| Eurojust | European Union Agency for Criminal Justice Cooperation
eurojust.europa.eu
Eurojust Press Team

Nine people suspected of money laundering have been arrested during a synchronised operation that took place in three countries at the same time. The suspects set up a cryptocurrency money laundering network that scammed victims out of over EUR 600 million. Eurojust, the EU’s judicial cooperation hub, ensured that French, Belgian, Cypriot, German and Spanish authorities worked together to take the network down.

The members of the network created dozens of fake cryptocurrency investment platforms that looked like legitimate websites and promised high returns. They recruited their victims using a variety of methods such as social media advertising, cold calling, fake news articles and fake testimonials from celebrities or successful investors.

When victims would transfer cryptocurrency to the platforms, they were never able to recover their money. The crypto assets earned through the various scams were then laundered using blockchain technology. The criminals were able to launder approximately EUR 600 million.

Investigations into the network started when authorities received several complaints from victims. Eurojust ensured that the authorities were able to work together in a fast and efficient manner by setting up a joint investigation team between French and Belgian authorities. As other countries had to be involved during the actions, Eurojust brought prosecutors and investigative judges from France, Belgium, Cyprus, Spain and Germany together to plan the takedown of the network.

Actions against the suspects took place on 27 and 29 October and were coordinated from the Eurojust premises in The Hague. Nine suspects were arrested at their homes in Cyprus, Spain and Germany on suspicion of their involvement in money laundering from fraudulent activities. At the same time, searches took place that resulted in the seizure of EUR 800 000 in bank accounts, EUR 415 000 in cryptocurrencies and EUR 300 000 in cash.

The actions were carried out by the following authorities:

France: Investigative Judge of the Court of Paris JUNALCO (National Jurisdiction against Organised Crime) - Cybercrime Unit; Gendarmerie Nationale - Cyber Unit
Belgium: PPO Limburg; Investigating Judge of the Court of 1st Instance in Limburg; Federal Judicial Police Limburg
Cyprus: Attorney General's Office; MOKAS; Cyprus Police
Germany: Public Prosecutor’s Office Cologne; Cologne Criminal Police
Spain: PPO Barcelona - International Cooperation Section; Investigative Court num 5 in Vilanova i la Geltrú; Mossos d’Esquadra (Cybercrime Central Area); Policía Nacional (Cybercrime Central Unit and Barcelona and Oviedo Provincial Brigade of Judicial Police)

securityweek.com - The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments.

The non-profit MITRE Corporation on Monday released Adversarial Actions in Digital Asset Payment Technologies (AADAPT), a cybersecurity framework designed to help the industry tackle weaknesses in cryptocurrency and other digital financial systems.

Modeled after the MITRE ATT&CK framework, AADAPT delivers a structured methodology that developers, financial organizations, and policymakers can use to find, investigate, and address risks in digital asset payments.

Insights that more than 150 sources from academia, government, and industry provided on real-world attacks on digital currencies and related technologies were used to create a playbook of adversarial TTPs linked to digital asset payment technologies.

The increased use of cryptocurrency has led to the emergence of sophisticated threats, such as phishing schemes, ransomware campaigns, and double-spending attacks, often with severe impact on organizations that lack cybersecurity resources, such as local governments and municipalities.

AADAPT is meant to help them enhance their stance through practical guidance and tools that specifically cover this financial market segment.

According to MITRE, AADAPT was founded on an in-depth review of underlying technologies such as smart contracts, distributed ledger technology (DLT) systems, consensus algorithms, and quantum computing, along with vulnerabilities and credible attack methods.

The tool supports critical use cases to help develop analytics for emulating threats, create detection techniques, compare insights, and assess security capabilities to prioritize decisions, essentially assisting stakeholders in adopting best practices.

“Digital payment assets like cryptocurrency are set to transform the future of global finance, but their security challenges cannot be ignored. With AADAPT, MITRE is empowering stakeholders to adopt robust security measures that not only safeguard their assets but also build trust across the ecosystem,” MITRE VP Wen Masters said.

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.

Microsoft observed North Korean threat actor Citrine Sleet exploiting the CVE-2024-7971 zero-day vulnerability in Chromium. Citrine Sleet targets the cryptocurrency sector for financial gain.

Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

In a recent regulatory development, the European Union (EU) has voted to ban cryptocurrency payments to "hosted wallets" using unidentified self-custody crypto wallets.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.

This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers.

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.

Hackers pushed out a malicious version of a software library made by crypto company Ledger, which powers several web3 applications.

A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.

The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain.

Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.

The FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto.

Nadeam Nahas, 39, of Norwell, MA is facing charges of allegedly running a secret cryptocurrency mining operation out of a crawlspace at a middle school.

The world’s most prolific crypto thieves have used Sinbad.io to launder tens of millions. Its creator, “Mehdi,” answers WIRED’s questions.

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.

Every year, we publish our estimates of illicit cryptocurrency activity to demonstrate the power of blockchains’ transparency – these kinds of estimates aren’t possible in traditional finance – and to teach investigators and compliance professionals about the latest trends in cryptocurrency-related crime that they need to know about. What could those estimates look like in a year like 2022? Last year was one of the most tumultuous in cryptocurrency history, with several large firms imploding, including Celsius, Three Arrows Capital, FTX, and others — some amid allegations of fraud.

The charges were part of an intensifying effort by federal law enforcement agencies, in conjunction with European partners, to combat international cryptocurrency schemes and illegal transactions.