Crypto scam
Threat of fake job applications in crypto
Suspected North Korean operatives are allegedly using fake job applications to infiltrate web3 projects, siphoning off millions and raising security concerns.
In the last few years, blockchain and web3 have been at the forefront of technological innovation. However, to paraphrase a quote, with great innovation comes great risk.
Recent revelations have uncovered a sophisticated scheme by operatives suspected to be affiliated with the Democratic People’s Republic of Korea to infiltrate the sector through fake job applications, raising alarms about the security and integrity of the industry.
Economic motives and cyber strategies
North Korea’s economy has been severely crippled by international sanctions, limiting its access to crucial resources, restricting trade opportunities, and hindering its ability to engage in global financial transactions.
In response, the regime has employed various methods to circumvent these sanctions, including illicit shipping practices, smuggling, and tunneling, as well as using front companies and foreign banks to conduct transactions indirectly.
However, one of the DPRK’s most unconventional methods of raising revenue is its reported use of a sophisticated cybercrime warfare program that allegedly conducts cyberattacks on financial institutions, crypto exchanges, and other targets.
The crypto industry has been one of the biggest victims of this rogue state’s alleged cyber operations, with a TRM report from earlier in the year indicating crypto lost at least $600 million to North Korea in 2023 alone.
In total, the report stated that North Korea was responsible for an eye-watering $3 billion worth of crypto stolen since 2017.
With crypto seemingly a soft and lucrative target, reports have emerged of DPRK-linked actors tightening the screw by infiltrating the industry using fake job applications.
Once hired, these operatives are in a better position to steal and siphon off funds to support North Korea’s nuclear weapons program and circumvent the global financial restrictions imposed on it.
The modus operandi: fake job applications
Going by stories in the media and information from government agencies, it seems DPRK operatives have perfected the art of deception, crafting fake identities and resumes to secure remote jobs in crypto and blockchain companies worldwide.
An Axios story from May 2024 highlighted how North Korean IT specialists were gaming American hiring practices to infiltrate the country’s tech space.
Axios said the North Korean agents use forged documents and fake identities, often masking their true locations with VPNs. Additionally, the story claimed that these would-be bad actors primarily target sensitive roles in the blockchain sector, including developers, IT specialists, and security analysts.
300 companies affected by fake remote job application scam
The scale of this deception is vast, with the U.S. Justice Department recently revealing that more than 300 U.S. companies were duped into hiring North Koreans through a massive remote work scam.
These scammers not only filled positions in the blockchain and web3 space but also allegedly attempted to penetrate more secure and sensitive areas, including government agencies.
According to the Justice Department, the North Korean operatives used stolen American identities to pose as domestic technology professionals, with the infiltration generating millions of dollars in revenue for their beleaguered country.
Interestingly, one of the orchestrators of the scheme was an Arizona woman, Christina Marie Chapman, who allegedly facilitated the placement of these workers by creating a network of so-called “laptop farms” in the U.S.
These setups reportedly allowed the job scammers to appear as though they were working within the United States, thereby deceiving numerous businesses, including several Fortune 500 companies.
Notable incidents and investigations
Several high-profile cases have shown how these North Korea-linked agents infiltrated the crypto industry, exploited vulnerabilities, and engaged in fraudulent activities.
Cybersecurity experts like ZachXBT have provided insights into these operations through detailed analyses on social media. Below, we look at a few of them.
Case 1: Light Fury’s $300K transfer
ZachXBT recently spotlighted an incident involving an alleged North Korean IT worker using the alias “Light Fury.” Operating under the fake name Gary Lee, ZachXBT claimed Light Fury transferred over $300,000 from his public Ethereum Name Service (ENS) address, lightfury.eth, to Kim Sang Man, a name which is on the Office of Foreign Assets Control (OFAC) sanctions list.
Light Fury’s digital footprint includes a GitHub account, which shows him as a senior smart contract engineer who has made more than 120 contributions to various projects in 2024 alone.
Case 2: the Munchables hack
The Munchables hack from March 2024 serves as another case study showing the importance of thorough vetting and background checks for key positions in crypto projects.
This incident involved the hiring of four developers, suspected to be the same person from North Korea, who were tasked with creating the project’s smart contracts.
The fake team was linked to the $62.5 million hack of the GameFi project hosted on the Blast layer-2 network.
The operatives, with GitHub usernames such as NelsonMurua913, Werewolves0493, BrightDragon0719, and Super1114, apparently displayed coordinated efforts by recommending each other for jobs, transferring payments to the same exchange deposit addresses, and funding each other’s wallets.
Additionally, ZachXBT said they frequently used similar payment addresses and exchange deposit addresses, which indicated a tightly-knit operation.
The theft happened because Munchables initially used an upgradeable proxy contract that was controlled by the suspected North Koreans who had inveigled themselves into the team, rather than the Munchables contract itself.
This setup provided the infiltrators with significant control over the project’s smart contract. They exploited this control to manipulate the smart contract to assign themselves a balance of 1 million Ethereum.
Although the contract was later upgraded to a more secure version, the storage slots manipulated by the alleged North Korean operatives remained unchanged.
They reportedly waited until enough ETH had been deposited in the contract to make their attack worthwhile. When the time was right, they transferred approximately $62.5 million worth of ETH into their wallets.
Fortunately, the story had a happy ending. After investigations revealed the former developers’ roles in the hack, the rest of the Munchables team engaged them in intense negotiations, following which the bad actors agreed to return the stolen funds.
Case 3: Holy Pengy’s hostile governance attacks
Governance attacks have also been a tactic employed by these fake job applicants. One such alleged perpetrator is Holy Pengy. ZachXBT claims that name is an alias for Alex Chon, an infiltrator allied to the DPRK.
When a community member alerted users about a governance attack on the Indexed Finance treasury, which held $36,000 in DAI and approximately $48,000 in NDX, ZachXBT linked the attack to Chon.
According to the on-chain investigator, Chon, whose GitHub profile features a Pudgy Penguins avatar, regularly changed his username and had been reportedly fired from at least two different positions for suspicious behavior.
In an earlier message to ZachXBT, Chon, under the Pengy alias, described himself as a senior full-stack engineer specializing in frontend and solidity. He claimed he was interested in ZachXBT’s project and wanted to join his team.
An address linked to him was identified as being behind both the Indexed Finance governance attack and an earlier one against Relevant, a web3 news sharing and discussion platform.
Case 4: Suspicious activity in Starlay Finance
In February 2024, Starlay Finance faced a serious security breach impacting its liquidity pool on the Acala Network. This incident led to unauthorized withdrawals, sparking significant concern within the crypto community.
The lending platform attributed the breach to “abnormal behavior” in its liquidity index.
However, following the exploit, a crypto analyst using the X handle @McBiblets, raised concerns regarding the Starlay Finance development team.
As can be seen in the X thread above, McBiblets was particularly concerned with two individuals, “David” and “Kevin.” The analyst uncovered unusual patterns in their activities and contributions to the project’s GitHub.
According to them, David, using the alias Wolfwarrier14, and Kevin, identified as devstar, appeared to share connections with other GitHub accounts like silverstargh and TopDevBeast53.
As such, McBiblets concluded that those similarities, coupled with the Treasury Department’s warnings about DPRK-affiliated workers, suggested the Starley Finance job may have been a coordinated effort by a small group of North Korean linked infiltrators to exploit the crypto project.
Implications for the blockchain and web3 sector
The seeming proliferation of suspected DPRK agents in key jobs poses significant risks to the blockchain and web3 sector. These risks are not just financial but also involve potential data breaches, intellectual property theft, and sabotage.
For instance, operatives could potentially implant malicious code within blockchain projects, compromising the security and functionality of entire networks.
Crypto companies now face the challenge of rebuilding trust and credibility in their hiring processes. The financial implications are also severe, with projects potentially losing millions to fraudulent activities.
Furthermore, the U.S. government has indicated that funds funneled through these operations often end up supporting North Korea’s nuclear ambitions, further complicating the geopolitical landscape.
For that reason, the community must prioritize stringent vetting processes and better security measures to safeguard against such deceptive job-hunting tactics.
It is important for there to be enhanced vigilance and collaboration across the sector to thwart these malicious activities and protect the integrity of the burgeoning blockchain and crypto ecosystem.
Source link
A 13-year-old boy got doxxed by crypto traders after pulling the rug on a pump.fun token he named Gen Z Quant. Traders doxxed his whole family and turned them into pump.fun tokens.
A 13-year-old boy has been caught in the middle of one of the most random rug-pulls the crypto community has ever witnessed. On Nov. 20, the unnamed boy launched a token on pump.fun under the ticker QUANT and watched as the price go up by 260% mere minutes after launching.
Not even an hour later, the boy dumps all his QUANT tokens, effectively pulling the rug from under traders who had bought the token minutes before. The boy made a profit of $30,000 by inflating the price and selling all his tokens.
As if that was not enough, he went online and flipped the middle finger at the traders who had been burned by QUANT’s rug-pull. He then went on to do the same thing by launching another token of the same name, which he later dumped for another $12,000 in profit.
Not long after, more experienced traders took over and brought the token’s market cap up to $70 million. The Gen Z Quant token he launched as an elaborate troll is currently trading at $0.05571 according to DEX Screener. It has soared to nearly 50% in the past six hours but is gradually going down hill by 13% in the past hour.
Although the boy has managed to turn his initial $30,000 token into a $2.4 million token, the crypto community was not going to let his misdemeanor slide.
Traders began doxxing the boy’s family and locating his school, tracking their social media accounts and complaining about the funds they lost thanks to the boy’s rug pull. Soon enough, developers began launching new pump.fun tokens named after the boy’s family members with their profile pictures revealed to accompany them.
Pump.fun tokens with the ticker QUANT DAD, QUANT SIS and QUANT MOM have already been circulating the markets, as well as tokens accompanied by a picture of the boy’s whole family and their pet dog with the ticker CABAL.
“Kid put his bloodline on the line,” one user pointed out.
“Then the community cto’d it to $135 million. He could’ve had 1.2 million. Then they doxxed his name, address and sschool. The community is roothless,” said a user on X.
One trader dubbed the boy “the future of finance,” while another reminded the community that this boy represents a messed up generation that has been “optimized to do that to people.”
Source link
Crypto scammers using malware to steal digital assets refused to attack TON users. However, things are not so clear-cut.
Scam Sniffer experts noted that the operators of a drainer popular among scammers rejected the TON network.
In a message published in an unspecified Telegram channel, the drainer creators announced its closure in the TON ecosystem. The main reason is the lack of crypto whales:
The malicious application’s developers are now moving to the Bitcoin blockchain, which will probably create many more opportunities for scammers to rob.
“What’s next? If you enjoyed draining on the TON network you will definitely live draining Bitcoins.”
One of the main reasons for the lack of whales is the vast number of airdrops on TON. They make fraud not the most profitable way to earn money: phishing schemes on The Open Network bring little profit, reducing scammers’ interest.
However, SlowMist founder Yu Xian said that such an assessment of whale activity in TON may need to be more complex. In his opinion, the drainer team may need to pay more attention to the potential of the TON blockchain.
“A phishing group on TON is ready to shut down, arguing that they believe TON has no whale players and is a small community. They have already turned to the Bitcoin ecosystem… Too realistic. Or maybe this gang isn’t smart enough.”
Yu Xian, SlowMist founder
How the TON blockchain became a new haven for scammers
TON has become one of the most successful stories of 2024, with the value of its token growing by more than 100% since the beginning of the year. In addition, integrating TON with the Telegram messenger, which has more than 900 million users, strengthened its position as a potential residence for the widespread distribution of cryptocurrency.
Scammers’ activity in TON arose against the backdrop of the rapid growth of the blockchain. Due to increased interest and investment in TON, fraudulent activity has gained momentum since at least November 2023.
The interest is mainly driven by the increasing popularity of mini-apps. They successfully exploited the popularity of projects such as Notcoin and Hamster Kombat. Typically, the attackers used the popularity of tap-to-earn games.
For example, Kaspersky Lab noted that scammers offered to earn Toncoin (TON) using bots and referral links. To make it easier to deceive users, the scammers recorded a video with instructions, created text manuals, and provided them with many explanatory screenshots.
Tonkeeper explained that the scammers rely on current trends in the ecosystem. For example, they created a token against the backdrop of the excitement caused by the launch of Hamster Kombat. Therefore, the names and tickers of fake tokens are often consonant with the names of popular projects.
“Usually, scammers create tokens before the official listing of the real coin. Check information about the token launch in official sources.”
Tonkeeper team
Experts from BlockAid also noted that attackers used leak tools previously used on the Ethereum and Solana platforms. In September, more than 300 malicious decentralized applications (dapps) were launched on TON, highlighting the growing threats.
What is the most popular blockchain for fraud?
Despite the growing popularity of TON, the blockchain has yet to boast of popularity among fraudsters, according to data from the REKT Database.
Thus, Ethereum became the leader in phishing attacks last year, suffering losses of over $65 million, 91% of the total loss. Arbitrum also suffered losses of $5.2 million, while Bitcoin lost $768,000.
In terms of exploits, Ethereum was also the most affected blockchain in this category, with losses of $482.7 million, while Binance was the most vulnerable to exit scams, with a loss of $74.5 million.
Regarding attackers’ move to the Bitcoin blockchain, CertiK, another well-known company in the blockchain security field, emphasized that scammers are becoming increasingly interested in Bitcoin due to its high transaction volumes, large user base, and significant total value locked (TVL).
Phishing attacks on Bitcoin have increased significantly in recent months. One of the most notable incidents was the attack on a Bitcoin whale that resulted in $238 million in losses, further highlighting the growing risks in this area.
Source link
Andrew Tate’s response to Coffeezilla shows he’s thin-skinned and doesn’t care about the people who have invested in his tokens.
On-chain sleuth Coffeezilla has become a thorn in the side of high-profile influencers shilling coins to their millions of fans.
One of his best-known scalps is Logan Paul, who was ripped to shreds over his embattled and now-abandoned project CryptoZoo.
Coffeezilla’s also gone toe-to-toe with the likes of Sam Bankman-Fried as he vies to uncover scams to his 3.77 million subscribers on YouTube.
But now, the investigator is facing an almighty backlash about a deep dive that hasn’t even been released yet — and it relates to a number of coins that have been endorsed by Andrew Tate.
On Wednesday, Coffeezilla shared a DM that he had sent to Tate, asking whether he had been paid to promote cryptocurrencies, including ROOST and DADDY.
The message also pointed out that this is completely at odds with videos that Tate had released on X earlier this year, where he was topless and appeared to have substantially more hair.
Coffeezilla is following a crucial journalistic principle known as the “right of reply.” If you’re going to make allegations against someone, they must have the ability to respond before publication.
But instead of answering the legitimate questions put forward — which would be of interest to his many acolytes — Tate chose to go down the homophobic route.
By the looks of things, this has now unleashed a huge can of worms. Coffeezilla shared a screenshot that shows how his inbox has been bombarded with slurs.
Why? Because Tate reposted an anonymous account that exposed Coffeezilla’s email address, with the misogynist telling his followers: “Email him and call him gay.”
Undeterred, the investigator has insisted that he still wants a reply to his questions — and it’s likely that, if the clock runs out, Coffeezilla’s video will go live anyway without a comment.
The YouTuber also posted a comical mash-up that showed Tate chomping on a cigar because it looks cool, declaring that he respected Coffeezilla, cutting to another clip where he says:
“Coffeezilla is a b****. I don’t give a f*** about your video, I don’t respect your journalism.”
Given how wide-eyed Tate is as he jabs his finger toward the camera, you could suggest that all of this scrutiny is bothering the sham entrepreneur more than he lets on.
What is Coffeezilla investigating?
Coffeezilla, who married his high school girlfriend in 2017, has so far remained tight-lipped about the nature of the allegations against Andrew Tate and his brother Tristan.
But it seems a core part of the focus in his upcoming investigation will surround the $DADDY token, which has fallen precipitously in value since launch and has never recovered.
An all-time high of $0.2925 was set in mid-June when CoinMarketCap started tracking the altcoin — and at the time of writing, it’s down by more than 48%.
Tate’s full rebuttal video is something of a parody — honestly, some of the lines in there are pure comedy, especially how they are delivered. He tells Coffeezilla:
“I guarantee I drink more coffee than you — meaning you’re a fraud to begin with. You’re doing this little breakdown, this investigation, you just emailed me in a homosexual tone.”
To be honest, I don’t even know where to start with this. You can’t have “Coffee” in your handle unless you prove you’ve got a higher caffeine tolerance than Andrew Tate? Daring to scrutinize a man who has more legal troubles than Lamborghinis reveals his sexual preference?
Even before knowing the exact nature of Coffeezilla’s investigation, we have an insight into how thin-skilled Andrew Tate really is — and ultimately, how little he cares for his community, as well as those who have invested in his tokens.
Tate’s toxic masculinity has preyed on the insecurities of disenfranchised young men around the world while his foray into crypto has dived into their wallets — creating a false illusion that they, too, will experience extreme wealth one day.
When you think about it, Tate’s branding and messaging are reminiscent of an era that most of the crypto world has been trying to move away from, when the ICO boom of 2017 was full of wild excesses along with never-ending images of fast cars and bundles of cash.
In this battle, the crypto community needs to rally behind Coffeezilla — a man who has taken great risks to expose bad actors in the space and stand up for those who have lost their life savings to some of the industry’s most audacious scams. He, among others, serves as crypto’s immune system, with every investigation slowly chiseling away at the sector’s “Wild West” image and deterring opportunistic thieves planning to swindle unsuspecting victims.
The crypto community needs to distance itself from narcissists like Tate, who use homophobia as a weapon to deflect against their own shortcomings. Coffeezilla’s sexual orientation has zero relevance to the work he performs, and it’s shameful to think otherwise. Digital assets won’t ever achieve mass adoption if the influencers within this space denigrate innocent people who are doing nothing wrong.
And last but not least, the crypto community needs to realize that Andrew Tate and his coins represent everything that this innovative sector is not: hateful, harmful and dishonest. Engaging with him only drags down the rest of the industry.
Crypto is all about the future. Tate’s worldview belongs to the past.
Source link
MicroStrategy Boosts Convertible Notes Offering to $2.6 Billion to Buy Even More Bitcoin
5 coins set to skyrocket in the next 4 months
Cardano (ADA) Whale Activity Jumps 145%, Mega Rally to $6 Ahead?
Crypto traders doxx 13 year-old-boy who rugged two pump.fun tokens
Options on Bitcoin (BTC) Exchange-Traded Funds Marks Milestone, Despite Position Limits
Pepe Coin Price Will Blast to ATH Soon
BONK hits new all-time high following Upbit listing
Popular Analyst Makes Bold $10K Prediction For Ethereum
The Case For A Future Valuation Of $1 Million
Bitcoin Treasury Adoption Surges: Meet the New MicroStrategys
Trump Wants Teresa Goody Guillén to Head the SEC
BTC Hits New ATH, GOAT and BONK Rise 8-13%
Analyst Says Dogecoin Has Way More Room To Grow, Sees Potential Rally to New All-Time High for DOGE
Stablecoins Are Not Your Friends
This new exchange is poised overtake Solana’s price of $240
182267361726451435
Top Crypto News Headlines of The Week
Why Did Trump Change His Mind on Bitcoin?
New U.S. president must bring clarity to crypto regulation, analyst says
Ethereum, Solana touch key levels as Bitcoin spikes
Bitcoin Open-Source Development Takes The Stage In Nashville
Will XRP Price Defend $0.5 Support If SEC Decides to Appeal?
Bitcoin 20% Surge In 3 Weeks Teases Record-Breaking Potential
Ethereum Crash A Buying Opportunity? This Whale Thinks So
Shiba Inu Price Slips 4% as 3500% Burn Rate Surge Fails to Halt Correction
‘Hamster Kombat’ Airdrop Delayed as Pre-Market Trading for Telegram Game Expands
Washington financial watchdog warns of scam involving fake crypto ‘professors’
Citigroup Executive Steps Down To Explore Crypto
Mostbet Güvenilir Mi – Casino Bonus 2024
Bitcoin flashes indicator that often precedes higher prices: CryptoQuant
2 months ago182267361726451435
24/7 Cryptocurrency News3 months agoTop Crypto News Headlines of The Week
Donald Trump4 months agoWhy Did Trump Change His Mind on Bitcoin?
News3 months agoNew U.S. president must bring clarity to crypto regulation, analyst says
Bitcoin4 months agoEthereum, Solana touch key levels as Bitcoin spikes
Opinion4 months agoBitcoin Open-Source Development Takes The Stage In Nashville
Price analysis3 months agoWill XRP Price Defend $0.5 Support If SEC Decides to Appeal?
Bitcoin4 months agoBitcoin 20% Surge In 3 Weeks Teases Record-Breaking Potential
