Cryptohack Roundup: Holiday Cheers with SantaStealer

In its weekly roundup of cybersecurity incidents involving digital assets, Information Security Media Group highlights several significant events. This week saw the re-emergence of the SantaStealer malware, the dismantling of a crypto platform accused of money laundering, sentencing of Terra founder Do Kwon, and fraud charges against Bitcoin Rodney. Additionally, the UK is considering regulatory measures for cryptocurrency by 2027, while Binance issued warnings about fraudulent listing agents.

See Also:
OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

Security researchers from Rapid7 have reported the resurgence of SantaStealer, a malware-as-a-service offering that has been newly marketed on platforms like Telegram and various hacker forums. This malware, which is designed to operate in-memory to evade traditional file-based detection mechanisms, represents a rebranding of the previously known BluelineStealer. Subscription pricing for the service varies between $175 for basic access and $300 for premium features.

Upon analyzing various samples, researchers accessed the associated web panel and determined that the malware’s claimed stealth capabilities do not hold up under scrutiny. Contrarily, the available samples display vulnerabilities that can be easily exploited. SantaStealer encompasses 14 modular components aimed at harvesting browser data, login credentials, cryptocurrency wallet information, messaging app data, documents, and screenshots. This stolen data is temporarily stored in memory before being sent to a hardcoded command-and-control server, though specific distribution methods remain unclear. Likely vectors for distribution include phishing attempts, pirated software, and social engineering tactics.

Recent actions by federal prosecutors led to the seizure of the E-Note cryptocurrency platform, which was allegedly implicated in money laundering activities linked to international cybercriminal organizations. The FBI reported that over $70 million in illicit funds, arising from ransomware extortion and account takeover operations, have passed through the E-Note platform.

This operation culminated in an indictment against the platform’s alleged owner, Mykhalio Petrovich Chudnovets, a 39-year-old Russian national. He faces serious charges, including conspiracy to commit money laundering, alongside a forfeiture demand for his criminal earnings. Authorities have stated that Chudnovets provided money laundering services to cybercriminals since 2010.

The takedown was part of an international policing initiative involving law enforcement from the U.S., Germany, and Finland, which resulted in the confiscation of servers associated with E-Note and mobile applications connected to Chudnovets’ operations. The Department of Justice further indicated that U.S. law enforcement had previously secured earlier versions of these servers, complete with customer databases and transaction histories.

A U.S. federal judge has sentenced Do Kwon, the founder of Terraform Labs, to 15 years in prison for his involvement in the 2022 collapse of the TerraUSD stablecoin and its associated token, Luna. This collapse erased approximately $40 billion from the cryptocurrency market. The sentence, pronounced in a Manhattan federal court, exceeded both the 12-year term proposed by prosecutors and the five-year recommendation made by Kwon’s defense team.

Judge Paul Engelmayer noted that Kwon intentionally misled investors regarding the risks and stability of the tokens. Prosecutors asserted that Kwon misrepresented the algorithmic structure of TerraUSD, which relied on a flawed mechanism connected to Luna. When TerraUSD failed, it triggered widespread upheaval across the entire crypto market.

In August, Kwon pleaded guilty to both wire fraud and conspiracy, which significantly reduced his potential sentence from a maximum of 135 years to 25. His case attracted international attention, culminating in his extradition to the U.S. at the end of 2024.

Rodney Burton, a 56-year-old crypto promoter dubbed “Bitcoin Rodney,” is facing expanded charges related to his involvement in the $1.8 billion HyperFund cryptocurrency scheme. A new indictment unsealed in Maryland includes multiple allegations of conspiracy to commit wire fraud, various wire fraud counts, money laundering, and the operation of an unlicensed money transmission business. Should he be convicted on all charges, Burton could face decades in prison.

Burton is accused of marketing HyperFund, also referred to as HyperVerse, as a legitimate cryptocurrency investment platform from 2020 to 2024, promising enticing daily returns based on fictitious crypto mining operations. The scheme is alleged to have ceased operations in 2021, blocking withdrawals, while Burton reportedly channeled investor funds into luxury real estate, vehicles, and a yacht.

Arrested in January 2024 as he attempted to depart the United States, Burton has remained in custody ever since, asserting that he believed the operations were legitimate and attributing blame to co-founder Sam Lee, who is currently evading capture.

The United Kingdom’s government is reportedly working towards establishing a regulatory framework for cryptocurrencies by 2027, intending to align them with traditional financial products such as stocks and shares. The HM Treasury is developing legislation that would require cryptocurrency firms, including exchanges and digital wallet services, to operate under scrutiny from the Financial Conduct Authority, according to reporting from The Guardian.

Officials argue that this move will bridge gaps in consumer protection, enhance transparency, improve the detection of illicit activities, enforce sanctions, and hold firms accountable. Chancellor of the Exchequer Rachel Reeves has characterized these reforms as vital for maintaining the UK’s status as a global financial center while providing regulatory clarity to businesses and stronger protections for consumers.

The proposed regulations emerge amid rising concerns regarding crypto-related investment scams, which have reportedly surged over the past year, as highlighted by banking data from the UK. High-profile cases involving the confiscation of billions in Bitcoin linked to fraudulent activities have accentuated the risks associated with cryptocurrency. The government is also contemplating a ban on political donations made via cryptocurrency, primarily due to traceability issues.

Binance has issued an update concerning fraudulent claims made by external agents purporting to facilitate token listings through its platforms. The exchange emphasized that all listing requests should be made through its official channels, rejecting any affiliation with third-party brokers or intermediaries.

In its communication, Binance warned that numerous individuals and firms have misrepresented themselves as representatives of the exchange, soliciting fees and payments from token developers. In response to these ongoing fraudulent activities, Binance has published a comprehensive listing framework and advised projects to report any suspicious contact. Following an internal review, the company has blacklisted seven individuals and entities and may pursue legal action against them, offering rewards of up to $5 million for credible information regarding misconduct in the listing process.

This report incorporates insights from Information Security Media Group’s David Perera in Northern Virginia.