We have collected the most important news from the world of cybersecurity for the week.
The old nickname of the a16z employee was used to steal $245,000 in cryptocurrencies.In Kiev, the alleged developer of the cryptographer for Conti and LockBit was arrested.Crypto fraud with ENS domains has been discovered in the Russian Federation.The owners of the Empire Market darknet marketplace have been charged with multiple charges
Federal prosecutors in Chicago have filed charges against Thomas Pavey and Raheim Hamilton, who are called the owners of the Empire Market darknet marketplace with a turnover of $430 million.
According to the case file, from 2018 to 2020, the defendants sold drugs, stolen information, counterfeit currency and malicious computer programs through the site. They received payment in cryptocurrencies and conducted more than 4 million transactions during the period of their activity.
They are charged with conspiracy to participate in drug trafficking, computer fraud, money laundering and counterfeiting. Cash, precious metals and digital assets worth more than $75 million were seized from the defendants.
Pavey and Hamilton were previously charged with selling counterfeit currency on the AlphaBay darknet marketplace.
The old nickname of the a16z employee was used to steal $245,000 in cryptocurrencies
An unknown attacker stole funds from a user in Ethereum and LinqAI totaling $ 245,000 under the guise of an employee of the American venture capital company Andreessen Horowitz (a16z). This was reported by onchain researcher ZachXBT.
1/ Here is an overview of one of the better executed scams I have seen in recent times so I figured I would share with the community as a cautionary tale.
A few weeks ago I received a DM from a follower who lost $245K after accidentally downloading malware onto their computer. pic.twitter.com/gVQEO52XOU
The victim was offered to host a joint podcast allegedly on behalf of a16z representative Peter Lauten. The attacker was helped by the fact that the real Lauten had recently changed his nickname in X from "peter_lauten" to "lauten", however, the old name was still mentioned in his company's official account.
The victim did not notice the trick and downloaded the Vortax application sent by the hacker, which was malware. Once on the computer, it transferred all the cryptocurrency assets to the attacker's wallets. Subsequently, the funds moved to a number of exchanges.
In Kiev, the alleged developer of the cryptographer for Conti and LockBit was arrested
The cyber police of Ukraine announced the arrest of a 28-year-old resident of Kiev, who is suspected of collaborating with the Conti and LockBit ransomware groups and carrying out at least one attack on a Dutch multinational corporation.
According to the investigation, the detainee developed special cryptographers for hackers to make it difficult to detect their malware on victims' computers.
In addition, the Dutch police confirmed at least one case of a defendant organizing an attack using a Conti payload in 2021.
Computer equipment, mobile phones and handwritten notes were seized during searches in Kiev and the Kharkiv region.
The developer has been charged with unauthorized interference in information systems. He faces up to 15 years in prison. The investigation is ongoing.
In the Russian Federation, crypto fraud with ENS domains was discovered
F.A.C.C.T. specialists have warned holders of cryptocurrencies from the Russian Federation about a new fraudulent scheme using ENS domains.
The victim is contacted under the pretext of selling digital assets for further investment in precious metals. To gain trust, scammers can arrange a video call with a demonstration of fake documents.
Then, the victim, allegedly in order to verify the purity of assets, is persuaded to transfer the cryptocurrency to the address belonging to the scammers with ".eth" at the end.
ENS are domains registered using the attacker's address. Data: F.A.C.C.T.Fraudsters manually return the amount received during the "test" transaction to the sender. However, after full payment for \"services\" they disappear along with the assets.
Singapore authorities have warned local companies about the activation of Bitcoin ransomware
Businesses in Singapore are increasingly becoming victims of the Akira ransomware. The local Cybersecurity Agency has listed ways to detect, deter and neutralize these attacks.
It highlights the observed Tactics, Techniques and Procedures (TTPs) employed by Akira threat group to compromise their victims’ networks and provides some recommended measures for organisations to mitigate the threat posed.
— CSA (@CSAsingapore) June 8, 2024As a rule, Akira operators require payments in cryptocurrencies for the restoration of affected computer systems. However, the authorities asked businesses to ignore these requirements and immediately notify them of such incidents.
The hackers' message. Data: Singapore Police.Paying a ransom not only does not guarantee the decryption of data, but also provokes attackers to carry out repeated attacks.
During the year, Akira operators stole $42 million from more than 250 organizations in North America, Europe and Australia.
Also on ForkLog:
A series of hacks: an attack on Holograph, a fake exchange and a reward from UwU Lend.The researchers found flaws in OKX's security settings. The exchange commented on the situation.The UwU Lend protocol was hacked twice in a week for $24 million. Several Solana validators were expelled for participating in the "sandwich attacks". Most of them turned out to be Russians.The Lykke crypto exchange stopped working after a $22 million hack.The Orbit hacker sent $32 million worth of assets to Tornado Cash.The Gemholic project from the zkSync ecosystem was accused of a $3.4 million rug pull.What should I read on the weekend?
In the section \"Cryptorium\" we tell you how to recognize a rug pull and not become its victim.
https://forklog.com/cryptorium/kak-raspoznat-rug-pull-priznaki-i-mery-predostorozhnosti