Cryptohack Roundup: $100M+ Poloniex HackAlso: OneCoin Exec's Guilty Plea; SEC's Crypto Enforcement Year
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Poloniex prepared to resume operations after a $100 million hack, a OneCoin executive pleaded guilty to two charges, the U.S. Securities and Exchange Commission said it had an "impactful" year of crypto enforcement, a bug that puts $2.1 billion at risk was discovered, a hacker stole $27 million from a Binance-linked wallet, the Data Act and its smart contract termination clause are close to becoming law in Europe, China released a NFT theft law, and Chinese citizens are subject to a Skype phishing scam.
Poloniex is set to resume operations days after a hacker stole more than $100 million from the centralized cryptocurrency exchange. The Justin Sun-led company said it has "mostly completed" restoration efforts and is in the final stages of the security audit and verification, but it did not specify a date for when it would resume withdrawal and deposit services.
Poloniex is in a "healthy financial position" and will fully reimburse the victims, Sun said. He also offered a 5% "white hat bounty" to the attacker if they return the funds within seven days. The deadline is Friday.
OneCoin's head of legal and compliance pleaded guilty to wire fraud and money laundering charges and potentially faces up to 10 years in prison. The 42-year-old Bulgarian national, Irina Dilkinska, participated in a crypto pyramid scheme that caused investors to lose billions of dollars and facilitated the laundering of millions of dollars in OneCoin's illicit profits, federal prosecutors said. She is set for sentencing on Feb. 14.
Months ago, OneCoin's 46-year-old founder, Karl Sebastian Greenwood, was sentenced to 20 years in prison after he pleaded guilty to wire fraud and money laundering. His co-founder, crypto queen Ruja Ignatova, faces similar charges and has been on the FBI's Ten Most Wanted Fugitives list since June 2022. The federal agency is offering a $250,000 reward for information leading to her arrest.
The U.S. Securities and Exchange Commission said it had "another highly productive and impactful year" in crypto assets-related enforcement. It brought charges in a range of cases of alleged misconduct in the crypto asset securities space, including billion-dollar crypto fraud schemes; unregistered crypto asset offerings, platforms and intermediaries; and illegal celebrity touting. Among those charged are Binance, Coinbase and Sam Bankman-Fried, and celebrities such as Kim Kardashian and Jake Paul. The SEC said it had filed 784 total enforcement actions, including crypto-related ones, in the financial year, marking an increase of 3% from last year.
A vulnerability that cybersecurity company Unciphered calls Randstorm could affect millions of crypto wallets generated using web browsers from 2011 to 2015, which hold about $2.1 billion worth of assets. Multiple blockchains and projects - including Bitcoin, Dogecoin, Litecoin and Zcash wallets - could be affected, it said, and it recommended that users transfer their funds to wallets created after 2016.
$27 Million Hack
A hacker appears to have drained $27 million worth of Tether stablecoins from a crypto wallet tied to Binance, according to crypto sleuth ZachXBT. The hacker swapped the funds to ETH via different protocols before bridging them to Bitcoin via a cross-chain platform. The company has not yet acknowledged the incident.
The European Parliament voted to pass the Data Act, which allows the termination of smart contracts. The bill also mandates controls to reset such contracts when necessary. The legislation, passed with 481 supporting votes and 31 against, needs final approval from the European Council to become law. Critics have expressed concerns that the bill does not provide clear details on the situations in which interruptions or terminations must occur.
Chinese NFT Theft Declaration
Hackers stealing digital collections, such as non-fungible tokens, in China will be subject to theft sentences, the government said. Offenders will be tried under property crime for stealing digital assets. Since stealing a digital collection includes computer intrusion, offenders will also be tried for committing the crime of illegally obtaining computer information system data and theft. Chinese citizens have been banned since 2021 from taking part in nearly all crypto-related activity, except for simply owning cryptocurrencies.
Skype Phishing Scam
Chinese hackers are targeting their countrymen, looking for banned international applications in a new phishing scam, draining hundreds of thousands of dollars so far. The scammers use a malicious version of the Skype video app, which looks for images and messages with crypto address format strings on the victim's device and replaces them with their own wallet address to steal money, crypto security analytics firm SlowMist said.