Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Norway Freezes Hacked Ronin Funds

Also: Personal Data Theft From OKX; Terraform-SEC Settlement Terms
Cryptohack Roundup: Norway Freezes Hacked Ronin Funds
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, the Norwegian government froze funds from the Ronin hack, a hacker stole personal data of OKX users, Terraform Labs' SEC released settlement terms, "Ethereum's most secure wallet" was breached, Orbit Chain spoke about its hacked funds and scammers exploited AI hype.

See Also: Revolutionizing Cross-Border Transactions with Permissioned DeFi

Norway Freezes Funds From Ronin Hack

The Norwegian government froze and returned $5.7 million linked to the $600 million Ronin exploit. Ronin is an ethereum sidechain supporting the play-to-earn game Axie Infinity, developed by Sky Mavis. Sky Mavis announced on X that the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime recovered and returned the stolen assets.

Sky Mavis said that 15% of the recovered funds will cover expenses, and the rest will go to the Axie Infinity treasury. Law enforcement also froze $40 million in other assets, but Sky Mavis said it could not provide a timeline for the return. The Ronin exploit in March 2022 is the largest decentralized finance exploit in history, attributed to North Korea's Lazarus Group.

OKX Hack

A hacker used forged "judicial documents" to obtain the personal information of "very few" users, said crypto exchange OKX, without sharing specific details. The company published the breach statement on X after two OKX users reported in now-deleted tweets that their accounts had been compromised and drained. Blockchain security firm SlowMist found similarities between the incidents, saying that a new API key was created after the users received risk notification SMS texts from Hong Kong for account verification.

Web3 security group Dilation Effect said that the attackers exploited a security loophole in OKX. The loophole allegedly allows users to disable Google Authentication or mobile phone verification without triggering a 24-hour withdrawal halt. OKX said the incident was unrelated to the choice of Google Authenticator or SMS verification.

OKX said it has compensated affected users and Wu Blockchain confirmed that the two compromised users received full compensation from the exchange.

Terraform Labs Settles With the SEC

Terraform Labs reached an agreement settlement with the U.S. Securities and Exchange Commission over a civil settlement, agreeing to pay $4.47 billion. The settlement, still subject to approval by a federal judge, includes $3.6 billion in disgorgement fines, a $420 million civil penalty and nearly $467 million in prejudgment interest. The settlement follows a jury verdict that found Terraform Labs and co-founder Do Kwon responsible for the Terra ecosystem collapse, which wiped out $40 billion in investor assets.

As part of the settlement, former CEO Kwon would be personally liable for $110 million in disgorgement penalties, $80 million in civil penalties and $14.3 million in prejudgment interest. The settlement specifies that Kwon must transfer $4.7 million into an agreed escrow account within 30 days of the final judgment. The transfer of all crypto assets belonging to the Luna Foundation Guard and Pyth Network token holdings from Kwon will also cover the fines, and the remaining amounts will be applied to the civil penalty fines.

The SEC sued Terraform Labs in 2023, alleging the sale of unregistered securities and investor fraud following the Terra ecosystem's collapse. In 2022, the TerraUSD algorithmic stablecoin's instability led to a loss of its dollar peg, resulting in billions in losses for investors.

Loopring Hack

Self-proclaimed "Ethereum's most secure wallet" Loopring announced a security breach involving its two-factor authentication service Guardian. The Guardian service allows users to name trusted wallets to assist in security operations, such as locking a compromised wallet or restoring one if the seed phrase is lost. A hacker bypassed the service, enabling unauthorized recoveries on wallets, This affected two wallets, and one of them was drained of about $5 million, Loopring said. The company did not disclose the total hacked amount. Wallets using multiple or third-party authentication were protected, it said. Loopring has temporarily suspended Guardian-related and 2FA-related operations.

Orbit Chain Hacker Moves Funds

A hacker who stole $81.5 million from cross-chain bridge Orbit Chain last year has moved about $48 million to Ethereum-based crypto mixing service Tornado Cash, said Arkham Intelligence. Orbit Chain, which has resumed some bridging services post-exploit, confirmed the movement of the funds. The protocol announced on its Telegram channel that it is working with authorities to track and recover the stolen assets. It did not provide a definitive explanation for the hack, but it said in a January blog post that the hack was not due to a vulnerability in the Orbit Bridge smart contract or the theft of a validator key. The protocol said that the attack may be linked to actions by its unnamed former CISO, against whom it is pursuing civil and criminal action.

Scammers Exploit AI Hype With Fraudulent Crypto Tokens

Scammers are exploiting the hype around artificial intelligence to boost fraudulent operations, though their success remains limited, said Elliptic researchers.

One key trend involves scammers creating ChatGPT-related crypto tokens, falsely claiming official associations with popular AI chatbots or legitimate AI companies to inflate token prices. They then execute exit scams by selling the tokens for profit, leaving victims with worthless assets. In one case, scammers sold a token mimicking ChatGPT for $3,800 and then laundered the money through intermediary wallets before converting it to fiat via a coin swap service, Elliptic said.

Other fraudulent tokens include CryptoGPT and GPT Coin, advertised on platforms such as Binance Smart Chain, Ethereum and Solana. Scammers are flooding these platforms with tokens resembling other popular AI companies, such as OpenAI and Bard.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.