Lazarus Group has long been a strong player in cybercrime, specifically targeting bitcoin exchanges and financial institutions. According to Cointelegraph, the North Korean-backed hacking organisation has stolen billions of dollars while using advanced evasion tactics.

On February 21, the organisation pulled off its largest known robbery, stealing $1.4 billion from Bybit. Blockchain investigator ZachXBT linked the attack to an $85 million breach of Phemex, as well as intrusions at BingX and Poloniex, reinforcing suspicions that North Korea’s cyber army was behind the theft.

Since 2017, Lazarus Group has stolen an estimated $6 billion from the crypto sector, according to Elliptic. A United Nations report suggests these stolen funds help finance North Korea’s weapons program.

Lazarus Group: Who’s behind it?

The US Treasury identifies Lazarus as being controlled by North Korea’s Reconnaissance General Bureau (RGB), the country’s intelligence agency. The FBI has publicly named three North Korean hackers tied to the group, also known as APT38.

• Park Jin Hyok: Charged in 2018, allegedly linked to the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist ($81 million stolen), and the 2017 WannaCry ransomware attack.
• Jon Chang Hyok & Kim Il: Indicted in 2021 for financial cybercrimes, including cryptocurrency theft and laundering operations for the North Korean regime.

Jon allegedly developed malicious crypto applications used to infiltrate financial institutions, while Kim helped coordinate crypto-related heists and fraudulent ICOs.

The Bybit hack: How it happened

Shortly before the Bybit breach, North Korea reaffirmed its plans to expand its nuclear arsenal, while the US, South Korea, and Japan called for denuclearisation. Days later, Lazarus struck.

Security analysts quickly recognised familiar tactics. “Within minutes of ETH moving out of Bybit’s wallet, we saw Lazarus’ unique fingerprint,” said Fantasy, an investigator at crypto insurance firm Fairside Network.

The hackers used a phishing attack to compromise Bybit’s security, disguising their operation with a fake version of Bybit’s wallet management system. This allowed them to transfer 401,000 Ether ($1.4 billion) to wallets under their control, according to blockchain forensics firm Chainalysis.

Once the funds were stolen, the laundering process began. Investigators found that parts of the funds were converted into Bitcoin and Dai, using decentralised exchanges, cross-chain bridges, and no-Know Your Customer (KYC) swap services.

One platform, eXch, was identified as a laundering tool but has refused to freeze the stolen assets despite industry-wide intervention.

A significant portion of the funds remains spread across multiple wallets— a common tactic used by North Korean hackers to evade detection.

Crypto theft and social engineering

Lazarus Group has escalated its attacks on the crypto industry, stealing $1.34 billion across 47 breaches in 2024, more than double the $660.5 million stolen in 2023, according to Chainalysis.

The firm reports that private key compromises accounted for 43.8% of all crypto hacks that year. This method was used in the $305-million DMM Bitcoin breach and the $600-million Ronin hack—both attributed to Lazarus.

Beyond large-scale hacks, the group also engages in long-term social engineering schemes. Microsoft Threat Intelligence has identified a North Korean subgroup called Sapphire Sleet (Bluenoroff), which targets cryptocurrency firms and corporate networks.

Posing as recruiters and venture capitalists, these operatives lure victims into fake job interviews and investment scams, deploying malware to gain access to financial accounts. Over six months, they reportedly stole over $10 million through these tactics.

Infiltrating the global tech workforce

North Korea’s cyber operations extend beyond hacking. Thousands of North Korean IT workers operate remotely across Russia, China, and other regions, using AI-generated profiles and stolen identities to land high-paying tech jobs.

Once inside companies, these workers steal intellectual property, extort employers, and funnel earnings to the regime.

In August 2024, ZachXBT exposed 21 North Korean developers earning $500,000 per month by embedding themselves in cryptocurrency startups.

A federal court in St. Louis later unsealed indictments against 14 North Korean nationals, accusing them of:

• Sanctions violations
• Wire fraud & identity theft
• Laundering millions for the North Korean regime

These individuals reportedly worked for Yanbian Silverstar and Volasys Silverstar, North Korean-controlled tech firms operating in China and Russia.

The US Department of Justice estimates that these operatives earned at least $88 million over six years, with some required to send $10,000 per month back to the North Korean government.

A persistent cyber threat

Despite global scrutiny, Lazarus Group continues to evolve its tactics, adapting to new security measures and increasing its reach into financial and tech sectors.

Billions in stolen cryptocurrency, deep infiltration of global tech firms, and an expanding network of fraudulent IT workers highlight North Korea’s growing cyber capabilities.

While US authorities have intensified efforts to crack down on these operations through federal indictments and cyber task forces, Lazarus remains one of the world’s most active cybercrime syndicates.

With an ability to shift tactics and evade detection, the threat posed by Lazarus Group is far from over.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post The rise of Lazarus Group from Sony hacks to billion dollar crypto heists appeared first on TechWire Asia.

• Binance back in business.
• Fiat currency exchanges now possible for US traders.
• International competition for geographic hub status.

US cryptocurrency platform, Binance.US has revealed it is accepting US dollar deposits and withdrawal after restoring USD fiat services. Customers of Binance.US can withdraw and deposit USD via ACH bank transfers with no fees and continue to use the platform’s features, including buying, selling, and converting the platform’s accepted 160 cryptocurrencies.

The re-opening of full trade comes 19 months after Binance.US paused USD transactions, which the company stated was “due to escalating regulatory challenges.” A key motive behind the move to limit its activities was the legal action taken against Binance, its founder and CEO Changpeng Zhao, and operator of its US exchange by the US Securities and Exchange Commission (SEC).

The SEC accused Binance of falsely inflating trading volumes to create a misleading impression of market activity. The company was also alleged to have misused customer funds, allowing US users to access its platform despite ongoing restrictions, and deceiving investors about its ability to monitor and prevent fraudulent trading activities.

At the time, Binance.US cited the SEC’s “extremely aggressive and intimidating tactics” as a primary reason for disruptions to its services.

During the suspension, the company announced that it was functioning as a “crypto-only exchange,” dealing with crypto-denominated deposits, trading, and withdrawals, not fiat currencies.

Binance back in business

The latest round of restoration of services came after a great deal of change in the cryptocurrency landscape, including Zhao stepping down as CEO and Binance reaching a settlement in the case by agreeing to pay US$4 billion to the US government. The US’s new president is highly supportive of cryptocurrency, and several cryptocurrency exchanges that had previously withdrawn from the US, due to strict regulations under the Biden administration, are now returning.

Interim CEO of Binance.US, Norman Reed, commenting on the significance of restoring fiat (USD) transactions, said, “The marks one of the most important chapters for Binance.US since July 2023, when we were forced to begin operating as a crypto-only platform. We have been looking forward to the day that we would be able to offer full USD services again.”

The new lease of life for Binance.US could be an indication of the market shifting toward a more stable and regulated environment, or, depending on your point of view, a less-regulated arena in which exchanges can act with greater degree of impunity.

International jostling for position

The current rise in the value of Bitcoin – due in part to the US administration’s proposals to include cryptocurrency in federal reserves and the incumbent president’s welcoming approach to digital currencies – has given fresh impetus to other geographies to position themselves as cryptocurrency ‘hubs’. Hong Kong and Singapore have taken steps to amend or enact regulatory measures that are accepting of cryptocurrencies, and various other APAC countries are circling the possibilities that digital currencies purport to offer.

Last year, Singapore’s Monetary Authority gave out more than a dozen MPI (major payment institution) licences to cryptocurrency exchanges, including Coinbase and Blockchain.com, up from the four such licences it granted in 2023.

Hong Kong’s licensing regulations are somewhat tighter than Singapore’s, due in part to the territory’s close ties with mainland China. The Chinese administration has a selectively positive and sometimes mercurial attitude to cryptocurrencies. As of the end of 2024, Hong Kong had licensed seven cryptocurrency exchanges, and is increasingly seen as friendly towards cryptocurrency trade.

The return of Binance to its full trading status will help the market’s geographic balance. The SEC’s acceptance of Binance.US back into the fold will bolster the US digital currency economy, if not for the collective good of the US people, then at least as a representation of its ‘America First’ economic policies.

The post Binance.US announces restoration of USD fiat services appeared first on TechWire Asia.

Cryptocurrency exchange Bybit has experienced total outflows exceeding $5.5 billion after suffering a $1.4 billion security breach, reportedly carried out by hackers linked to North Korea’s Lazarus Group. The attackers targeted the exchange’s ether cold wallet, prompting Bybit to secure emergency funding to maintain withdrawal operations.

Massive withdrawals and emergency response

Data from DeFiLlama showed assets associated with Bybit’s wallets dropped from $16.9 billion to $11.2 billion following the breach. In an X Spaces session, Bybit CEO Ben Zhou stated that as soon as the attack was identified, the exchange prioritised processing withdrawals. According to Zhou, hackers drained 70% of clients’ ether holdings, forcing Bybit to secure loans to maintain withdrawal liquidity. However, stablecoin withdrawals quickly overtook ether, as most users moved their funds to other platforms.

Bybit had the reserves to support withdrawals, but the situation was complicated when Safe, a decentralised custody protocol, temporarily shut down smart wallet functionalities to address security concerns.

Zhou noted that $3 billion in USDT was locked in a Safe wallet, delaying access to important reserves.

Safe stated on social media that while it had not found evidence of a frontend compromise, certain functionalities were paused as a precautionary measure. With mounting withdrawal requests, Bybit’s security team worked to develop software that manually verified transaction signatures, allowing funds to be moved from the Safe wallet. Despite challenges, the exchange managed to transfer its $3 billion in stablecoin reserves, but not before experiencing a 50% bank run.

Authorities and blockchain analysts investigate

Bybit has engaged law enforcement agencies, including Singaporean authorities and Interpol, to track the stolen assets. Blockchain analysis firms, like Chainalysis, have also been asked to assist in identifying the movements of the stolen funds. Zhou emphasised that Bybit is committed to monitoring the attackers’ activities in the hope that the stolen assets can be traced and recovered.

Rolling back ethereum considered

During the session, Zhou acknowledged that some industry figures, including BitMEX co-founder Arthur Hayes, suggested the possibility of an Ethereum blockchain rollback to recover lost funds. Bybit’s team collaborated with Ethereum co-founder Vitalik Buterin and the Ethereum Foundation to explore alternative solutions.

However, Zhou pointed out that such a choice would require community consensus and is unlikely to be taken unilaterally. “I’m not sure it’s a one-man decision based on the spirit of blockchain. It should be a work in process to see what the community wants,” Zhou said.

A rollback on Ethereum would be technically complex, given its smart contract infrastructure. Any attempt to alter the blockchain’s state would likely lead to a contentious hard fork, splitting the network and facing resistance from parts of the community.

Investigation into the attack

Bybit continues to investigate the exact cause of the security breach. Zhou stated that the exchange’s computers were not compromised, and an internal review of transaction signers has so far revealed no irregularities in their activity. “We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know,” they added.

Bybit replenishes ether reserves after hack

Despite its losses, Bybit has restored a 1:1 backing of client assets after securing additional funds. On-chain tracking service Lookonchain reported Bybit has replenished 446,870 ETH – worth approximately $1.23 billion – through a mix of loans, large deposits, and ether purchases. Blockchain activity suggests that Bybit obtained over $400 million in ETH through over-the-counter trades, an additional $300 million from exchanges, and nearly $300 million through cryptocurrency fund-backed loans.

The ETH price initially saw a 4% rise over the weekend due to increased buying activity but later dropped 2% as market sentiment remained cautious. Meanwhile, Bybit stated that as of Sunday, deposits and withdrawals have returned to normal levels, with deposits slightly exceeding withdrawals.

Attack linked to North Korea’s Lazarus group

The security breach has been linked to the Lazarus Group, an alledgedly state-sponsored North Korean hacking collective known for high-profile cryptocurrency attacks. Blockchain analyst ZachXBT identified transaction patterns similar to those used in previous attacks by Lazarus. The hacking group has been responsible for several major incidents, including the $600 million Ronin Network hack (2022), and a $230 million attack on Indian exchange WazirX in 2024.

Hackers reportedly gained access to Bybit’s cold wallet by manipulating a UI vulnerability and altering smart contract logic to redirect funds. The stolen ether was then split across multiple wallets and exchanged for other assets on other decentralised platforms.

Next steps for Bybit

Following the attack, Bybit has moved a large portion of its funds away from Safe cold wallets and is reviewing alternative custody solutions. The exchange continues to assess work with security experts and law enforcement to recover stolen assets. The case underscores ongoing security risks in the cryptocurrency industry, particularly with the increasing sophistication of cyberattacks targeting centralised exchanges.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Bybit saw $5.5 billion in outflows following crypto’s biggest hack appeared first on TechWire Asia.

Investigative analytic software company Cognyte Software Ltd. has announced a new deal with a longstanding law enforcement agency based in the Asia-Pacific region (APAC). The subscription-based deal is valued at over half a million US dollars annually, is designed to help the national police agency combat illicit cryptocurrency activity using Cognyte’s blockchain analytics platform.

Cognyte’s AI-based solution is designed to speed up cryptocurrency investigations and address illegal activity in the market. It should help the police agency to identify individuals or groups involved in cryptocurrency-related crimes without having to rely on data or explicit cooperation from cryptocurrency exchanges.

The technology uses blockchain intelligence, machine learning, AI, and OSINT techniques to help investigators analyse blockchain data and identify hidden patterns or connections between trades and traders at a forensic level. The goal is to expose criminals who commit cybercrime, including those in organised crime groups, individuals and gangs suspected of financing terrorism, and money laundering from illegal activities. This analysis is possible even when criminals think they are anonymous thanks to encryption.

Global illegal cryptocurrency transactions totalled over $24 billion in 2023 with an increase in bad actors using cryptocurrencies to evade or circumvent laws and economic strictures. AI and advanced technologies are being used to develop and evolve sophisticated techniques by crime perpetrators, as potential profits for illegal activities can be huge.

Efi Nuri, Chief Revenue Officer at Cognyte, discussed the role blockchain analytics has in investigating obfuscated transactions. “Cognyte’s advanced blockchain analytics helps to de-anonymise hidden transactions in financial investigations and mitigate the harm caused by criminal enterprises exploiting cryptocurrency networks [in] use cases like terrorist funding and darknet market illicit activity.”

According to Nuri, Cognyte’s solution will allow its customer to “gain blockchain intelligence that was previously unattainable, [helping] investigators safeguard the integrity of digital financial ecosystems, and bring criminals to justice.”

Cognyte has positioned itself as an organisation specialising in new AI solutions that help law enforcement agencies combat financial fraud, often using the same techniques as the bad actors. It claims investigations into illicit cryptocurrency activities progress more quickly with its platform, and so allow law enforcement agencies to confiscate and return any cryptocurrency that proves to be linked to illegal activity.

Removing bad actors from cryptocurrency ecosystems means law enforcement authorities can create a safer, more transparent digital financial landscape, and increase levels of trust in existing and emerging digital markets.

The company’s deal with the unnamed law enforcement agency gives Cognyte the resources to expand its offerings to more customers, particularly other law agencies. Law enforcement organisations are coming under growing pressure to address the increase cyber crime in the region.

Interested in hearing leading global brands discuss subjects related to this in person? Find out more about Digital Marketing World Forum (#DMWF) Europe, London, North America, and Singapore.

The post APAC national police agency adopts AI to fight cryptocurrency crime appeared first on TechWire Asia.

OCBC has appeared as the first bank in Singapore to offer bespoke tokenised bonds to corporate accredited investors (corporate AIs) – businesses with net assets exceeding SG$ 10 million. The tokenised bonds are tailored to match any client’s preferred tenor and yield. Once structured, bonds are minted and transferred directly to a digital wallet created on OCBC’s asset tokenisation platform.

The innovation aligns with Singapore’s broader push to scale the use of tokenised assets and reflects the Asia-Pacific (APAC) region’s leadership in digital asset adoption. In early 2024, APAC accounted for 29% of global digital currency transactions, surpassing North America (19%) and Western Europe (22%). Countries like Singapore, Hong Kong, and Japan are at the forefront of the trend, with adoption from individuals and businesses.

A recent study indicated that about half of wealthy Asian investors own cryptocurrency, while nearly half of APAC organisations are actively working on blockchain and digital asset projects. Some major banks in Hong Kong, including UBS and HSBC, are enabling high-net-worth clients to trade cryptocurrency ETFs.

Challenges and opportunities in APAC

Despite the rapid growth of digital assets in APAC, the regulatory landscape remains uneven across the region. Progressive hubs like Singapore and Hong Kong are fostering innovation with forward-thinking regulations, while countries like China have imposed stricter measures, including bans on cryptocurrency transactions.

The OCBC asset tokenisation platform simplifies the bond lifecycle, encompassing creation, minting, ownership transfers, custody, and redemption through token burning. The bank plans to extend this facility beyond fixed-income assets, perhaps tokenising structured products, funds, and other assets. Its policies align with a broader trend in APAC, where financial institutions can meet rising demand for digital asset products like custody solutions, trading platforms, and investment vehicles.

In November 2024, OCBC completed its first tokenised bond transaction with a mid-sized Singaporean manufacturing company. To diversify its portfolio and move away from fixed deposits, the client opted for a bond with a tenor of less than a year.

The entire transaction was settled on the same business day, marking a significant improvement over the typical five-day settlement period for conventional bonds. The success demonstrated the potential for greater acceptance of tokenised assets among corporate investors.

APAC’s leadership in global digital asset adoption provides a unique opportunity for institutions like OCBC. Tokenisation has the ability to transform the financial world. It improves accessibility, liquidity, and transparency while unlocking new opportunities for innovation.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post OCBC becomes Singapore’s first bank to tokenise corporate bonds appeared first on TechWire Asia.

Users of the wallet can make a secure QR payment using regulated USD Stablecoin and Thai Baht Stablecoin (THBX).

Rubie Wallet will be present at Devcon 2024 in Bangkok from November 5 to 25, offering overseas attendees to convert USD Stablecoin to THBX. This means a quicker and more affordable alternative to the usual currency exchange process. And, since Rubie Wallet operates under the Bank of Thailand’s (BOT) and the Securities and Exchange Commission’s (SEC) regulatory sandbox, users can be sure that their transactions are safe and compliant.

Rubie Wallet uses THBX, Thailand’s first programmable stablecoin, to make payments easier, especially for international visitors. By bypassing the usual issues with cash handling, FX kiosks, and credit card fees, it lets users convert USD Stablecoin to THBX in real-time and make mobile payments through closed-loop QR codes.

From November, customers can download the app and get started with Rubie Wallet by completing a quick Know Your Customer (KYC) verification. Once that’s done, they can instantly convert USD Stablecoin to THBX and start making mobile payments at around 100 participating merchants.

Rubie Wallet’s ‘Scan-to-Pay’ system, developed with Thailand’s commercial bank SCB, is set to speed up the country’s adoption of digital payments. It supports THBX transactions and is the first live demonstration of purpose-bound money using THBX through Rubie Wallet, offering lower-fee transactions via the Base blockchain.

Behind the scenes, Rubie Wallet is powered by Fireblocks’ wallet-as-a-service infrastructure, and Elliptic is on board to provide blockchain analytics that ensure full transparency in every transaction. The integration with InnovestX, SCBX’s digital asset brokerage arm, simplifies the USD Stablecoin-to-THBX conversion process.

Mukaya (Tai) Panich, CEO and CIO of SCB 10X, emphasised the value of its involvement in the BOT and SEC regulatory sandbox. He stated, “At SCB 10X, we believe that participating in BOT & SEC regulatory sandbox will be a significant move for financial innovation to global financial inclusion as well as the Thai digital asset ecosystem.” He said, “THBX is designed to provide international visitors with a seamless payment experience. We are proud to be at the forefront of this transformation in Thailand’s digital economy.”

Yvonne Ng, Regional Director of APAC at Elliptic, shared her enthusiasm: “We are thrilled to collaborate with industry leaders like Fireblocks, Circle, and Base to bring the Rubie Wallet app to life. By integrating with Elliptic’s pioneering blockchain analytics, we are able to deliver a solution that balances innovation with integrity.

“This partnership underscores our commitment to leading the charge in seamless and secure digital transactions, setting a new benchmark in the digital asset landscape.”

Michael Shaulov, Co-Founder and CEO of Fireblocks, added: “At Fireblocks, we are committed to providing secure and scalable infrastructure for the use of digital assets, and our collaboration with SCB 10X on the Rubie Wallet is a testament to that mission.” He concludes, “By leveraging our wallets-as-a-service technology, we’re ensuring that every transaction made with THBX is safeguarded, driving the next wave of innovation in programmable stablecoins.”

SCB 10X is paving the way for the next wave of fintech innovations in Thailand and beyond. With THBX, it’s in position to be able to change Thailand’s tourism and retail sectors by bridging the gap between traditional finance and digital currencies.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

The post SCB 10X introduces Thailand’s first purpose-bound money solution appeared first on TechWire Asia.

In recent months, stream-jacking attacks have become increasingly prevalent on major streaming platforms. Cybercriminals are focusing their efforts on compromising high-profile accounts, particularly those with substantial follower counts, to disseminate their deceptive messages to a broad audience.

As of October 2023, Bitdefender Labs researchers have been actively monitoring steam-jacking attacks targeting high-profile YouTube accounts, used to conduct various crypto-doubling scams.

In 2024, further investigation into these fraudulent takeovers and the use of YouTube accounts has unveiled new developments. Financially motivated threat actors are meticulously evolving their tactics to enhance the reach and efficiency of their actions, using carefully engineered content that closely mimics legitimate cryptocurrency-related news or announcements.

The deception of fake livestreams

Recent months have seen a steady evolution in these stream-jacking attacks. Bitdefender’s research highlights the advancement of cybercriminals in refining their methods to maximize impact, leveraging popular crypto events to potentially monetize fraudulent livestreams. These scams often disguise themselves under popular titles featured in mainstream media.

For example, during the “SpaceX Starship integrated flight test 2” event, attackers launched fake livestreams under names like “SpaceX Launch Starship Flight Test! Elon Musk gives update on Starship!” on compromised ‘verified’ channels, adding credibility to their deception. Analysis shows that many of these livestreams exhibited signs of artificially boosting viewers to increase trust among potential real viewers.

As previously noted, scammers often modify the names of impersonated entities on compromised accounts (e.g., using @spacex1[..] instead of @SpaceX).

Bitdefender Labs has identified other premeditated scams based on widely known events.

Around November 30, a significant date for the SEC-XRP trial in the crypto world, multiple fake livestreams emerged with titles such as “Ripple XRP Case Reaching A HAPPY End – SEC Lose? Brad Garlinghouse LIVE,” “Ripple XRP BOOM! Case Reaching A HAPPY End – SEC Lose? Brad Garlinghouse LIVE,” and “Tomorrow Swell will send XRP? Brad Garlinghouse LIVE!”

Similarly, for the USSF-52 flight, titles like “SpaceX USSF-52 Mission Launch! Elon Musk gives update on Starship!” and “USSF-52 Mission Launch SpaceX! Elon Musk gives update on Starship!” were used.

It is evident that any high-profile news headline can be exploited for malicious activities. Over time, the scams have evolved from using famous names to coordinating elaborate campaigns based on real, interest-generating events.

Importantly, Bitdefender Labs notes that many compromised channels used in these scams have a large number of subscribers, some with more than 1 million and one with as many as 12.5 million. This makes them ideal vectors for threat actors to spread their fraudulent schemes.

Deepfake videos: the new frontier in cyber-scams

Scams reported in October 2023 initially involved looped videos from popular conference talks or other recordings. However, fraudsters have recently begun using deepfake technology to create convincing videos of prominent figures in cryptocurrency, adding an extra layer of credibility to their scams.

These skillfully engineered videos typically entice viewers to scan a QR code and send cryptocurrency, promising to double the amount. Some of these deepfakes are of decent quality and could easily deceive an untrained eye. To prevent detection by vigilant community members or victims, live chat on these videos is often disabled, except for selected channel members or long-time subscribers.

A new trend with these deepfakes is their use in YouTube advertisements, giving cybercriminals more flexibility to spread their scams (fraudsters can pay for these fake ads until they’re banned by YouTube).

While the videos are clearly crafted using deep generative models, the support chats on malicious websites do not seem to employ any advanced Large Language Model for responses.

Understanding YouTube account takeovers

These takeovers typically begin with the compromise of YouTube access tokens through various methods. Once access is gained, attackers quickly revamp the channel to impersonate their chosen entity.

This automated process often includes modifying the channel name and handle, setting all existing videos to private, replacing the channel avatar and banner with images representing the impersonated entity, and removing or altering the channel’s description, links, and featured channels, sometimes redirecting to a malicious website promoting the crypto-doubling scam.

Live observations of these takeovers show a systematic approach. Initially, the name, handle, and avatar change, leaving existing content visible. Soon after, videos become private, and the banner changes, but the channel description and special videos remain. Within minutes, the channel is stripped of original content, leaving little resemblance to its original state, as seen in a takeover mimicking the official SpaceX channel.

However, these transformations are sometimes delayed or incomplete, resulting in the channel being banned before full changes can be implemented.

Exploiting current events for scams, including deepfake videos

Recent scams have capitalized on the Bitcoin ETF news coverage. Since late December 2023, fraudulent broadcasts featuring MicroStrategy and its former CEO, Michael Saylor, have surged, exploiting titles related to the Bitcoin ETF’s potential success.

These broadcasts often feature looped deepfakes of Michael Saylor encouraging participation in fake giveaways. The compromised channels adopt official MicroStrategy logos and banners, sometimes even linking to the official channel’s playlists to enhance credibility. The thumbnails of these videos are consistent across different instances. Variations of the channel name post-takeover include MicroStrategy US, Microstrategy Live, Micro Strategy, among others, often with subtle alterations like trailing spaces or parentheses.

The associated fake websites mimic legitimate domains, featuring animations that create an illusion of ongoing transactions. However, these are randomly generated and not indicative of real activity.

In these deepfake videos, a faux Michael Saylor outlines the scam: viewers are prompted to watch for a QR code during the broadcast and scan it with their phone, without needing to register on any website. Deposits of Bitcoin are encouraged, with promises of an automated system doubling the amount sent back. The scam is positioned as user-friendly and hassle-free, even for those new to cryptocurrencies, with technical support available during the broadcast.

Unlike typical giveaways based on chance, this scam claims to guarantee double the Bitcoin deposited. Urgency is created by suggesting the offer is time-sensitive and dependent on limited funds.

Significant impact and scope of the scams

The scope and impact of these steam-jacking attacks are further highlighted by the significant metrics associated with the hijacked YouTube accounts. Bitdefender Labs reports some staggering figures that demonstrate the extent of the problem. These metrics include:

• The largest subscriber count of a hijacked account is approximately 12.5 million for one account.
• The highest view count for a hijacked account stands at around 3.87 billion views in total for one channel.
• The median subscriber count for these accounts is about 3,955, and the median view count is roughly 449,159.
• The top 10 hijacked channels alone have nearly 62.93 million subscribers and about 17.45 billion total views.
• The geographical spread of targeted accounts is vast, including the US (96 accounts), Brazil (75), India (74), Indonesia (49), Mexico (21), Turkey (15), Peru (14), Vietnam (13), Columbia (12), the UK (11), France (9), Spain (8), and more. This count excludes accounts already banned by YouTube.

These figures, which have shown a marked increase since the last report, indicate that the problem of steam-jacking and related crypto-scams is far from being resolved. The widespread nature and high-profile targets of these attacks underscore the urgency of addressing this growing cyber threat.

Profitability of crypto-doubling scams

An important question arises: how lucrative are these crypto-scams? The main source of income appears to be the cryptocurrencies received in the promoted wallets. An analysis of transactions associated with these wallets has revealed the following:

• Over 10 ETH and 12 BTC have been sent to these malicious wallets since January 2024.
• Most wallets show no transactions, possibly due to their recent creation, suggesting potential growth in activity.
• Cybercriminals employ methods to pass tokens through multiple wallets to hinder tracking.
• The largest amounts received in individual wallets are nearly 6 BTC and 2 ETH.

Potential earnings are estimated between approximately US$528,200 and US$600,500, depending on valuation dates. While it’s unclear if these transactions are from actual victims or part of the scam, the figures highlight the alarming profitability of these fraudulent operations, underscoring the urgent need for awareness.

The post How deepfake videos are transforming YouTube crypto-scams appeared first on TechWire Asia.

Shopping for games may seem like a workaday experience – but that would be to mischaracterize the impact of the action completely. As Black Friday and Cyber Monday continue to mark key moments in the global retail calendar, the gaming community’s excitement reaches unprecedented heights. These events offer more than just standard discounts; they present an opportunity for gamers to significantly enhance their gaming experience.

A recent Kaspersky study revealed that 71% of gamers seize on these occasions to acquire various items from their wishlists, underlining the importance of these discount seasons in their gaming journey.

Explosive growth and transformation of shopping for video games and its market

The global video games market is witnessing a remarkable surge, forecasted to grow at an annual rate of 9.3% from 2023 to 2028. By 2028, the industry is expected to amass nearly US$390 billion in market value, reflecting the soaring popularity of video games as a significant form of entertainment globally. This growth extends beyond gaming and shopping for games as such, into gamers’ shopping behaviors, paralleling the general consumer population’s enthusiasm for sales events.

During these sales, the strategic and focused nature of gamers becomes evident. Approximately 74% of gamers view these sales as essential for upgrading their gaming setups, often setting alerts for new game and equipment releases to ensure they don’t miss out. Their eagerness to embrace the latest gaming technology showcases their passion and anticipation for these events. They are the textbook definition of engaged consumers.

Simultaneously, spontaneous buying is also prevalent among gamers. Around 48% often find themselves influenced by unexpected offers or influencer endorsements, adding an element of excitement to their shopping experience during these sales. This spontaneity complements their well-thought-out purchase strategies, demonstrating the dynamic nature of consumer behavior in the gaming community.

In line with broader consumer trends, gamers primarily use smartphones (79%) and PCs (49%) to access sales, underscoring the blend of convenience and accessibility offered by modern technology. The increasing adoption of cryptocurrency further highlights this tech-savvy approach as a payment method in the gaming world. Despite security concerns, a considerable segment of consumers, especially those aged 25 to 44, are incorporating cryptocurrency into their transactions, extending to online and in-store purchases.

Cryptocurrency’s emerging role in retail

Cryptocurrency’s role in consumer spending is rapidly evolving. It’s not merely an alternative payment method but is increasingly viewed as the future of online shopping. During major sales events like Black Friday, 51% of consumers prefer paying with cryptocurrency, reflecting a shift in payment preferences. The diverse use of cryptocurrency among consumers spans various purchases, extending beyond gaming-related items to daily necessities and significant investments.

Retailers are now facing the challenge of adapting to the growing demand for cryptocurrency payments. With 68% of consumers expressing a desire to use cryptocurrency for specific purchases but encountering limitations, retailers need to integrate cryptocurrency as a viable payment option. Bitcoin remains the most trusted cryptocurrency option, with 83% of consumers considering it safe, followed by Ethereum and USD Coin. Despite concerns about volatility and scams, the inclination toward regular cryptocurrency use is unmistakable, signaling a potential shift in transaction methods for the future.

The video gaming industry, poised to reach an annual revenue of US$249.60 billion in 2023, has encouraged players to invest more in in-game items and gaming equipment. This spending trend is particularly noticeable during Black Friday and Cyber Monday, with gamers strategically leveraging these sales. Their use of cryptocurrency during these events underscores the convergence of gaming passion with modern shopping strategies.

Marina Titova, vice-president of consumer product marketing at Kaspersky, emphasizes the importance of security in the digital world. Kaspersky Premium, for example, offers comprehensive solutions, including online payment and identity protection, a data leaks checker, and a reliable VPN to ensure safe gaming and shopping experiences.

The involvement of the gaming community in global sales events is a multifaceted mix of strategy, spontaneity, and technological adaptation. As the gaming industry expands, its influence in shaping retail trends, particularly in adopting innovative payment methods like cryptocurrency, grows. Gamers’ participation in these sales events goes beyond enhancing their gaming experience; it reflects their role as influential consumers in the real world, setting new trends in consumer spending and indicating a significant shift in the retail and digital payment industries.

Kaspersky’s tips for secure online shopping – for games, and everything else

As the fusion of gaming enthusiasm with savvy shopping strategies during sales events becomes more prominent, it’s crucial to consider the aspect of digital security. In this regard, Kaspersky offers several practical tips to enhance online shopping security, essential to gamers and general consumers.

Directly enter the store’s URL

To avoid falling prey to phishing attempts, Kaspersky advises manually typing the store’s URL into the web browser’s address bar instead of clicking on links in emails. This precaution helps bypass fraudulent sites that mimic legitimate ones, protecting personal and financial information.

Opt for a temporary or virtual credit card

To further safeguard against data theft, especially during high-traffic sales seasons, utilizing temporary or virtual credit cards is recommended. Provided by many banks, these cards generate a new account number for each transaction, reducing the risk of financial information being misused by hackers.

Use a password manager for strong, unique passwords

Managing multiple passwords can be daunting in the era of complex digital interactions. Kaspersky suggests using a reliable password manager to create, manage, and secure unique passwords for different online accounts, enhancing overall cybersecurity.

These security measures, combined with gamers’ strategic shopping habits and technological savviness, contribute to a safer and more enjoyable online shopping experience. It underscores the importance of being vigilant and proactive about digital security, especially in an era where gaming, shopping, and technology are increasingly intertwined.

As the gaming industry continues to influence global markets and consumer trends, understanding the dynamics of digital security becomes pivotal. Gamers, at the forefront of embracing new technologies and shopping methods, also need to be aware of safeguarding their online presence. This comprehensive approach, blending gaming enthusiasm with smart shopping tactics and robust digital security practices, encapsulates the future of consumer behavior. It heralds a new era where gaming, shopping, and secure digital transactions coexist, shaping the landscape of retail and online entertainment.

The post How shopping for games is changing the face of retail, and driving cybersecurity appeared first on TechWire Asia.

2024 has just begun, and the cryptocurrency sector is already energized – especially by Bitcoin, the preeminent cryptocurrency, surpassing the US$45,000 threshold, a first since April 2022. This surge is driven by expectations of the possible endorsement of exchange-traded spot bitcoin funds.

Bitcoin recently achieved a 21-month peak at US$45,922, recording a notable 156% growth from last year, and the most significant since 2020. Although its current price exceeds US$45,500, it hasn’t yet reclaimed its highest point of US$69,000, set in November 2021. Concurrently, Ethereum, ranking second in the cryptocurrency market, witnessed a 1.2% rise to US$2,386.50, demonstrating a 91% upsurge in 2023.

Commentators from both within and outside the cryptocurrency world have told CNBC they expect Bitcoin’s upward trajectory to continue.

Overcoming past challenges: the cryptocurrency sector’s journey

2022 marked a period of instability for Bitcoin, plagued by notable collapses, liquidity issues, and bankruptcies within the sector. That all came to a head in the collapse of FTX, a significant cryptocurrency exchange, leading to its bankruptcy. The following year, 2023, witnessed the conviction of FTX’s founder, Sam Bankman-Fried, on numerous federal criminal charges in the US. Similarly, Changpeng Zhao of Binance admitted to criminal charges, stepping down as CEO following a costly US$4.3 billion settlement with the US Department of Justice.

With these significant legal cases concluded, cryptocurrency sector leaders view this year as an opportunity to progress and distance themselves from the misdeeds of these industry figureheads.

Reflecting Bitcoin’s price movements, cryptocurrency stocks experienced an upswing. Notably, Riot Platforms, Marathon Digital, and CleanSpark recorded increases ranging from 7% to 10%, rebounding from a sharp downturn at the end of 2023. MicroStrategy, engaged in software and Bitcoin investment, enjoyed a 13.4% rise, paralleled by a 7.8% growth in the ProShares Bitcoin Strategy ETF, tied to Bitcoin futures. The investor community eagerly anticipates the SEC’s decision to authorize a spot Bitcoin ETF, which could significantly expand the market and attract considerable investments.

Despite rejecting several applications for spot Bitcoin ETFs in the past, citing concerns over market manipulation, the SEC has shown signs of potentially approving some of the 13 proposed ETFs, with a decision expected in early January.

Matteo Greco, an analyst at Fineqia International, anticipates a positive approval and believes there might be a temporary price drop before another increase. He notes that an approved spot Bitcoin ETF would significantly enhance market liquidity by attracting new investors.

The prospect of major central banks reducing interest rates this year is also seen as beneficial for cryptocurrencies, helping to dispel the negative sentiment following the collapse of FTX and other crypto businesses in 2022.

The crypto market might see further growth in 2024, as Bitcoin has historically performed well in US election years and aligned with Bitcoin halving cycles. Markus Thielen, founder of 10x Research, notes this pattern, observing the halving cycles in 2012, 2016, and 2020.

Industry experts are predicting a new bull market in cryptocurrencies, primarily based on the upcoming Bitcoin halving and the potential US approval of a Bitcoin ETF.

The halving event, which occurs every four years as per Bitcoin’s code, reduces the rewards for mining Bitcoin by half, limiting the total supply of Bitcoin to 21 million. Historically, these halving events have led to a rise in Bitcoin’s price.

Additionally, the potential SEC approval of a Bitcoin ETF is generating excitement. This would allow investors to track Bitcoin’s price through a financial product, without directly purchasing or holding the digital currency. The industry hopes this will attract a broader range of investors, especially large institutional ones.

Mining in the spotlight: adapting to bitcoin’s halving event

Cointelegraph reports that leading Bitcoin mining companies are emphasizing the need for operational efficiency to remain profitable following the upcoming halving event in 2024. Insights from various mining firms indicate that the expected impact of the Bitcoin halving on the industry will be significant, particularly concerning the operational strategies of miners at different scales.

The protocol of Bitcoin requires a reduction in the mining reward every 210,000 blocks, which occurs approximately every four years. Industry leaders have noted that the effect of the halving is largely dependent on the market price of Bitcoin, influencing the operational status of numerous mining operations.

A key strategy these leaders have highlighted is the prioritization of keeping mining machines online to maximize the profitability of mining fleets. It has been observed that the success of mining operations hinges on the balance between total terahash exposure and the efficiency of the hardware employed.

Despite the possibility of some miners stopping their operations due to the halving, there’s a consensus in the industry that Bitcoin’s protocol, with its adaptive nature, ensures the sustainability of mining activities. As some miners leave, the network’s algorithm adjusts, reallocating block rewards to active participants, and so maintaining the equilibrium of the mining ecosystem.

It has also been pointed out that larger mining operators will likely continue expanding their operations, supporting the overall network. This expansion is expected to potentially yield benefits, especially if there’s an increase in Bitcoin’s price post-halving.

Experts in the industry have suggested that the mining ecosystem is well-equipped to handle the impact of the halving without significant disruptions. The built-in mining difficulty adjustment mechanism in Bitcoin’s protocol is critical in ensuring ongoing miner participation. If mining becomes less profitable for a segment of miners, they might deactivate their equipment, reducing the overall hash rate. This would trigger a difficulty adjustment, making mining more viable for the remaining miners.

Additionally, the introduction of Bitcoin Ordinals in 2023 and their effect on transaction fees and developer activity have been highlighted as positive developments. Coupled with the increased scarcity of Bitcoin post-halving, there’s a strong sentiment that 2024 could continue to be a profitable and sustainable year for Bitcoin mining.

A look ahead: predictions and expectations for crypto in 2024

Despite past challenges, the cryptocurrency industry, focusing on Bitcoin, shows signs of a strong resurgence at the beginning of 2024. The impending halving event, coupled with potential regulatory approvals and strategic adaptations within the mining sector, sets the stage for what is widely anticipated to be a significant year for Bitcoin and the broader cryptocurrency market.

The post Bitcoin breaks US$45,000 as 2024 ushers in new crypto era appeared first on TechWire Asia.

Since 2017, North Korea has dramatically escalated its focus on the cryptocurrency industry, pilfering over US$3 billion in digital currency. This shift came after their successful breaches of financial institutions through the SWIFT network attracted intense scrutiny from global authorities, leading to strengthened cyberdefenses in the financial sector. As the cryptocurrency market surged in 2017, North Korean hackers pivoted to this burgeoning sector, initially targeting South Korean markets before expanding globally.

In 2022 alone, North Korean cyber-actors are believed to have stolen around US$1.7 billion in cryptocurrencies, a staggering sum representing about 5% of North Korea’s GDP or 45% of its military expenditure. This figure is nearly tenfold the value of North Korea’s exports in 2021, as per the Observatory of Economic Complexity.

Decoding North Korea’s cyber-heist strategies

The methods North Korean cybercriminals employ in targeting cryptocurrency and laundering the proceeds are similar to those of typical cybercrime groups, involving cryptocurrency mixers and fiat conversions. However, state backing significantly amplifies the scale and effectiveness of their operations, with about 44% of the stolen cryptocurrency in 2022 traced back to these actors.

Insikt Group’s latest report, Crypto Country: North Korea’s Targeting of Cryptocurrency, highlights the steady increase in cyberattacks against the cryptocurrency industry since 2017, attributed to North Korean hackers.

Despite North Korea’s notable isolation, often called the “Hermit Kingdom,” its elite and specialized computer scientists have privileged access to cutting-edge resources, technologies, and information. This access not only equips them with the necessary skills for sophisticated cyberattacks on the cryptocurrency industry but has also led to significant breaches, as evidenced by the incident with JumpCloud. On July 12, 2023, this American software company announced a breach by a North Korean state-sponsored entity, later linked by Mandiant to UNC4899 or “TraderTraitor,” a group known for targeting cryptocurrency.

The US Federal Bureau of Investigation (FBI) disclosed on August 22, 2023, that North Korean operatives were behind major thefts involving Atomic Wallet, Alphapo, and CoinsPaid, resulting in a loss of US$197 million in cryptocurrencies. These thefts have been pivotal in sustaining the North Korean regime, particularly in financing up to half of its ballistic missile program.

By 2018, North Korea was estimated to be responsible for around 50% of the total cryptocurrency stolen worldwide. In recent years, attention has been focused on the regime’s substantial cryptocurrency heists, a continuation of its long history of funding through illicit activities.

The dark art of laundering stolen crypto

The laundering of stolen cryptocurrency involves several steps. Initially, the funds enter the financial system, a stage known as “placement.” The money is then “layered” through various transactions to obfuscate its origins. Finally, during the “integration” phase, the funds reappear in the legitimate financial system.

North Korean hackers, much like independent cybercriminals, use cryptocurrency mixers to hide their illicitly obtained funds. They also exchange stolen cryptocurrency for clean assets through legitimate trading platforms.

In 2021, the Insikt Group reported tutorials for basic money laundering techniques on forums like Nulled Forum. Both state-backed and independent criminals often employ money mules, sometimes unwittingly, in these operations.

The targets of North Korean cyberattacks are diverse, ranging from individual users to venture capital firms and emerging technologies. This widespread targeting endangers anyone in the cryptocurrency industry and lets the North Korean regime maintain operations under international sanctions.

The regime heavily relies on cryptocurrency theft as a revenue source, particularly for its military and weapons programs. Although the direct contribution of stolen funds to missile launches is uncertain, there has been a notable increase in cryptocurrency thefts and missile launches in recent years.

North Korea’s illicit financial networks

Without stricter regulations and enhanced cybersecurity measures for cryptocurrency firms, North Korea will likely continue targeting this sector for revenue.

North Korea’s history of illicit activities has led to the developing of sophisticated asset-laundering networks and methods. In 2020, leaked documents from the US Financial Crimes Enforcement Network revealed significant laundering activities supporting the regime. These operations often involve individuals linked to North Korea’s Reconnaissance General Bureau (RGB).

One particularly detailed instance of such operations was the 2016 Bangladesh Bank heist. North Korean hackers transferred the stolen funds to four accounts in the Philippines, converting US$61 million into pesos for use at the Solaire Resort casino.

The US State Department in 2017 identified the Philippines as a central hub for money laundering. In the Bangladesh Bank case, the stolen funds were used for gambling at the casino, making the proceeds untraceable. The primary gamblers, Ding and Gao, escaped to Macau after their operation. Macau’s history includes various North Korean activities, such as being the training ground for the spy responsible for the 1987 Korean Air flight bombing, a center for laundering counterfeit US currency, and the residence of Kim Jong Un’s exiled half-brother before his assassination in 2017.

North Korea’s cyber-heist fallout

Reflecting on North Korea’s significant advancements in cybercriminal operations against the cryptocurrency industry, it is crucial to assess the broader impact on the country. Estimates suggest that up to 50% of North Korea’s ballistic missile program could be financed through these illicit gains.

In the context of its economy, which was roughly US$33.5 billion in GDP in 2019 and has faced contraction for three consecutive years, according to the Bank of Korea, the scale of these operations becomes even more apparent. In 2022, the value of stolen cryptocurrency by North Korean actors was about 5% of the nation’s economy, not accounting for other illicit activities or illegal employment in the IT sector.

North Korea’s aggressive foray into cryptocurrency theft since 2017 highlights a sophisticated and evolving cyber warfare strategy. This situation calls for a concerted international response, including stringent cybersecurity measures and regulatory frameworks, to mitigate the risks of such state-sponsored cybercriminal activities. Without these, North Korea will likely continue to exploit the vulnerabilities of the cryptocurrency sector, posing a persistent and evolving threat to global financial security.

The post Cyber-heist mastery: how North Korea stole over US$3 billion in cryptocurrency appeared first on TechWire Asia.