The FBI raided a luxury home in Miami in connection to the theft, and arrested two men in their early twenties. Authorities worked with crypto investigators including zachxbt to trace the stolen funds.
Arrests made after $243 million stolen from one individual in Gemini phishing attack
Two people have been arrested in relation to a phishing scam that successfully stole more than 4,000 BTC priced at around $243 million from a single individual. The victim was targeted with a phishing scam in which the attackers posed as Google support employees and convinced the victim to reset their two-factor authentication for their account on the Gemini cryptocurrency exchange.
Bitcoin mining company Rhodium Enterprises files for bankruptcy
The Texas-based Rhodium Enterprises bitcoin mining company has filed for bankruptcy, disclosing debts between $50 and $100 million and total assets between $100 and $500 million. The company had tried to begin restructuring, but was not able to reach agreement among shareholders, and so decided to enter bankruptcy.
Bitcoin mining has been an extremely challenging business in recent times, partly due to volatile crypto prices over the last few years, and due to diminishing miner rewards following the April halving event.
Rhodium Enterprises had been showing signs of trouble, including failing to make scheduled loan payments earlier this month. In December 2023, a dispute between them and a subsidiary of the Riot Platforms bitcoin mining group culminated in armed security removing Rhodium employees from a bitcoin mining facility in Rockdale, Texas, where Rhodium was leasing bitcoin miners. The case was later sent to arbitration.
Japanese crypto exchange DMM Bitcoin loses $308 million
A Japanese cryptocurrency exchange called DMM Bitcoin has announced that they suffered an "unauthorized leak" of 4,502.9 bitcoin (~$308 million) from a company wallet. They've provided very little in additional details around how the loss occurred, or who may have been involved. They have taken some of their services offline as they investigate the incident.
The company claims it will replace the lost funds with help from other companies in their group.
This is one of the largest cryptocurrency thefts in recent history, rivaling the roughly $320 million theft from the Wormhole bridge in February 2022 and the $477 million theft from FTX in November 2022.
The DMM hack was later attributed to a North Korean state-sponsored cybercrime group.
$2 million stolen from ALEX's XLink bridge by bumbling exploiter
An attacker tried to pull off what could have been a ~$12 million heist from ALEX Lab's XLink bridge after a private key was compromised. However, the sloppy work by the attacker enabled an apparent whitehat hacker to step in.
The attacker was successfully able to transfer around 13.8 million STX (~$2 million) on the Stack BTC layer-2 chain. However, their attempts to steal assets notionally worth around $4.3 million from the project's BNB Chain implementation failed when they upgraded the project contract to a malicious version, but failed to prevent other people from calling the withdraw function. The attacker's first transactions to withdraw the funds themself failed, and an apparent whitehat hacker was able to step in and complete the withdrawal ahead of the exploiter. They later negotiated a deal for the funds' return, after offering a 10% "bounty".
The exploiter had also tried, and failed, to steal assets notionally worth around $5 million on the Ethereum blockchain, but failed to do so. ALEX Lab later announced they were able to recover or secure around $4.5 million of those assets. ALEX also later announced that they believed the attackers were part of the North Korean Lazarus Group.
Wallet loses over $72 million to address poisoning
An Ethereum wallet was apparently drained of 1,155 wrapped bitcoin (~$72.7 million) when they transferred it to a malicious address that had been operating an address poisoning scheme.
Address poisoning is a scam tactic that takes advantage of crypto traders' tendencies to copy and paste wallet addresses from their transaction histories, since the addresses are long strings of characters that are not practical to type from memory. By creating a new wallet address with identical start and/or ending character strings to addresses used by the victim, and spamming the victim with transactions from that similar address, scammers are sometimes able to get victims to erroneously copy the spoofed address for future transfers.
That's what appears to have happened in this case, when a victim transferred 1,155 wrapped bitcoin — tokens pegged to the bitcoin price meant for use on the Ethereum blockchain — to the malicious address.
The victim and the exploiter later reached an agreement for the return of most of the funds, with the exploiter keeping $7.2 million as a "bounty".
Roger Ver arrested for $50 million tax fraud
Roger Ver, an early bitcoin investor who later became an outspoken evangelist for the fork Bitcoin Cash, has been arrested on tax fraud charges. According to the Department of Justice, Ver evaded almost $50 million in owed taxes by concealing income and lying to tax preparers about his bitcoin assets as he attempted to renounce his US citizenship and become a citizen of the tax haven St. Kitts and Nevis.
Ver was arrested in Spain, and the United States will seek his extradition.
Besides his tax woes, Ver has also been caught up in accusations by CoinFLEX that he owed the platform around $84 million after failing to meet a margin call. Ver has in turn claimed that CoinFLEX owed him money. CoinFLEX filed for restructuring in August 2022.
- "Early Bitcoin Investor Charged with Tax Fraud", U.S. Department of Justice [archive]
Rain cryptocurrency exchange hacked for $16.13 million
Bahrain-based cryptocurrency exchange Rain was exploited for around $16.13 million dollars on April 29. The exchange did not publicly disclose the hack until the suspicious outflows across wallets on multiple blockchains were noticed by blockchain investigator zachxbt.
After zachxbt sounded the alarm on May 13, Rain admitted that they had had a "security incident", but stressed that customer funds were safe, and stated that the Rain Group had "covered any potential losses resulting from this incident".
The attack was later attributed to North Korean state-sponsored attackers.
Samourai Wallet operators charged over crypto mixer operations
Keonne Rodriguez and William Lonergan Hill, founders of the Samourai Wallet, were arrested and charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money transmitting business. The charges relate to their operation of a cryptocurrency mixer that the DOJ says helped to launder over $2 billion in unlawful transactions. $100 million of that, they say, was connected to dark web markets including Silk Road and Hydra Market. Indeed, Samourai had actively marketed its products to "Dark/Grey Market participants".
Rodriguez was arrested in the United States; the United States will seek extradition for Hill, who was arrested in Portugal.
Samourai Wallet advertised itself as "a bitcoin wallet made for the streets", which would "keep your transactions private, your identity masked, and your funds secure". It touted features including "remote self-destruct", and would hide itself from a phone's applications list. As charges were filed in the United States, the wallet's website began displaying a seizure notice that informed visitors of a coordinated law enforcement action by the US Attorney's Office in the Southern District of New York, FBI, IRS, Europol, and Portuguese and Icelandic police. The app was also removed from the Google Play Store.
- "Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses", U.S. Attorney's Office, Southern District of New York [archive]
LENX co-founder accused of $10 million rug pull
The LENX cross-chain bitcoin liquidity protocol has recently been accused of a $10 million rug pull after community members observed massive withdrawals of treasury funds which were then sent to Binance accounts.
One of the co-founders, known only as "Paul", claimed on Discord that he was "trying to investigate" the movement of funds, which have been blamed on the project's other co-founder, John Kim.
Conversations on Discord suggest that a remaining $3 million in treasury funds were protected, and that the remaining LENX team may have been able to convince Binance to freeze the account that received stolen funds. However, little has been verifiably confirmed to date.
LENX is backed by the Frax Finance lending protocol.
Bitcoin flash crashes on BitMEX
A "very small number of accounts" were able to crash the bitcoin price on the BitMEX exchange from its roughly $66,000 price to as low as $8,900. BitMEX attributed the incident to "aggressive selling behavior" by that small group.
The incident underscores the thinness of the bitcoin markets on some cryptocurrency exchanges, and the ease with which a few whales can manipulate token prices.
BitMEX used to be among the largest cryptocurrency trading platforms, though its popularity diminished after its founders were hit with criminal charges in 2020 for violations of the Bank Secrecy Act.