The thief's activity began shortly before the Russian invasion of Ukraine. After the invasion, the thief stopped destroying the Bitcoin and instead began transferring it to addresses identified for Ukrainian aid.
Hacker steals Bitcoins from Russia, destroys them or donates them to Ukraine
A thief has identified nearly 1,000 Bitcoin addresses they believe to have been used in connection with Russian hacking activity. This is partly backed by analysis from the blockchain research group Chainalysis, which has linked some of the wallets to Russian Solarwinds attackers and those pushing election disinformation. The thief took control of some of the wallets, destroying $300,000 worth of Bitcoin as they left messages in the transactions to make their allegations.
CFTC imposes record $3.4 billion fine on Bitcoin scammer
After finding that the South African businessman Cornelius Johannes Steynberg had run Mirror Trading International as a multi-level marketing scheme, in which he accepted 29,421 Bitcoin from at least 23,000 Americans, the CFTC has imposed a record fine. Those 29,421 BTC were priced at $1.7 billion in March 2021 — around the end of Steynberg's multi-year scam. Today they're priced at around $863 million, but unfortunately for Steynberg, the CFTC isn't using today's prices to calculate their penalties.
Steynberg has been ordered to pay a total of $3.4 billion — $1.7 billion in restitution and another $1.7 billion penalty. Steynberg was arrested in Brazil in December 2021 on an INTERPOL arrest warrant, where he has remained since pending extradition.
- "Federal Court Orders South African CEO to Pay Over $3.4 Billion for Forex Fraud", U.S. Commodity Futures Trading Commission
FBI raids home of FTX exec Ryan Salame
The FBI raided the home of Ryan Salame, the former co-CEO of FTX Digital Markets (FTX's Bahamian subsidiary). Salame was close with Sam Bankman-Fried, although it came out in bankruptcy proceedings that Salame had contacted Bahamian securities regulators during the FTX collapse to tip them off to the improper transfer of FTX client funds to Alameda Research.
Salame was also a major donor to Republican candidates in the 2022 midterm elections, splashing out around $24 million in campaign contributions. However, court filings suggest that much of the money donated to political and other causes by FTX executives may truly have been misappropriated customer funds.
Salame is, at the moment at least, not facing charges in connection to the FTX collapse. In July 2023, the Wall Street Journal reported that the search was likely a part of an investigation into Salame and his girlfriend Michelle Bond over possible campaign finance violations pertaining to Bond's 2022 congressional campaign, and was not related to FTX.
- "F.B.I. Searches Home of Top FTX Executive", The New York Times
- "Former FTX Executive Linked to Campaign-Finance Probe of New York GOP Race", The Wall Street Journal
Belgian crypto lender Bit4You suspends activities
The only Belgian crypto platform, the Bit4You crypto lender, announced they would be suspending activities after the CoinLoan crypto exchange was ordered to suspend activities after being declared insolvent.
"To date we have no indication that the virtual currencies held on behalf of our customers with CoinLoan will not be recovered," they wrote in their announcement. Reassuring!
AT&T customers suffer crypto wallet compromises reportedly totaling $15–$20 million
TechCrunch reported that attackers were able to gain access to AT&T email accounts which they then used to gain access to customers' cryptocurrency accounts. Various customers reported their accounts at exchanges including Coinbase and Gemini had been drained. One individual victim lost $134,000 from their Coinbase account.
An anonymous source corresponding with TechCrunch claims that the total amount of cryptocurrency stolen is somewhere between $15 million and $20 million. The tipster also claimed that the hackers have the ability to gain access to any AT&T account via the AT&T employee portal; AT&T has denied this and instead claimed that "the bad actors used an API access."
"Rogue developers" make off with $1.82 million from Merlin
The brand new Merlin DEX had only just launched on the zkSync Ethereum layer-2, with a public token sale beginning on April 25. The following day, they suddenly asked users to revoke permissions to the project, saying they believed there was an exploit. They later wrote: "it is with deepest regret that we have to notify you of a major fault in the structural integrity and controls of the Merlin Platform. In the early hours of this morning the several members of the Back-End Team drained all of our Contracts."
The Merlin DEX had been audited by the CertiK security firm, which stated it was working with the remaining team members to try to trace the thieves. Meanwhile, they wrote that they would be working to compensate affected users.
Some didn't seem to buy the story that the theft was carried out by a few rogue developers, accusing the entire Merlin project team of rug-pulling.
CoinLoan suspends withdrawals
The Estonian crypto exchange CoinLoan announced they were immediately suspending all operations, including withdrawals. The action came after CoinLoan was declared insolvent by an Estonian court, which mandated they suspend activities pending permission from the court.
Protos speculated that the suspension could be related to Vauld, an exchange that collapsed last July. Vauld is rumored to have tens of millions of assets on CoinLoan.
The same day as Vauld's collapse, CoinLoan implemented a withdrawal limit of $5,000/day.
- Notice of restraint on disposition , Ametlikud Teadaanded
- "Did Vauld drive CoinLoan into court-ordered liquidation?", Protos
- "CoinLoan halts all withdrawals, user services", CryptoSlate
Binance cancels Voyager acquisition
After surmounting various obstacles to acquire the assets of the bankrupt Voyager Digital crypto lending firm, Binance.US abruptly backed out of the $1.3 billion deal.
Binance cited "hostile and uncertain regulatory climate" as its reason for calling off the acquisition. A recent lawsuit from the CFTC against Binance and its CEO Changpeng "CZ" Zhao likely contributed to the cancellation, as it seems clear that Binance is being increasingly scrutinized by US regulatory and law enforcement bodies.
The acquisition had been supported by a massive majority of Voyager creditors, who were looking forward to recovering 73% of their assets trapped on the platform. Now that number is uncertain, but likely to be a good deal lower. Attorneys for Voyager estimated the recovery now would likely be between 40 and 65%.
Ordinals Finance rug pulls for at least $1 million
Ordinals Finance was a short-lived project, emerging in late February with promises to help build out a defi ecosystem on the Bitcoin blockchain.
On April 24, the project developer withdrew 256 million OFI tokens and swapped them to ETH worth around $1 million. They then laundered the funds through the Tornado Cash crypto mixer. The project creator deleted the project's Twitter account and took down its website.
"First BRC-20 wallet" UniSat launches, is immediately exploited
Over on the Bitcoin blockchain, people are abuzz over the launch of "BRC-20": a similar concept to the ERC-20 token on Ethereum that allows people to create their own tokens. The standard, which first emerged in early March, is built atop the controversial Ordinals inscription technique that was developed in January. Coins including $ORDI, $PEPE, and $MEME have been created on a blockchain that previously only supported the Bitcoin token.
Not everything has gone smoothly, though. As developers rushed to release wallets to support these new tokens, the UniSat wallet claimed to be the first. However, shortly after it launched, the developers made the Chrome extension inaccessible. They later revealed that the code had contained a vulnerability that exposed it to double-spend attacks. "Currently, we have preliminary investigation results, and out of all 383 transactions, 70 transactions have been identified as affected," they wrote.
It's not yet clear how much was stolen, but the UniSat team promised to compensate affected users. They later tweeted that they had determined the identity of the thief, though the funds have not yet been returned.