Latest news with #Fierman
Yahoo
24-03-2025
- Business
- Yahoo
Shuttered Russian Crypto Exchange Garantex Rebrands as Grinex, Global Ledger Finds
Less than two weeks after it was taken down by international law enforcement authorities, Garantex — a Russian crypto exchange popular with ransomware gangs and sanctions-evading oligarchs — has allegedly already risen from the ashes, rebranding itself as Grinex. According to a new report from Swiss blockchain analytics firm Global Ledger, a slew of on and off-chain data indicates that Grinex is a direct successor to Garantex. Some liquidity from Garantex, including all of Garantex's holdings of a ruble-backed stablecoin called A7A5, has already been moved to Grinex-controlled wallets. Global Ledger CEO Lex Fisun told CoinDesk that, in addition to on-chain data connecting Garantex to Grinex, there have been numerous off-chain indications that the two exchanges are intimately connected. Fisun pointed to the rapid growth of Grinex, which he said had surpassed $40 million in volume in just two weeks, as well as a host of social media ties between the two exchanges. Though other major blockchain analytics companies, including TRM Labs and Chainalysis, have yet to confirm Global Ledger's findings, Chainalysis' Head of National Security Intelligence Andrew Fierman told CoinDesk that he had seen several indicators that Grinex was likely to be the rebrand of Garantex. Fierman pointed to a recent Telegram comment from Sergey Mendeleev, one of the original founders of Garantex, announcing the creation of Grinex and claiming any similarities between the two exchanges were random — followed by two crying laughing emojis. Both Fierman and Fisun told CoinDesk that there were numerous reports of Garantex users going to Garantex's in-person offices in Europe and the Middle East and transferring their crypto from Garantex to Grinex. Both also pointed out the similarities in the two platforms' user interfaces. Though the evidence is certainly compelling, Fierman said that until Chainalysis completes its review of Grinex's infrastructure, it cannot definitively validate the accuracy of Global Ledger's report. But, if Grinex is, in fact, a rebrand of Garantex, it wouldn't be the first time that a sanctioned exchange remade itself after a shutdown. In 2017, Russian crypto exchange BTC-E was taken down by American law enforcement, and subsequently rebranded as WEX. WEX didn't last long though — it shuttered a year later due to internal conflict and in-fighting among its remaining leadership. Similarly, sanctioned Russian exchange Suex rebranded as Chatex, and was subsequently sanctioned again. The trouble with sanctions The fast revival of Garantex demonstrates the challenge of sanctions, especially against criminal operations like non-compliant exchanges, darknet marketplaces and ransomware gangs that can simply morph to avoid detection. 'Sanctions evasion is going to happen,' Fierson said. 'Because if you're sanctioned, you aren't just going to accept that you can no longer conduct any financial transactions. You are going to look to avoid detection, however that may be, whether it be through creating shell companies, creating new crypto wallets — and the larger the operation, and the more prominent, the more technically advanced you'd have to be to actually make it work.' Feirson said this problem isn't unique to crypto, but crypto-related sanctions offer law enforcement a unique opportunity to follow the money after sanctions are put in place. 'The unique aspect to the blockchain is that it's transparent and immutable, and so what happens when a company gets shut down is a lot more examined,' Fierson said. 'There's a lot more to examine on-chain. Garantex gets shut down, their Tether holdings get seized, but that doesn't stop them from moving other assets. There's opportunity to monitor what happens to those funds post-official shutdown.' A hydra-like network of potential successors Whether Grinex is Garantex 2.0 or not, there are a number of other non-compliant Russian crypto exchanges eager and willing to take its place. Ari Redbord, global head of policy and government affairs at TRM Labs, told CoinDesk that it was simply 'too early' to definitively assess the relationship between Grinex and Garantex. 'That said, it is clear that other high-risk non-compliant exchanges will try to fill the illicit finance void left by Garantex,' he added. A recent client report from TRM Labs named several possible successors, including high-risk Russian exchanges ABCEX and Keine-Exchange. Garantex take down Garantex was dismantled by international law enforcement from the U.S., Germany and Finland in a joint operation earlier this month, which seized its domain and servers. The U.S. Treasury's Department of Foreign Asset Control (OFAC) first sanctioned the exchange in 2022, accusing it of knowingly facilitating money laundering for ransomware gangs like Black Basta and Conti, as well as darknet markets like Hydra. According to court documents, Garantex's clientele also included North Korea's state-sanctioned hacking squad The Lazarus Group, which was behind the recent $1.4 billion Bybit hack, as well as Russian oligarchs who used the service to evade sanctions after Russia's invasion of Ukraine. Two of Garantex's operators, Lithuanian national and Russian resident Aleksej Besciokov and Russian citizen and United Arab Emirates resident Aleksandr Mira Serda have been charged with money laundering conspiracy in connection with their work with Garantex. Besciokov was arrested while vacationing with his family in India earlier this month, and is expected to be extradited to the U.S. to face charges.
Arabian Business
28-02-2025
- Business
- Arabian Business
Analysis: Inside the $1.5bn Bybit hack – ‘The largest digital heist in crypto history'
The $1.5 billion cryptocurrency theft from Bybit last week marks an unprecedented milestone in digital asset security breaches, according to blockchain analysis firm Chainalysis. 'The Bybit hack of $1.5 billion worth of ETH is the largest digital heist in the history of cryptocurrency,' said Andrew Fierman, Head of National Security Intelligence at Chainalysis. In a single operation attributed to North Korean hackers, attackers stole more cryptocurrency than the hermit kingdom allegedly purloined in all of 2024. North Korean cyber actors have stolen approximately $1.5 billion in Ethereum from Bybit—a cryptocurrency exchange—and are dispersing the stolen assets across addresses on multiple blockchains. The FBI recommends blocking transactions with these addresses: — FBI (@FBI) February 27, 2025 'This single attack accounts for more funds stolen by North Korea than was stolen in all of 2024,' Fierman told Arabian Business. Data from Chainalysis' December 2024 report reveals a dramatic escalation in North Korean crypto theft, with hackers linked to the nation stealing approximately $1.34 billion across 47 separate incidents last year – up 102.88 per cent from the $660.50 million stolen in 20 incidents during 2023. These North Korean operations represented 61 per cent of all cryptocurrency stolen globally in 2024 while accounting for just 20 per cent of total theft incidents. The February 21 theft, which saw 401,000 Ethereum stolen through what Bybit described as a 'manipulation of the transfer process during a planned routine transfer' on one of its cold wallets, has put a spotlight on the increasingly sophisticated nature of state-sponsored crypto theft. Cold wallet, hot target Cold wallets – cryptocurrency storage not connected to the internet – were once considered nearly impregnable. The Bybit hack demonstrates how even these security measures have become vulnerable to advanced actors. The FBI has linked the theft to two well-known hacker groups—TraderTraitor and the Lazarus Group, which have a history of targeting cryptocurrency platforms and financial institutions. Blockchain security firm Certik has called the incident the largest breach in blockchain history. 'This dispersion is a common tactic used by North Korean hackers in an attempt to obfuscate the trail and hinder tracking efforts by blockchain analysts,' Fierman explained. 'After moving the 401,000 ETH to addresses under their control, the hackers behind the Bybit theft moved the assets through a complex web of intermediary addresses, before swapping significant portions of the stolen ETH for tokens including BTC and DAI.' The hackers' playbook has become increasingly sophisticated, utilising decentralised exchanges, cross-chain bridges, and no-KYC instant swap services to move assets across networks. Some funds deliberately remain idle – a strategic move to outlast the intense scrutiny that follows high-profile thefts. Industry response and recovery Despite the hackers' sophistication, the crypto industry has mobilised a rapid response. 'We've already worked with partners in the industry, including Mantle and Tether, to recover over $42 million of the stolen funds,' Fierman said. Bybit, which serves over 60 million users globally, has demonstrated remarkable resilience. The company processed more than 350,000 withdrawal requests within 12 hours of the hack and secured a bridge loan from partners enabling it to recover nearly 80 per cent of the stolen Ethereum. Co-founder and CEO Ben Zhou has responded to the FBI's findings by posting on social platform X, linking to a website offering $140 million in rewards for tracking and freezing the stolen assets through other exchanges. This incident follows several major disruptions that have shaken the crypto industry in recent years. While FTX's 2022 collapse was due to fraud rather than hacking, it resulted in approximately $8 billion in missing customer funds. Other significant breaches include the 2022 Ronin Bridge hack, where North Korean actors stole $620 million, and the 2018 Coincheck exchange breach that saw $530 million in NEM tokens stolen. In a sign of the company's continued progress despite the breach, Bybit announced Thursday it had received In-Principle Approval from the Securities & Commodities Authority to establish itself as a Virtual Asset Platform Operator in the United Arab Emirates. 'We are honoured to have received the IPA from SCA. This approval marks a crucial step in our journey to providing secure and transparent crypto trading solutions,' said Zhou, as the world's second-largest cryptocurrency exchange by trading volume continues its expansion. The nuclear connection The scale and sophistication of the theft highlight the evolution of North Korea's cyber capabilities, which have become a crucial funding source for the isolated nation. 'Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions,' Fierman said. South Korea's intelligence agency estimates that North Korea has stolen approximately $1.2 billion in digital assets over the past five years, while a United Nations panel is investigating 58 cyberattacks linked to North Korea between 2017 and 2023, reportedly resulting in $3 billion in stolen funds which officials suspect may have been used for military purposes. The United Nations has previously stated that North Korea directs proceeds from cryptocurrency theft toward its nuclear weapons program – giving these digital heists real-world geopolitical implications. While the theft represents a significant security breach, blockchain technology actually offers advantages in tracking stolen funds that traditional financial systems cannot match. 'The ability to follow stolen funds in real-time like this wouldn't be possible in traditional financial channels,' Fierman noted. The FBI has urged private sector entities to block transactions linked to addresses associated with what it calls the 'TraderTraitor' operation, leveraging the transparency of blockchain technology to help contain the damage. The attack has impacted investor confidence, contributing to cryptocurrency market volatility. Bitcoin, which recently peaked at over $100,000 last month, traded at around $82,000 on Thursday. As cryptocurrency adoption continues to grow globally, with exchanges like Bybit expanding their regulatory footprint across jurisdictions including India, Georgia, Kazakhstan, and Turkey, the industry faces the dual challenge of fostering innovation while defending against increasingly sophisticated threats. The Bybit hack serves as both a watershed moment for crypto security and a testament to the industry's growing importance in global finance – important enough to attract the attention of nation-state actors with nuclear ambitions.
