oag.dc.gov September 8, 2025
Lawsuit Alleges That 93% of Deposits to Athena Bitcoin, Inc. Are From Scams That Target Vulnerable Residents & Seniors & That Athena Profits from Illegal, Hidden Fees
Attorney General Brian L. Schwalb today sued Athena Bitcoin, Inc. (Athena), one of the country’s largest operators of Bitcoin Automated Teller Machines (BTMs), for charging undisclosed fees on deposits that it knows are often the result of scams, and for failing to implement adequate anti-fraud measures. When users discover they have been scammed and seek refunds, Athena imposes a strict “no refunds” policy on their entire transactions—even failing to return the significant undisclosed fees it collects from scam victims.
An investigation by the Office of the Attorney General (OAG) showed that Athena BTMs appeal to criminals because Athena fails to provide effective oversight, creating an unchecked opportunity for illicit international fraud. Athena BTMs are most frequently used by scammers targeting elderly users who are less familiar with cryptocurrency and less likely to report fraud. According to the company’s own data from its first five months of operations in the District:
93% of all Athena BTM deposits were the direct result of scams;
Nearly half of all deposits were flagged to Athena as the product of fraud;
Victims’ median age was 71; and
The median amount lost per scam transaction was $8,000, with one victim losing a total of $98,000 in nineteen transactions over a period of several days.
“Athena’s bitcoin machines have become a tool for criminals intent on exploiting elderly and vulnerable District residents,” said Attorney General Schwalb. “Athena knows that its machines are being used primarily by scammers yet chooses to look the other way so that it can continue to pocket sizable hidden transaction fees. Today we’re suing to get District residents their hard-earned money back and put a stop to this illegal, predatory conduct before it harms anyone else.”
Athena is one of the country’s largest BTM operators and has maintained seven BTMs in the District. BTMs allow users to purchase cryptocurrencies such as Bitcoin with cash and then deposit the cryptocurrency into a digital “wallet.” The wallet should be owned by the consumer purchasing the cryptocurrency, but in the scams conducted with Athena’s machines, exploited users send large sums of money directly to swindlers.
OAG’s lawsuit alleges Athena violates the District’s Consumer Protection Procedures Act and Abuse, Neglect, and Financial Exploitation of Vulnerable Adults and the Elderly Act by:
Facilitating financial scams. Athena is well aware that the safeguards it has implemented are insufficient to protect customers from fraud. Athena’s own logs show that during its first five months of operation in the District, 48% of all funds deposited in the company’s BTMs resulted in consumers reporting directly to Athena that they had been the victim of a scam.
Illegally profiting from hidden fees. Athena BTMs charge District consumers fees of up to 26% per transaction without clearly disclosing them at any point in the process. Bitcoin purchased through other apps and exchanges typically have fees of 0.24% to 3%. In June 2024, Athena added a confusing and misleading reference to a “Transaction Service Margin” in its lengthy Terms of Service, but the magnitude of the margin is never disclosed, nor is the word “fee” ever mentioned.
Refusing to refund victims of fraud. Athena further deceives users through a refund policy that either outright denies scam victims refunds or arbitrarily caps them, even though Athena could easily return the hidden transaction fees it pockets. Athena also requires fraud victims to sign a release that frees the company of all future liability and blames victims for not sufficiently heeding onscreen BTM warnings.
With this lawsuit, OAG seeks to force Athena to bring Athena’s operations into compliance with District law, secure restitution for victims, and penalties for the District.
A copy of the lawsuit is available here.
This case is being handled by Assistant Attorneys General Anabel Butler and Jason Jones, Investigator Lu Lagravinese, and Civil Rights and Elder Justice Section Chief Alicia M. Lendon.
Resources for District Residents
Elder financial abuse is all too common and largely underreported. It happens to people across all socioeconomic backgrounds and can be perpetrated by anyone having a connection to the senior resident, whether through a family, personal, or business relationship. Elders or vulnerable adults may be hesitant to report abuse because of fear of retaliation or lack of physical or cognitive ability to report the abuse, or because they do not want to get the alleged abuser in trouble.
Resources to help residents learn how to detect, prevent, and report abuse of the elderly or vulnerable adults are available here.
telegraph.co.uk 2025/08/17/ - Lazarus cyber gang believed to have used stolen funds to boost military and nuclear programmes
North Korean hackers have been accused of a £17m Bitcoin heist that brought down a UK-based cryptocurrency company.
Lazarus, the hermit kingdom’s notorious cyber gang, has been identified as the potential culprit behind the theft of cryptocurrency from Lykke, a trading platform incorporated in Britain.
If confirmed, it would be North Korea’s biggest-known cryptocurrency heist to target Britain. The pariah state has made billions in recent years stealing cryptocurrency to fund its military and nuclear programmes.
Lykke was founded in 2015 and operated from Switzerland but was registered in the UK. The company said last year that it had lost $22.8m (£16.8m) in Bitcoin, Ethereum and other cryptocurrencies, forcing it to halt operations.
In March a judge ordered the company to be liquidated after a legal campaign from more than 70 affected users.
North Korea was named as the potential hacker in a recent report by the Office of Financial Sanctions Implementation (OFSI), a branch of the Treasury.
“The attack has been attributed to malicious Democratic People’s Republic of Korea cyberactors, who stole funds on both the Bitcoin and Ethereum networks,” it said.
The Treasury said the OFSI did not reveal the sources of its information but that it worked closely with law enforcement.
Lazarus had been separately blamed for the attack on Lykke by Whitestream, an Israeli cryptocurrency research company.
It said the attackers had laundered the stolen funds through two other cryptocurrency companies notorious for allowing users to hide their tracks, and thus avoid money-laundering controls.
Other researchers have disagreed with the conclusions, saying it is not currently possible to determine who hacked the exchange.
Lykke was founded by Richard Olsen, a great-grandson of the Swiss banking patriarch Julius Baer, and offered cryptocurrency trading without transaction fees.
The company was run out of Zug in Switzerland’s so-called “crypto valley” but its corporate entity was registered in Britain.
In 2023, the Financial Conduct Authority issued a warning about the company, saying it was not registered or authorised to offer financial services for consumers in Britain.
Despite saying it would be able to return customers’ funds, it froze trading after the hack and officially shut down last December.
The company was liquidated in March following a winding up petition in the UK courts brought by a group of customers, who say they have lost £5.7m as a result of the company shutting down.
Interpath Advisory has been appointed to distribute the remaining funds to those who lost money. Its Swiss parent was placed into liquidation last year.
Mr Olsen was declared bankrupt in January and is the subject of criminal investigations in Switzerland, according to British legal filings. He did not respond to requests for comment.
On May 7, 2025, the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘Don’t do crime CRIME IS BAD xoxo from Prague’ and shared a SQL dump of their admin panel database in an archived file ‘paneldb_dump.zip’:
There is not much information available regarding the individual identified as 'xoxo from Prague' whose objective seems to be the apprehension of malicious ransomware threat actors. It is uncommon for a major ransomware organization's website to be defaced; more so for its administrative panel to be compromised. This leaked SQL database dump is significant as it offers insight into the operational methods of LockBit affiliates and the negotiation tactics they employ to secure ransom payments from their victims.
Trellix Advanced Research Center’s investigations into the leaked SQL database confirmed with high confidence that the database originates from LockBit's affiliates admin panel. This panel allows the generation of ransomware builds for victims, utilizing LockBit Black 4.0 and LockBit Green 4.0, compatible with Linux, Windows and ESXi systems, and provides access to victim negotiation chats.
The leaked SQL database dump encompasses data from December 18, 2024 to April 29, 2025, including details pertaining to LockBit adverts (aka ransomware affiliates), victim organizations, chat logs, cryptocurrency wallets and ransomware build configurations.
When our CEO received an invitation to appear on “Bloomberg Crypto,” he immediately recognized the hallmarks of a sophisticated social engineering campaign. What appeared to be a legitimate media opportunity was, in fact, the latest operation by ELUSIVE COMET—a threat actor responsible for millions in cryptocurrency theft through carefully constructed social engineering attacks.
This post details our encounter with ELUSIVE COMET, explains their attack methodology targeting the Zoom remote control feature, and provides concrete defensive measures organizations can implement to protect themselves.
North Korea is behind the massive crypto hack, according to several blockchain monitoring firms and a well-known researcher
Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday.
Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from…
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.
On October 16, 2024, Radiant Capital experienced a security breach resulting in the loss of approximately $50 million USD. The attack compromised three Radiant developers, all of whom are…
NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.
Data shows hackers stole around $2 billion in crypto this year, according to data analyzed by blockchain security firms.
Hackers pushed out a malicious version of a software library made by crypto company Ledger, which powers several web3 applications.
Ledger's software got hit with a serious security problem. banteg, a well-known crypto guy, tweeted that Ledger's library is messed up and now has a "drainer" in it.
Regime has trained cybercriminals to impersonate tech workers or employers, amid other schemes
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
FTX’s Sam Bankman-Fried, Chain.com CEO Deepak Thapliyal made significant donations to the humanitarian effort.
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.
