Suspected Fraud Leader Deported to China

In this latest weekly review by Information Security Media Group, we analyze significant cybersecurity incidents involving digital assets. This week features a deported fraud kingpin from China, developments regarding the Bitfinex hack, and major breaches related to the Unleash Protocol and LastPass.

See Also: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

Authorities in Cambodia have detained businessman Chen Zhi, who is accused by U.S. officials of orchestrating a large-scale crypto fraud network. This follows U.S. prosecutors’ efforts to seize billions in bitcoin allegedly tied to his operations. Chen’s arrests occurred as part of a coordinated investigation, and while he has been handed over to Chinese authorities, it remains unclear if he will face trial there.

U.S. prosecutors claim that Chen managed forced-labor operations in Cambodia that generated significant income through cryptocurrency scams. In October, the Justice Department pursued its most extensive forfeiture action in history, seeking approximately $15 billion in assets allegedly linked to his fraudulent activities. The transfer of Chen to China is seen as a milestone in a case that has attracted geopolitical interest, with Chinese officials contesting aspects of the U.S. seizure.

Ilya Lichtenstein, who stole nearly 120,000 bitcoin from the crypto exchange Bitfinex, has been released early from prison in accordance with the First Step Act, a bipartisan reform law. Lichtenstein, who pleaded guilty to money laundering and acknowledged the hack, was sentenced to five years but received credit for time served after his arrest in 2022.

While Lichtenstein has transitioned to home confinement, his wife, also implicated and sentenced for her role in laundering the stolen bitcoin, confirmed his release. The U.S. Bureau of Prisons applied the First Step Act’s provision allowing for reduced sentences based on earned credits, yet the original conditions of his sentence remain in effect.

The decentralized platform Unleash Protocol faced a significant breach that resulted in approximately $3.9 million in losses due to an unauthorized smart contract upgrade. An external actor obtained administrative access within the governance system, enabling them to modify contract terms without necessary approvals.

The attacker was able to withdraw assets under these altered conditions, with blockchain security firm PeckShield estimating the total loss at around $3.9 million. The illicit funds were subsequently transferred using third-party infrastructures to obscure their origins. In response, Unleash Protocol has suspended operations and engaged external experts to investigate the breach.

TRM Labs has traced a series of cryptocurrency thefts back to the LastPass breach of 2022, revealing that compromised vaults allowed hackers to drain funds from user wallets over time. The attackers initially targeted a developer environment, encrypting password vaults that contained sensitive cryptocurrency credentials.

Weak or reused master passwords enabled unauthorized access, facilitating delayed thefts rather than immediate withdrawals. TRM estimates that over $35 million was siphoned from wallets over various theft waves, highlighting systemic vulnerabilities present in the LastPass security measures.

Trust Wallet reported an approximate $8.5 million loss across over 2,500 wallets, potentially connected to a broader supply chain attack known as Sha1-Hulud. The breach occurred through a compromised Chrome browser extension, where attackers infiltrated developer resources to gain unauthorized access.

Malicious JavaScript was integrated into the extension, which facilitated unauthorized transactions after harvesting wallet details from users. Trust Wallet reacted swiftly, retracting access and initiating reimbursements for affected individuals.

A disruption within the Flow blockchain ecosystem, caused by an exploit in late December, has primarily impacted NFT lending services. While the Flow Foundation indicated user balances remained unaffected, a temporary suspension of transaction capabilities has left several loans in limbo.

The aftermath has seen multiple loans defaulting due to the inability to repay during the freezing period, prompting the lending platform Flowty to halt new loan listings. The challenge highlights the ongoing risks associated with the evolving landscape of blockchain technologies.

Ledger has notified customers of a data exposure incident involving personal information, attributed to its third-party e-commerce provider, Global-e. The breach led to unauthorized access to order data, including customer names and contact details, although Ledger’s security architecture and payment information remain intact.

This incident underscores the vulnerabilities associated with relying on third-party services, reinforcing the importance of comprehensive data security protocols in safeguarding customer information.

Following a reported security breach, stablecoin banking startup Kontigo has fully reimbursed 1,005 affected users, returning over $340,000 in stablecoins. The breach, acknowledged by the company’s CEO, resulted from compromised accounts, prompting swift actions to secure their systems and identify the perpetrators.

The incident coincides with Kontigo’s aggressive expansion plans and emphasizes the critical need for robust cybersecurity measures, particularly in high-growth sectors within the cryptocurrency landscape.