Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Cryptohack Roundup: Australia Nabs Crypto in Ghost Takedown
Also: Taiwan AML Rules, IcomTech SentencingEvery week, ISMG rounds up cybersecurity incidents in digital assets. This week, Australia seized crypto from alleged Ghost mastermind, Taiwan drafted new AML rules, IcomTech founder sentenced, U.S. looks to recover stolen crypto, EigenLayer's erroneous fund transfer, FTX's bankruptcy plan approved, Bitfinex hack update and regulatory push for a lawsuit against Nvidia.
See Also: Revolutionizing Cross-Border Transactions with Permissioned DeFi
Australia Takes Down Ghost Mastermind
The Australian Federal Police seized cryptocurrency worth $AU 9.3 million, equivalent to $6.4 million, from a 32-year-old man in Sydney who is believed to be the mastermind behind Ghost, an encrypted messaging service used by organized crime groups. Ghost facilitated illegal activities such as drug trafficking and money laundering. Authorities dismantled the messaging service last month following a two-year investigation led by Europol and global law enforcement agencies (see: Australian Police Arrest Alleged Head of Ghost Encrypted App).
AFP specialists gained access to the suspect's crypto assets by deciphering seed phrases from hardware wallets found at his residence. The seized funds will be used to support crime prevention programs.
Taiwan Drafts New AML Guidelines
Taiwan's Financial Supervisory Commission has drafted fresh anti-money laundering regulations for cryptocurrency firms, following recent legal amendments. New rules require virtual asset service providers to register by the end of September 2025. Non-compliance could result in penalties, including up to two years of imprisonment and fines of up to $NT 5 million, an equivalent of $155,900. The FSC said that all VASPs, even those already compliant under previous regulations, must complete the new AML registration. The updated rules will reportedly replace existing guidelines introduced in July 2021 and will take effect on Jan. 1, 2025.
IcomTech Founder Imprisoned for 10 Years
IcomTech founder David Carmona faces a 10-year prison sentence for orchestrating a crypto Ponzi scheme that defrauded working-class investors. U.S. District for the District of Southern New York Judge Jennifer L. Rochon delivered the Friday sentence following Carmona's Dec. 22 guilty plea to conspiracy to commit wire fraud. IcomTech, launched in 2018, falsely promised profits from cryptocurrency mining and trading but never conducted these activities. Instead, Carmona used funds to pay other investors and for personal gain. Prosecutors described how Carmona and his team hosted lavish expos, flaunting wealth to attract new investors. Despite complaints and withdrawal delays, IcomTech continued to accept investments until its collapse in 2019. This action follows the five-year prison sentence of former IcomTech CEO Marco Ruiz Ochoa in January.
US Looks to Recover $2.7M Stolen, Frozen Funds
The U.S. government filed forfeiture complaints with crypto mixers that seek to recover $2.67 million linked to two major exploits: $1.7 million in Tether from the $28 million Deribit hack and $971,000 in Bitcoin from the $41 million Stake.com hack. North Korea's Lazarus Group laundered funds from the Deribit hack through Tornado Cash, converting assets to Ethereum before transferring them as USDT on the Tron blockchain. Law enforcement froze $1.7 million of these funds. In the Stake.com hack, the group moved stolen assets through Avalanche's Bitcoin bridge and Bitcoin mixers, Sinbad and Yonmix, further obscuring the funds. While some funds were frozen, the majority reached the Bitcoin blockchain.
EigenLayer 'Erroneously' Transfers $5.5M to Hacker
Ethereum restaking protocol EigenLayer said a suspicious $5.5 million sale of its EIGEN tokens, were in fact "erroneously transferred" by the protocol to an attacker rather than the intended recipient. The incident raised concerns when traders speculated that an insider might have violated the token lockup period after selling tokens shortly after trading began. EigenLayer's investigation found a hacker compromised an email thread involving an investor's token transfer, leading to 1.67 million EIGEN tokens being stolen. The attacker swapped the tokens for stablecoins and transferred the proceeds to centralized exchanges. EigenLayer froze part of the funds and is working with law enforcement and the exchanges involved. The protocol confirmed that the breach did not stem from any on-chain vulnerabilities, and employee token sales are frozen until September next year. The firm said there were no security issues with the protocol itself.
Judge Approves FTX Bankruptcy Plan
A U.S. judge on Monday approved FTX's bankruptcy plan, concluding proceedings two years after the crypto exchange collapsed amid fraud allegations. Judge John Dorsey of the U.S. Bankruptcy Court for the District of Delaware approved the plan, allowing distributions to creditors. Under the plan, 98% of creditors will receive at least 118% of their claims in cash. The plan has faced some criticism, including from creditors who have said they want cryptocurrency payouts instead of cash..
Bitfinex Only Victim in Ilya Lichtenstein, Heather Morgan's 2016 Hack
U.S. federal prosecutors said Bitfinex virtual currency exchange may have been the only victim of the 2016 hack involving Ilya Lichtenstein and Heather Morgan. Prosecutors said they are unaware of other victims eligible for restitution under the Crime Victims' Rights Act or the Mandatory Victim Restitution Act. Following the hack, Bitfinex's parent company iFinex allowed customers to redeem their losses through BFX tokens, which could be sold or exchanged for cash or iFinex stock. All tokens were fully redeemed by April 2017. Lichtenstein and Morgan pleaded guilty in August 2023 to laundering more than 119,000 Bitcoin - valued at $71 million at the time of the theft. Lichtenstein is scheduled to be sentenced on Nov. 14 and Morgan a day later.
DOJ, SEC Push for Class Action Against Nvidia
The U.S. Department of Justice and the Securities and Exchange Commission urged the Supreme Court to allow an investor class-action lawsuit against Nvidia to proceed. The lawsuit, which began in 2018, claims Nvidia misrepresented its sales to cryptocurrency miners, allegedly concealing over $1 billion in GPU sales linked to the industry. In a friend-of-the-court brief filed on Oct. 2, U.S. Solicitor General Elizabeth Prelogar and SEC lawyer Theodore Weiman argued that the case includes enough details to avoid dismissal. The case, initially dismissed, was revived by the Ninth Circuit Court of Appeals. Nvidia, which has denied the claims, petitioned the Supreme Court to overturn the decision, citing reliance on flawed expert opinions. Additional amicus curiae briefs, including support from former SEC officials and institutional investors, back the investors.