Crypto
UN Palestinian aid agency's cryptocurrency wallets investigated over Hamas ties
EXCLUSIVE — An Israeli firm that helped authorities claw back $90 million worth of Hamas-owned cryptocurrency is investigating digital wallets held by the leading Palestinian aid agency for the United Nations, the Washington Examiner has learned.
Lionsgate Network, a Tel Aviv-based company staffed by blockchain analysts, specializes in cash recovery services for investors and was notably enlisted by Israel’s Ministry of Defense to intercept funds linked to Hamas after the terrorist faction’s deadly Oct. 7 attack on the Jewish state. Now, Lionsgate has embarked on a new project: tracking the flow of crypto donations to the U.N. Relief and Works Agency, whose since-fired employees were recently accused by Israel of participating in the Hamas-led massacre, prompting the United States and other countries to pause aid to UNRWA.
“Our company’s vision is to secure crypto transactions and eliminate financial transactions targeting communities around the world,” Lionsgate Network CEO Bezalel Raviv told the Washington Examiner. “There is a loophole in the financial system, and it’s no longer a very small group of people. It’s like 1.5% of the world’s capital — we’re talking about over $1.5 trillion U.S. dollars.”
The startup’s investigation underscores how UNRWA, which has long earned the ire of foreign policy experts and lawmakers over its ties to Hamas, is being comprehensively scrutinized by watchdogs after the Oct. 7 attack. Rep. Brian Mast (R-FL), who sits on the House Foreign Affairs Committee, introduced legislation on Monday that would ban U.S. funds to UNRWA. The Biden administration renewed aid in 2021 to the Palestinian aid agency just three years after former President Donald Trump cut off support to UNRWA over concerns stemming from its ties to terrorism and the hiring of antisemitic employees.
In turn, Biden’s decision has culminated in taxpayers footing the bill for at least $730 million in payments to UNRWA since 2021. The U.S. government said on Tuesday that over 99% of U.S. funds approved by Congress for the UNRWA have already been sent to it — with just $300,000 still on hold.
UNRWA formed in 1949 “to carry out direct relief and works programs for Palestinian refugees.” But critics say it unjustly relieves Hamas, which controls Gaza, of responsibilities to provide basic services to civilians. The agency, which is led by Swiss Italian Commissioner-General Philippe Lazzarini, faces an uncertain future after Secretary of State Antony Blinken asserted that Israeli allegations about its employees participating in Oct. 7 are “highly credible.”
UNRWA has a 501(c)(3) charity in the U.S. that accepts crypto donations, such as bitcoin, a digital asset that, for federal tax purposes, is treated as “property,” according to the IRS and digital software records. The crypto option stems from the UNRWA charity’s partnership in December 2021 with the Giving Block, a fundraising platform for tax-exempt organizations.
Raviv said his company is tracking specific blockchain transactions to see where donations to the Palestinian aid agency end up and is in conversation with the U.S. State Department on certain projects.
While Lionsgate successfully worked to recover cash from Hamas, the terrorist group has become more elusive and shifted its assets around, the CEO told the Washington Examiner. Hamas and other terrorist groups, including Palestinian Islamic Jihad, have increasingly turned to crypto in recent years because its decentralized nature affords secrecy, according to multiple reports.
After Oct. 7, the U.S. government sanctioned the Gaza-based Buy Cash, a company that saw its wallets seized in 2021 by Israel’s National Bureau for Counter Terror Financing “in connection to a Hamas fundraising campaign,” the U.S. Treasury Department said. Crypto coins are stored by users in what are known as digital wallets, which contain information such as private passwords and confidential data, according to Coinbase, the largest crypto exchange in the world.
Lionsgate’s investigation into UNRWA is independent and, for the time being, not on behalf of any clients, according to Raviv.
“Conversations with the State Department are becoming closer because one of the Hamas wallets is still active and over $40 million is moving in and out,” Raviv said.
The Tel Aviv-based analytics and software firm BitOK found Hamas-tied crypto wallets raked in the cash between roughly August 2021 and June 2023, the Wall Street Journal reported.
“Awareness is key,” he said. “We really want to encourage communities and people who are active in the crypto community to look at the problems and solutions.”
Aside from crypto, UNRWA’s charity in the U.S. routinely takes large sums through donor-advised funds, which allow wealthy contributors to shield their names from publicly released financial disclosures. The arrangement is often criticized by watchdogs as a “dark money” loophole.
UNRWA’s charity in the U.S., for instance, accepted $262,578 in 2022 through the Fidelity Investments Charitable Gift Fund, tax forms show.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
That year, $109,280 also flowed through the Schwab Charitable Fund to the UNRWA’s U.S. outfit.
UNRWA and the State Department did not return requests for comment.
Crypto
North Korean hackers linked to hack of 4,500 bitcoins from Japanese crypto exchange – SiliconANGLE
North Korean hackers linked to the infamous Lazarus hacking group have been identified as being behind the theft of more than 4,500 bitcoins from Japanese cryptocurrency exchange DMM Bitcoin earlier this year.
The Federal Bureau of Investigation, in conjunction with the Department of Defense Cyber Crime Center and National Police Agency of Japan, has revealed that hackers who go by the name of TraderTraitor, an arm of Lazarus, successfully stole the equivalent of $308 million from DMM in May and have detailed how the North Korean hackers did so.
The investigation into the hack found that in late March 2024, a North Korean cyber actor pretending to be a recruiter on LinkedIn contacted an employee at Ginco, a Japanese enterprise cryptocurrency wallet software company. The threat actor sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.
With the access gained, the TraderTraitor hackers sat patiently, waiting until May to exploit their access. To steal the bitcoin, the actors exploited session cookie information to impersonate the compromised employee and successfully gained access to Ginco’s unencrypted communications system. With this access, it’s believed that the hackers then manipulated a legitimate transaction request from a DMM employee, resulting in the theft of 4,502.9 bitcoin.
The stolen bitcoin was subsequently transferred to TraderTraitor-controlled wallets, which ultimately lead back to the North Korean government.
“The FBI, National Police Agency of Japan and other U.S. government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” the FBI noted in a statement.
The involvement of both North Korea and an arm of Lazarus in the hack comes as no surprise, as the hack of DMM isn’t the first time Lazarus has targeted cryptocurrency exchanges.
In 2022, Lazarus was linked to the hack on the Ronin Network that led to the theft of $615 million in cryptocurrency, and more recently, in July, the group was linked to the theft of $234.9 million in cryptocurrency from India-based cryptocurrency exchange WazirX.
Image: SiliconANGLE/Ideogram
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU
Crypto
Japan, US blame North Koreans for $300 million crypto theft
Tokyo, Japan — A North Korean hacking group stole cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin, according to Japanese police and the United States’ FBI.
The TraderTraitor group — believed to be part of Lazarus Group, which is allegedly linked to the Pyongyang authorities — carried out the heist, Japan’s National Police Agency said Tuesday.
Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.
READ: Philippines ranks 2nd in cryptocurrency ownership globally — study
The FBI detailed “the theft of cryptocurrency worth $308 million US dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors” in a separate statement dated Monday.
Article continues after this advertisement
It described a “targeted social engineering” operation where a hacker pretended to be a recruiter on LinkedIn to contact an employee of a different crypto wallet software company.
Article continues after this advertisement
They sent the employee what appeared to be a pre-employment test, which actually contained a malicious line of code.
That allowed the hacker to compromise their system and impersonate the employee, the FBI said.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308 million at the time,” it said.
“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” it said.
North Korea’s cyber-warfare program dates back to at least the mid-1990s.
It has since grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.
Crypto
North Korean hacker group identified in theft of DMM Bitcoin assets
A North Korea-linked hacker group stole digital assets worth 48.2 billion yen ($307 million) from Tokyo-based cryptocurrency exchange DMM Bitcoin Co. in May, Japanese police said Tuesday.
The hacker group was identified by the police as TraderTraitor following an investigation conducted in collaboration with the U.S. Department of Defense and the Federal Bureau of Investigation.
DMM Bitcoin said earlier this month it will go out of business after suspending some of its services following the detection of the unauthorized leakage of funds on May 31.
Photo illustration shows a visual representation of the digital cryptocurrency Bitcoin. (Getty/Kyodo)
The police tracked the flow of stolen bitcoin to an account managed by the group, which is suspected to be linked to the Lazarus hacking group allegedly sponsored by the North Korean government.
The investigation found that an employee at a company that manages DMM Bitcoin’s cryptocurrency accounts was contacted via the LinkedIn social network by a person purporting to be a headhunter.
The perpetrator then breached the wallet management system by planting malware and falsified transaction amounts as well as the destinations of remittances, the police said.
In September, Japan’s Financial Services Agency ordered the exchange to improve operations, saying its risk management structure was inadequate.
No customers suffered financial damage as the exchange secured 55 billion yen from a group firm to cover the lost assets.
The police, the FBI, and other U.S. government and international partners will “continue to expose and combat North Korea’s use of illicit activities,” including cybercrime and cryptocurrency theft, to generate revenue for the regime, they said in a statement.
Related coverage:
Japanese publisher paid $3 million to hacker group after cyberattack
Japan’s DMM Bitcoin to end business after losing 48 bil. yen in leak
Shiba Inu of “doge” meme fame leaves enduring legacy, online and off
-
Business1 week ago
Freddie Freeman's World Series walk-off grand slam baseball sells at auction for $1.56 million
-
Technology1 week ago
Meta’s Instagram boss: who posted something matters more in the AI age
-
Technology4 days ago
Google’s counteroffer to the government trying to break it up is unbundling Android apps
-
News1 week ago
East’s wintry mix could make travel dicey. And yes, that was a tornado in Calif.
-
News5 days ago
Novo Nordisk shares tumble as weight-loss drug trial data disappoints
-
Politics5 days ago
Illegal immigrant sexually abused child in the U.S. after being removed from the country five times
-
Entertainment5 days ago
'It's a little holiday gift': Inside the Weeknd's free Santa Monica show for his biggest fans
-
Politics1 week ago
Trump taps Richard Grenell as presidential envoy for special missions, Edward S. Walsh as Ireland ambassador