Latest news with #TRMLabs
Yahoo
a day ago
- Business
- Yahoo
Crypto kidnappings on the rise as criminals resort to "wrench attacks"
The recent case of an Italian tourist who was kidnapped in New York City and tortured by people allegedly after his cryptocurrency is drawing attention to a rash of crimes dubbed "wrench attacks," which combine cybertheft with old-fashioned thuggery. The term stems from an XKCD comic that depicts a "crypto nerd's imagination" of the tech know-how that would be required to break into their digital wallet. In reality, the comic notes, all it would take is a heavy $5 wrench to threaten the crypto owner until they revealed their account password. Such attacks have picked up in recent months, partly because stealing a digital wallet can be easier than stealing money from a traditional bank account, said Ari Redbord, global head of policy and government affairs at TRM Labs, a crypto tracing firm. On top of that, the value of bitcoin has surged in recent months, making people with crypto holdings potentially lucrative targets for criminals. "Criminals go to where the money is, and we're seeing a huge rise in the price of bitcoin," Redbord said. "Before, you needed sophisticated cyber capabilities to hack someone, but now you can be a violent criminal who can beat [the password] out of someone." He added, "I don't think I've ever been as taken aback by this type of illicit activity in crypto." The crypto world also has a culture of flaunting wealth via social media posts or appearances at crypto conference, which allows criminals to easily identify potential targets. Bitcoin traded Friday at nearly $105,000 per token, according to CoinDesk — about 53% higher than a year ago. The digital currency has soared partly as people seek alternatives to put their money than traditional investments like stocks and bonds, and as the Trump administration takes steps to promote the use of cryptocurrencies, including establishing a "strategic crypto reserve." How to crack a wallet Cryptocurrency thefts aren't new, but they've typically involved hacking, such as a massive 2022 hack at crypto exchange Binance in which thieves initially stole $570 million, as well as multiple hacks by entities the United Nations found were linked to North Korea. In response to such threats, crypto owners often try and keep their private keys off the internet and stored in what are called "cold wallets." When used properly, such wallets can defeat even the most sophisticated and determined hackers. But criminals have realized they don't need any technical skills to steal crypto assets, Redbord said. All it takes is gaining access to a person's crypto account password, because there's no third-party financial institution standing in the way of accessing funds held in a digital wallet, he explained. Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another. NYC crypto kidnapping The case in New York City is somewhat unusual because it involves crypto investors allegedly trying to steal the assets of another investor, Redbord said. In that case, investors John Woeltz, 37, and William Duplessie, 33, face charges of kidnapping, assault and unlawful imprisonment of the Italian tourist in an effort to steal his digital wallet containing bitcoin worth millions of dollars. Court papers allege that the pair held the unidentified 28-year-old victim for weeks in an apartment in New York City's fashionable Soho neighborhood. After the victim was abducted, he was shocked with electric wires, his leg was cut with a saw and he was forced to smoke crack cocaine, prosecutors allege. Items including a photo of a gun held to the Italian tourist's head were found in the apartment by investigators. Two New York City police detectives had been working security for the accused kidnappers, CBS News New York has reported. The detective have been placed on desk duty as police investigate. Such incidents have also occurred with increasing frequency in Europe and Asia. Several cases in France have mirrored the New York City attack, with French police arresting 20 people following several alleged kidnapping plots involving crypto investors and their families, the BBC reported earlier this week. In one case, a gang allegedly tried to kidnap the daughter and young grandson of a cryptocurrency company executive in Paris, while earlier this month the father of a crypto millionaire was rescued by police in Paris after he was kidnapped and held for ransom. Aside from keeping a lower profile, crypto investors can take other steps to make it tougher for criminals, Redbord said. One option is to require permissions from several people to access a wallet, for instance. In the meantime, criminals are taking note and may be pursuing similar crimes, he added. "They are seeing successes and trying to replicate these successes," Redbord said. Extended interview: Capitol police chief Thomas Manger on one of "worst days in this job," more Key takeaways from Trump's event with Musk as he departs post Trump celebrates Musk as he departs "special government employee" post with DOGE
CBS News
a day ago
- Business
- CBS News
Crypto kidnappings on the rise as criminals resort to "wrench attacks"
The recent case of an Italian tourist who was kidnapped in New York City and tortured by people allegedly after his cryptocurrency is drawing attention to a rash of crimes dubbed "wrench attacks," which combine cybertheft with old-fashioned thuggery. The term stems from an XKCD comic that depicts a "crypto nerd's imagination" of the tech know-how that would be required to break into their digital wallet. In reality, the comic notes, all it would take is a heavy $5 wrench to threaten the crypto owner until they revealed their account password. Such attacks have picked up in recent months, partly because stealing a digital wallet can be easier than stealing money from a traditional bank account, said Ari Redbord, global head of policy and government affairs at TRM Labs, a crypto tracing firm. On top of that, the value of bitcoin has surged in recent months, making people with crypto holdings potentially lucrative targets for criminals. "Criminals go to where the money is, and we're seeing a huge rise in the price of bitcoin," Redbord said. "Before, you needed sophisticated cyber capabilities to hack someone, but now you can be a violent criminal who can beat [the password] out of someone." He added, "I don't think I've ever been as taken aback by this type of illicit activity in crypto." The crypto world also has a culture of flaunting wealth via social media posts or appearances at crypto conference, which allows criminals to easily identify potential targets. Bitcoin traded Friday at nearly $105,000 per token, according to CoinDesk — about 53% higher than a year ago. The digital currency has soared partly as people seek alternatives to put their money than traditional investments like stocks and bonds, and as the Trump administration takes steps to promote the use of cryptocurrencies, including establishing a "strategic crypto reserve." How to crack a wallet Cryptocurrency thefts aren't new, but they've typically involved hacking, such as a massive 2022 hack at crypto exchange Binance in which thieves initially stole $570 million, as well as multiple hacks by entities the United Nations found were linked to North Korea. In response to such threats, crypto owners often try and keep their private keys off the internet and stored in what are called "cold wallets." When used properly, such wallets can defeat even the most sophisticated and determined hackers. But criminals have realized they don't need any technical skills to steal crypto assets, Redbord said. All it takes is gaining access to a person's crypto account password, because there's no third-party financial institution standing in the way of accessing funds held in a digital wallet, he explained. Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another. NYC crypto kidnapping The case in New York City is somewhat unusual because it involves crypto investors allegedly trying to steal the assets of another investor, Redbord said. In that case, investors John Woeltz, 37, and William Duplessie, 33, face charges of kidnapping, assault and unlawful imprisonment of the Italian tourist in an effort to steal his digital wallet containing bitcoin worth millions of dollars. Court papers allege that the pair held the unidentified 28-year-old victim for weeks in an apartment in New York City's fashionable Soho neighborhood. After the victim was abducted, he was shocked with electric wires, his leg was cut with a saw and he was forced to smoke crack cocaine, prosecutors allege. Items including a photo of a gun held to the Italian tourist's head were found in the apartment by investigators. Two New York City police detectives had been working security for the accused kidnappers, CBS News New York has reported. The detective have been placed on desk duty as police investigate. William Duplessie, who along with John Woeltz is accused of kidnapping an Italian tourist to steal his cryptocurrency holdings, is escorted out of the New York Police 13th Precinct after turning himself in on charges of kidnapping and false imprisonment, Tuesday, May 27, 2025, in New York. Yuki Iwamura / AP Such incidents have also occurred with increasing frequency in Europe and Asia. Several cases in France have mirrored the New York City attack, with French police arresting 20 people following several alleged kidnapping plots involving crypto investors and their families, the BBC reported earlier this week. In one case, a gang allegedly tried to kidnap the daughter and young grandson of a cryptocurrency company executive in Paris, while earlier this month the father of a crypto millionaire was rescued by police in Paris after he was kidnapped and held for ransom. Aside from keeping a lower profile, crypto investors can take other steps to make it tougher for criminals, Redbord said. One option is to require permissions from several people to access a wallet, for instance. In the meantime, criminals are taking note and may be pursuing similar crimes, he added. "They are seeing successes and trying to replicate these successes," Redbord said. contributed to this report.
Fast Company
a day ago
- Business
- Fast Company
These crypto detectives helped crack North Korea's latest $1.5 billion blockchain heist
Crypto criminals can't hide The single largest cryptocurrency heist in history took place one day in late February, when hackers exploited system vulnerabilities in Bybit, a Dubai-based crypto exchange, siphoning off a whopping $1.5 billion in digital assets within minutes. Bybit's security team immediately launched an investigation that would eventually involve the FBI and several blockchain intelligence companies. Among those involved from the beginning were the experts at TRM Labs, a San Francisco-based company of around 300 that analyzes the blockchain networks which power cryptocurrency transactions to investigate—and prevent—fraud and financial crimes. 'Literally from the first minutes, we were involved,' says Ari Redbord, the company's global head of policy, 'working with Bybit and law enforcement partners like the FBI to track and trace funds.' The attack was soon attributed to a North Korean state-sponsored hacker organization commonly known as Lazarus Group. Lazarus has been blamed for a series of high-profile cybercrimes in recent years, including the 2014 hack on Sony Pictures Entertainment, the 2016 digital heist from the Bangladeshi central bank and, more recently, billions of dollars in digital currency thefts. TRM was among the first to attribute the Bybit attack after detecting an overlap between the blockchain resources used here and those used in Lazarus's previous thefts. Since then, the company has harnessed its expertise in tracking crypto to keep law enforcement abreast of where the stolen funds are headed, following them from blockchain to blockchain and through clever concealment mechanisms. 'We were very much built for an investigation like this,' Redbord says. The final deadline for Fast Company's Brands That Matter Awards is this Friday, May 30, at 11:59 p.m. PT. Apply today.
CBC
2 days ago
- Business
- CBC
'Wrench attacks' subject some cryptocurrency holders to violence, kidnapping
Social Sharing Police in two cases in the United States, and one in France, allege that brutal assaults were tied to cryptocurrency-related crimes that have spilled out from behind computer screens and into the real world as the largely unregulated currency surges in value. The alleged attempted robberies fall into a category often described as a "wrench attack." It's a name popularized by an online comic that mocked how easily high-tech security can be undone by hitting someone with a wrench until they give up passwords. Wrench attacks are on the rise thanks in part to cryptocurrency's move into mainstream finance, Phil Ariss of the crypto tracing firm TRM Labs said in a recent blog post. Violence may be increasing for several reasons including that criminals believe they can get away with crypto theft because transactions are hard to trace and often cloaked by anonymity, TRM says. "As long as there's a viable route to launder or liquidate stolen assets, it makes little difference to the offender whether the target is a high-value watch or a crypto wallet," Ariss said. "Cryptocurrency is now firmly in the mainstream, and as a result, our traditional understanding of physical threat and robbery needs to evolve accordingly." In Canada, a Toronto cryptocurrency company CEO was briefly held for ransom late last year, while Montreal police are investigating last year's homicide of a 24-year-old cryptocurrency influencer. In both cases, police have been tight-lipped regarding the details or possible motives surrounding the crimes. Here's a look at some of the recent, high-profile international cases: Manhattan townhouse captivity alleged In the New York case, two American crypto investors — John Woeltz and William Duplessie — have been arrested on kidnapping and assault charges in recent days after a 28-year-old Italian man told police they tortured him to get his Bitcoin password. Attorneys for both men declined to comment. Authorities said Duplessie and Woeltz lured the victim on May 6 to an eight-bedroom townhouse in the Soho district of Manhattan, one of the city's most expensive neighbourhoods. Over the next 17 days, the man told police he was bound by the wrists, shocked with electrical wires, pistol-whipped, cut on the leg with a saw and forced to smoke from a crack pipe. At one point, he said, he was dangled from the home's top flight of stairs. Believing he would soon be killed, the victim said he agreed Friday morning to give the men access to the password. But as the men went to retrieve his computer, the victim was able to escape from the home and flag down a traffic agent on the street outside. A search of the townhouse turned up a trove of evidence, prosecutors said, including cocaine, a saw, chicken wire, body armour, night vision goggles, ammunition and Polaroid photos of the victim with a gun pointed to his head and a crack pipe in his mouth. The victim was hospitalized with injuries to his wrists consistent with being bound, cuts to his face and other injuries, authorities said. Both Duplessie and Woeltz appear to be entrepreneurs focused on cryptocurrency. In online profiles, Duplessie is listed as the co-founder and head of sourcing at Pangea Blockchain Fund and an investor in other blockchain-based companies. An email seeking comment was sent to Pangea. Woeltz has described himself in interviews as a blockchain investor who spent time in Silicon Valley before becoming involved in Kentucky's burgeoning crypto-mining industry. Lamborghini hijacking in Connecticut While the allegations are still emerging, earlier this year 13 people were indicted on federal charges in Washington, D.C., accused of combining computer hacking and money laundering with old-fashioned impersonation and burglary to steal more than $260 million US from victims' cryptocurrency accounts. Some are accused of hacking websites and servers to steal cryptocurrency databases and identify targets, but others are alleged to have broken into victims' homes to steal their "hardware wallets" — devices that provide access to their crypto accounts. WATCH | Canadian police struggle with challenges in crypto cases: Police struggling to keep pace with cryptocurrency fraudsters 4 months ago Duration 3:11 The case stemmed from an investigation that started after a couple in Danbury, Ct., last year were forced out of a Lamborghini SUV, assaulted and bound in the back of a van. An off-duty FBI agent just happened to be in the area at the time and helped police track the movements of the suspects' vehicle, according to a longform feature on the case from New York Times Magazine. Authorities allege the incident was a ransom plot targeting the couple's son — who they say helped steal more than $240 million US worth of Bitcoin from a single victim. The son has not been charged, but is being detained on an unspecified "federal misdemeanour offence" charge, according to online jail records. Police stopped the carjacking and arrested six men. Spate of incidents in France Meanwhile in France, kidnappings of wealthy cryptocurrency holders and their relatives in ransom plots have spooked the industry. Attackers recently kidnapped the father of a crypto entrepreneur while he was out walking his dog, and sent videos to the son including one showing the dad's finger being severed as they demanded millions of euros in ransom, prosecutors allege. Police freed the father and arrested several suspects. Earlier this year, men in masks attempted to drag the daughter of Pierre Noizat, the CEO and a founder of the bitcoin exchange platform Paymium, into a van, but were thwarted by a shopkeeper armed with a fire extinguisher. Noizat told a French television network that his son-in-law needed stitches as a result of the attack, and he implored authorities to do more to prevent targeted attacks. And in January, the co-founder of French crypto-wallet firm Ledger, David Balland, and his wife were also kidnapped for ransom from their home in the Cher region of central France. They also were rescued by police and 10 people were arrested. French Interior Minister Bruno Retailleau recently said security will be beefed up for crypto entrepreneurs and their families, with offers of security briefings by elite police units, priority access to emergency services and police checks of their home security.
The Star
3 days ago
- The Star
Why 'wrench attacks' on wealthy crypto holders are on the rise
New York police officers arrest John Woeltz on May 23, 2025, in New York, who was charged with kidnapping, assaulting and holding a man against his will for several weeks in an upscale Manhattan town house. — AP The headline-grabbing tale of an Italian man who said he was kidnapped and tortured for weeks inside an upscale Manhattan townhouse by captors seeking his bitcoin highlights a dark corner of the cryptocurrency world: the threat of violence by thieves seeking digital assets. The alleged attempted robbery is known as a "wrench attack.' It's a name popularised by an online comic that mocked how easily high-tech security can be undone by hitting someone with a wrench until they give up passwords. Wrench attacks are on the rise thanks in part to cryptocurrency's move into mainstream finance, Phil Ariss of the crypto tracing firm TRM Labs said in a recent blog post. "Criminal groups already comfortable with using violence to achieve their goals were always likely to migrate to crypto,' Ariss said. Some of the crypto's key characteristics help explain why wealthy individuals who hold a lot of digital assets can be ripe targets for such attacks. The draw Cryptocurrencies like bitcoin offer traders full control of their funds without the need for a bank or permission from a government to buy, sell or hold it. The trade-off is that if funds are lost or stolen, there can be no way to get them back. Self-reliance is a key ethos of crypto. Securing and controlling one's private keys, which are like passwords used to access one's crypto holdings, is viewed as sacrosanct among many in the crypto community. A popular motto is "not your keys, not your coins.' Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another. In the case in New York, where two people have been charged, a lot of details have yet to come out, including the value of the bitcoin the victim possessed. Crypto thefts Stealing cryptocurrency is almost as old as cryptocurrency itself, but it's usually done by hacking. North Korean state hackers alone are believed to have stolen billions of dollars' worth of crypto in recent years. In response to the threat of hacking, holders of a large amount of crypto often try and keep their private keys off the internet and stored in what are called "cold wallets.' Used properly, such wallets can defeat even the most sophisticated and determined hackers. But they can't defeat thieves who force a victim to give up their password to access their wallets and move money. The case in New York is the latest in a string of high-profile wrench attacks. Several have taken place in France, where thieves cut off a crypto executive's finger. Mitigation Experts suggest several ways to mitigate the threats of wrench attacks, including using wallets that require multiple approvals before any transactions. Perhaps the most common way crypto-wealthy individuals try to prevent wrench attacks is by trying to stay anonymous. Using nicknames and cartoon avatars in social media accounts is common in the crypto community, even among top executives at popular companies. – AP
