Connect with us

Crypto

Hamas Still Struggles To Use Crypto, But Is Fundraising In Other Ways

Published

on

Hamas Still Struggles To Use Crypto, But Is Fundraising In Other Ways

The Gaza-based terrorist group Hamas launched a wide scale attack on Israel on October 7, launching thousands of rockets and reportedly killing over 700 Israeli civilians. In addition, the terror group took approximately 200 hostages. How did Hamas, seemingly cut off from the global financial system as a designated terrorist organization, get the funds to carry out this attack? Although the Financial Times reported that cryptocurrency played a significant role, with over 100 suspicious Binance exchange accounts now frozen and under investigation, cryptocurrency makes up only a small piece of a much larger terror financing puzzle.

TRM Labs, the blockchain intelligence company where I work, has identified a number of fundraising efforts since the war began. For example, Gaza-based group GazaNow, which is actively supporting Hamas, is soliciting donations in cryptocurrency. Addresses used by Gaza Now have seen a total incoming and outgoing volume of about $6000 following the attacks and about $6 million overall. Notably between August 2021 and July 2022, a Gaza Now address received $12,000 from terror group Palestine Islamic Jihad, a Hamas supporter. The address, which was first active in August 2021, has received nearly $800,000 in total and less than $5000 worth of crypto since the attacks. However, these numbers pale in comparison to fiat fundraising conduits.

Hamas and other terrorist organizations rely, in large part, on aid from the international community. Iran provides an estimated $100 million annually (in fiat), according to the U.S. Department of State, with countries such as Qatar and Turkey also providing funding. European countries, the United States, and even Israel have provided significant humanitarian assistance to Gaza over the years that has likely gone to fund Hamas’ malign activity. In addition to nation state support, Hamas has a global network of charities, a diaspora of private donors, and, according to Euronews reports, the terror org collects up to $15 million from the annual taxes it imposes on goods coming from Egypt, in addition to import taxes on products from the West Bank.

Advertisement

Ironically, the flow of funds to Hamas in cryptocurrencies are the most visible and easiest to track, block and seize. Because of the native qualities of public blockchains – traceable, transparent, immutable – Israeli and U.S. authorities have had success tracing, tracking and seizing funds destined for Hamas.

One likely reason for the low donation volume to Gaza Now and other Hamas supporters is that Israeli authorities are targeting addresses associated with the fundraising campaigns. Some fundraising efforts have publicly said that they are no longer accepting donations (at least publicly) because their accounts are being targeted. On October 9, after the recent terrorist attack, GazaNow announced that they were suspending their public fundraising efforts, directing supporters to reach out through personal messaging. An admin of the campaign would then provide a link to a fundraising campaign on Instagram. Within minutes that campaign was suspended as well.

Fundraising Efforts Since War Broke Out

In addition, the cyber branch of the Israel Police’s Lahav 433 announced the seizure of cryptocurrency accounts belonging to Hamas on October 10. According to the Israeli Police, Hamas had been using accounts to raise money on social media since Saturday’s attacks. Lahav 433 is working with the Defense Ministry, Shin Bet, and other intelligence agencies in the effort to shut down cryptocurrency channels that terrorist groups are using.

Then, on October 16, the stablecoin issuer Tether
USDT
said it had frozen funds in 32 cryptocurrency addresses linked to terrorism in Israel and Ukraine, and that it was working with Israel’s National Bureau for Counter Terror Financing. According to a recent TRM Labs report, USDT on the TRON
TRX
blockchain is the preferred method of terrorist financiers.

Advertisement

Hamas: One Of The First Terrorist Organizations To Use Crypto

Since at least early 2019, the Izz-Al Din-Al Qassam Brigades, Hamas’ military arm, has attempted to use cryptocurrencies as an alternative fundraising method to support its military operations. Hamas initially tested cryptocurrency fundraising by soliciting Bitcoin
BTC
donations on its Telegram channel before shifting to direct fundraising on its website, alqassam.net.

In August 2020, the United States Department of Justice announced the global disruption of three terror financing campaigns including the seizure of cryptocurrency accounts associated with al-Qassam Brigades. According to the DOJ release, the “three terror finance campaigns all relied on sophisticated cyber-tools, including the solicitation of cryptocurrency donations from around the world.”

In the first case, the al-Qassam Brigades posted a call on its social media page for bitcoin donations to fund its campaign of terror, then moved the request to its official websites. Working together, IRS-CI, HSI, and FBI agents tracked and seized 150 cryptocurrency accounts that laundered funds to and from the al-Qassam Brigades’ accounts. With judicial authorization, law enforcement seized the infrastructure of the al-Qassam Brigades websites and subsequently covertly operated alqassam.net. During that covert operation, funds from persons seeking to provide material support to the terrorist organization were routed to wallets controlled by U.S. law enforcement.

U.S. And Israeli Authorities Target Hamas’ Use Of Cryptocurrency

Over the last few years, Israel’s NBCTF has repeatedly targeted Hamas’ use of cryptocurrency, seizing dozens of cryptocurrency addresses with tens of millions of dollars in volume, controlled by entities affiliated with Hamas. These include Gaza-based businesses such as Dubai Co. For Exchange, al-Muhtadon, al-Mutahadun For Exchange and al-Wefaq Co for Exchange. The overwhelming majority of the funds seized have been Tether on the Tron network.

The NBCTF released a copy of an administrative seizure in July 2021 for bitcoin, dogecoin, TRON, and other cryptocurrency addresses controlled by agents of Hamas. The NBCF seizure revealed the growing sophistication of terrorist financing campaigns, which are now using multiple chains and currencies to evade sanctions and detection by law enforcement. A senior Hamas official reported to the Wall Street Journal in 2021 that its fundraising strategies continue to evolve as more restrictions are being placed on it. This evolution will likely involve a continued shift to multi-asset donations and increasingly sophisticated laundering methods.‍

Advertisement

Al-Qassam Brigades announced in April 2023 that it would stop receiving donations in bitcoin “out of concern about the safety of donors and to spare them any harm,” adding that it had seen an “intensification of hostile efforts against anyone who tries to support the resistance through this currency.”

While Israel executes a kinetic response, hunts terrorist leaders, and plans the rescue of hostages, it is clear that the focus is also on reducing crypto fundraising among terrorist organizations. As the digital world rapidly evolves, we are likely to see more attempts by terrorist financiers to take advantage of the promise of blockchains to move funds at unprecedented speed and scale. But, we will also see authorities in the U.S., Israel and around the world leverage blockchain technology to stop them.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Crypto

North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange – SiliconANGLE

Published

on

North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange – SiliconANGLE

North Korean hackers linked to the infamous Lazarus hacking group have been identified as being behind the theft of more than 4,500 bitcoins from Japanese cryptocurrency exchange DMM Bitcoin earlier this year.

The Federal Bureau of Investigation, in conjunction with the Department of Defense Cyber Crime Center and National Police Agency of Japan, has revealed that hackers who go by the name of TraderTraitor, an arm of Lazarus, successfully stole the equivalent of $308 million from DMM in May and have detailed how the North Korean hackers did so.

The investigation into the hack found that in late March 2024, a North Korean cyber actor pretending to be a recruiter on LinkedIn contacted an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.

With the access gained, the TraderTraitor hackers sat patiently, waiting until May to exploit their access. To steal the bitcoin, the actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. With this access, it’s believed that the hackers then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 bitcoin.

The stolen bitcoin was subsequently transferred to TraderTraitor-controlled wallets, which ultimately lead back to the North Korean government.

Advertisement

“The FBI, National Police Agency of Japan and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the FBI noted in a statement.

The involvement of both North Korea and an arm of Lazarus in the hack comes as no surprise, as the hack of DMM isn’t the first time Lazarus has targeted cryptocurrency exchanges.

In 2022, Lazarus was linked to the hack on the Ronin Network that led to the theft of $615 million in cryptocurrency, and more recently, in July, the group was linked to the theft of $234.9 million in cryptocurrency from India-based cryptocurrency exchange WazirX.

Image: SiliconANGLE/Ideogram

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Advertisement
Continue Reading

Crypto

Japan, US blame North Koreans for $300 million crypto theft

Published

on

Japan, US blame North Koreans for 0 million crypto theft

INQUIRER.net stock images

Tokyo, Japan — A North Korean hacking group stole cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin, according to Japanese police and the United States’ FBI.

The TraderTraitor group — believed to be part of Lazarus Group, which is allegedly linked to the Pyongyang authorities — carried out the heist, Japan’s National Police Agency said Tuesday.

Article continues after this advertisement

Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.

Advertisement

READ: Philippines ranks 2nd in cryptocurrency ownership globally — study

The FBI detailed “the theft of cryptocurrency worth $308 million US dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors” in a separate statement dated Monday.

Article continues after this advertisement

It described a “targeted social engineering” operation where a hacker pretended to be a recruiter on LinkedIn to contact an employee of a different crypto wallet software company.

Article continues after this advertisement

Advertisement

They sent the employee what appeared to be a pre-employment test, which actually contained a malicious line of code.

Article continues after this advertisement

That allowed the hacker to compromise their system and impersonate the employee, the FBI said.

“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308 million at the time,” it said.

Article continues after this advertisement
Advertisement

“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” it said.

North Korea’s cyber-warfare program dates back to at least the mid-1990s.



Your subscription could not be saved. Please try again.


Your subscription has been successful.
Advertisement

It has since grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.

Continue Reading

Crypto

North Korean hacker group identified in theft of DMM Bitcoin assets

Published

on

North Korean hacker group identified in theft of DMM Bitcoin assets

A North Korea-linked hacker group stole digital assets worth 48.2 billion yen ($307 million) from Tokyo-based cryptocurrency exchange DMM Bitcoin Co. in May, Japanese police said Tuesday.

The hacker group was identified by the police as TraderTraitor following an investigation conducted in collaboration with the U.S. Department of Defense and the Federal Bureau of Investigation.

DMM Bitcoin said earlier this month it will go out of business after suspending some of its services following the detection of the unauthorized leakage of funds on May 31.

Photo illustration shows a visual representation of the digital cryptocurrency Bitcoin. (Getty/Kyodo)

The police tracked the flow of stolen bitcoin to an account managed by the group, which is suspected to be linked to the Lazarus hacking group allegedly sponsored by the North Korean government.

Advertisement

The investigation found that an employee at a company that manages DMM Bitcoin’s cryptocurrency accounts was contacted via the LinkedIn social network by a person purporting to be a headhunter.

The perpetrator then breached the wallet management system by planting malware and falsified transaction amounts as well as the destinations of remittances, the police said.

In September, Japan’s Financial Services Agency ordered the exchange to improve operations, saying its risk management structure was inadequate.

No customers suffered financial damage as the exchange secured 55 billion yen from a group firm to cover the lost assets.

The police, the FBI, and other U.S. government and international partners will “continue to expose and combat North Korea’s use of illicit activities,” including cybercrime and cryptocurrency theft, to generate revenue for the regime, they said in a statement.

Advertisement

Related coverage:

Japanese publisher paid $3 million to hacker group after cyberattack

Japan’s DMM Bitcoin to end business after losing 48 bil. yen in leak

Shiba Inu of “doge” meme fame leaves enduring legacy, online and off


Advertisement
Continue Reading
Advertisement

Trending