Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: $3.8 Million Onyx Hack, Conviction in a Crypto ATM Case
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, a guilty plea in a $37M theft case, $3.8M Onyx hack, a first conviction in the United Kingdom over illegal crypto ATM operations, Zort owner charged with fraud in U.S. court, WazirX’s post-hack liability restructuring timeline, U.S. House of Representative members pressed for a Binance exec’s release, a U.S. court denied Tornado Cash exec’s motion to dismiss charges and a SEC-Mango Markets settlement.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Guilty Plea in $37M Theft
A 21-year-old man from Indiana pleaded guilty to cyber intrusion and stealing more than $37 million in cryptocurrency from nearly 600 victims. The U.S. Attorney’s Office said Evan Light was involved in a 2022 cyberattack on an investment holdings company in Sioux Falls, South Dakota, where he stole personal information and defrauded hundreds of individuals. With the help of unidentified accomplices, Light funneled the stolen cryptocurrency through mixing services and gambling websites to conceal his identity. He faces up to 20 years in prison for the two charges he copped to: conspiracy to commit wire fraud and money laundering.
$3.8M Onyx Hack
Onyx, a fork of the DeFi lending protocol Compound Finance, suffered a $3.8 million exploit – its second attack in a year. A hacker deployed a malicious contract minutes before the attack, with firms such as PeckShield and Cyvers detecting suspicious activity. The attacker primarily targeted VUSD, a U.S. dollar-denominated stablecoin, with PeckShield attributing the exploit to a known bug in Compound V2’s code and vulnerabilities in the NFT Liquidation contract. Onyx previously experienced a $2.1 million attack last October.
UK Man Convicted for Operating Crypto ATMs
Olumide Osunkoya pleaded guilty in British court to five offenses for illegally operating a crypto ATM network, marking the U.K.’s first conviction of this kind. The Financial Conduct Authority said the 45-year-old man’s machines processed $3.4 million in unregistered crypto transactions across various locations. The FCA presented evidence that his ATMs were likely used for money laundering and tax evasion. Sentencing will occur at Southwark Crown Court at a future date. The FCA has intensified its crackdown on illegal crypto ATMs, conducting 34 inspections by the end of 2023 following raids in multiple cities.
Zort Owner Faces Fraud Charges
Adam Iza, owner of the crypto trading platform Zort, is facing charges in U.S. federal court of cryptocurrency fraud, bribery and corruption involving Los Angeles Sheriff’s Department deputies. An FBI affidavit shows that Iza funneled wealth through shell companies, concealed tens of millions of dollars and failed to report income taxes. He allegedly paid deputies up to $280,000 a month to file unlawful search warrants and access police data, using this information to intimidate a victim known as E.Z. Iza faces charges of conspiracy against rights and tax evasion for not reporting income between 2020 and 2022.
WazirX Gets 4 Months to Restructure Post-Hack Liabilities
Zettai Pte, the Singapore holding company behind Indian crypto exchange WazirX, received a four-month moratorium from the Singapore High Court to restructure its liabilities after a $230 million exploit in July. An affidavit filed by Zettai Director Nischal Shetty on Aug. 27 said unknown hackers drained nearly half of the digital assets stored on the platform. Although Zettai sought a six-month moratorium, the court approved four months. WazirX will make its wallet addresses public, share financial data and ensure independent oversight for future court applications.
US Committee Passes Resolution for Binance Exec’s Release
The U.S. House Foreign Affairs Committee approved a resolution demanding the immediate release of Binance executive Tigran Gambaryan, detained in Nigeria since February. Gambaryan, Binance’s head of financial crime compliance and a former U.S. IRS agent, was arrested alongside fellow executive Nadeem Anjarwalla on charges of profiting from illegal transactions. Anjarwalla escaped custody in March, but Gambaryan remains imprisoned, with his health rapidly deteriorating due to a herniated disk and pneumonia. The resolution, introduced by Reps. Rich McCormick, R-Ga. and French Hill, R-Ark., urged Nigeria to release Gambaryan and provide medical care, criticizing U.S. efforts to secure his release.
Judge Denies Tornado Cash Exec’s Motion to Dismiss Charges
A U.S. federal judge ruled that Tornado Cash co-founder Roman Storm will face trial on money laundering charges, denying a motion to dismiss. U.S. District for the District of Southern New York Judge Katherine Polk Failla rejected Storm’s argument that his work on the Tornado Cash software was protected by the First Amendment. Storm and co-founder Roman Semenov were charged with facilitating the laundering of over $1 billion in criminal proceeds through the crypto mixer. If convicted, Storm faces up to 20 years in prison. His trial is set for Dec. 2, while Semenov remains at large.
SEC-Mango Markets Settlement
Mango DAO agreed to settle with the U.S. Securities and Exchange Commission after being charged with unlawfully selling MNGO tokens. The SEC also charged Mango DAO, Blockworks Foundation – a Panama entity – and Mango Labs with offering unregistered crypto assets and acting as an unregistered broker. All three entities agreed to settle the charges, paying $700,000 in penalties and destroying the MNGO tokens. The SEC said that using a DAO structure or automated software does not exempt entities from regulatory requirements. This settlement follows the $116 million exploit of Mango Markets by now-convicted Avraham Eisenberg two years ago.