Blockchain & Cryptocurrency,
Cryptocurrency Fraud,
Fraud Management & Cybercrime
Also: LastPass Issues Phishing Warning, Trump Appoints New CFTC Head
Every week, Information Security Media Group compiles recent incidents in the realm of cybersecurity concerning digital assets. This week, the CEO of Meteora is facing fraud allegations, LastPass has issued a warning regarding a phishing campaign, and Trump has appointed a crypto attorney to lead the Commodity Futures Trading Commission (CFTC). Additionally, Mt. Gox has again delayed repayments to its creditors, while an Indian court has prohibited WazirX from utilizing customer funds to mitigate hacking losses.
Related Insight: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation
Meteora Co-Founder Faces Fraud Allegations
Plaintiffs in a class action lawsuit have filed an amended complaint against Meteora and its co-founder, Ben Chow. The lawsuit alleges that the defendants orchestrated fraudulent activities linked to the Libra and Melania memecoins. Accusations claim that Chow and his collaborators manipulated the names of high-profile public figures like Melania Trump and Javier Milei as a tactic to enhance the tokens’ credibility, forming a so-called “coordinated liquidity trap.”
The legal action claims that Chow, alongside marketing partner Kelsier Ventures, employed celebrity branding to mislead investors. After their launches, both the Melania token, received as Trump’s official cryptocurrency, and the libra coin, promoted as a funding mechanism by Milei for small Argentine businesses, experienced significant volatility. Milei’s promotion on X (formerly Twitter) was removed shortly after a backlash, though an investigation ultimately cleared him of any ethical wrongdoing.
Chow reportedly played a pivotal role in this operation, bringing together partners including Meteora, Jupiter co-founder Ng Ming Yeow, and Hayden Davis from Kelsier Ventures. The lawsuit scrutinizes five tokens: libra, melania, enron, trust, and M3M3, alleging a consistent pattern of pump-and-dump schemes. Chow has denied any misconduct and stepped down from Meteora in February.
LastPass Warns of Phishing Campaign Exploiting Vault Inheritance Feature
LastPass, a prominent password manager, has issued a warning to its users regarding a phishing campaign that mimics its vault inheritance feature to unlawfully obtain user credentials and passkeys. This campaign, which has been operational since mid-October, has been linked to a financially motivated group known as CryptoChameleon, also referred to as UNC5356.
This group has previously targeted cryptocurrency exchanges including Binance and Coinbase, and they have broadened their tactics to pose as LastPass using fraudulent domains and phishing tools.
In this scheme, deceptive emails claim that a family member has requested access to a victim’s vault, purportedly supported by a submitted death certificate. The emails include an agent ID for legitimacy and urge recipients to click a link to withdraw the request, leading to a counterfeit LastPass login page on lastpassrecovery.com. Victims are prompted to enter their master password, and there are instances where attackers follow up with phone calls impersonating LastPass personnel.
In addition, CryptoChameleon’s recent attacks are targeting users’ passkeys via domains such as mypasskey.info and passkeysetup.com.
Trump Nominates Crypto Lawyer Michael Selig to Lead CFTC
Former President Donald Trump has nominated Michael Selig to chair the Commodity Futures Trading Commission. According to a report from Bloomberg, Selig, who currently serves as chief counsel for the SEC’s Crypto Task Force and previously worked at Willkie Farr & Gallagher, specializes in cryptocurrency law and is set to undergo a Senate confirmation hearing.
If confirmed, Selig would manage the CFTC at a pivotal moment as Congress evaluates measures to enhance the agency’s oversight of cryptocurrency markets. Legislative efforts are underway in both the House and Senate to establish the CFTC as the primary regulatory body for digital assets.
The nomination follows the withdrawal of Brian Quintenz, a16z’s crypto policy lead, whose confirmation faced challenges due to conflict-of-interest allegations linked to the Winklevoss twins of Gemini.
Mt. Gox Delays Creditor Repayments to End of 2026
The now-defunct crypto exchange Mt. Gox has postponed its creditor repayment deadline to October 31, 2026. This decision, announced by the court-appointed rehabilitation trustee, marks the third extension since the original deadline set for October 2023.
The trustee clarified that many early repayments have been completed for qualifying creditors, yet several remain unpaid due to procedural delays or administrative complications. With court approval, the repayment window has been stretched to allow for the processing of outstanding cases.
Once the largest bitcoin exchange globally, Mt. Gox collapsed in 2014 after losing 850,000 BTC to hackers. Since that time, the trustee has recovered substantial assets, including 142,000 bitcoins and approximately 69 billion Japanese yen. As of March 2025, around 19,500 creditors had received partial refunds in BTC and BCH through Kraken and Bitstamp.
Indian Court Blocks WazirX from Utilizing User Funds to Cover Hack Losses
An Indian court ruled in favor of an XRP holder against the exchange WazirX. The court granted interim protection preventing the platform from reallocating the user’s XRP holdings to offset losses incurred from a 2024 security breach. Justice N. Anand Venkatesh of the High Court of Judicature at Madras restricted WazirX from redistributing the user’s 3,532 XRP—valued at approximately $9,400—under its proposed “socialization of losses” initiative.
This ruling follows an exploit worth $230 million attributed to North Korea’s Lazarus Group, prompting WazirX to propose that losses be distributed among all users, irrespective of their asset holdings. However, the court found no connection between XRP and the stolen ERC-20 tokens, ruling that the user’s assets should not be subject to the exchange’s recovery plan.
The judgment clarified that cryptocurrencies are recognized as property under Indian law and mandated WazirX to provide a financial guarantee or escrow deposit of 956,000 rupees—around $11,500—serving as interim protection for the user during ongoing arbitration proceedings.
This decision follows WazirX’s recent resumption of operations after receiving restructuring approval from Singapore’s High Court, with 96% of participating creditors endorsing the plan.
