Latest news with #Redbord
Yahoo
3 days ago
- Business
- Yahoo
Crypto kidnappings on the rise as criminals resort to "wrench attacks"
The recent case of an Italian tourist who was kidnapped in New York City and tortured by people allegedly after his cryptocurrency is drawing attention to a rash of crimes dubbed "wrench attacks," which combine cybertheft with old-fashioned thuggery. The term stems from an XKCD comic that depicts a "crypto nerd's imagination" of the tech know-how that would be required to break into their digital wallet. In reality, the comic notes, all it would take is a heavy $5 wrench to threaten the crypto owner until they revealed their account password. Such attacks have picked up in recent months, partly because stealing a digital wallet can be easier than stealing money from a traditional bank account, said Ari Redbord, global head of policy and government affairs at TRM Labs, a crypto tracing firm. On top of that, the value of bitcoin has surged in recent months, making people with crypto holdings potentially lucrative targets for criminals. "Criminals go to where the money is, and we're seeing a huge rise in the price of bitcoin," Redbord said. "Before, you needed sophisticated cyber capabilities to hack someone, but now you can be a violent criminal who can beat [the password] out of someone." He added, "I don't think I've ever been as taken aback by this type of illicit activity in crypto." The crypto world also has a culture of flaunting wealth via social media posts or appearances at crypto conference, which allows criminals to easily identify potential targets. Bitcoin traded Friday at nearly $105,000 per token, according to CoinDesk — about 53% higher than a year ago. The digital currency has soared partly as people seek alternatives to put their money than traditional investments like stocks and bonds, and as the Trump administration takes steps to promote the use of cryptocurrencies, including establishing a "strategic crypto reserve." How to crack a wallet Cryptocurrency thefts aren't new, but they've typically involved hacking, such as a massive 2022 hack at crypto exchange Binance in which thieves initially stole $570 million, as well as multiple hacks by entities the United Nations found were linked to North Korea. In response to such threats, crypto owners often try and keep their private keys off the internet and stored in what are called "cold wallets." When used properly, such wallets can defeat even the most sophisticated and determined hackers. But criminals have realized they don't need any technical skills to steal crypto assets, Redbord said. All it takes is gaining access to a person's crypto account password, because there's no third-party financial institution standing in the way of accessing funds held in a digital wallet, he explained. Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another. NYC crypto kidnapping The case in New York City is somewhat unusual because it involves crypto investors allegedly trying to steal the assets of another investor, Redbord said. In that case, investors John Woeltz, 37, and William Duplessie, 33, face charges of kidnapping, assault and unlawful imprisonment of the Italian tourist in an effort to steal his digital wallet containing bitcoin worth millions of dollars. Court papers allege that the pair held the unidentified 28-year-old victim for weeks in an apartment in New York City's fashionable Soho neighborhood. After the victim was abducted, he was shocked with electric wires, his leg was cut with a saw and he was forced to smoke crack cocaine, prosecutors allege. Items including a photo of a gun held to the Italian tourist's head were found in the apartment by investigators. Two New York City police detectives had been working security for the accused kidnappers, CBS News New York has reported. The detective have been placed on desk duty as police investigate. Such incidents have also occurred with increasing frequency in Europe and Asia. Several cases in France have mirrored the New York City attack, with French police arresting 20 people following several alleged kidnapping plots involving crypto investors and their families, the BBC reported earlier this week. In one case, a gang allegedly tried to kidnap the daughter and young grandson of a cryptocurrency company executive in Paris, while earlier this month the father of a crypto millionaire was rescued by police in Paris after he was kidnapped and held for ransom. Aside from keeping a lower profile, crypto investors can take other steps to make it tougher for criminals, Redbord said. One option is to require permissions from several people to access a wallet, for instance. In the meantime, criminals are taking note and may be pursuing similar crimes, he added. "They are seeing successes and trying to replicate these successes," Redbord said. Extended interview: Capitol police chief Thomas Manger on one of "worst days in this job," more Key takeaways from Trump's event with Musk as he departs post Trump celebrates Musk as he departs "special government employee" post with DOGE
Yahoo
05-03-2025
- Business
- Yahoo
Hackers launder most of Bybit's stolen crypto worth $1.4B
The hackers who stole around $1.4 billion in cryptocurrency from crypto exchange Bybit have moved nearly all of the robbed proceeds and converted them into Bitcoin, in what experts call the first phase of the money-laundering operation. On February 21, Bybit said that a 'sophisticated attack' on one of the company's wallets resulted in the theft of 401,346 Ethereum, worth around $1.4 billion at the time, in what is the largest crypto theft in history and possibly the largest heist of any kind ever. Blockchain monitoring firms and researchers, as well as the FBI, have accused the North Korean government of being behind the hack. Since the digital robbery, the hackers have moved all the Ethereum they stole out of the dozens of crypto wallets they originally split the proceeds between and have converted most of the funds to Bitcoin, according to Tom Robinson, the co-founder and chief scientist of crypto monitoring firm Elliptic; and Ari Redbord, a former federal prosecutor and senior Treasury official who is now global head of policy at TRM Labs, also a blockchain monitoring firm. Andrew Fierman, the head of national security intelligence at blockchain monitoring firm Chainalysis, told TechCrunch that the company is tracking around 90% of the stolen Bybit funds, 'the majority of which have been converted to [Bitcoin] and are being held in ~4,400 addresses.' "The remaining ~10% of stolen funds have been lost to fees/freezes/off-ramped,' the company said. Off-ramps are services that turn crypto into cash. During this first phase between February 24 and March 2, the North Korean hackers took steps to obscure the origins of the stolen cryptocurrency. According to Redbord, the hackers did this by mostly relying on THORSwap, a decentralized protocol that enables users to swap assets across different blockchains 'without the need for an intermediary.' These laundering steps, Redbord said, showed an 'unprecedented level of operational efficiency" from the hackers. 'This rapid laundering suggests that North Korea has either expanded its money-laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,' said Redbord. 'The scale and velocity of this operation present new challenges for investigators, as traditional anti-money laundering (AML) mechanisms struggle to keep pace with the high volume of illicit transactions.' At the same time, both Redbord and Robinson said that this is only the beginning for the hackers. 'They still have a way to go to benefit from these funds,' Robinson told TechCrunch. Do you have more information about the Bybit hack, or other crypto heists? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop. Redbord explained that, for now, the second phase has entailed depositing 'an initial tranche' of the stolen funds — now Bitcoin — into mixers, which is designed to 'create doubt in the tracing process' for investigators. Crypto mixers (or tumblers) are services designed to obscure the origin and destination of someone's cryptocurrency by mixing it with other users' funds. 'Up to this point essentially anyone with the patience and willingness could follow the flow of the Bybit funds. Mixers, though, are major hurdles for most investigators,' said Robinson. Redbord noted, however, that mixers usually receive a volume of a few million to $10 million a day so, 'whether these mixers can continue to absorb the amount of money at play is an open question.' In other words, while the hackers got a major, record-breaking amount of loot from Bybit, it's still unclear how much of it the hackers will be able to convert to cash. But there's still hope for Bybit to recover some of it, according to Robinson. 'It's likely that at least some of these funds will pass through exchanges, where they could potentially be frozen,' Redbord said. 'It's just a question of whether those exchanges are aware quickly enough that they are handling stolen assets.' After the hack, Bybit offered a total bounty of $140 million to anyone who could help trace the funds and freeze them, a process that prevents anyone else from accessing the funds. The company said it would pay 5% of the recovered funds to 'the entity that successfully froze the funds,' and 5% to whoever first reported the funds and led to them being frozen. As of this writing, Bybit has awarded only $4.3 million to 19 bounty hunters, according to the official page of the bounty. Bybit did not respond to a request for comment. Sign in to access your portfolio
