Two Russians Charged With Illicitly Mining Crypto on State Hardware

Two Russian citizens are being prosecuted for allegedly targeting computers at state organizations to illicitly mine cryptocurrency.

The two unnamed individuals purportedly infected the hardware with a program that mines cryptocurrency via a web browser, local media agency Tass reported on Dec. 16.

One of the suspects, a resident of the city of Kurgan, is reported to have created an extensive botnet to infect computers across various regions of the country. The second suspect reportedly focused his mining operations on hardware at the state water utility JSC Rostovvodokanal. 

Mining can use up to 80% of targets’ processing power, official warns

As reported, the illicit use of a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge is sometimes referred to as cryptojacking. 

While Tass does not disclose details of the cryptocurrency mined by the two suspects, malware such as a coin miner — based on Coinhive code – is one example of a prevalent program designed to illicitly mine Monero (XMR) via a browser.

In a statement delivered at a press conference on Dec. 16, Nikolay Murashov — Deputy Director of Russia’s National Coordination Center for Computer Incidents —  noted that “up to 80% of the computer’s free power can be used to generate virtual coins, and a legitimate user may not even know about it.”

Murashob underscored that this illicit use of processing power can adversely impact business operations and damage companies’ performance, warning organizations to implement adequate cybersecurity measures. 

Tightening regulations

Perhaps the most notorious case of illicit mining at a state-owned organization in Russia was foiled back in Feb. 2018, when Russian security agents scored a coup against a group of nuclear engineers at a top-secret nuclear warhead facility who had attempted to use one of the country’s most powerful supercomputers to mine Bitcoin (BTC).

Recent developments in Russia have included an alleged plan to pass legislation that would allow authorities to confiscate cryptocurrency holdings as part of judicial proceedings.

Cointelegraph has also reported that Russia’s central bank, financial regulator and Ministry of Finance are said to be supportive of a ban on the use of cryptocurrencies to pay for goods and services.

Source Cointelegraph

Ex-Bitmain Chip Designer Reportedly Arrested for Alleged Embezzlement

Yang Zuoxing, formerly a top chip designer for mining hardware giant Bitmain, has allegedly been arrested on suspicion of embezzlement. 

A Dec. 16 Bloomberg report cites three unnamed sources and a police statement released by prosecutors in Beijing’s Nanshan district on Dec. 12, as evidence for the claim. 

The authorities’ statement reportedly omitted reference to Yang’s full Chinese name, ostensibly to protect his anonymity. 

Industry rivalries

Yang Zuoxing had worked as a processor design director at Bitmain until 2016, where he helped develop the manufacturer’s flagship Antminer S7 and S9 models. He left the firm in June of that year, after co-founders Jihan Wu and Micree Zhan allegedly refused his request for a stake in the business.

Yang went on to found MicroBT, whose Whatsminer 20 series of mining rigs have become the industry’s best-seller models so far this year.

As the rivalry between MicroBT and Yang’s former employer has intensified, Bitmain had previously filed an unsuccessful lawsuit against MicroBT over the latter’s alleged infringement of a patent. 

This fall, Cointelegraph reported that Yang had been detained by police in Shenzhen to assist in an investigation, the impetus behind which remains unclear.

Aside from omitting reference to Yang’s full name, the Nanshan authorities’ statement on Dec. 12 reportedly did not explicitly mention either Bitmain or MicroBT. Representatives from both firms have reportedly declined to officially comment on Yang’s arrest. 

Bloomberg’s anonymous sources have said his absence has compromised MicroBT’s ability to make key decisions about matters such as pricing.

Executive infighting

In the latest of a series of tumultuous chapters at Bitmain’s helm, Wu Jihan apparently ousted fellow co-founder Micree Zhan from the firm this October. The latter notably owns a reported 60% stake in the company. 

One year previously, Wu had himself suddenly abandoned his former post as CEO of Bitmain, moving into a non-executive role on the company’s board.

Source Cointelegraph

Pennsylvania Man Charged With SIM Swap Conspiracy to Steal Crypto

United States authorities have charged a Pennsylvania man with conspiracy to commit wire fraud and extortion via a series of SIM swaps targeting cryptocurrency execs and investors.

SIM-swapping — alternatively known as a port-out scam — involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms use automated messages or phone calls to handle customer authentication.

As per a Dec. 11 news release from the U.S. Department of Justice, Anthony Francis Faulk, 23, allegedly used “fraud, deception, and social engineering techniques” to persuade telecoms employees to transfer numbers from SIM cards belonging to his targets.  

The charges were filed by U.S. Attorney David L. Anderson and FBI Special Agent in Charge John Bennett and were submitted to the U.S. District Court in Northern California.

Charges carry a maximum sentence of 20 years

Faulk and his co-conspirators, none of whom are identified, are alleged to have perpetrated their scheme between Oct. 2016 and May 2018.

While the court documents do not disclose the amount of allegedly stolen cryptocurrency, the indictment claims that Faulk used the proceeds to purchase a house, a Ferrari and three other cars, jewelry, a Rolex watch, and royalty rights to twenty songs.

The ill-gotten property will be subject to criminal forfeiture if Faulk is convicted. Following his arrest, Faulk appeared before a court in the Western District of Pennsylvania on Dec. 11. 

He has been charged with one count of conspiracy to commit wire fraud and one count of interstate communications with intent to extort.

The former charge carries a maximum statutory sentence of 20 years in prison and a $250,000 fine, the latter a maximum statutory sentence of 2 years and likewise, a $250,000 fine. 

Faulk has temporarily been released on a $250,000 bond and is due to appear in court on Jan. 9, 2020.

A persistent threat

SIM-swapping has become an increasing concern for law enforcement and has accordingly brought telecoms firms — gatekeepers of user identity data — under the spotlight for their alleged complicity in the crime. 

Michael Terpin — a blockchain and crypto investor who filed a SIM-swapping-related lawsuit against telecoms provider AT&T — told Cointelegraph that the biggest risk to crypto investors “is that major phone companies promise you security and don’t deliver it.”

Source Cointelegraph

Alleged Bitcoin Ponzi Scheme Assets Frozen as US Judge Grants Injunction

A United States court has granted regulators a preliminary injunction against an alleged Bitcoin (BTC) Ponzi scheme which reportedly defrauded investors of $11 million. 

In a filing with the United States District Court in Nevada dated Dec. 6, Judge Jennifer A. Dorsey ruled in favor of the Commodity Futures Trading Commission (CFTC) and against Circle Society, along with its operator, David Saffron. 

CFTC wins injunction against CIrcle Society

“…I find that this is a proper case for granting a preliminary injunction and other equitable relief to preserve the status quo, protect customers from further loss and damage, and enable the Commission to fulfill its statutory duties,” Dorsey wrote. 

Circle will now see its assets frozen, and the CFTC will be able to inspect its financial records prior to any further legal action.

The CFTC originally charged Circle Society and Saffron in late September, after investors complained that the latter fraudulently maintained an $11 million Bitcoin binary options offering. At the time, the regulator likened the company’s activities to a Ponzi scheme, stating in an October press release:

“According to the complaint, the defendants fraudulently solicited funds from at least fourteen members of the public to participate in a pool operated by Circle Society, an entity Saffron created and used to perpetrate his fraud, by making false claims of Saffron’s trading expertise and guaranteeing rates of return up to 300%.”

U.S. goes after crypto sales

The events underscore the increasingly persistent line taken by both the CFTC and its fellow financial regulator, the Securities and Exchange Commission (SEC), regarding cryptocurrency activities that do not conform to the law. 

As Cointelegraph previously reported, enforcement action continues to impact even legitimate companies, with regulators specifically eyeing practices related to sales of tokens via initial coin offerings, or ICOs. 

These include Canadian messaging firm Kik, which almost shut down after a lengthy legal battle with the SEC over its 2017 sale.

Source Cointelegraph

Darknet Marketplace Plans $146M ICO for Global Expansion

Russia’s largest darknet marketplace is looking to raise $146 million in a token offering that would allow it to go global. 

As Forklog reported on Dec. 11, the token sale is almost certainly illegal — in this case not merely for flouting securities laws or other financial regulations. 

“A new era in the West”

The operators of the marketplace, known as “Hydra,” have ambitions to roll out their model of anonymized, rogue trading for illicit substances at a massive scale. An investment memorandum, accessible only via dark web browsers like Tor, claims the platform’s global  expansion “will start a new era in the West” at a scale that is “hard to imagine.”

Hydra provides an anonymous service, whereby couriers disperse purchased goods to designated, concealed spots in public spaces, later to be collected by the client. Neither buyer, seller nor courier ever cross paths in person. 

The operators plan to use the funds to build out a new service “Eternos” — combining encrypted messaging services, a privacy-focused browser, automated dispute resolution and an over-the-counter marketplace and crypto exchange.  

Scheduled for Dec. 16, the token sale will offer investors bundles of 100 tokens, conferring rights to a 0.003% share of company profits. The tokens are valued at $100 apiece, payable in Bitcoin (BTC).

Issuance is set at 1,470,000 tokens, accounting for 49% of Eternos’ value and pledging $500 in monthly dividends for those purchasing more than 100 tokens. Forklog has warned readers the project may turn out to be an exit-scam.

The numbers are based on a forecast of $15 million monthly revenue, which the operators justify citing their current growth metrics. 

Hydra claims it has a user base of over 3 million, processing over 100,000 transactions daily for illicit substances, hacking services, forged documents, stolen data and cash. 

As of June 2019, Russian investigative site Proekt confirmed that Hydra had 2.5 million registered accounts, 393,000 of which had made at least one purchase.

Dark predecessors

The crypto industry’s most infamous darknet marketplace remains Silk Road, which launched in February 2011 before being shut down by the authorities in October 2013.

Its founder Ross Ulbricht — aka “Dread Pirate Roberts”  — was arrested and sentenced to life in prison in 2015, convicted of money laundering and aiding in the distribution of drugs, computer hacking and fraud, among other charges.

In 2017, U.S. authorities shuttered the major darkweb marketplace Alphabay, through which vendors had purportedly hawked fentanyl, heroin, weapons, malware and a series of Bitcoin-related heists.

Source Cointelegraph

Ugandan Police Hold Director of Alleged $2.7M Crypto Ponzi Scheme

Ugandan police have seized Samson Lwanga, one of the directors of the alleged cryptocurrency pyramid scheme Dunamiscoins Resources Limited.

As domestic news publication Daily Monitor reported on Dec. 9, the police arrested Samson Lwanga, one of the four directors of Dunamiscoins. The company in question is allegedly a cryptocurrency scam, which involved over 10,000 people and reportedly managed to defraud victims of 10 billion Ugandan shillings ($2.7 million).

Investigation into the case

Patrick Onyango, a spokesperson for the Kampala Metropolitan police, said that the law-enforcement agency submitted a general inquiry file and is still conducting its investigation into the case. Onyango added:

“According to him (Lwanga), they are willing to refund the money, but the problem is that Financial Intelligence Authority froze their accounts. And they cannot access or withdraw any money. We are going to get in touch with Financial Intelligence Authority to prove if what Lwanga is telling us is true on freezing the accounts.”

According to Lwanga, most of the victims deposited sums between 1 million shillings ($271) and 10 million shillings ($2,715). As Cointelegraph previously reported, Dunamiscoins convinced people to join the firm by promising 40% returns on cash investments. The firm was allegedly working with money transfer companies in the city to recruit new people to the scheme.

Cointelegraph reached out to an email address mentioned on Dunamiscoins’ website only to receive a notice that the listed address could not be found.

Dangers of crypto Ponzi schemes

Earlier this year, deputy governor of the Bank of Uganda, Dr. Louis Kaskende, warned the public about the limited protections offered to them when they invest in unregulated cryptocurrencies. In his remarks, Kaskende clarified that the central bank does not have comprehensive oversight of all financial services firms and institutions and that its supervision typically spans commercial banks, credit institutions, foreign exchange bureaus and money remittance service providers.

Crypto pyramid schemes have gained popularity among fraudsters, and sometimes they step over the bounds of only luring potential investors. In mid-October, Glasgow-based Jen McAdam claimed supporters of the alleged OneCoin pyramid scheme are sending her death threats, mainly through Facebook.

Source Cointelegraph

Crypto Pyramid Scheme in Uganda Steals Employees’ Money and Closes

An alleged cryptocurrency pyramid scheme in Uganda has fled after defrauding dozens of victims that invested in and worked for the scheme.

Dunamiscoins Resources Limited opened in Masaka last month and started inviting individuals to invest and become part of its “digital currency network,” independent Ugandan newspaper Daily Monitor reports Dec. 5. The firm’s offices closed down covertly just a month after opening, with employees reportedly coming to the office to find it empty.

Dunamiscoins required employees to pay to start work

A businessman who worked next to Dunamiscoins’ closed offices reportedly said that Dunamiscoins was convincing people to join its firm by promising 40% returns on cash investments. According to the witness, the firm was apparently working with money transfer companies in the city to recruit new people to the scheme.

Additionally, Dunamiscoins allegedly asked each applicant to pay 20,000 Uganda shillings ($5) to register with the company. According to a former Dunamiscoins salesperson, the firm promised high returns on investments but fleeced its employees of money paid for registration as well.

Daily Monitor attempted to get in touch with Dunamiscoins but none of the phone numbers obtained by the publication was available, the report notes. Cointelegraph reached out to an email address mentioned on Dunamiscoins’ website only to receive a notice that the listed address couldn’t be found.

The report follows a recent announcement by the deputy governor of the Bank of Uganda that online cryptocurrency businesses are not regulated in the country to date. In June 2019, the official warned the public on the limited protections offered them when they invest in unregulated cryptocurrencies, also outlining a number of risks associated with crypto trading and adoption.

Source Cointelegraph

Thai Police Arrest 24 Chinese Nationals for Alleged Bitcoin Scam

Thai immigration officials have arrested 24 Chinese nationals who were running an alleged cryptocurrency scam call center in the Rama III neighborhood of Bangkok.

According to an official announcement on Dec. 2, the Immigration Bureau of the Royal Thai Police arrested 24 individuals, seized 61 laptops, 424 mobile phones and several routers. 

The Immigration Bureau further states that the head of the operation would hire employees on three-month contracts, wherein all their expenses were paid including a 5,000 yuan ($710) monthly salary. After arriving, workers would surrender their passports to the head of the operation. Employees would work shifts from 9 a.m. to 10 p.m. 

The alleged scammers would lure Chinese investors to buy Bitcoin (BTC), ostensibly fudging rates in order to make a profit.  

Thai police target telephone scams

Local news daily Chiang Rai Times states that the Immigration Bureau has busted a number of call center scams operated by Chinese nationals. Earlier today, Immigration police raided a stock speculation scheme run by Chinese teenagers. 54 minors were reportedly arrested at a Thai resort hotel for duping Chinese-based investors into investing in bogus stocks. 

Scammers reportedly had a target to raise 5 million Thai baht ($165,000) from investors that they met in internet chat rooms. Police are still in pursuit of the operation’s organizer who, like the head of the purported Bitcoin scam, is in possession of the employees’ passports. 

Crypto trading comes with caveats in Thailand

While trading cryptocurrencies in Thailand is legal, the country has a regulatory framework and compliance standards for the industry.

Both the issuance of tokens and the trading of cryptocurrencies in a secondary market are regulated by law under a series of decrees. In cryptocurrency exchanges, acceptable trading pairs for cryptocurrencies are either the country’s fiat currency, the baht, or cryptocurrencies which have been approved by the Thai Securities and Exchange Commission. 

Additionally cryptocurrency-related business must be considered a financial institution under the country’s Anti-Money Laundering, Countering the Financing of Terrorism and Know Your Customer Regulations.

As Cointelegraph recently reported, lawmakers in Thailand plan to reform cryptocurrency laws amid concerns that such regulations make the country uncompetitive.

Source Cointelegraph

Researchers Detect New North Korea-Linked MacOS Malware on Crypto Trading Site

Security researchers have discovered a new cryptocurrency-related macOS malware believed to be the product of North Korean hackers at the Lazarus Group.

As tech-focused publication Bleeping Computer reported on Dec. 4, malware researcher Dinesh Devadoss encountered a malicious software on a website called “,” that advertised a “smart cryptocurrency arbitrage trading platform.” The website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.”

Linkage to North Korean hackers

According to the researchers, the malware can retrieve a payload from a remote location and run it in memory, which is not common for macOS, but more typical for Windows. This feature makes it difficult to detect the malware and carry out forensic analysis. Per VirusTotal, an online service for analyzing and detecting viruses and malware, only 10 antivirus engines flagged it as malicious at press time.

After conducting an analysis of the newly detected malware, security researcher Patrick Wardle determined “clear overlaps” with malware found by MalwareHunterTeam in mid-October, which purportedly led to the Lazarus group. At the time, the researchers detected that Lazarus had created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm.

Recent North Korea-related developments

In recent months, there has been plenty of news about North Korea-related developments. In late November, United States prosecutors announced the arrest of Virgil Griffith, who allegedly traveled to North Korea to deliver a presentation on how to use crypto and blockchain technology to circumvent sanctions.

Following the arrest, Ethereum (ETH) co-founder Vitalik Buterin declared his solidarity with Virgil Griffith, having supported a petition to free the blockchain developer.

The United Nations Security Council’s Sanctions Committee on North Korea accused the country of using a Hong Kong-based blockchain firm as a front to launder money. 

Source Cointelegraph

Alleged Asian Exit Scam to Blame for Market Decline?

In the last week of November, the saga of an alleged crypto Ponzi scheme that has been lingering for more than half a year took a new turn. A hobbyist blockchain researcher reported on Twitter that he’d tracked almost 200,000 BTC that had gone missing over the summer, when several million people invested in PlusToken — a South Korea-based exchange and a high-yield investment program — found themselves unable to withdraw their money. 

The researcher suggested that the embezzled funds have been gradually dumped on crypto exchanges, potentially suppressing Bitcoin market price. Here’s what is known about the monumental scheme that has yet to be officially confirmed.

The greatest exit scam in history

The story of PlusToken is a testament to the fundamental disconnect in contact between the Asian and Western crypto spaces. The platform is believed to have been holding almost $3 billion worth of assets like Bitcoin, Ethereum and EOS when it essentially went bust in June 2019 — and yet, it was not until Aug. 13, when blockchain analytics firm Ciphertrace published its Q2 report, that the story caught the Western audience’s attention.

Even after the true scale of the scheme became evident, it seemed that the collective West was getting updates through a rather narrow bottleneck. Dovey Wan, founding partner of blockchain investment company Primitive Ventures, has become a key source of information on the alleged scam.

Related: What Are the Biggest Alleged Crypto Heists and How Much Was Stolen?

Launched in May 2018, PlusToken offered both a wallet service to store cryptocurrencies and an investment program promising high monthly returns on stored funds, between 8% and 16%. It was primarily marketed in China and South Korea, although Wan reported that the exchange’s customers were also located in Europe and even North America. While the operation boasted a user base of ten million, Ciphertrace estimates that up to 3 million people may have been invested.

The scheme reportedly targeted a mainstream audience of people not particularly savvy with crypto, emphasizing the “educational” component of the operation, which came down to teaching new members how to deposit funds via the PlusToken app. 

A telltale sign of a Ponzi scheme was also present: The size of rewards was contingent on recruiting new investors. Members could progress through the internal hierarchy accordingly, earning honorable distinctions such as “Big Boy” and “Great God.” The aggressive expansion campaign also partly relied on lively offline gatherings.

In late June, customers learned that withdrawals via the app were frozen. Around the same time, law enforcement in Vanuatu took action to detain six people involved with the scheme. An announcement immediately appeared on the PlusToken website, stating that the arrested individuals were regular users and not co-founders.

While the six allegedly high-ranking members of the operation found themselves in custody, other purported PlusToken bosses, including a Korean and a Russian, remained at large. The whereabouts of almost $3 billion worth of cryptocurrency remained opaque as well.

Money on the move

On Aug. 14, news emerged that the funds associated with PlusToken were being moved to exchanges. Wan was the one to raise the alarm, citing research by security audit firm PeckShield. A few days later, crypto watchdog Whale Alert pointed to four transactions totaling almost 23,000 BTC that were likely PlusToken proceeds. 

However, both claims lack conclusive evidence. Ciphertrace, for instance, refrained from publicly acknowledging that the addresses identified by PeckShield may have belonged to the operation.

On Aug. 23, blockchain research firm Elementus suggested that large sums of Ether associated with the alleged exit scam were also transferred to exchanges, predominantly Huobi. Yet, after this uptick in research and media attention, the issue seemed to have gradually faded from the spotlight.

Related: Criminal Activity in Crypto: The Fact, the Fiction and the Context

Three months later, what can be made out of the new wave of media attention to the matter? Granted, it was not until late November that members of the crypto community first came to suspect that the spoils from the PlusToken scheme could exert considerable selling pressure on the market. According to reports from sources versed in Chinese trader circles, the narrative of the swindled funds’ sell-off driving the Bitcoin price downward has been circulating since at least mid-August.

What’s new is a piece of solid-looking research that emerged in the wake of the latest downward turn in the BTC price cycle. Conducted by a crypto enthusiast who goes by Ergo on Twitter and Medium, the analysis connects some dots in the PlusToken plot by tracing the funds allegedly associated with it and estimating the average pace at which they get dumped into the market.

Coins poorly mixed

Although Ergo presented his recent findings as a series of tweets rather than a more formal writeup, the inquiry builds on the analyst’s previous work reported in a Medium post that appeared on Oct. 23. 

The post is a record of the suspicious large-scale activity that the author observed between early August and mid-September. Someone had been depositing huge amounts of Bitcoin into the privacy-focused Wasabi wallet service, which allows several users to mix their digital funds in a single transaction, thus obfuscating the origin of individual coins. Some of the addresses could be traced to individuals already linked to PlusToken.

The analyst described what he saw as “Sybil behavior,” as opposed to a Sybil attack. In both cases, the basic mechanism is that one entity poses as many different ones. If malicious intent toward the service informs such actions, they qualify as an attack, but in this instance, the whale was merely using multiple mixing clients to create the appearance that the money came into a mixer from multiple users. In an attempt to further becloud transaction history, the people in control of the money flows also employed a distinct algorithmic technique known as “self-shuffling.”

According to Ergo, however, “self-shuffling” is actually a traceable process, and the Wasabi mixing was poorly performed, leaving identifiable trails in the form of recurring patterns of post-mix spending. By late October, the researcher was able to track some 54,000 out of the alleged 200,000 BTC linked to the PlusToken scheme that were mixed using these two techniques. The bulk of this sum then went to the Huobi exchange.

Further developments

The tweetstorm that came a month later reports the findings of the continued research effort. Ergo had tracked several more clusters of Bitcoin allegedly linked to PlusToken, bringing the uncovered money total to 187,000 BTC — a figure approaching the estimate of the filched funds.

Assuming early August as the starting point of the sell-off, he also estimated the consequent daily excess of Bitcoin at an average of 1,300 BTC — an amount that looks substantial enough to exert downward pressure on the cryptocurrency’s market price. A few days later, Ergo followed up with an observation that some of the alleged PlusToken-related coins were being further moved from Huobi to Gemini.

One thing that this remarkable investigation falls short of, however, is doing away with what is alleged and instead stating facts before any reference to PlusToken is made in relation to the tracked funds. The starting point of the analysis is a handful of addresses that are widely believed to belong to the PlusToken operation, yet there is neither conclusive evidence nor a firm consensus that this is the case.

Moving from the realm of the probable to a firmer factual ground would require a new piece of indisputable evidence coming to light, most likely originating from law enforcement. For now, the analysis conducted by a lone crypto enthusiast is likely the best the community has to offer in the way of understanding what really happened behind PlusToken’s shiny facade.

Source Cointelegraph