Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Feds Arrest Alleged SEC X Account Hacker

Also: Radiant Capital Hack and TD Bank Secrecy Act Guilty Plea
Cryptohack Roundup: Feds Arrest Alleged SEC X Account Hacker
Image: Shutterstock

Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, feds arrested a 25-year-old man for his role in the January U.S. Securities and Exchange Commission X account hack, a $50M Radiant Capital hack, U.S. federal charges for market manipulation, a sentencing recommendation for Bitfinex hacker, Forcount promoter sentenced, Mt. Gox pushed a deadline, an alleged $150M fraudster fled house arrest, U.S. SEC charged Cumberland and TD Bank pleaded guilty to BSA violations.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Feds Arrest Alleged US SEC Social Media Hacker

Federal agents arrested a 25-year-old man in Athens, Alabama, accusing him of participating in a conspiracy to take over a U.S. Securities and Exchange Commission social media account to falsely announce in January the commission's approval of spot bitcoin exchange traded funds (see: US Securities and Exchange Commission Probes X Account Hack).

Federal prosecutors indicted Eric Council on one count of conspiracy to commit aggravated identity theft and access device fraud. He and his co-conspirators were able to access the SEC account on social media platform X - formerly Twitter - through a SIM swap to take over the smartphone of a SEC social media manager.

He allegedly traveled to an AT&T store in Hunstville, Alabama, on Jan. 9 and presented a fake ID in the SEC employee's name - and claimed to be an FBI employee who broke his phone and needed a new SIM card. Co-conspirators furnished him with the personal identifying information of the SEC employee and an identification card template containing the victim's name and photo. Council allegedly used an identification card printer to create the fake ID.

The indictment shows that Council also searched the internet on his personal computer for terms including "how can I know for sure if I am being investigated by the FBI," ''What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," and "what are some signs that the FBI is after you." He additionally searched for "federal identity theft statute."

Prosecutors say a Jan. 9 tweet asserting that "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges," resulted in a $1,000 jump in bitcoin valuation - followed by a $2,000 decline after the SEC re-established control over the account and debunked the announcement.

A day after the social media hack, the SEC made a real announcement that it approved a number of spot bitcoin exchange traded funds.

$50M Radiant Capital Hack

Threat actors have exploited omnichain money market Radiant Capital since Wednesday afternoon, stealing more than $50 million, said web3 security firm Ancilia. Hackers used a smart contract function to move tokens from user accounts to third-parties. The vulnerability stems from Radiant's compromised multisig smart contract controls, potentially due to phishing or an insider attack, Fuzzland's security research lead Tony Ke told The Block. Ancilia advised Radiant users to revoke all approvals to prevent further unauthorized transfers.

DOJ Charges 18 People, Entities for Market Manipulation, Sham Trading

U.S. prosecutors charged crypto companies Gotbit, ZM Quant, CLS Global and MyTrade, along with 14 individuals, in a crackdown on market manipulation and sham trading. The Department of Justice said this was the first criminal prosecution of financial services firms involved in such scams. Defendants allegedly carried out wash trades to inflate trading volume and prices, misleading investors. Four of the defendants agreed to plead guilty, with the police seizing more than $25 million in crypto. The Securities and Exchange Commission also filed civil charges against some of the charged companies and individuals for their involvement in manipulating markets on popular crypto trading platforms.

Prosecutors Seek 5-Yr Sentence for Bitfinex Hackr

U.S. prosecutors have recommended a five-year prison sentence followed by three years of supervised release for Ilya Lichtenstein, who faces money laundering charges related to the 2016 Bitfinex hack. The recommendations, less than the advisory guideline of about 12 years, comes from his cooperation with authorities, including assisting in other investigations. Lichtenstein had a primary role in the hack, unlike his wife Heather Morgan, who may be looking at an 18-month sentence.

Lichtenstein and Morgan pleaded guilty in August last year to conspiracy charges related to laundering 119,754 BTC stolen in the hack, worth $70 million in 2016 but valued at around $8 billion today. Prosecutors seized assets from Lichtenstein, including 94,643 BTC and other cryptocurrencies valued at over $6 billion, which will be used for restitution to Bitfinex. Lichtenstein's sentencing is set for Nov. 14, with Morgan's scheduled for the following day.

Forcount Promoter to Serve 20 Years in Prison

Crypto promoter Juan Tacuri is set to serve a sentence of 20 years in prison for his role in a cryptocurrency Ponzi scheme called Forcount, which netted him millions from investors. U.S. District for the District of Southern New York Judge Analisa Torres handed down the sentence and ordered Tacuri to forfeit over $3 million, along with his rights to a home in Florida. The 46-year-old was involved in promoting Forcount, which posed as a crypto mining and trading firm, targeting Spanish-speaking communities. He pled guilty in June to conspiracy to commit wire fraud, with prosecutors stating he falsely promised victims "guaranteed daily returns" and the doubling of their investments within six months. Forcount was not engaged in any crypto trading or mining, and the funds were used to enrich Tacuri and other insiders while paying off previous victims.

Mt. Gox Pushes Repayment Deadline, Again

Defunct crypto exchange Mt. Gox has postponed its repayment deadline to Oct. 31 next year, after previously delaying it for a year from Oct. 31 in 2023. The exchange, in its day the largest platforms for bitcoin trading, filed for bankruptcy in 2014 following a security breach resulting in a loss of 850,000 BTC. Mt. Gox's Rehabilitation Trustee said that the extension was made with the court's permission to ensure repayments could be made to creditors as reasonably practicable. The firm plans to redistribute the remaining 142,000 BTC, 143,000 Bitcoin Cash and JPY 69 billion it still holds.

German Accused in $150M Fraud at Large

German national Horst Jicha, under home detention in New York City for his involvement in a $150 million cryptocurrency fraud, has reportedly become a fugitive. Jicha allegedly tampered with his ankle bracelet and disappeared, reported CNBC. Jicha had been awaiting trial in March on multiple charges of securities fraud and conspiracy related to a multi-level marketing con called USI Tech. The scam allegedly defrauded investors by promising 140% returns within 140 days through bitcoin mining or trading operations. The missing funds, held in ethereum and bitcoin, are valued at $150 million. Jicha's $5 million bond, personally guaranteed by his domestic partner, children and three others from Germany, is now at risk of forfeiture. Prosecutors plan to pursue the $4 million guaranteed by his family. Jicha previously lived in Spain and Brazil. His current whereabouts are unknown.

SEC Charges Cumberland

The U.S. Securities and Exchange Commission has charged Cumberland DRW for operating as an unregistered dealer while trading $2 billion in cryptocurrencies. The Chicago firm, known for being a "liquidity provider" and latency-sensitive trading company, allegedly conducted dealer activities without proper registration. The SEC said Cumberland traded crypto assets treated as securities, including SOL, ATOM, ALGO, FIL and POL tokens, reaping millions in profits while avoiding compliance with federal securities laws. The SEC seeks disgorgement and civil penalties in the case.

TD Bank Pleaded Guilty to Bank Secrecy Act Violations

TD Bank on Oct. 10 pleaded guilty to violations of the Bank Secrecy Act and money laundering, resulting in a combined $3.09 billion penalty - the largest ever imposed under the BSA. The fines include a $1.8 billion penalty by the U.S. Department of Justice and a $1.3 billion penalty from the Financial Crimes Enforcement Network, along with a four-year monitorship.

FinCEN accused TD Bank of failing to report suspicious activity from a customer group involved in international cryptocurrency transactions. Over a nine-month period, the federally-chartered U.S. bank processed more than 2,000 transactions for "customer group C," which misrepresented its intended wire activity, claiming it wouldn't exceed $1 million in annual sales. But the group carried out over $1 billion in transactions, largely involving a U.K.-based crypto exchange and Colombian financial institutions, FinCEN said.

Despite these red flags, including connections to high-risk industries in China and the Middle East, TD Bank did not report the suspicious activity until law enforcement inquiries were made. FinCEN said that although the bank had written policies for digital asset transactions, it did not apply enhanced controls to this group's transactions.

With reporting by Information Security Media Group's David Perera in Washington, D.C.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.