and possesses 22.5 billion $WLF tokens, entitling them to 75% of future token revenues. Despite longstanding criticisms toward cryptocurrencies, President Trump has shifted his stance, actively promoting the U.S. as the future “crypto capital” and easing regulatory measures following pardons for former BitMEX executives.

Avraham “Avi” Eisenberg, who orchestrated the $110 million exploit of the decentralized finance platform Mango Markets, was sentenced to slightly over four years in prison last week. This sentence, however, was not directly linked to the crypto fraud; rather, it was a result of a separate conviction involving possession of child sexual abuse material. During a search following his arrest, prosecutors discovered more than 1,200 explicit images and videos on his devices.

Eisenberg had earlier been convicted on charges of commodities fraud, wire fraud, and market manipulation. In the exploit, he artificially inflated the price of Mango tokens before borrowing against this inflated collateral, draining the platform of its resources—an act reflective of techniques outlined in the MITRE ATT&CK framework, particularly regarding market manipulation and exploitation of financial systems.

A recent zero-day vulnerability affecting certain tokens on the Solana blockchain has been successfully patched, thanks to timely coordination between the Solana Foundation and its validators. The fix was implemented within two days after the flaw, which involved the ZK ElGamal Proof program—responsible for confidential token transfers—was identified. The vulnerability could have permitted an adversary to mint unlimited tokens or compromise user accounts via forged proofs, presenting risks akin to tactics found within the initial access and exploitation phases of the MITRE ATT&CK Matrix.

While the Solana Foundation chose to keep the vulnerability undisclosed until after the patch was deployed, they assured stakeholders that no funds were at risk nor were there any known exploits during the period of vulnerability.

In France, police intervened in a kidnapping case involving the father of a cryptocurrency entrepreneur. The victim was reportedly held for ransom between €5 million and €7 million. Prosecutors revealed the kidnappers exhibited extreme violence, which echoed tactics previously observed in other crypto-related assaults, thereby emphasizing the growing threat landscape associated with digital assets.

The abduction occurred in Paris when the victim was forcibly taken by four masked individuals in broad daylight. Authorities successfully apprehended all suspects, all in their twenties, without any ransom being paid prior to the victim’s recovery. This incident underscores the emerging risk of targeted violent crime linked to cryptocurrency wealth—an area that warrants close attention from cybersecurity professionals.

Onchain investigator ZachXBT disclosed that around $7 million of the $330 million in Bitcoin allegedly stolen from a long-time holder has been frozen, aided by Binance’s security team and forensic experts. The theft, involving 3,520 BTC, stands as one of the largest crypto heists recorded. ZachXBT highlighted that laundered funds rapidly circulated through multiple exchanges before being converted into Monero, a privacy-focused cryptocurrency. The victim, described as an “elderly” U.S. “OG Bitcoiner,” reportedly fell victim to social engineering tactics, potentially including phishing.

The U.S. Federal Trade Commission, alongside the state of Nevada, has filed a complaint against a firm alleged to have defrauded consumers of over $1 billion through deceptive investment schemes in crypto and foreign currency. Operating under varying names such as IM Mastery Academy and IMarketsLive, the company allegedly preyed on young adults with exaggerated earning potential, promising monthly incomes of $750,000 while the majority earned little to nothing. IML’s business model heavily relied on multi-level marketing, thus raising the potential for regulatory scrutiny.

Kraken, a U.S.-based cryptocurrency exchange, recently identified an application attempt from a North Korean hacker aiming to infiltrate its engineering team. Instead of outright rejection, Kraken undertook multiple layers of vetting, employing two-factor authentication and real-time location verification methods to unveil the applicant’s inconsistencies. This proactive measure highlights the importance of incorporating stringent security protocols and intelligence gathering in the face of sophisticated threats, particularly from state-sponsored actors aiming to exploit vulnerabilities in the crypto sector.