Why ‘wrench attacks' on wealthy crypto holders are on the rise
'Criminal groups already comfortable with using violence to achieve their goals were always likely to migrate to crypto,' Ariss said.
Advertisement
Some of the crypto's key characteristics help explain why wealthy individuals who hold a lot of digital assets can be ripe targets for such attacks.
Get Starting Point
A guide through the most important stories of the morning, delivered Monday through Friday.
Enter Email
Sign Up
The draw
Cryptocurrencies like bitcoin offer traders full control of their funds without the need for a bank or permission from a government to buy, sell or hold it. The trade-off is that if funds are lost or stolen, there can be no way to get them back.
Self-reliance is a key ethos of crypto. Securing and controlling one's private keys, which are like passwords used to access one's crypto holdings, is viewed as sacrosanct among many in the crypto community. A popular motto is 'not your keys, not your coins.'
Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another.
Advertisement
In the case in New York, where two people have been charged, a lot of details have yet to come out, including the value of the bitcoin the victim possessed.
Crypto thefts
Stealing cryptocurrency is almost as old as cryptocurrency itself, but it's usually done by hacking. North Korean state hackers alone are believed to have stolen billions of dollars' worth of crypto in recent years.
In response to the threat of hacking, holders of a large amount of crypto often try and keep their private keys off the internet and stored in what are called 'cold wallets.' Used properly, such wallets can defeat even the most sophisticated and determined hackers.
But they can't defeat thieves who force a victim to give up their password to access their wallets and move money.
The case in New York is the latest in a string of high-profile wrench attacks. Several have taken place in France, where thieves cut off a crypto executive's finger.
Mitigation
Experts suggest several ways to mitigate the threats of wrench attacks, including using wallets that require multiple approvals before any transactions.
Perhaps the most common way crypto-wealthy individuals try to prevent wrench attacks is by trying to stay anonymous. Using nicknames and cartoon avatars in social media accounts is common in the crypto community, even among top executives at popular companies.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
26 minutes ago
- Yahoo
Explosions in Vladivostok part of Ukrainian operation damaging base of elite Russian unit, source claims
Ukraine's military intelligence agency (HUR) was behind explosions near Desantnaya Bay in Russia's Vladivostok on May 30, which reportedly damaged military personnel and equipment, a source in HUR told the Kyiv Independent. According to the source, two blasts occurred early in the morning at a site where Russia's 47th Separate Air Assault Battalion of the 155th Separate Guards Marine Brigade was stationed. The 155th Marine Brigade has been actively involved in the full-scale invasion of Ukraine, including battles in Mariupol and Vuhledar in Donetsk Oblast, as well as operations in Russia's Kursk Oblast. Local media reported two loud bangs, followed by temporary road closures and emergency vehicles seen in the area, but did not mention anything about a military base. Russia's Anti-Terrorist Commission of Primorsky Krai attributed the explosions to the ignition of propane-butane cylinders inside a vehicle. No official casualties have been reported. One of the explosions allegedly happened near a checkpoint, while the other hit the location of personnel and the unit's command. "Manpower, military equipment, and special equipment were hit," the source claimed. The Kyiv Independent could not verify these claims. Desantnaya Bay is located in Vladivostok in Russia's Far East, which lies some 185 kilometers (114 miles) from the Russian-North Korean border. Read also: Russia 'testing' Europe's capacity to help Ukraine by intensifying air attacks We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Yahoo
4 hours ago
- Yahoo
North Korean aid helping Russia increase attacks on Ukraine, report says
SEOUL, May 30 (UPI) -- Military cooperation between North Korea and Russia has enabled Moscow to increase its missile attacks on Ukrainian cities, the United States, South Korea and nine other allies said in a new report. The report, released Thursday, was the first produced by the Multilateral Sanctions Monitoring Team, a group formed in October after Russia vetoed the mandate for a U.N. panel to continue its work overseeing North Korean sanctions violations. The MSMT collected evidence that North Korea and Russia "engaged in myriad of unlawful activities" in violation of U.N. Security Council resolutions, according to the 29-page report. These violations include transfers of artillery, missiles and combat vehicles from North Korea to Russia for its war against Ukraine. In return, North Korea has received air defense systems and technical weapons expertise from Russia. The MSMT also found that Moscow has supplied shipments of refined petroleum products far in excess of a yearly cap under U.N. sanctions and maintained banking relations with Pyongyang. These forms of unlawful cooperation have "contributed to Moscow's ability to increase its missile attacks against Ukrainian cities including targeted strikes against critical civilian infrastructure," the report said. The military relationship "also provided the resources to allow North Korea to fund its military programs and further develop its ballistic missiles programs ... and gain first-hand experience in modern warfare." North Korea sent over 11,000 troops to Russia in 2024, and another 3,000 in the early months of this year, the report said, citing MSMT member states. North Korea acknowledged sending the troops for the first time last month, claiming they helped recapture lost territory in Kursk Province from Ukrainian forces. The MSMT includes the United States, Australia, Britain, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand and South Korea. The team was established after Russia used its U.N. Security Council veto in March 2024 to end the mandate of the Panel of Experts, which had overseen North Korean sanctions monitoring since 2009. The Panel of Expert's final report cited numerous sanctions violations by North Korea, including an estimated $3 billion generated from cyberattacks used to fund the regime's illicit weapons program. Thursday's MSMT report covers the period between January 1, 2024 and April 30, 2025. It concludes that North Korea and Russia intend to continue their military cooperation "at least for the foreseeable future." Citing an unnamed MSMT participating state, the report claims that North Korea shipped as many as 9 million rounds of mixed artillery and multiple rocket launcher ammunition to Russia in 2024 aboard Russian-flagged cargo vessels. The North also sent Russia at least 100 ballistic missiles, the report said, which were "subsequently launched into Ukraine to destroy civilian infrastructure and terrorize populated areas such as Kyiv and Zaporizhzhia." In return, Russia has transferred air defense systems, including at least one Pantsir-class mobile combat vehicle, according to unnamed participating MSMT countries. Moscow has also provided data feedback on Pyongyang's ballistic missiles, leading to improvements in missile guidance performance. Under U.N. Security Council sanctions, North Korea can procure no more than 500,000 barrels of refined petroleum per year. The MSMT report estimates, however, that Russia supplied more than a million barrels of oil to North Korea between March and October 2024. About 8,000 North Koreans have been sent to Russia to work in IT, construction and other sectors, the report added, while the two countries are actively conducting financial transactions through ruble-denominated bank accounts. Both are violations of U.N. sanctions. In a joint statement, the 11 MSMT member states urged North Korea to "engage in meaningful diplomacy." "We will continue our efforts to monitor the implementation of U.N. [Security Council Resolutions] on the DPRK and raise awareness of ongoing attempts to violate and evade U.N. sanctions," the statement said, using the official acronym for North Korea.
Yahoo
6 hours ago
- Yahoo
‘Anthony from Staten Island' said he developed a chat tool for Meta. His entire identity was fake.
A provider of identity verification and fraud tools was recently targeted by what appear to be multiple North Korean IT workers managing dozens of personas. The stream of resumes to Socure for software development positions all boasted experience at brand-name tech firms like Amazon, Google, and Netflix. Turns out they were all fake. 'Anthony from Staten Island' had a polished set of credentials and claimed he previously worked at Meta Platforms. During a Zoom interview for a senior software engineer job, the supposed New Yorker was charming and articulate as he talked about creating a key chat application at the $1.6 trillion social media giant. For the first 20 minutes, everything went smoothly. Anthony smiled, engaged naturally, and delivered polished responses to questions. Then, it all changed. 'What was most striking was he was really affable,' recalled Rivka Little, Socure's chief growth officer. 'You can 100% see why people would become a victim to this.' When the interview advanced to more complex two-part questions that required further explanation, Anthony lost his place. He seemed more stilted and less certain, Little told Fortune. Socure believes Anthony was a North Korean IT worker, part of a sophisticated and insidious criminal organization that consists of trained technologists from the Democratic People's Republic of Korea (DPRK). The DPRK IT workers use American identities, real or fabricated, and apply for remote jobs in IT at American and European companies. The scheme has been a massive runaway success. Hundreds of Fortune 500 companies have unwittingly hired thousands of IT workers from the DPRK, and the IT crew sends its salaries to authoritarian leader Kim Jong Un. Kim uses the money to fund the country's weapons of mass destruction program. The scheme generates between $200 million to $600 million a year, according to UN estimates, and the DPRK IT workers collaborate with highly skilled operatives responsible for stealing billions in crypto heists. The scheme is so pervasive that some tech founders have resorted to asking potential job candidates to insult Kim before progressing to a formal interview. DPRK IT workers are constantly surveilled and insulting the supreme leader of the regime would lead to severe punishment. The threat is scaling rapidly. This year, Kim doubled the earning quotas required of the worker delegations and launched a new artificial intelligence unit called Research Center 227 to support the country's cyber crime initiatives, according to research from security firm DTEX. Socure is publicizing its experience with Anthony to alert other companies to new warning signs and also to avoid the pitfalls of overly restrictive hiring practices that might make it harder for legitimate job seekers. The challenge is the fraudulent candidates are skilled and some are very charming, Little explained. 'Anyone can fall for these interviews—he did really well for a long period of time,' said Little. Some of the indicators that companies are relying on won't work in the long term, she warned. For instance, Anthony gave a surname that sounded Italian and he claimed to hail from Staten Island. During his interview however, he had an accent that didn't align with his origin story. 'People come in all kinds of packages,' she noted. Superficial nuances shouldn't be used to eliminate candidates. And while the DPRK IT workers tend to use stereotypical Western names, if they tweaked their scheme slightly and used names that correlated with their accents, those signs would disappear. More telling, she said, were the inconsistencies in Anthony's digital footprint. Many of the fabricated resumes sent to Socure in recent months had big marquee names that made them stand out. Google, Meta, Amazon, and Netflix were often included and the job applicants claimed to have been responsible for the most innovative and interesting products at those companies. A quick check with certain internal staff who worked at Meta during the time Anthony claimed to be there revealed no one knew him. Another flag was the immaturity of Anthony's digital identity. His email address and phone number had been connected to his name for only a matter of weeks. Usually, people have phone numbers and email addresses linked to them going back years, she noted. And despite a LinkedIn profile matching his work history and displaying the bright green 'Open to work' banner, Anthony didn't have much going on with connections, posts, or likes on the platform. It was unusual for someone with an extensive tech background. However, the last thing a company should do is to create more friction and drama that would make it more difficult for legitimate job candidates, she said. Plus, while the North Korean IT worker scam creates risk to hiring companies, there are plenty of reverse schemes that target job seekers. A woman contacted Socure and told the company she had been interviewed for a job by a fake HR person and scammed out of thousands of dollars after providing her name, ID, and bank account details thinking she had been hired. It creates the need for a delicate balance, said Little. Companies need to protect themselves from fraudulent hires, but can't create so much friction that legitimate candidates find it too difficult to apply for a job. Little suggested that companies integrate passive ID verification into their HR platforms to check identity in the background without requiring upfront ID from candidates. Careful interview techniques that probe for scripted responses or the use of AI in the midst of conversation plus digital footprint clues can also help reveal fraudulent job seekers. 'I've almost never seen such an intersection of fraud, money laundering, and sanctions violations,' said Little. 'It's a perfect storm.' This story was originally featured on
