Cryptohack Update: WOO X Investigates $14M Security Breach

Each week, Information Security Media Group compiles significant incidents affecting cybersecurity in digital assets. This week, WOO X is investigating a breach resulting in unauthorized withdrawals totaling $14 million, founders of Samourai Wallet have pleaded guilty, the founder of AML Bitcoin faces a seven-year sentence for fraud and money laundering, and Hyperliquid has clarified that a trading outage was due to an API failure rather than a hack.

Related Resource: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

Centralized cryptocurrency exchange WOO X, registered in the Seychelles, is currently conducting an investigation into a significant security breach that permitted unauthorized withdrawals from nine customer accounts, amounting to approximately $14 million. As a precaution, the platform has suspended withdrawals and blocked many illicit transactions. The affected users have been notified, and the firm has committed to reimbursing all lost funds. WOO X is collaborating with external security professionals and other exchanges to trace the stolen assets, which have been detected moving through several blockchains, including Arbitrum, Bitcoin, BNB Chain, Ethereum, and Tron.

The co-founders of Samourai Wallet, Keonne Rodriquez and William Lonergan Hill, entered guilty pleas in a U.S. federal court to charges related to operating an unlicensed money transmitting business. Initially, the duo had pleaded not guilty concerning their cryptocurrency mixing service, which authorities allege facilitated over $2 billion in illicit transactions, including $100 million laundered from dark web markets like Silk Road.

Federal prosecutors assert that Rodriquez and Hill specifically designed Samourai’s Whirlpool mixing service to help users obscure criminal proceeds, openly promoting these features on various social media platforms. Charged by the U.S. Department of Justice in April, both founders now face additional allegations of conspiracy related to money laundering, as indicated in a superseding indictment filed in June.

Rowland Marcus Andrade, the founder and CEO of the NAC Foundation, has been sentenced to seven years in federal prison for wire fraud and money laundering related to his failed cryptocurrency venture, AML Bitcoin. Between 2014 and 2019, Andrade is reported to have raised around $10 million by misrepresenting the technology, launch schedule, and partnerships associated with the coin.

Prosecutors indicated that Andrade fabricated claims, including a false assertion that AML Bitcoin was set to be approved for shipping transactions by the Panama Canal Authority, an agreement that never existed. He diverted over $2 million of investor funds for personal use, including purchases of two properties in Texas and luxury vehicles.

A hearing regarding victim restitution and asset forfeiture is set for September 16, and Andrade’s imprisonment is scheduled to commence on October 31.

Hyperliquid, a decentralized exchange utilizing its own Layer 1 blockchain, recently informed users that a trading outage attributed to an API server overload had occurred. The incident resulted in over 30 minutes of downtime, preventing traders from closing transactions and causing price variances.

The team clarified that the outage was caused by a sudden traffic surge rather than a hack or security vulnerability. They are currently developing a refund methodology for affected users, who do not need to take any action. Despite the API issues, Hyperliquid’s blockchain and consensus layers continued to operate as expected, with blocks produced on schedule. However, users were presented with error messages due to server congestion.