Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Cryptohack Roundup: Nigeria Drops Charges on Binance Exec
Also: Indian Hackers Gets 5 Years in Prison for Stealing $20MEvery week, ISMG rounds up cybersecurity incidents in digital assets. This week, the Nigerian government dropped charges on Binance executive Tigran Gambaryan, an Indian hacker faces five years in U.S. prison for stealing $20 million, a $4.5M Tapioca DAO exploit, Transak data breach.
See Also: 2021 Analysis of Geographic Trends in Cryptocurrency Adoption and Usage
Nigerian Govt Drops Charges Against Binance's Tigran Gambaryan
A Nigerian court ordered the release of Binance executive Tigran Gambaryan after the government dropped money laundering charges against him to allow for medical treatment abroad. Nigeria's Economic and Financial Crimes Commission withdrew the case against Gambaryan, the head of financial crime compliance at Binance and a U.S. citizen, during an open court session in Abuja, reported Reuters. The EFCC said that it would continue its money laundering case against Binance, which involves allegations of laundering more than $35 million. Gambaryan and Binance have denied the charges. Gambaryan, who had been in detention since February and held in prison, was released following diplomatic efforts and concerns over his deteriorating health. His wife, Yuki, had previously raised concerns about his condition, warning that it could cause permanent damage and affect his ability to walk. Separate tax evasion charges against Binance remain in place, with the company continuing to deny those allegations.
Coinbase Spoofer Gets 5-Year Sentence for Stealing $20M
Indian national Chirag Tomar received a five-year prison sentence in the United States for stealing over $20 million through a spoofed website mimicking Coinbase. Thirty-one-year-old Tomar and his co-conspirators launched the scheme in June 2021, creating a fake Coinbase Pro site to trick victims into providing login credentials and two-factor authentication codes, said the Department of Justice. They also posed as Coinbase customer service to gather additional information. Once they gained access, they transferred cryptocurrency to their own wallets, moving the funds through multiple addresses. Tomar used the stolen money for luxury purchases and international travel. He was arrested in December, pleaded guilty to wire fraud conspiracy in May and is now in federal custody.
$4.5M Tapioca DAO Hack
Tapioca DAO suffered a $4.5 million exploit after an attacker compromised its native token's vesting contract. The stolen funds, including $2.8 million in USDC and $1.6 million in ETH, were converted to ETH, then USDT, and bridged to the BNB Chain. Web3 security firm Fuzzland, which is assisting Tapioca DAO in recovering the stolen funds, reportedly said that the attack may involve social engineering, possibly linked to North Korean hackers. Tapioca’s treasury currently holds $4.2 million.
Transak Data Breach
Cryptocurrency payment processor Transak disclosed a data breach, warning that an attacker gained access to a vendor's system and stole user data. The breach resulted from a phishing attack that allowed the attacker to remotely access an employee's laptop and subsequently gain entry to a third-party KYC identity verification service. This exposure affected 1% of the company's user base, involving 92,554 individuals. The compromised data includes names, birthdates, identity documents such as passports and driver's licenses, and user selfies.
Transak said that no financial data, emails, phone numbers, passwords or payment card details were compromised. The Stormous ransomware group claimed credit for stealing over 300 gigabytes of data, but Transak disputed the group's claims. An extortion group active since 2021, Stormous is linked to numerous alleged breaches but has often failed to provide concrete evidence of the stolen data in prior incidents, threat intelligence firm Kela said last year. Transak said it has notified affected users via email and reported the breach to relevant data protection regulators, including the U.K. Information Commissioner's Office.
With reporting by Information Security Media Group's Mathew J. Schwartz in Scotland.