FBI

FBI seizes $100K in NFTs from scammer following ZachXBT investigation

The seized property included a Bored Ape Yacht Club and Doodles NFT, 85.6 Ether and a flashy Audemars Piguet watch which ultimately helped ZachXBT identify the alleged scammer.

The Federal Bureau of Investigation (FBI) has seized 86.5 Ether (ETH) an two nonfungible tokens (NFTs) worth more than $100,000 from a reported phishing scammer.

The alleged scammer in question, Chase Senecal — known as Horror (HZ) online — was initially exposed via a lengthy investigation by independent blockchain sleuth ZachXBT posted back in September 2022.

The FBI’s official notification on Feb. 3 outlined that Seneca’s property — including an Audemars Piguet royal oak watch worth $41,000 — was “seized for federal forfeiture for violation of federal law.”

The FBI’s notification did not detail much other information on the ordeal apart from noting that all of the property was seized on Oct. 24, 2022. The seized NFTs included Bored Ape Yacht Club#9658 and Doodle #3114, valued at $95,495 and $9,361 respectively, at the time of seizure.

The 86.5 ETH was valued at $116,433 at the time of seizure but is now worth $144,000.

It is unclear what the full scope of legal proceedings that have taken place against Senecal are at this stage. However, according to the FBI’s law enforcement bulletin, federal forfeiture is a law enforcement tool that enables the government to “remove—without compensation for the individual—ownership of property involved in a crime.”

“It may occur in a civil procedure, like a lawsuit against the item, or after the conviction of an individual in a criminal trial,” the FBI states.

While the FBI has not come out with an official tip of the hat to ZachXBT, the on-chain sleuth noted via Twitter on Feb. 3 that the property seizure did “come as a result” of his investigation.

“I look forward to hopefully seeing more phishing scammers suffer a similar fate in the future for harming so many people in this space,” ZachXBT wrote.

With the seizure of a Bored Ape NFT, people in the community have joked that the FBI will change its profile picture to Ape #9658.

Photoshopped FBI profile pic: @CryptoWithNick on Twitter

Notably, the flashy watch was one of the key identifiers that helped ZachXBT unmask Senecal’s identity and on-chain activity during the investigation.

Related: Logan Paul and CryptoZoo hit with lawsuit as investors take action

In a medium post from Sept. 2, 2022, ZachXBT explained that after seeing HZ brag about the new watch on social media, he asked “around a few mutual friends who sell watches” and eventually managed to get in contact with the person who sold that specific AP watch to Senecal.

Unfortunately for Senecal, the payment was said to have been made on the blockchain via the use of USD Coin (USDC).

“The address HZ used to pay the watch seller $47.5k was DIRECTLY funded by multiple addresses used to scam people with hacked Twitter accounts such as @deekaymotion, @Zeneca_33, @ezu_xyz, [and] @JRNYclub,” ZachXBT wrote.

This is not the first time ZachXBT’s research has played a key role in helping government authorities. In October 2022, France’s national cyber unit cited ZachXBT’s work in helping it catch and charge a group of alleged fraudsters suspected of stealing $2.5 million worth of NFTs via phishing scams.

North Korea’s Lazarus Group masterminded $100M Harmony hack: FBI confirms

The FBI also confirmed earlier reports this month by figures such as ZachXBT that the hackers had started moving a large chunk of the funds around via privacy protocols.

The Federal Bureau of Investigation (FBI) has confirmed the Lazarus Group and APT38 as the culprits behind the $100 million Harmony Bridge Hack from June 2022.

The North Korea-linked cyber group had long been suspected of being behind the attack but their involvement hadn’t been confirmed by authorities until now.

According to a Jan. 23 statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”

The Harmony Bridge hack in 2022 was the result of security holes in Harmony’s Horizon Ethereum bridge which allowed the cyber attackers to swipe a number of assets stored in the bridge via 11 transactions.

The FBI also outlined that the North Korean hackers started shifting around $60 million worth of the stolen funds earlier this month via the Ethereum-based privacy protocol RAILGUN. Blockchain sleuth ZachXBT previously highlighted such via Twitter on Jan. 16.

Notably, Binance also detected the hackers were trying to launder the funds through the Huobi crypto exchange, and then promptly assisted it in freezing and recovering the digital assets deposited by the hackers, according to CEO Changpeng Zhao.

“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”

In its statement, the FBI said its cyber and virtual assets units, as well as the U.S. Attorney’s Office and the U.S. Justice Department’s crypto unit, have continued “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

Related: Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

The Lazarus group is a well known hacking syndicate that has reportedly had a hand in a number of key exploits in the crypto industry, and has alleged to have been behind the $600 million Ronin Bridge hack from March last year.

In April 2022, the United States Treasury Department Office of Foreign Assets Control indicated as such, by updating its Specially Designated Nationals and Blocked Persons (SDN) to include the Lazarus Group following the hack.

That same month, the FBI and Cybersecurity and Infrastructure Security Agency also fired off a warning alert concerning North Korean state-sponsored cyber threats that target blockchain companies in response to the Ronin Bridge hack.

North Korea’s Lazarus Group masterminded $100M Harmony hack: FBI confirms

The FBI also confirmed earlier reports this month by figures such as ZachXBT that the hackers had started moving a large chunk of the funds around via privacy protocols.

The Federal Bureau of Investigation (FBI) has confirmed the Lazarus Group and APT38 as the culprits behind the $100 million Harmony Bridge Hack from June.

The North Korea-linked cyber group had long been suspected of being behind the attack but their involvement hadn’t been confirmed by authorities until now.

According to a Jan. 23 statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”

The Harmony Bridge hack in 2022 was the result of security holes in Harmony’s Horizon Ethereum bridge that allowed the cyber attackers to swipe a number of assets stored in the bridge via 11 transactions.

The FBI also outlined that the North Korean hackers started shifting around $60 million worth of the stolen funds earlier this month via the Ethereum-based privacy protocol RAILGUN. Blockchain sleuth ZachXBT previously highlighted this via Twitter on Jan. 16.

Notably, Binance also detected the hackers were trying to launder the funds through the Huobi crypto exchange, and then promptly assisted it in freezing and recovering the digital assets deposited by the hackers, according to CEO Changpeng Zhao.

“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”

In its statement, the FBI said its cyber and virtual assets units, as well as the U.S. Attorney’s Office and the U.S. Justice Department’s crypto unit, have continued “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

Related: Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

The Lazarus group is a well-known hacking syndicate that has reportedly been involved in a number of key exploits in the crypto industry, including the $600 million Ronin Bridge hack last March.

In April, the United States Treasury Department Office of Foreign Assets Control indicated as such, updating its Specially Designated Nationals and Blocked Persons (SDN) list to include the Lazarus Group following the hack.

That same month, the FBI and Cybersecurity and Infrastructure Security Agency also fired off a warning alert in response to the Ronin Bridge hack, concerning North Korean state-sponsored cyber threats targeting blockchain companies.

Sam Bankman-Fried found ‘chilling’ in JFK airport lounge on $250M bail bond

Based on the pictures, crypto community members confirmed that SBF’s location was the Greenwich (Business Class) lounge in American Airlines’ Terminal 8.

The momentary arrest of former FTX CEO Sam Bankman-Fried (SBF) can be attributed to the efforts taken by the crypto community to aid investigations and track down the whereabouts of the infamous entrepreneur. While SBF eventually escaped prison time via a $250 million bail bond, the community continues to monitor his every move publicly.

Just three days after being released on a personal recognizance bond, a crypto community member allegedly spotted SBF “chilling” in a John F. Kennedy International Airport lounge. The supporting images were shared on Twitter by litcapital, which shows SBF sitting on a lounge chair with access to a laptop and mobile phone.

Sam Bankman-Fried found at the JFK airport lounge. Source: Twitter

Based on the pictures, other community members confirmed that SBF’s location was the Greenwich (Business Class) lounge in American Airlines’ Terminal 8. According to the primary source, SBF was accompanied by his parents, FBI agents and lawyers.

Subsequent images showed SBF on an American Airlines flight disguised with a beanie and seated next to a suited executive.

The images reignited discussions around how SBF told Maxine Waters, chair of the United States House Financial Services Committee, that he had no access to his personal or professional data despite having access to his laptop and mobile device.

Moreover, some also wondered how SBF was able to afford the business-class tickets amid FTX’s bankruptcy proceedings. “Great to see customer funds are still being put to good use!” said a community member.

Related: Judge pulls out of SBF-FTX case citing husband’s law firm’s advisory link

A recent court filing revealed that defunct crypto exchange FTX paid a retainer of $12 million to Sullivan & Cromwell LLP (S&C) right before filing for Chapter 11 bankruptcy.

Since Aug. 26, 2022, FTX made payments worth nearly $3.5 million to S&C to avail their legal services.

US reportedly considering Bankman-Fried extradition for questioning

Authorities in both countries are reportedly in conversation about whether to bring the former FTX CEO back to the United States.

In the aftermath of the FTX exchange liquidity crisis and bankruptcy, United States and Bahamian authorities are reportedly discussing the possibility of extraditing Sam Bankman-Fried, former CEO of the company, back to the U.S. for questioning.

According to a Bloomberg report citing people familiar with the matter, conversations between local law-enforcement officials, including the FBI, escalated in recent days as they investigated Bankman-Fried’s role in the downfall of the exchange

Since the incident, the former FTX CEO, co-founder Gary Wang and the director of engineering Nishad Singh are known to be in the Bahamas, where they are “under supervision” by the local authorities.

Initially, rumors surfaced of Bankman-Fried potentially looking to flee to Dubai. However, due to an agreement between the U.S. and the United Arab Emirates, U.S.-based fugitives attempting to relocate to Dubai have a high chance of being detained and returned.

Currently, it is known that Bahamian securities regulators and financial investigators have opened an investigation into the situation surrounding the fall of FTX for criminal misconduct. Financial authorities in Turkey have also launched an investigation into the exchange.

FTX filed for bankruptcy on Nov. 11 and on the same day, Bankman-Fried stepped down from his position as CEO of the company, which was filled by restructuring executive John Jay Ray III. The latest filings from the bankruptcy case revealed that FTX could be accountable to over one million creditors.

Related: Bahamas’ supreme court approves ‘provisional liquidators’ for FTX

Some speculate the former CEO will face little repercussions for his actions. However, as of Nov. 14, nearly 4,000 people signed a petition demanding that Congress formally look into U.S. Securities and Exchange Commission head Gary Gensler’s “actions in the FTX fraud.”

In the first days of the crisis, Minnesota Republican lawmaker Tom Emmer said he had reason to believe Gensler had ties with FTX for regulation purposes. Emmer said he was looking into the matter.

Since the exchange went up in flames, lawmakers in the U.S., including the White House, have called for more stringent crypto regulation.

Binance​.US taps ‘most feared man on Wall Street’ for new investigations unit

Former FBI special agent BJ Kang has been onboarded with Binance.US to steer a new investigative unit aimed at finding and stopping illegal activity.

United States crypto exchange Binance.US has created a new “investigations unit” and tapped a former FBI special agent as its new head, with the aim of seeking out and stopping illegal activity on its platform.

The “investigations unit” is a brand new unit within the U.S. crypto exchange, the firm’s head of legal, Krishna Juvvadi, confirmed to Cointelegraph and sees former FBI agent BJ Kang become the company’s first “head of investigations.”

The role will see him partnering with law enforcement, regulators and even other exchanges to seek out and stop illegal activity on its platform, Kang will also build an “investigations infrastructure” for Binance.US.

In an Oct. 20 statement, Binance.US says it has strengthened its legal, compliance and risk operations over the past year by increasing its department headcount by 145% and dedicating over one-fifth of the company’s total workforce to those functions.

Kang is known for his high-profile investigations into securities fraud and insider trading in the traditional finance space during his nearly 20-year stint at the FBI.

The former FBI agent was once dubbed as “the most feared man on Wall Street” by Reuters after gaining notoriety for being photographed arresting Bernie Madoff — who was found guilty of running the largest Ponzi scheme to date — and Raj Rajaratnam, a former hedge fund manager found guilty of insider trading.

He previously served at the FBI Washington Field Office’s cybercrime squad investigating cyber-enabled money laundering, extortion and hackers targeting crypto and financial firms amongst other crimes.

The appointment of Kang comes as the exchange is facing probes from the Securities and Exchange Commission (SEC), which reportedly requested information regarding two companies supposedly acting as market makers for the platform and is investigating how Binance.US may have disclosed its potential links to the companies to users.

Binance, which operates separately from its US arm, has also had to fight back against two Reuters exposes over the past year which accused the platform of processing at least $2.35 billion worth of transactions from hacks, investment frauds and narcotics sales between 2017 and 2021.

Related: Government crackdowns are coming unless crypto starts self-policing

The most recent allegations on Oct. 17 claimed the platform “swerved scrutiny” from regulators in the U.S. and United Kingdom, pointing out two separate proposals submitted by either employees or affiliates.

In the case of the U.K allegation, it was proposed that Binance backdate service agreements to gain a financial registration exemption, and in the U.S. a proposal to direct authorities’ attention to a U.S. entity instead of to Binance itself.

‘Cryptoqueen’ associates face German court for role in $4B OneCoin scheme

The whereabouts of “Cryptoqueen” Ruja Ignatova are still unknown but the charges against OneCoin members are starting to pile up.

Three associates of fugitive OneCoin founder Ruja Ignatova, known colloquially as the “Cryptoqueen,” have faced a German court over allegations of fraud, money laundering and banking crimes.

Appearing in court on Oct. 18, a Munich-based lawyer connected to Ignatova is alleged to have transferred $19.7 million via the Cayman Islands on her behalf to purchase two London apartments. Additionally, a husband and wife are facing charges over allegedly handling $315.4 million worth of payments from OneCoin customers, as per a Bloomberg report.

Ignatova launched OneCoin back in 2014 under the guise of a cryptocurrency and trading project, however according to enforcement agencies such as the Federal Bureau of Investigation (FBI), it was soon found to be a pyramid scheme roping users in with fictitious business and technical claims that were untrue, such as a token mining structure that was non-existent.

According to the FBI, the project defrauded more than 3 million investors out of roughly $4 billion, with prosecutors noting in the German court that:

“In reality, the ever-growing value was a fake and the mining process was only simulated by the software.”

Ignatova’s whereabouts have been unknown since 2017, her last known location was reported to be in Athens, Greece.

In June the FBI added her to its top ten most wanted list, offering up $100,000 for information leading to her arrest. Apart from being wanted for over $4 billion worth of fraud, her company has also been accused of bribing presidents in Serbia and Bulgaria by economist and crypto proponent Angelina Lazar.

The latest three OneCoin figures to face prosecutors adds to the action taken against another alleged accomplice Christoper Hamilton, accused of laundering $105 million through the scheme in 2014.

In August 2021, a judge in the United Kingdom approved the extradition process for Hamilton to face changes in the United States and it was reported he was extradited at the start of September.

Related: Crypto ATMs emerging as popular method for crypto scam payments — FBI

Cryptoqueen’s brother Konstantin Ignatov took over the reins of OneCoin at one point, and pleaded guilty to several money laundering and fraud related charges in 2019, while two of his associates were the subject of a class action suit that was brought to trial in March 2020.

The case of the missing Cryptoqueen has remained a subject of keen interest to date, with journalist and author Jamie Bartlett hosting a popular podcast on the topic via the BBC that has published 11 episodes so far.

Bartlett also published a book on the entire ordeal in June called The Missing Cryptoqueen: The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It, providing a public discussion on the book at the Red Line Festival in South Dublin on Oct. 16.

‘Cryptoqueen’ associates face German court for role in $4B OneCoin scheme

The whereabouts of “Cryptoqueen” Ruja Ignatova are still unknown, but the charges against OneCoin members are starting to pile up.

Three associates of fugitive OneCoin founder Ruja Ignatova, known colloquially as the “Cryptoqueen,” have faced a German court over allegations of fraud, money laundering and banking crimes.

Appearing in court on Oct. 18, a Munich-based lawyer connected to Ignatova is alleged to have transferred $19.7 million via the Cayman Islands on her behalf to purchase two London apartments. Additionally, a husband and wife are facing charges over allegedly handling $315.4 million worth of payments from OneCoin customers, as per a Bloomberg report.

Ignatova launched OneCoin back in 2014 under the guise of a cryptocurrency and trading project. However, according to enforcement agencies such as the United States Federal Bureau of Investigation (FBI), it was soon found to be a pyramid scheme roping users in with fictitious business and technical claims that were untrue, such as a token mining structure that was non-existent.

According to the FBI, the project defrauded more than 3 million investors out of roughly $4 billion, with prosecutors noting in the German court that:

“In reality, the ever-growing value was a fake and the mining process was only simulated by the software.”

Ignatova’s whereabouts have been unknown since 2017; her last known location was reported to be in Athens, Greece.

In June, the FBI added her to its top ten most wanted list, offering up $100,000 for information leading to her arrest. Apart from being wanted for over $4 billion worth of fraud, her company has also been accused of bribing presidents in Serbia and Bulgaria by economist and crypto proponent Angelina Lazar.

The latest three OneCoin figures to face prosecutors adds to the action taken against another alleged accomplice Christoper Hamilton, accused of laundering $105 million through the scheme in 2014.

In August 2021, a judge in the United Kingdom approved the extradition process for Hamilton to face changes in the United States and it was reported he was extradited at the start of September.

Related: Crypto ATMs emerging as popular method for crypto scam payments — FBI

Cryptoqueen’s brother Konstantin Ignatov took over the reins of OneCoin at one point, and pleaded guilty to several money laundering and fraud-related charges in 2019, while two of his associates were the subject of a class-action suit that was brought to trial in March 2020.

The case of the missing Cryptoqueen has remained a subject of keen interest to date, with journalist and author Jamie Bartlett hosting a popular podcast on the topic via the BBC that has published 11 episodes so far.

Bartlett also published a book on the entire ordeal in June called The Missing Cryptoqueen: The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It, providing a public discussion on the book at the Red Line Festival in South Dublin on Oct. 16.

Crypto ATMs emerging as popular method for crypto scam payments — FBI

The FBI says alongside regular methods of payment such as wire transfers and prepaid cards, crypto ATMs are also becoming a prominent tool for crypto investment scammers.

The United States Federal Bureau of Investigation’s (FBI) Miami Field Office has warned that crypto ATMs are emerging as a popular method that scammers use to receive funds from defrauded victims.

The information was revealed as part of an Oct. 3 public warning about “pig butchering scams,” where scammers pose as long-lost friends or potential romantic partners to swipe money from victims.

 The scammers “fatten up” their victims by showing a supposedly genuine interest in them to win their trust, and then gradually introduce investment discussions into the relationship.

In the public service announcement in cooperation with the Internet Crime Complaint Center, the FBI warned that victims of these pig-butchering crypto scams generally have no chance of getting their funds back.

However, the FBI noted that they’ve noticed scammers have been increasingly directing their victims to transfer funds via crypto ATMs, alongside more well-known methods such as wire transfers and prepaid cards, noting:

“Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards. The use of cryptocurrency and cryptocurrency ATMs is also an emerging method of payment. Individual losses related to these schemes ranged from tens of thousands to millions of dollars.”

The FBI noted that in “pig butchering” scams, victims are “coached through an investment process” and “encouraged to make continuous deposits by the fraudsters.”

“When the victims attempt to cash out their investments, they are told they need to pay income taxes or additional fees, causing them to lose additional funds.”

Crypto ATMs have long been utilized by scammers who pose as public officials, law enforcement agents or employees of local utility companies, and coerce victims to send them payments under the guise of paying off bills or unpaid taxes to avoid further penalties.

There are nearly 33,500 cryptocurrency ATMs in the United States, according to data from Coin ATM Radar, with the U.S. accounting for 87.4% of the global crypto ATM distribution.

The U.S. Federal Trade Commission sent out a warning regarding crypto ATM scams in January, while also noting that the scammers do sometimes pose as potential romantic partners.

The FBI urged people to “verify the validity of any investment opportunity” introduced by these types of people, keep an eye out for domain names impersonating legitimate exchanges and misspelled URLs, and not download any apps if the legitimacy cannot be verified.

Related: Beeple’s Discord URL ‘hijacked,’ directing users to wallet drainer

Law enforcement agencies across the U.S. have warned about pig butchering and romance scams on several occasions. While it could be assumed that the victims are not well-educated regarding technology or investing, this isn’t always the case.

In June, it was reported that tech-savvy professionals from Silicon Valley were being duped by a wave of pig butchering scams in San Francisco, with multiple people losing more than $1 million apiece to this type of financial fraud.

FBI seeks Bitcoin wallet information of ransomware attackers

The FBI, along with two other federal agencies, CISA and MS-ISAC, asked U.S. citizens to report information that helps track the whereabouts of the hackers.

Three federal agencies in the United States — the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center — jointly issued an advisory seeking information to curb ransomware attacks. 

As part of the #StopRansomware campaign, the joint cybersecurity advisory alerted citizens of Vice Society, a ransomware-type program that encrypts data and demands ransom for decryption.

The trio anticipates a spike in ransomware attacks, primarily aimed at educational institutions, adding that “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.”

While proactive measures remain vital to counter ransomware, the FBI asked US citizens to report information that helps track the whereabouts of the hackers. Some key information the FBI seeks includes Bitcoin (BTC) wallet information, ransom notes and IP addresses linked to the attacker.

By using wallet addresses, authorities can backtrack illicit transactions on Bitcoin’s immutable blockchain without worrying about the trail going cold.

While Bitcoin enables frictionless cross-border transactions, most attackers prefer using fiat currencies to fund their illicit activities. It was also found that only 0.15% of activity on blockchains in 2021 was crime-related, which has been going down consistently year over year.

Moreover, the three federal agencies strongly discourage Americans from paying ransom “as payment does not guarantee victim files will be recovered.” Individuals affected by ransomware attacks can report the details by visiting a local FBI office or through official communication channels.

Related: Crypto app targeting SharkBot malware resurfaces on Google app store

The Dutch Public Prosecution Service recently tracked down crypto wallets associated with a ransomware attack on Netherland-based Maastricht University (UM).

In 2019, a ransomware hack froze all assets of UM, such as research data, emails and library resources. UM later agreed to pay the hacker’s demand of €200,000 (or $198,760)in BTC, which is currently valued at roughly €500,000 (or $496,900).