Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Cryptohack Roundup: Delta Prime, Ethena Exploits
Also: US SEC Settles With Prager Metis, Rari CapitalEvery week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Delta Prime and Ethena were hacked, Lazarus' funds were frozen, the SEC settled with Prager Metis and Rari Capital, Sam Bankman-Fried sought a new trial, the SEC accused NanoBit and CoinW6 of scams, the CTFC sought to fight pig butchering, and Wormhole integrated World ID and Solana.
See Also: 2021 Analysis of Geographic Trends in Cryptocurrency Adoption and Usage
Delta Prime Hack
Decentralized finance platform Delta Prime lost more than $4.5 million in a cyberattack, on-chain security platform Cyvers said, adding that the potential for further losses exists.
Hackers stole a private key to gain control of the wallet that managed Delta Prime's proxy contracts, and then modified those contracts to point to malicious ones, allowing them to drain funds from the platform's pools.
Ethena Hack
Ethena Labs, the team behind the decentralized synthetic dollar protocol, temporarily deactivated its front end after hackers compromised its domain registrar account. The company warned users not to interact with any site claiming to be the Ethena front end. While the company claims that the protocol and funds remain secure, the nature of the breach is still unknown. In front-end attacks, hackers replace legitimate websites with malicious ones to steal user funds.
Exchanges Freeze Lazarus Funds Worth $5M
North Korean hacking group Lazarus lost access to nearly $5 million in stablecoins after issuers such as Tether, Circle, Techteryx and Paxos froze funds linked to the threat actor. The freeze followed an investigation led by blockchain analyst ZachXBT, which uncovered that Lazarus laundered over $200 million in stolen crypto across 25 hacks in three years.
SEC-Prager Metis Settlement
The U.S. Securities and Exchange Commission settled with audit firm Prager Metis, which agreed to pay $1.95 million over misconduct claims related to its audits of the now-defunct cryptocurrency exchange FTX. The SEC accused Prager of issuing misleading audit reports between February 2021 and April 2022 that misrepresented FTX's financial position and failed to meet professional auditing standards. The SEC also cited Prager for not disclosing risks tied to FTX's relationship with Alameda Research.
SBF Seeks New Trial
Former FTX CEO Sam Bankman-Fried is seeking a new trial, claiming that his case was mishandled. His lawyer criticized U.S. District Judge Lewis Kaplan, claiming that he unfairly blocked Bankman-Fried from presenting evidence and was presumed guilty by the court. The appeal argues the jury was not given the full picture, particularly regarding FTX's solvency and Bankman-Fried's reliance on legal advice. Bankman-Fried was convicted of defrauding FTX customers and is serving a 25-year prison sentence, currently in the Brooklyn Metropolitan Detention Center.
SEC Accuses NanoBit, CoinW6 of Scams
The U.S. Securities and Exchange Commission accused two fake crypto platforms, NanoBit and CoinW6, of defrauding investors. The complaints allege that scammers used social media platforms such as WhatsApp, LinkedIn and Instagram to lure investors into pig-butchering scams. Victims were falsely promised high returns from crypto investments, but their funds were stolen and wired abroad.
CFTC Partners With Other Agencies to Combat Pig Butchering
The U.S. Commodity Futures Trading Commission is ramping up efforts to combat pig-butchering crypto investment scams through partnerships with organizations such as the American Bankers Association Foundation and the U.S. Securities and Exchange Commission Office of Investor Education and Advocacy. The scams are costing Americans billions annually. Chainalysis in August reported that scammers now prefer pig butchering to more elaborate Ponzi schemes. The CFTC's Office of Customer Education and Outreach aims to create educational tools, such as infographics and investor alerts, to help the public recognize and avoid these relationship-based fraud schemes.
SEC-Rari Capital Settlement
The U.S. Securities and Exchange Commission has settled charges against DeFi platform Rari Capital and its co-founders for misleading investors and operating as unregistered brokers. Rari co-founders Jai Bhavnani, Jack Lipstone and David Lucid falsely claimed that their Earn pools would automatically rebalance investments, but this process was done manually and sometimes neglected, the release says. The SEC alleged that more than $1 billion in assets was locked in Rari's pools at their peak, and the governance tokens offered to Earn pool investors were deemed unregistered securities. Following a hack in May 2022 that resulted in the theft of $80 million, Rari Capital stopped taking new deposits and began winding down operations.
Wormhole Integrates World ID with Solana
Blockchain protocol Wormhole integrated World ID with the Solana blockchain, allowing developers to easily incorporate the Worldcoin ID system into their applications. The move aims to help developers build apps that prioritize verification of "real humans," the release says. Funded by a Worldcoin Foundation grant, Wormhole's work expands access to World ID, which previously was mainly available to Ethereum developers. World ID, tied to the broader Worldcoin project co-founded by OpenAI CEO Sam Altman, uses biometric verification to assign digital IDs and combat AI-powered impersonation. The project is under scrutiny over privacy concerns in multiple countries.