Iranians were able to access more than 1,500 Binance accounts last year, and $1.7 billion was transferred from two of them to terrorist proxies, The New York Times reported Monday.
Crypto
Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme
Mandiant, a Google-owned cybersecurity company, says a “brute force password attack” likely caused the takeover of its X (formerly known as Twitter) account last week.
The account hijacking was part of a cryptocurrency phishing campaign linked to a drainer-as-a-service (DaaS) offering Mandiant calls CLINKSINK, according to a blog post detailing the company’s investigation.
An estimated $900,000 or more in Solana (SOL) cryptocurrency has been stolen in recent campaigns by 35 CLINKSINK affiliates identified in the Mandiant probe. These affiliates typically share about 20% of the stolen crypto with the DaaS operator, who raked in more than $180,000 in SOL since New Year’s Eve, according to the blog post.
Meanwhile, Mandiant is facing scrutiny after admitting that “some team transitions and a change in X’s 2FA policy” resulted in the security lapse that led to the hijacking.
Mandiant is one of several well-known organizations caught up in a recent string of X account hijackings, which most recently hit the U.S. Securities and Exchange Commission (SEC) in an incident that briefly shook up the Bitcoin market.
Mandiant’s X/Twitter hack explanation, 2FA lapse questioned by critics
Mandiant noted in its blog post that no Mandiant or Google Cloud systems, other than its X account, were compromised in the hours-long incident on Jan. 3.
Referring to a likely “brute force” attack, the company’s statements published on X Wednesday afternoon seem to imply an attacker targeted the social media account by trying multiple passwords until they successfully logged in.
In replies to Mandiant’s post, some critics noted that this explanation was questionable due to X’s policy of temporarily locking accounts after a “limited number of failed attempts” to log in.
“Not possible due to rate limitation except if the password was 123Password,” one user commented.
The exact number of failed attempts needed to trigger this measure is not provided by X, so SC Media tested the log in feature on a personal X account. We received a notice that the account was locked on the sixth attempt to log in with the wrong password.
No alerts about the failed log-in attempts were sent to the email address linked to the account, and we were also able to access the account, during the temporary lock out period, using the option to sign in with Google/Gmail.
Mandiant did not elaborate on the two-factor authentication (2FA) policy change that contributed to the breach, but this likely refers to X’s removal of the SMS 2FA option for non-Premium subscribers on March 20, 2023.
If this is the case, Mandiant’s account likely had no 2FA protection when it was compromised. X users can still use the authentication app or security key methods of 2FA for free.
“We’ve made changes to our process to ensure this doesn’t happen again,” Mandiant said in its statement.
A Google spokesperson declined to provide additional details about the incident to SC Media.
CLINKSINK affiliates impersonate legitimate crypto sites to drain wallets
After compromising Mandiant’s X account, which has more than 123,000 followers, the hijacker changed the account handle to @phantomsolw, impersonating the legitimate Phantom crypto wallet.
In a post on the hacked account, the CLINKSINK affiliate promoted a supposed opportunity to claim free $PHNTM tokens by clicking a link. Upon clicking the link, users would be urged to connect their Solana wallet and sign a transaction to claim the promotional token airdrop.
The JavaScript-based CLINKSINK drainer linked to the phishing site performs checks to verify that victims have the Phantom Desktop Wallet installed and is capable of surveying connected Solana wallets to check details, including balances. CLINKSINK is also set up to split the drained funds between the affiliate and operator accounts, usually at a ratio of 80% and 20%, respectively.
In the case of the Mandiant hijacking, the phishing scheme failed due to Phantom recognizing the site as malicious and blocking users from connecting their wallets, BleepingComputer reported.
The hijacker later deleted the phishing tweet and resorted to using the Mandiant account to mock the company with messages like “Check bookmarks when you get your account back.”
Mandiant identified other legitimate crypto utilities like DappRadar and BONK being used in related CLINKSAFE campaigns across social media platforms, including X and Discord.
CertiK, Netgear and Hyundai Middle East & Africa (MEA) have also had their X accounts hacked in cryptocurrency-draining schemes this year, but there is no confirmation that these incidents were also linked to CLINKSINK.
Continue Reading
Lawmakers Consider Crypto ATM Ban as Scam Losses Rise — Including in Central Minnesota
Minnesota lawmakers are considering banning cryptocurrency kiosks as scam losses continue to rise across the state—including in Central Minnesota.
There are currently about 350 crypto kiosks operating statewide, located in places like gas stations, convenience stores, and grocery stores. These machines allow users to deposit cash and convert it into cryptocurrency, which can then be sent electronically.
Law enforcement officials say scammers are increasingly directing victims to use these kiosks because once the money is sent, it is extremely difficult—if not impossible—to recover.
Police say scams often begin with a phone call, text, or online message. In many cases, scammers pose as government officials, tech support workers, or even romantic partners. Victims are eventually told to withdraw cash and deposit it into a crypto kiosk to “protect” their money or resolve a supposed emergency.
Central Minnesota has seen similar cases. Because St. Cloud serves as a regional hub for shopping and services, crypto kiosks are available locally, giving scammers access points to target area residents.
Some say kiosks also serve legitimate users
Despite the concerns, crypto kiosks do offer legitimate benefits. They allow people to purchase cryptocurrency quickly using cash, without needing a traditional bank account, credit card, or online exchange. Supporters say this can make cryptocurrency more accessible, especially for people who prefer cash transactions or have limited access to banking services.
Crypto kiosks can also be used to send money quickly, including international transfers, without relying on traditional wire services. Some users view them as a convenient way to invest in cryptocurrency or move money electronically without going through a bank.
Companies that operate the machines say the vast majority of transactions are legitimate and that kiosks include warnings about scams. They argue the focus should be on stopping scammers, not banning the machines entirely.
Lawmakers weighing next steps
Supporters of the proposed ban say removing the kiosks could help prevent fraud and protect vulnerable residents, particularly older adults. Law enforcement officials told lawmakers that crypto kiosk scams have resulted in significant financial losses statewide.
Minnesota passed regulations in 2024 requiring some safeguards, including limits on deposits for new users and refund requirements in certain fraud cases. But officials say scammers have continued to adapt.
The bill remains under consideration at the Capitol.
In the meantime, authorities urge Central Minnesota residents to be cautious. Officials emphasize that legitimate government agencies, law enforcement, and businesses will never ask someone to deposit cash into a cryptocurrency kiosk.
As cryptocurrency becomes more common, lawmakers are now weighing whether the risks to consumers outweigh the convenience and accessibility these machines provide.
10 (More) Hilariously Bad Google Reviews of Central MN Landmarks
Crypto
Cryptocurrency Investment Fraud: Bizman loses Rs 2.6 cr to crypto, investment fraud | Hyderabad News – The Times of India
Hyderabad: A 69-year-old businessman from Somajiguda lost 2.65 crore allegedly in a cryptocurrency and stock investment fraud. Based on his complaint, Hyderabad Cyber Crime police have registered a case.The complainant was first contacted by a fraudster posing as Ramya Krishnan on Aug 30, 2025 through Facebook. She persuaded the victim to invest in a cryptocurrency and stock trading platform, Polyus Finance PFP Gold, hosted at the domain pfpgoldfx.vip, promising high returns to finance his proposed resort and apparel ventures.Fraudsters provided the victim a contact number for daily communication and sent screenshots showing notional profits credited in his wallet in USDT cryptocurrency. To build trust, the fraudster even allowed the victim a token withdrawal of 4,300 on Sept 12, 2025.Encouraged, the victim transferred over 2.65 crore in 10 transactions between Sept 10 and Dec 39, 2025 to various current accounts provided by the accused.When he attempted to withdraw his ‘earnings’, the accused demanded an additional 15% conversion commission. After he refused, the website became inaccessible and calls to the fraudsters went unanswered.Realising that he was duped, the victim filed an online report on the National Cybercrime Reporting Portal (NCRP) before approaching the Cyber Crime police on Feb 25.Based on his complaint, a case was registered under Sections 66C and 66D of the Information Technology Act and Sections 111(2)(b) (Organised crime), 318(4) (Cheating), 319(2) (Cheating by personation), 336(3) (Forgery for purpose of cheating), 338 (Forgery of valuable security, will, etc.) and 340(2) (Using as genuine a forged document or electronic record) of the Bharatiya Nyaya Sanhita on Wednesday. Police were analysing financial transactions to identify and arrest the accused.
That was a potential violation of global sanctions, the report said, citing company records and documents collected by internal investigators.
The cryptocurrency exchange site reportedly fired or suspended at least four employees cited in the internal investigation. The company blamed “violations of company protocol” relating to its clients’ data, the Times reported.
The report came days after The Jerusalem Post spoke with experts from blockchain intelligence platform NOMINIS.io about how the Iranian regime was evading Western sanctions through cryptocurrencies.
The regime maintains a steady income using cryptocurrency through oil sales to Russia and China, NOMINIS CEO Snir Levi said at the time.
Regarding the latest scandal, he told the Post this week: “The latest allegations about Binance come months after the lawsuit by the victims’ families of October 7 – the ongoing Balva [versus] Binance case.
The majority of the allegations can be easily confirmed by on-chain data. There are thousands of cases where money has been sent and received to and from wallets that have clear connections to Iran.”
Binance founder Changpeng Zhao is being sued by the families of American victims and hostages of the October 7 massacre. He has been accused of knowingly enabling Hamas, Hezbollah, Palestinian Islamic Jihad, and Iran’s Islamic Revolutionary Guard Corps to transfer more than $1b. through its platform, including more than $50 million after the October 7 massacre.
Zhao pleaded guilty to anti-money-laundering violations in connection with Binance in 2023. US President Donald Trump pardoned him last October.
“They say what he did was not even a crime,” Trump told reporters last October. “It wasn’t a crime. That he was persecuted by the Biden administration, and so I gave him a pardon at the request of a lot of very good people.”
Binance representative Rachel Conlan said the accounts linked to the $1.7b. in Iranian transactions have been removed and the relevant authorities were informed.
“Any suggestion that Binance knowingly allowed sanctionable activity to continue unchecked is incorrect and defamatory,” she said, despite Zhao’s earlier admission of anti-money-laundering violations.
More than half a dozen compliance officials have left Binance, including a sanctions manager and the leader of the enterprise compliance team, over the past few months, the Times reported.
“No investigator was dismissed for raising compliance concerns or for reporting potential sanctions issues,” Conlan said in a statement to The Guardian.
Democrat senator opens inquiry into cryptocurrency company
While Conlan insisted there was no wrongdoing, US Sen. Richard Blumenthal (D-Connecticut) opened an inquiry into Binance on Tuesday, seeking records of the company’s dealings in Hong Kong , where funds have previously been transferred in a network against sanctions.
“Binance appears to have ignored warnings and recommendations to prevent Iranian money-laundering schemes on its cryptocurrency exchange,” Blumenthal wrote in a letter to Binance co-chief executive Richard Teng.
“According to documents obtained by the Times and the Journal, Binance was even warned that Hexa Whale was financing terrorist organizations such as the Yemeni Houthis, and internal investigators found cryptocurrency transfers to wallets associated with Iran’s Islamic Revolutionary Guards Corps and payments to crew members of Russia’s sanctions-evading shadow fleet of oil tankers,” he wrote.
“Instead of actually preventing illicit use, Binance has sought to evade accountability and influence the White House through lobbying and a financial partnership with World Liberty Financial (WLFI), the cryptocurrency firm owned by the sons of President Trump and his special envoy Steve Witkoff… This influence campaign has worked: In May 2025, the Securities and Exchange Commission announced that it was dismissing a lawsuit against Binance for lying to regulators and mishandling funds, followed in October by the stunning Presidential pardon of founder Changpeng Zhao.”
“The scale of the newly revealed illicit transfers – uncaught until nearly $2 billion flowed to sanctioned entities – and the unexplained firing of internal investigators call into question Binance’s compliance with American sanctions and banking laws, and its 2023 agreement to resolve the previous federal investigation,” Blumenthal wrote.
Wisconsin1 minute ago
Wisconsin DNR opens 2026 elk season applications March 1, with more Central Zone tags
West Virginia7 minutes ago
West Virginia Lottery results: See winning numbers for Daily 3, Daily 4 on Feb. 26, 2026
Wyoming13 minutes ago
Casper veteran David Giralt joins race for Wyoming U.S. House seat
Crypto19 minutes ago
Debate Brews Over Crypto Kiosks As Lawmakers Consider Potential Ban
Finance25 minutes ago
Where in California are people feeling the most financial distress?
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia2 years ago
99th annual Pony Swim held in Virginia
Indiana1 year ago
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Politics2 hours ago
Where Iran’s ballistic missiles can reach — and how close they are to the US
World3 hours ago
Has India’s influence in Afghanistan grown under the Taliban?
News4 hours ago
Bill Clinton to testify before House committee investigating Epstein links
News13 hours ago
Read Judge Schiltz’s Order
Politics14 hours ago
Vulnerable House Dem lashes out at Trump’s ‘racist’ SOTU challenge: ‘That was uncomfortable’
-
World2 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts2 days agoMother and daughter injured in Taunton house explosion
-
Montana1 week ago2026 MHSA Montana Wrestling State Championship Brackets And Results – FloWrestling
-
Oklahoma1 week agoWildfires rage in Oklahoma as thousands urged to evacuate a small city
-
Louisiana4 days agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Technology6 days agoYouTube TV billing scam emails are hitting inboxes
-
Denver, CO2 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Technology6 days agoStellantis is in a crisis of its own making