SEC, Lazarus Group, North Korea discussed on The Crypto Overnighter


Fake collateral loan being added and a malicious price oracle being used to liquidate current users. The loss is estimated to be greater than $12 million. Defrost has offered to negotiate, sharing 20% of the funds in exchange for the bulk of the assets return. They have caught on the hackers to contact them as soon as possible. But they've got messages blocked on Twitter, so I don't know what's going on there. After posting an Ethereum wallet address on its social media page, nearly $3 million worth of digital assets had been transferred to that address. In a medium post published later, defrost explained that the V one hacker returned the stolen funds to an address controlled by the project developers. Defrost stated that it will soon start scanning the data on chain to identify the rightful owners of the assets and will return them accordingly. The process may take some time because different users had varying proportions of assets and debt, but it will be concluded swiftly. In other hacking news, thieves have stolen approximately $8 million from the bit keep wallet. Pick keep users reported that their funds were being transferred without their permission. The bit keep team confirmed that some package downloads have been hacked and installed with code by the attackers, which means if your funds are stolen, it may be because you download it or update it in unofficial released version that was hijacked. The bit keep team told its users to transfer their funds to a wallet from official sources like Google Play and the Apple App Store. They also suggested using new wallet addresses because previous 1s may have been leaked to hackers. The team asked affected users to submit relevant materials through a Google form to help with the investigation. One suspected hackers while it has more than $5 million in digital assets. Although the final amount stolen is not yet known, over $8 million in tether, die, binance coin, and Ethereum have been stolen so far. Hackers are still transferring the funds to multiple wallet addresses. The big key wallet suffered an exploit on October 17th. With the attackers stealing $1 million of binance coin. The exploit occurred through a service that enabled token swaps. The wallet company suspended the service and promised to reimburse all affected users. Member of North Korea's Lazarus group have launched a massive fishing campaign targeting people who invest in NFTs. The hackers used almost 500 fake domains to trick their victims. Slow mist is a blockchain security company. They published a report on December 24th. This report showed how North Korean advanced persistent threat groups or APT groups tricked people who invested in NFTs into giving up those NFTs. The hackers used fake websites that looked like different NFT platforms and projects. Some of the fake websites were made to look like a project related to the World Cup. And other fake websites pretended to be places like open sea X two Y two and rarible. Slow missed said that some of the fake websites offered to quote malicious mitts that this means that they tricked people into thinking they were creating a real NFT by connecting their wallet to the website. In reality, the NFT was fake. The victim's wallet was left vulnerable to hacker who could then access it. So miss report showed that many of the fishing sites use the same IP address. For example, 372 of the NFT fishing websites used one IP. And 320 NFT fishing websites used a different one. This report also said that the phishing campaign has been happening for several months. The earliest registered domain name was created about 7 months ago. The hackers used other tactics to fish for information. They recorded visitor data and saved it to external sites. And they linked images to targeted projects. Once the hacker had the visitors data, they would then run a tax scripts on the victim. This gave the hacker access to the victim's access records, authorizations, and use of plugin wallets. They could also see sensitive information like the victim's approved record in sig data. Once the hacker has this information, they can access the victim's wallet and see all their digital assets. Slow mist said that this is just a small part of the problem. They only analyzed a small portion of the materials and found some of the characteristics of the fishing attacks used by North Korean hackers. Slow mist gave an example of how successful the fishing attacks were. One fishing address was able to get 1055 NFTs. They made a profit of 300 eth, a $367,000. Slow mist also said that these same North Korean group was responsible for a fishing campaign on neighbor that was documented by prevailing on March 15th. North Korea has been involved in many cryptocurrency theft crimes in 2022. A report from South Korea's national intelligence service on December 22nd said that North Korea stole $620 million worth of cryptocurrencies this year. In October, Japan's national police agency warned the country's crypto asset businesses to be cautious about the North Korean hacking group. The SEC has requested to seal the hinman speech documents. The SEC said that they're not relevant to the court's summary judgment decision. This request was made on December 22nd in the motion to seal summary judgment document. The hinman speech documents relate to a speech given by William hinman in 2018 about Ethereum and whether or not it's a security. Hinman was a former director of the SEC's corporation finance division. Now, ripple thinks the hinman speech documents are important for its case against the SEC. The SEC has requested that the documents be sealed and that any references to them be removed from the papers of the defendants because they have no relevance to the courts summary judgment decision. The SEC believes its mission is more important than the public's right to access the documents. What you have to wonder, what is chair gensler hiding and why? I mean, we paid for these documents. I would expect and I would hope that justice in getting things done right is more important to the government's regulators. It's almost like they're hiding something personal. Now the SEC has also requested the seal information about its expert witnesses. These are investors who submitted declarations and internal documents reflecting the debate and deliberation by SEC officials. This request comes only a few weeks after ripple labs filed its final submission against the SEC on December 2nd. This indicates that the legal battle may soon be over. Ripple was able to access the hinman speech documents on October 21st after 18 months, but the SEC insisted on keeping them competitive. Previously, the courts had denied the SEC's request to keep the documents a secret. With a judge calling out the SEC's hypocrisy. And that's going to do it for us tonight. I want to thank you. My listeners, because when you stop listening, I will stop talking. We'll see you tomorrow

Coming up next