Do Kwon Admits Guilt in $40 Billion Fraud Case

This week’s cybersecurity roundup by Information Security Media Group highlights significant incidents in the realm of digital assets, including Do Kwon’s guilty plea regarding a substantial fraud, President Trump’s executive order linked to cryptocurrency, and a suspicious exit scam involving the decentralized lending platform, Credix. Other notable occurrences include a $7M exploit impacting Odin.fun and a phishing campaign using counterfeit Firefox wallet extensions for cryptocurrency theft.

See Also: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

In a major development, Do Kwon, the founder of Terraform Labs, has pleaded guilty in Manhattan federal court to conspiracy and wire fraud charges. Terraform’s digital assets, TerraUSD and Luna, experienced a catastrophic collapse in 2022, resulting in the loss of approximately $40 billion in market value.

The 33-year-old entrepreneur, originally facing nine counts including securities fraud, reached a plea agreement that required him to plead guilty to a single count of conspiracy and one count of wire fraud. Prosecutors are recommending a maximum sentence of 12 years, contingent on his acceptance of responsibility, although he risks facing up to 25 years at sentencing scheduled for December 11.

Prosecutors alleged that in 2021, Kwon misrepresented the stability of TerraUSD, a stablecoin designed to maintain a $1 value, claiming that the “Terra Protocol” could restore its pegged value after it failed. In reality, they assert that he colluded with a high-frequency trading company to artificially inflate TerraUSD’s price by buying large quantities, which misled investors and led to a surge in Luna’s market cap to $50 billion, all before both cryptocurrencies ultimately crumbled.

Kwon admitted in court to providing false information and expressed remorse, recognizing his failure to disclose the trading firm’s involvement. His prosecution is notable among several aimed at high-profile figures following the collapse of the crypto market in 2022.

President Donald Trump has enacted an executive order aimed at safeguarding financial institutions from increased scrutiny by federal regulators for their dealings with the cryptocurrency sector. This legislation removes the “reputational risk” argument that has been leveraged to impose heightened oversight, which critics argue disproportionately impacts crypto enterprises.

In a troubling incident, the decentralized lending platform Credix suffered an exploit resulting in a loss of approximately $4.5 million and has since suspended its website and social media activities. Initially promising user reimbursements within a 24 to 48-hour timeframe, the disappearance of the team has raised suspicions of an exit scam, a scenario where project developers flee with investors’ funds.

Following the attack, digital assets reportedly transitioned from the platform’s wallets to Ethereum and were moved to various addresses, further suggesting fraudulent activity (see: Credix Exploit Drains $4.5M via Admin Wallet Takeover).

Odin.fun, a memecoin launchpad, recently experienced a liquidity manipulation attack perpetrated by hackers, resulting in losses estimated at $7 million. The security firm PeckShield reported that attackers inflated token values before withdrawing liquidity, converting it to Bitcoin, which led to a sharp decrease in deposits. Co-founder Bob Bodily acknowledged the losses but assured that remaining funds are secure while outlining a plan for compensation. The attack primarily exploited the platform’s automated liquidity mechanisms, with many perpetrators reportedly tied to entities in China.

A nefarious campaign, dubbed GreedyBear, infiltrated Mozilla’s Firefox add-ons store with 150 fraudulent cryptocurrency wallet extensions, pilfering around $1 million from users. Koi Security uncovered this operation, which initially presented itself as legitimate to acquire approval and favorable reviews. However, subsequent keylogger updates disclosed that wallet credentials and IP addresses were at risk. Investigators have linked this operation to Russian-language sites distributing malware, including Trojans and ransomware, all coordinated through a centralized server. The rapid scalability and evasion tactics facilitated by GreedyBear’s AI tools pose significant threats to users, with indications that similar tactics may soon target Chrome’s Web Store as well.