Crypto
Cryptocurrency is hard to trace, but CCID chief says commercial tech helping cops catch up to crooks
KUALA LUMPUR, Jan 30 — Rather than cold hard cash, Malaysian criminals prefer to use cryptocurrency in their illicit activities like fraud, drug deals, robberies, selling hacked data, and ransom payments for kidnappings and murders in the Philippines.
This is because criminals perceive transactions involving cryptocurrencies as difficult to trace, Bukit Aman Commercial Crime Investigation Department director Datuk Seri Ramli Mohamed Yoosuf told Utusan Malaysia in a news report published today.
But Ramli said the police, specifically the Cryptocurrency Unit within the Bukit Aman Commercial Crime Investigation Department, is now able to identify diverse transactions with digital currencies using commercial technology.
“For instance, in the kidnapping and murder cases of Malaysians in the Philippines, PDRM successfully traced ransom payments through a crypto wallet and identified the mastermind,” he was quoted as saying, using the Malay abbreviation for the Royal Malaysia Police.
Advertisement
Sharing the information with their Philippine counterpart, the authorities managed to apprehend the suspects in those cases.
“We have also identified the cryptocurrency transactions involving locals selling personal data obtained through government-owned websites,” Ramli told the Malay newspaper.
He also said that Bukit Aman’s cryptocurrency analysis unit discovered that nearly 90 per cent of cryptocurrency-related crimes are linked to investment fraud.
Advertisement
He said many victims fall prey to cryptocurrency investment schemes offering unrealistic returns of 100 per cent within a short time frame, leading to losses amounting to millions of ringgit.
Citing a recent case, he said an 80-year-old woman lost RM10 million in such a scam after participating in an investment scheme promoted through the WhatsApp group “accerx.com”.
According to Ramli, a total of 5,507 cases involving cryptocurrency investment fraud were recorded between 2019 and last year, with losses amounting to approximately RM417.3 million.
He noted that a significant number of these online fraud cases occurred through social media platforms like Facebook and WhatsApp.
Crypto
North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange – SiliconANGLE
North Korean hackers linked to the infamous Lazarus hacking group have been identified as being behind the theft of more than 4,500 bitcoins from Japanese cryptocurrency exchange DMM Bitcoin earlier this year.
The Federal Bureau of Investigation, in conjunction with the Department of Defense Cyber Crime Center and National Police Agency of Japan, has revealed that hackers who go by the name of TraderTraitor, an arm of Lazarus, successfully stole the equivalent of $308 million from DMM in May and have detailed how the North Korean hackers did so.
The investigation into the hack found that in late March 2024, a North Korean cyber actor pretending to be a recruiter on LinkedIn contacted an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.
With the access gained, the TraderTraitor hackers sat patiently, waiting until May to exploit their access. To steal the bitcoin, the actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. With this access, it’s believed that the hackers then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 bitcoin.
The stolen bitcoin was subsequently transferred to TraderTraitor-controlled wallets, which ultimately lead back to the North Korean government.
“The FBI, National Police Agency of Japan and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the FBI noted in a statement.
The involvement of both North Korea and an arm of Lazarus in the hack comes as no surprise, as the hack of DMM isn’t the first time Lazarus has targeted cryptocurrency exchanges.
In 2022, Lazarus was linked to the hack on the Ronin Network that led to the theft of $615 million in cryptocurrency, and more recently, in July, the group was linked to the theft of $234.9 million in cryptocurrency from India-based cryptocurrency exchange WazirX.
Image: SiliconANGLE/Ideogram
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU
Crypto
Japan, US blame North Koreans for $300 million crypto theft
Tokyo, Japan — A North Korean hacking group stole cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin, according to Japanese police and the United States’ FBI.
The TraderTraitor group — believed to be part of Lazarus Group, which is allegedly linked to the Pyongyang authorities — carried out the heist, Japan’s National Police Agency said Tuesday.
Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.
READ: Philippines ranks 2nd in cryptocurrency ownership globally — study
The FBI detailed “the theft of cryptocurrency worth $308 million US dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors” in a separate statement dated Monday.
Article continues after this advertisement
It described a “targeted social engineering” operation where a hacker pretended to be a recruiter on LinkedIn to contact an employee of a different crypto wallet software company.
Article continues after this advertisement
They sent the employee what appeared to be a pre-employment test, which actually contained a malicious line of code.
That allowed the hacker to compromise their system and impersonate the employee, the FBI said.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308 million at the time,” it said.
“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” it said.
North Korea’s cyber-warfare program dates back to at least the mid-1990s.
It has since grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.
Crypto
North Korean hacker group identified in theft of DMM Bitcoin assets
A North Korea-linked hacker group stole digital assets worth 48.2 billion yen ($307 million) from Tokyo-based cryptocurrency exchange DMM Bitcoin Co. in May, Japanese police said Tuesday.
The hacker group was identified by the police as TraderTraitor following an investigation conducted in collaboration with the U.S. Department of Defense and the Federal Bureau of Investigation.
DMM Bitcoin said earlier this month it will go out of business after suspending some of its services following the detection of the unauthorized leakage of funds on May 31.
Photo illustration shows a visual representation of the digital cryptocurrency Bitcoin. (Getty/Kyodo)
The police tracked the flow of stolen bitcoin to an account managed by the group, which is suspected to be linked to the Lazarus hacking group allegedly sponsored by the North Korean government.
The investigation found that an employee at a company that manages DMM Bitcoin’s cryptocurrency accounts was contacted via the LinkedIn social network by a person purporting to be a headhunter.
The perpetrator then breached the wallet management system by planting malware and falsified transaction amounts as well as the destinations of remittances, the police said.
In September, Japan’s Financial Services Agency ordered the exchange to improve operations, saying its risk management structure was inadequate.
No customers suffered financial damage as the exchange secured 55 billion yen from a group firm to cover the lost assets.
The police, the FBI, and other U.S. government and international partners will “continue to expose and combat North Korea’s use of illicit activities,” including cybercrime and cryptocurrency theft, to generate revenue for the regime, they said in a statement.
Related coverage:
Japanese publisher paid $3 million to hacker group after cyberattack
Japan’s DMM Bitcoin to end business after losing 48 bil. yen in leak
Shiba Inu of “doge” meme fame leaves enduring legacy, online and off
-
Business1 week ago
Freddie Freeman's World Series walk-off grand slam baseball sells at auction for $1.56 million
-
Technology1 week ago
Meta’s Instagram boss: who posted something matters more in the AI age
-
Technology4 days ago
Google’s counteroffer to the government trying to break it up is unbundling Android apps
-
News1 week ago
East’s wintry mix could make travel dicey. And yes, that was a tornado in Calif.
-
News5 days ago
Novo Nordisk shares tumble as weight-loss drug trial data disappoints
-
Politics5 days ago
Illegal immigrant sexually abused child in the U.S. after being removed from the country five times
-
Entertainment6 days ago
'It's a little holiday gift': Inside the Weeknd's free Santa Monica show for his biggest fans
-
World1 week ago
Israel to close its embassy in Ireland over 'anti-Israel policies'