Around $700,000 of the stolen assets were frozen thanks to intervention by a security firm called ZeroShadow, although this represents only 0.2% of the total loss.
Crypto holder loses $283 million to scammer impersonating wallet support
A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully convinced them into revealing their seed phrase. After gaining access to the assets, they quickly swapped them to the Monero privacycoin. The volume of assets was so large that the Monero price spiked as the scammer laundered the finds. The scammer also swapped assets using the THORChain project, which boasted on social media about the "World record speedrun. ⚡️" (presumably without realizing they were bragging about a thief using their project to launder money).
Monero faces 51% attack
Monero, a privacy-focused blockchain network, has been undergoing an attempted 51% attack — an existential threat to any blockchain. In the case of a successful 51% attack, where a single entity becomes responsible for 51% or more of a blockchain's mining power, the controlling entity could reorganize blocks, attempt to double-spend, or censor transactions.
A company called Qubic has been waging the 51% attack by offering economic rewards for miners who join the Qubic mining pool. They claim to be "stress testing" Monero, though many in the Monero community have condemned Qubic for what they see as a malicious attack on the network or a marketing stunt.
Though Qubic has claimed to have achieved 51% of the Monero hashrate, these claims have been disputed. However, they do appear to be very close if not there already, and there have been multiple chain reorganizations — including a 6-block reorganization — suggesting that Qubic has established significant control over Monero mining.
$330 million in Bitcoin apparently stolen; laundering spikes Monero price by over 40%
3,250 BTC (~$330 million) were apparently stolen from a bitcoin holder and then quickly moved through multiple exchanges and swapped for the Monero privacycoin. Such a massive swap into Monero was apparently enough to cause the Monero price to spike from around $230 to as high as around $330, before retracting somewhat.
Incognito Market drug marketplace pulls multi-million dollar double scam
Since March 5, those who used the Incognito Market darkweb narcotics marketplace have found themselves unable to withdraw the Bitcoin and Monero they had on the platform. It appeared the platform had exit scammed for somewhere between $10 and $30 million.
Making matters worse, on March 10 the website posted a message reading, "Yes, this is an extortion !!" They wrote that, although the platform promised to "auto-encrypt" messages between buyers and sellers, and auto-delete after an expiry date, messages were not encrypted or deleted. They demanded that users pay an additional $100 to $20,000 to have their information removed from the dataset, which they promised to release at the end of May. "Whether or not you and your customers' info is on that list is totally up to you."
The tactic is reminiscent of that of ransomware groups, which often demand double fees: one from victims of hacks first to regain access to their systems, and another in exchange for a promise to destroy stolen data.
- Incognito Darknet Market Mass-Extorts Buyers, Sellers, Krebs on Security [archive]
Monero discloses that its community crowdfunding wallet was drained
Monero's Community Crowdfunding System (CCS) funds projects that aim to improve the ecosystem of Monero, a privacycoin. The CCS is funded by donations, and up until September 1, 2023, held a balance of 2675.73 XMR (~$460,000). Two months after the fact, "Luigi" (a Monero developer and one of the two people with access to the wallet seed phrase) disclosed on Github that the wallet had been drained entirely. According to Luigi, he only discovered this a month after the theft.
The other person with access to the wallet is a former Monero developer named "fluffypony", or Ricardo Spagni. He surrendered to US authorities in July 2023 for extradition to South Africa, where he has been charged with invoice fraud against a cookie company (think chocolate chip, not software). However, he was released in late September, and has been working to "address this matter" while free but under court supervision.
Monero holders plan a bank run
Monero is a privacycoin that attempts to address some of the privacy issues with more popular currencies (like Bitcoin or Ethereum) — namely, that anyone can see that wallet A sent a transaction of X amount to wallet B. However, privacy cuts both ways, and this feature also means that, without cooperation from the exchanges, the Monero community can't verify that exchanges actually hold the amounts of Monero they're allowing their users to buy. Some in the community have become increasingly suspicious that exchanges are selling "paper Monero": fake Monero that's not actually backed by reserves.
To try to test this theory, Monero users have scheduled what is basically a bank run: they are encouraging all users to try to move their Monero out of exchanges on April 18. Some have claimed that exchanges including Binance and Huobi have frozen withdrawals of Monero in anticipation of the mass-withdrawal, in an effort to prevent their lack of reserves from being discovered. Indeed, Huobi suspended XMR deposits and withdrawals 10 days ago and has yet to restore the functionality, which they say is due to a wallet upgrade. Binance also shows "withdrawal suspended" on its status page as of April 14.
- " 'The Monerun' scheduled for April 18th, Monero's 8th birthday", Monero Observer
- "The Monerun", on r/CryptoCurrency
One Monero mining pool creeps closer to that crucial 51% of the network hashrate
Much of the mining of the Monero privacycoin is done by a single mining pool named MineXMR. The total computing power being used to mine and process Monero transactions (also called the hashrate) controlled by the one mining pool has been gradually increasing. On February 13, someone posted in the Monero subreddit urging people to "boycott" MineXMR, because the pool's hashrate was as high as 47.7% of the total network hashrate. If the one group's hashrate breaks the 50% mark, it opens the network up to a potential 51% attack, where the mining pool could be used for malicious actions, including blocking new transactions from being confirmed, reordering transactions, or double spending.
A hacker racks up a $45,000 AWS bill for their victim, only to generate $800 worth of Monero
A hacker gained access to someone's Amazon Web Services account and used it to spin up servers to run Monero miners, ultimately netting 6 Monero (XMR) worth a total of about $800 over the couple of weeks they were running. All this work, however, cost the hacked individual about $45,000 in AWS fees, providing a particularly salient example of why people don't typically use AWS to mine crypto. Fortunately, Amazon waived the bill for the owner of the compromised account.